From 5731a2978e55418116bec84c4e009e87802a9572 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Fri, 5 Jul 2024 15:24:42 +0000 Subject: [PATCH] backport of commit 94e1d59256191c69c5e29066fb7a79ca8d4776bd --- .changelog/142.txt | 3 - .changelog/164.txt | 3 - .changelog/172.txt | 3 - .changelog/188.txt | 3 - .changelog/235.txt | 3 - .changelog/236.txt | 3 + .changelog/239.txt | 3 - .changelog/242.txt | 3 - .changelog/310.txt | 3 - .changelog/312.txt | 3 + .changelog/372.txt | 6 - .changelog/{416.txt => 418.txt} | 5 +- .changelog/434.txt | 3 - .changelog/{474.txt => 475.txt} | 2 +- .changelog/{496.txt => 499.txt} | 2 +- .changelog/521.txt | 3 - .changelog/529.txt | 3 - .changelog/533.txt | 3 - .changelog/543.txt | 3 + .changelog/565.txt | 3 - .changelog/573.txt | 3 - .changelog/97.txt | 3 - .changelog/98.txt | 3 + .github/workflows/bot-auto-approve.yaml | 13 - .github/workflows/build.yml | 124 +- .../workflows/consul-dataplane-checks.yaml | 11 +- .github/workflows/jira-issues.yaml | 3 + .github/workflows/jira-pr.yaml | 4 +- .github/workflows/security-scan.yml | 7 +- .go-version | 2 +- .golangci.yml | 9 - .release/ci.hcl | 3 - .release/release-metadata.hcl | 3 - CHANGELOG.md | 408 ------- Dockerfile | 98 +- Dockerfile.dev | 10 - Makefile | 9 - build-scripts/version.sh | 3 - cmd/consul-dataplane/config.go | 372 ------ cmd/consul-dataplane/config_test.go | 1017 ----------------- cmd/consul-dataplane/duration.go | 40 - cmd/consul-dataplane/duration_test.go | 66 -- cmd/consul-dataplane/env.go | 63 +- cmd/consul-dataplane/flags.go | 199 +--- cmd/consul-dataplane/main.go | 342 +++--- cmd/consul-dataplane/map_flag.go | 3 - cmd/consul-dataplane/map_flag_test.go | 3 - go.mod | 8 +- go.sum | 21 +- integration-tests/go.mod | 32 +- integration-tests/go.sum | 111 +- integration-tests/helpers/auth_method.go | 3 - integration-tests/helpers/dataplane.go | 3 - integration-tests/helpers/helpers.go | 3 - integration-tests/helpers/pod.go | 3 - integration-tests/helpers/server.go | 3 - integration-tests/helpers/service.go | 3 - integration-tests/helpers/suite.go | 3 - integration-tests/helpers/tls.go | 3 - integration-tests/main_test.go | 3 - internal/bootstrap/bootstrap_config.go | 31 - internal/bootstrap/bootstrap_tpl.go | 6 + internal/bootstrap/helpers_test.go | 3 - .../mocks/pbdnsmock/dns_service_client.go | 69 -- .../mocks/pbdnsmock/dns_service_server.go | 59 - .../is_cloning_dns_service_client.go | 42 - .../pbdnsmock/unsafe_dns_service_server.go | 29 - .../is_cloning_resource_service_client.go | 42 - .../pbresourcemock/is_watch_event__event.go | 29 - .../resource_service__watch_list_client.go | 185 --- .../resource_service__watch_list_server.go | 146 --- .../pbresourcemock/resource_service_client.go | 328 ------ .../pbresourcemock/resource_service_server.go | 257 ----- .../mocks/pbresourcemock/server_stream.go | 183 --- .../unsafe_resource_service_server.go | 29 - pkg/consuldp/bootstrap.go | 27 +- pkg/consuldp/bootstrap_test.go | 146 +-- pkg/consuldp/config.go | 23 +- pkg/consuldp/config_test.go | 3 - pkg/consuldp/consul_dataplane.go | 26 +- pkg/consuldp/consul_dataplane_test.go | 37 +- pkg/consuldp/lifecycle.go | 84 +- pkg/consuldp/lifecycle_test.go | 170 +-- pkg/consuldp/metrics.go | 57 +- pkg/consuldp/metrics_test.go | 15 +- pkg/consuldp/stats.go | 3 - .../TestBootstrapConfig/access-logs.golden | 6 + .../testdata/TestBootstrapConfig/basic.golden | 6 + .../central-telemetry-config.golden | 6 + ...m-prometheus-scrape-path-with-query.golden | 255 ----- .../custom-prometheus-scrape-path.golden | 6 + .../TestBootstrapConfig/hcp-metrics.golden | 6 + .../non-default_tenancy.golden | 166 --- .../TestBootstrapConfig/ready-listener.golden | 6 + .../unix-socket-xds-server.golden | 6 + pkg/consuldp/xds.go | 3 - pkg/consuldp/xds_test.go | 3 - pkg/dns/.mockery.yaml | 11 - pkg/dns/dns.go | 27 - pkg/dns/dns_test.go | 51 +- pkg/dns/mocks/mock_DNSServiceClient.go | 110 -- pkg/dns/mocks/mock_DNSServiceServer.go | 92 -- pkg/dns/mocks/mock_UnsafeDNSServiceServer.go | 64 -- pkg/envoy/get_process_attr.go | 15 - pkg/envoy/get_process_attr_windows.go | 15 - pkg/envoy/proxy.go | 36 +- pkg/envoy/proxy_test.go | 3 - pkg/metrics-cache/metricscache.go | 3 - pkg/metrics-cache/metricscache_test.go | 3 - pkg/version/fips_build.go | 30 - pkg/version/non_fips_build.go | 15 - pkg/version/version.go | 9 +- 112 files changed, 582 insertions(+), 5483 deletions(-) delete mode 100644 .changelog/142.txt delete mode 100644 .changelog/164.txt delete mode 100644 .changelog/172.txt delete mode 100644 .changelog/188.txt delete mode 100644 .changelog/235.txt create mode 100644 .changelog/236.txt delete mode 100644 .changelog/239.txt delete mode 100644 .changelog/242.txt delete mode 100644 .changelog/310.txt create mode 100644 .changelog/312.txt delete mode 100644 .changelog/372.txt rename .changelog/{416.txt => 418.txt} (75%) delete mode 100644 .changelog/434.txt rename .changelog/{474.txt => 475.txt} (88%) rename .changelog/{496.txt => 499.txt} (64%) delete mode 100644 .changelog/521.txt delete mode 100644 .changelog/529.txt delete mode 100644 .changelog/533.txt create mode 100644 .changelog/543.txt delete mode 100644 .changelog/565.txt delete mode 100644 .changelog/573.txt delete mode 100644 .changelog/97.txt create mode 100644 .changelog/98.txt delete mode 100644 .github/workflows/bot-auto-approve.yaml delete mode 100644 .golangci.yml delete mode 100644 Dockerfile.dev delete mode 100644 cmd/consul-dataplane/config.go delete mode 100644 cmd/consul-dataplane/config_test.go delete mode 100644 cmd/consul-dataplane/duration.go delete mode 100644 cmd/consul-dataplane/duration_test.go delete mode 100644 internal/mocks/pbdnsmock/dns_service_client.go delete mode 100644 internal/mocks/pbdnsmock/dns_service_server.go delete mode 100644 internal/mocks/pbdnsmock/is_cloning_dns_service_client.go delete mode 100644 internal/mocks/pbdnsmock/unsafe_dns_service_server.go delete mode 100644 internal/mocks/pbresourcemock/is_cloning_resource_service_client.go delete mode 100644 internal/mocks/pbresourcemock/is_watch_event__event.go delete mode 100644 internal/mocks/pbresourcemock/resource_service__watch_list_client.go delete mode 100644 internal/mocks/pbresourcemock/resource_service__watch_list_server.go delete mode 100644 internal/mocks/pbresourcemock/resource_service_client.go delete mode 100644 internal/mocks/pbresourcemock/resource_service_server.go delete mode 100644 internal/mocks/pbresourcemock/server_stream.go delete mode 100644 internal/mocks/pbresourcemock/unsafe_resource_service_server.go delete mode 100644 pkg/consuldp/testdata/TestBootstrapConfig/custom-prometheus-scrape-path-with-query.golden delete mode 100644 pkg/consuldp/testdata/TestBootstrapConfig/non-default_tenancy.golden delete mode 100644 pkg/dns/.mockery.yaml delete mode 100644 pkg/dns/mocks/mock_DNSServiceClient.go delete mode 100644 pkg/dns/mocks/mock_DNSServiceServer.go delete mode 100644 pkg/dns/mocks/mock_UnsafeDNSServiceServer.go delete mode 100644 pkg/envoy/get_process_attr.go delete mode 100644 pkg/envoy/get_process_attr_windows.go delete mode 100644 pkg/version/fips_build.go delete mode 100644 pkg/version/non_fips_build.go diff --git a/.changelog/142.txt b/.changelog/142.txt deleted file mode 100644 index 1bbe459b..00000000 --- a/.changelog/142.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:security -Update to Envoy 1.26.2 within the Dockerfile. -``` diff --git a/.changelog/164.txt b/.changelog/164.txt deleted file mode 100644 index 03a978de..00000000 --- a/.changelog/164.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:improvement -Add the `-config-file` flag to support reading configuration options from a JSON file. -``` \ No newline at end of file diff --git a/.changelog/172.txt b/.changelog/172.txt deleted file mode 100644 index c4aaed59..00000000 --- a/.changelog/172.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:improvement -dns: queries proxied by consul-dataplane now assume the same namespace/partition/ACL token as the service registered to the dataplane instance. -``` \ No newline at end of file diff --git a/.changelog/188.txt b/.changelog/188.txt deleted file mode 100644 index f039a85f..00000000 --- a/.changelog/188.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:improvement -In order to support Windows, write Envoy bootstrap configuration to a regular file instead of a named pipe. -``` diff --git a/.changelog/235.txt b/.changelog/235.txt deleted file mode 100644 index 642b5d9a..00000000 --- a/.changelog/235.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:security -Update to Go 1.20.7 and Envoy 1.26.4 within the Dockerfile. -``` diff --git a/.changelog/236.txt b/.changelog/236.txt new file mode 100644 index 00000000..ec4f6e94 --- /dev/null +++ b/.changelog/236.txt @@ -0,0 +1,3 @@ +```release-note:security +Update to Go 1.20.7 and Envoy 1.25.9 within the Dockerfile. +``` diff --git a/.changelog/239.txt b/.changelog/239.txt deleted file mode 100644 index d562d630..00000000 --- a/.changelog/239.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:improvement -Add graceful_startup endpoint and postStart hook in order to guarantee that dataplane starts up before application container. -``` diff --git a/.changelog/242.txt b/.changelog/242.txt deleted file mode 100644 index cf6d0b37..00000000 --- a/.changelog/242.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:feature -Make consul dataplane handle bootstrap param response for Catalog and Mesh V2 resources -``` diff --git a/.changelog/310.txt b/.changelog/310.txt deleted file mode 100644 index 4cb09d6d..00000000 --- a/.changelog/310.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:security -Update Envoy version to 1.27.2 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) -``` diff --git a/.changelog/312.txt b/.changelog/312.txt new file mode 100644 index 00000000..7a38debb --- /dev/null +++ b/.changelog/312.txt @@ -0,0 +1,3 @@ +```release-note:security +Update Envoy version to 1.25.11 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) +``` diff --git a/.changelog/372.txt b/.changelog/372.txt deleted file mode 100644 index 5f05e056..00000000 --- a/.changelog/372.txt +++ /dev/null @@ -1,6 +0,0 @@ -```release-note:improvement -Propagate merged metrics request query params to Envoy to enable metrics filtering. -``` -```release-note:bug -Exclude Prometheus scrape path query params from Envoy path match s.t. it does not break merged metrics request routing. -``` diff --git a/.changelog/416.txt b/.changelog/418.txt similarity index 75% rename from .changelog/416.txt rename to .changelog/418.txt index e64bd405..e884fcbc 100644 --- a/.changelog/416.txt +++ b/.changelog/418.txt @@ -1,6 +1,3 @@ -```release-note:improvement -Update Envoy version from 1.27 to 1.28 -``` ```release-note:security -Update Envoy version to 1.28.1 to address [CVE-2024-23324](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j), and [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) +Update Envoy version to 1.26.7 to address [CVE-2024-23324](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j), and [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) (note: upgrades to Envoy 1.26 for security patches due to 1.25 EOL) ``` diff --git a/.changelog/434.txt b/.changelog/434.txt deleted file mode 100644 index 7fd23b1a..00000000 --- a/.changelog/434.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:security - Upgrade `consul-dataplane-fips` OpenShift container image to use `ubi9-minimal:9.3` as the base image. - ``` diff --git a/.changelog/474.txt b/.changelog/475.txt similarity index 88% rename from .changelog/474.txt rename to .changelog/475.txt index d674b7ec..87b34849 100644 --- a/.changelog/474.txt +++ b/.changelog/475.txt @@ -4,7 +4,7 @@ Upgrade to use Go `1.21.9`. This resolves CVE ``` ```release-note:security -Upgrade to support Envoy `1.28.2`. This resolves CVE +Upgrade to support Envoy `1.26.8`. This resolves CVE [CVE-2024-27919](https://nvd.nist.gov/vuln/detail/CVE-2024-27919) (`http2`). ``` diff --git a/.changelog/496.txt b/.changelog/499.txt similarity index 64% rename from .changelog/496.txt rename to .changelog/499.txt index 44751494..7b9d5dc5 100644 --- a/.changelog/496.txt +++ b/.changelog/499.txt @@ -1,4 +1,4 @@ ```release-note:security -Upgrade to support Envoy `1.28.3`. This resolves CVE +Upgrade to support Envoy `1.27.5`. This resolves CVE [CVE-2024-32475](https://nvd.nist.gov/vuln/detail/CVE-2024-32475). ``` diff --git a/.changelog/521.txt b/.changelog/521.txt deleted file mode 100644 index 0e84b11e..00000000 --- a/.changelog/521.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:improvement -Upgrade to support Envoy `1.29.4`. -``` diff --git a/.changelog/529.txt b/.changelog/529.txt deleted file mode 100644 index 71085f1d..00000000 --- a/.changelog/529.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:enhancement -Upgrade Go to use 1.22.4. -``` diff --git a/.changelog/533.txt b/.changelog/533.txt deleted file mode 100644 index cbf8814d..00000000 --- a/.changelog/533.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:improvement -Upgrade to support Envoy `1.29.5`. -``` \ No newline at end of file diff --git a/.changelog/543.txt b/.changelog/543.txt new file mode 100644 index 00000000..c7cf1c23 --- /dev/null +++ b/.changelog/543.txt @@ -0,0 +1,3 @@ +```release-note:security +Upgrade to support Envoy `1.27.6`. +``` \ No newline at end of file diff --git a/.changelog/565.txt b/.changelog/565.txt deleted file mode 100644 index 48a1e3db..00000000 --- a/.changelog/565.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:feature -Removes the dependence on the v2 catalog and "resource-apis" experiment. -``` diff --git a/.changelog/573.txt b/.changelog/573.txt deleted file mode 100644 index 9a2a8408..00000000 --- a/.changelog/573.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:security -Upgrade go version to address [CVE-2024-24791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791) -``` \ No newline at end of file diff --git a/.changelog/97.txt b/.changelog/97.txt deleted file mode 100644 index 4cef02c8..00000000 --- a/.changelog/97.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:security -Update to Go 1.20.4 and Envoy 1.26.1 within the Dockerfile. -``` diff --git a/.changelog/98.txt b/.changelog/98.txt new file mode 100644 index 00000000..504c37eb --- /dev/null +++ b/.changelog/98.txt @@ -0,0 +1,3 @@ +```release-note:security +Update to Go 1.20.4 and Envoy 1.25.6 within the Dockerfile. +``` diff --git a/.github/workflows/bot-auto-approve.yaml b/.github/workflows/bot-auto-approve.yaml deleted file mode 100644 index 160bf533..00000000 --- a/.github/workflows/bot-auto-approve.yaml +++ /dev/null @@ -1,13 +0,0 @@ -name: Bot Auto Approve - -on: pull_request_target - -jobs: - auto-approve: - runs-on: ubuntu-latest - if: github.actor == 'hc-github-team-consul-core' - steps: - - uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0 - with: - review-message: "Auto approved Consul Bot automated PR" - github-token: ${{ secrets.MERGE_APPROVE_TOKEN }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 42b38b49..83e4ba11 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -63,7 +63,7 @@ jobs: needs: - get-go-version - get-product-version - runs-on: ubuntu-20.04 # the GLIBC is too high on 22.04 + runs-on: ubuntu-latest strategy: matrix: include: @@ -71,14 +71,12 @@ jobs: - {goos: "linux", goarch: "arm64"} - {goos: "linux", goarch: "386"} - {goos: "linux", goarch: "amd64"} - - {goos: "linux", goarch: "amd64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto", fips: "+fips1402", pkg_suffix: "-fips" } - - {goos: "linux", goarch: "arm64", gotags: "fips", env: "CGO_ENABLED=1 GOEXPERIMENT=boringcrypto CC=aarch64-linux-gnu-gcc", fips: "+fips1402", pkg_suffix: "-fips" } - {goos: "darwin", goarch: "amd64"} - {goos: "darwin", goarch: "arm64"} fail-fast: true - name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.fips }} build + name: Go ${{ needs.get-go-version.outputs.go-version }} ${{ matrix.goos }} ${{ matrix.goarch }} build steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 @@ -86,18 +84,14 @@ jobs: - uses: hashicorp/actions-go-build@v1 with: product_name: ${{ env.PKG_NAME }} - product_version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} + product_version: ${{ needs.get-product-version.outputs.product-version }} go_version: ${{ needs.get-go-version.outputs.go-version }} os: ${{ matrix.goos }} arch: ${{ matrix.goarch }} reproducible: assert instructions: | cp LICENSE $TARGET_DIR/LICENSE.txt - if [[ "${{ matrix.fips }}" == "+fips1402" ]] - then - sudo apt-get update --allow-releaseinfo-change-suite --allow-releaseinfo-change-version && sudo apt-get install -y build-essential gcc-aarch64-linux-gnu - fi - ${{ matrix.env }} go build -tags=${{ matrix.gotags }} -trimpath -buildvcs=false -ldflags="-X github.com/hashicorp/consul-dataplane/pkg/version.GitCommit=${GITHUB_SHA::8}" -o $BIN_PATH ./cmd/$BIN_NAME + CGO_ENABLED=0 go build -trimpath -buildvcs=false -ldflags="-X github.com/hashicorp/consul-dataplane/pkg/version.GitCommit=${GITHUB_SHA::8}" -o $BIN_PATH ./cmd/$BIN_NAME - name: Copy license file if: ${{ matrix.goos == 'linux' }} @@ -111,10 +105,10 @@ jobs: if: ${{ matrix.goos == 'linux' }} uses: hashicorp/actions-packaging-linux@v1 with: - name: ${{ github.event.repository.name }}${{ matrix.pkg_suffix }} + name: ${{ github.event.repository.name }} description: "Consul dataplane connects an application to a Consul service mesh." arch: ${{ matrix.goarch }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} + version: ${{ needs.get-product-version.outputs.product-version }} maintainer: "HashiCorp" homepage: "https://github.com/hashicorp/consul-dataplane" license: "MPL-2.0" @@ -142,7 +136,7 @@ jobs: path: out/${{ env.DEB_PACKAGE }} build-docker-default: - name: Docker ${{ matrix.arch }} ${{ matrix.fips }} default release build + name: Docker ${{ matrix.arch }} default release build needs: - get-go-version - get-product-version @@ -152,17 +146,15 @@ jobs: matrix: # This is the subset of architectures we build binaries for officially # supported by Envoy. - include: - - { arch: "amd64" } - - { arch: "amd64", fips: "+fips1402" } - - { arch: "arm64" } - - { arch: "arm64", fips: "+fips1402" } + arch: ["arm64", "amd64"] env: repo: ${{ github.event.repository.name }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} + version: ${{ needs.get-product-version.outputs.product-version }} + steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix # This naming convention will be used ONLY for per-commit dev images - name: Set docker dev tag run: | @@ -172,13 +164,12 @@ jobs: echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV - name: Docker Build (Action) - if: ${{ !matrix.fips }} uses: hashicorp/actions-docker-build@v2 with: smoke_test: | TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" if [ "${TEST_VERSION}" != "${version}" ]; then - echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." + echo "Test FAILED" exit 1 fi echo "Test PASSED" @@ -196,59 +187,30 @@ jobs: extra_build_args: | GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - - name: Docker FIPS Build (Action) - if: ${{ matrix.fips }} - uses: hashicorp/actions-docker-build@v2 - with: - smoke_test: | - TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" - if [ "${TEST_VERSION}" != "${version}" ]; then - echo "Test FAILED: Got ${TEST_VERSION}, want ${version}." - exit 1 - fi - echo "Test PASSED" - version: ${{ env.version }} - target: release-fips-default - arch: ${{ matrix.arch }} - tags: | - docker.io/hashicorp/${{env.repo}}-fips:${{env.version}} - public.ecr.aws/hashicorp/${{env.repo}}-fips:${{env.version}} - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-${{ github.sha }} - docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }} - docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-${{ github.sha }} - extra_build_args: | - GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - build-docker-redhat: - name: Docker ${{ matrix.fips }} UBI Image Build (for Red Hat Certified Container Registry) + name: Docker UBI Image Build (for Red Hat Certified Container Registry) needs: - get-go-version - get-product-version - build-linux runs-on: ubuntu-latest - strategy: - matrix: - include: - - { target-name: "release-ubi", registry-id: "631f805e0d15f623c5996c2e" } - - { target-name: "release-fips-ubi", registry-id: "649cced3e093d1cc7f3d9b61", fips: "+fips1402" } env: repo: ${{github.event.repository.name}} - version: ${{needs.get-product-version.outputs.product-version}}${{ matrix.fips }} + version: ${{needs.get-product-version.outputs.product-version}} + steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - uses: hashicorp/actions-docker-build@v2 with: version: ${{env.version}} - target: ${{ matrix.target-name }} + target: release-ubi arch: amd64 - redhat_tag: quay.io/redhat-isv-containers/${{matrix.registry-id}}:${{env.version}}-ubi + redhat_tag: quay.io/redhat-isv-containers/631f805e0d15f623c5996c2e:${{env.version}}-ubi extra_build_args: | GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} build-docker-ubi-dockerhub: - name: Docker ${{ matrix.arch }} ${{ matrix.fips }} UBI build for DockerHub + name: Docker ${{ matrix.arch }} UBI build for DockerHub needs: - get-go-version - get-product-version @@ -256,14 +218,13 @@ jobs: runs-on: ubuntu-latest strategy: matrix: - include: - - { arch: "amd64" } - - { arch: "amd64", fips: "+fips1402" } + arch: ["amd64"] env: repo: ${{ github.event.repository.name }} - version: ${{ needs.get-product-version.outputs.product-version }}${{ matrix.fips }} + version: ${{ needs.get-product-version.outputs.product-version }} steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + # Strip everything but MAJOR.MINOR from the version string and add a `-dev` suffix # This naming convention will be used ONLY for per-commit dev images - name: Set docker dev tag run: | @@ -273,13 +234,12 @@ jobs: echo "minor_dev_tag=$(echo ${{ env.version }}| sed -E 's/([0-9]+\.[0-9]+)\.[0-9]+(-[0-9a-zA-Z\+\.]+)?$/\1\2/')" >> $GITHUB_ENV - name: Docker Build (Action) - if: ${{ !matrix.fips }} uses: hashicorp/actions-docker-build@v2 with: smoke_test: | TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" if [ "${TEST_VERSION}" != "${version}" ]; then - echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." + echo "Test FAILED" exit 1 fi echo "Test PASSED" @@ -297,31 +257,6 @@ jobs: extra_build_args: | GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - - name: Docker FIPS Build (Action) - if: ${{ matrix.fips }} - uses: hashicorp/actions-docker-build@v2 - with: - smoke_test: | - TEST_VERSION="$(docker run "${IMAGE_NAME}" --version | head -n1 | cut -d' ' -f3 | sed 's/^v//')" - if [ "${TEST_VERSION}" != "${version}" ]; then - echo "Test FAILED: Got ${TEST_VERSION}, want ${version}}." - exit 1 - fi - echo "Test PASSED" - version: ${{ env.version }} - target: release-fips-ubi - arch: ${{ matrix.arch }} - tags: | - docker.io/hashicorp/${{env.repo}}-fips:${{env.version}}-ubi - public.ecr.aws/hashicorp/${{env.repo}}-fips:${{env.version}}-ubi - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.full_dev_tag }}-ubi-${{ github.sha }} - docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-ubi - docker.io/hashicorppreview/${{ env.repo }}-fips:${{ env.minor_dev_tag }}-ubi-${{ github.sha }} - extra_build_args: | - GOLANG_VERSION=${{ needs.get-go-version.outputs.go-version }} - integration-tests: name: Integration Tests (Consul ${{ matrix.server.version }} ${{ matrix.dataplane.docker_target }}) needs: @@ -333,14 +268,10 @@ jobs: strategy: matrix: server: + - version: v1.14.4 + image: docker.mirror.hashicorp.services/hashicorp/consul:1.14.4 - version: v1.15.0-dev image: hashicorppreview/consul:1.15-dev - - version: v1.18.0-dev - image: hashicorppreview/consul:1.18-dev - - version: v1.19.0-dev - image: hashicorppreview/consul:1.19-dev - - version: v1.20.0-dev - image: hashicorppreview/consul:1.20-dev dataplane: - image_suffix: "" docker_target: "release-default" @@ -352,9 +283,8 @@ jobs: steps: - name: Set docker dev tag run: | - version="${{ env.version }}" + version="${{env.version}}" echo "dev_tag=${{ env.version }}${{ matrix.dataplane.image_suffix }}" >> $GITHUB_ENV - - name: Set image tarball run: | echo "image_tarball=${{env.repo}}_${{ matrix.dataplane.docker_target }}_linux_amd64_${{env.version}}_${{github.sha}}.docker.dev.tar" >> $GITHUB_ENV @@ -363,7 +293,7 @@ jobs: name: ${{env.image_tarball}} - run: docker load --input ${{env.image_tarball}} - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ needs.get-go-version.outputs.go-version }} - id: run-tests @@ -372,7 +302,7 @@ jobs: - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 continue-on-error: true with: - name: consul-${{matrix.server.version}}-${{matrix.dataplane.docker_target}}-integration-tests-output + name: consul-${{matrix.server.version}}-integration-tests-output path: integration-tests/output/ if-no-files-found: 'error' - name: Check for failures diff --git a/.github/workflows/consul-dataplane-checks.yaml b/.github/workflows/consul-dataplane-checks.yaml index d0b59434..ce038a5c 100644 --- a/.github/workflows/consul-dataplane-checks.yaml +++ b/.github/workflows/consul-dataplane-checks.yaml @@ -3,8 +3,7 @@ name: consul-dataplane-checks on: push: branches: - - main - - 'release/*.*.x' + main pull_request: jobs: @@ -24,7 +23,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ needs.get-go-version.outputs.go-version }} - run: go test ./... -p 1 # disable parallelism to avoid port conflicts from default metrics and lifecycle server configuration @@ -36,7 +35,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ needs.get-go-version.outputs.go-version }} - run: make docker @@ -50,9 +49,9 @@ jobs: - get-go-version runs-on: ubuntu-latest steps: - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ needs.get-go-version.outputs.go-version }} - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: golangci-lint - uses: golangci/golangci-lint-action@82d40c283aeb1f2b6595839195e95c2d6a49081b # v5.0.0 + uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 diff --git a/.github/workflows/jira-issues.yaml b/.github/workflows/jira-issues.yaml index 1047bb61..12865ef0 100644 --- a/.github/workflows/jira-issues.yaml +++ b/.github/workflows/jira-issues.yaml @@ -46,6 +46,8 @@ jobs: # customfield_10089 is "Issue Link", customfield_10371 is "Source" (use JIRA API to retrieve) extraFields: '{ "customfield_10089": "${{ github.event.issue.html_url || github.event.pull_request.html_url }}", "customfield_10371": { "value": "GitHub" }, + "customfield_10535": [{ "value": "Service Mesh" }], + "components": [{ "name": "${{ github.event.repository.name }}" }], "labels": ${{ steps.set-ticket-labels.outputs.LABELS }} }' env: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} @@ -61,6 +63,7 @@ jobs: jql: 'issuetype = "${{ steps.set-ticket-type.outputs.TYPE }}" and cf[10089] = "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"' - name: Sync comment + if: github.event.action == 'created' && steps.search.outputs.issue uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0 with: issue: ${{ steps.search.outputs.issue }} diff --git a/.github/workflows/jira-pr.yaml b/.github/workflows/jira-pr.yaml index 4d9b7608..eb559078 100644 --- a/.github/workflows/jira-pr.yaml +++ b/.github/workflows/jira-pr.yaml @@ -37,7 +37,7 @@ jobs: id: is-team-member run: | TEAM=consul - ROLE="$(gh api orgs/hashicorp/teams/${TEAM}/memberships/${{ github.actor }} | jq -r '.role | select(.!=null)')" + ROLE="$(hub api orgs/hashicorp/teams/${TEAM}/memberships/${{ github.actor }} | jq -r '.role | select(.!=null)')" if [[ -n ${ROLE} ]]; then echo "Actor ${{ github.actor }} is a ${TEAM} team member" echo "MESSAGE=true" >> $GITHUB_OUTPUT @@ -59,6 +59,8 @@ jobs: # customfield_10089 is "Issue Link", customfield_10371 is "Source" (use JIRA API to retrieve) extraFields: '{ "customfield_10089": "${{ github.event.pull_request.html_url }}", "customfield_10371": { "value": "GitHub" }, + "customfield_10535": [{ "value": "Service Mesh" }], + "components": [{ "name": "${{ github.event.repository.name }}" }], "labels": ${{ steps.set-ticket-labels.outputs.LABELS }} }' env: JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }} diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index bb1da12c..4b09bdef 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -38,7 +38,7 @@ jobs: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Set up Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: ${{ needs.get-go-version.outputs.go-version }} @@ -46,7 +46,8 @@ jobs: uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: repository: hashicorp/security-scanner - token: ${{ secrets.HASHIBOT_PRODSEC_GITHUB_TOKEN }} + #TODO: replace w/ HASHIBOT_PRODSEC_GITHUB_TOKEN once provisioned + token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} path: security-scanner ref: main @@ -65,4 +66,4 @@ jobs: - name: Upload SARIF file uses: github/codeql-action/upload-sarif@c4fb451437765abf5018c6fbf22cce1a7da1e5cc # codeql-bundle-v2.17.1 with: - sarif_file: results.sarif + sarif_file: results.sarif \ No newline at end of file diff --git a/.go-version b/.go-version index 054c858f..89144dbc 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.22.5 \ No newline at end of file +1.22.3 diff --git a/.golangci.yml b/.golangci.yml deleted file mode 100644 index 2ead2dec..00000000 --- a/.golangci.yml +++ /dev/null @@ -1,9 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -issues: - exclude-rules: - # Allow usage of deprecated values. - - linters: [ staticcheck ] - text: 'SA1019:' - path: "(pkg/consuldp/bootstrap.go)" \ No newline at end of file diff --git a/.release/ci.hcl b/.release/ci.hcl index bf2f9ffe..5acb4716 100644 --- a/.release/ci.hcl +++ b/.release/ci.hcl @@ -1,6 +1,3 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - schema = "1" project "consul-dataplane" { diff --git a/.release/release-metadata.hcl b/.release/release-metadata.hcl index d62f513f..62766d5b 100644 --- a/.release/release-metadata.hcl +++ b/.release/release-metadata.hcl @@ -1,6 +1,3 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - url_docker_registry_dockerhub = "https://hub.docker.com/r/hashicorp/consul-dataplane" url_docker_registry_ecr = "https://gallery.ecr.aws/hashicorp/consul-dataplane" url_source_repository = "https://github.com/hashicorp/consul-dataplane" diff --git a/CHANGELOG.md b/CHANGELOG.md index 98e15868..9baf564a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,69 +1,3 @@ -## 1.5.0 (June 12, 2024) - -IMPROVEMENTS: - -* Upgrade Go to use 1.22.4. [[GH-529](https://github.com/hashicorp/consul-dataplane/pull/529)] -* Upgrade to support Envoy `1.29.5`. [[GH-533](https://github.com/hashicorp/consul-dataplane/pull/533)] -* dns: queries proxied by consul-dataplane now assume the same namespace/partition/ACL token as the service registered to the dataplane instance. [[GH-172](https://github.com/hashicorp/consul-dataplane/pull/172)] - -## 1.4.2 (May 21, 2024) - -SECURITY: - -* Upgrade Go to use 1.21.10. This addresses CVEs - [CVE-2024-24787](https://nvd.nist.gov/vuln/detail/CVE-2024-24787) and - [CVE-2024-24788](https://nvd.nist.gov/vuln/detail/CVE-2024-24788) [[GH-487](https://github.com/hashicorp/consul-dataplane/pull/487)] -* Upgrade to support Envoy `1.28.2`. This resolves CVE - [CVE-2024-27919](https://nvd.nist.gov/vuln/detail/CVE-2024-27919) (`http2`). [[GH-474](https://github.com/hashicorp/consul-dataplane/pull/474)] -* Upgrade to support Envoy `1.28.3`. This resolves CVE - [CVE-2024-32475](https://nvd.nist.gov/vuln/detail/CVE-2024-32475). [[GH-496](https://github.com/hashicorp/consul-dataplane/pull/496)] -* Upgrade to use Go `1.21.9`. This resolves CVE - [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) (`http2`). [[GH-474](https://github.com/hashicorp/consul-dataplane/pull/474)] -* Upgrade to use golang.org/x/net `v0.24.0`. This resolves CVE - [CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) (`x/net`). [[GH-474](https://github.com/hashicorp/consul-dataplane/pull/474)] - -IMPROVEMENTS: - -* Upgrade Go to use 1.22.3. [[GH-501](https://github.com/hashicorp/consul-dataplane/pull/501)] - -## 1.3.5 (May 24, 2024) -SECURITY: - -* Upgrade Go to use 1.21.10. This addresses CVEs -[CVE-2024-24787](https://nvd.nist.gov/vuln/detail/CVE-2024-24787) and -[CVE-2024-24788](https://nvd.nist.gov/vuln/detail/CVE-2024-24788) [[GH-487](https://github.com/hashicorp/consul-dataplane/pull/487)] -* Upgrade to support Envoy `1.27.4`. This resolves CVE -[CVE-2024-27919](https://nvd.nist.gov/vuln/detail/CVE-2024-27919) (`http2`). [[GH-477](https://github.com/hashicorp/consul-dataplane/pull/477)] -* Upgrade to support Envoy `1.27.5`. This resolves CVE -[CVE-2024-32475](https://nvd.nist.gov/vuln/detail/CVE-2024-32475). [[GH-497](https://github.com/hashicorp/consul-dataplane/pull/497)] -* Upgrade to use Go `1.21.9`. This resolves CVE -[CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) (`http2`). [[GH-477](https://github.com/hashicorp/consul-dataplane/pull/477)] -* Upgrade to use golang.org/x/net `v0.24.0`. This resolves CVE -[CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) (`x/net`). [[GH-477](https://github.com/hashicorp/consul-dataplane/pull/477)] - -IMPROVEMENTS: - -* Upgrade Go to use 1.22.3. [[GH-501](https://github.com/hashicorp/consul-dataplane/pull/501)] - -## 1.2.8 (May 24, 2024) -SECURITY: - -* Upgrade Go to use 1.21.10. This addresses CVEs -[CVE-2024-24787](https://nvd.nist.gov/vuln/detail/CVE-2024-24787) and -[CVE-2024-24788](https://nvd.nist.gov/vuln/detail/CVE-2024-24788) [[GH-487](https://github.com/hashicorp/consul-dataplane/pull/487)] -* Upgrade to support Envoy `1.26.8`. This resolves CVE -[CVE-2024-27919](https://nvd.nist.gov/vuln/detail/CVE-2024-27919) (`http2`). [[GH-476](https://github.com/hashicorp/consul-dataplane/pull/476)] -* Upgrade to support Envoy `1.27.5`. This resolves CVE -[CVE-2024-32475](https://nvd.nist.gov/vuln/detail/CVE-2024-32475). [[GH-498](https://github.com/hashicorp/consul-dataplane/pull/498)] -* Upgrade to use Go `1.21.9`. This resolves CVE -[CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) (`http2`). [[GH-476](https://github.com/hashicorp/consul-dataplane/pull/476)] -* Upgrade to use golang.org/x/net `v0.24.0`. This resolves CVE -[CVE-2023-45288](https://nvd.nist.gov/vuln/detail/CVE-2023-45288) (`x/net`). [[GH-476](https://github.com/hashicorp/consul-dataplane/pull/476)] - -IMPROVEMENTS: - -* Upgrade Go to use 1.22.3. [[GH-501](https://github.com/hashicorp/consul-dataplane/pull/501)] - ## 1.1.11 (May 20, 2024) SECURITY: @@ -83,44 +17,6 @@ IMPROVEMENTS: * Upgrade Go to use 1.22.3. [[GH-501](https://github.com/hashicorp/consul-dataplane/pull/501)] -## 1.4.1 (March 28, 2024) - -SECURITY: - -* Update `google.golang.org/protobuf` to v1.33.0 to address [CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786). [[GH-460](https://github.com/hashicorp/consul-dataplane/pull/460)] -* Upgrade to use Go `1.21.8`. This resolves CVEs - [CVE-2024-24783](https://nvd.nist.gov/vuln/detail/CVE-2024-24783) (`crypto/x509`). - [CVE-2023-45290](https://nvd.nist.gov/vuln/detail/CVE-2023-45290) (`net/http`). - [CVE-2023-45289](https://nvd.nist.gov/vuln/detail/CVE-2023-45289) (`net/http`, `net/http/cookiejar`). - [CVE-2024-24785](https://nvd.nist.gov/vuln/detail/CVE-2024-24785) (`html/template`). - [CVE-2024-24784](https://nvd.nist.gov/vuln/detail/CVE-2024-24784) (`net/mail`). [[GH-465](https://github.com/hashicorp/consul-dataplane/pull/465)] - -## 1.3.4 (March 28, 2024) - -SECURITY: - -* Update `google.golang.org/protobuf` to v1.33.0 to address [CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786). [[GH-460](https://github.com/hashicorp/consul-dataplane/pull/460)] -* Upgrade `consul-dataplane-fips` OpenShift container image to use `ubi9-minimal:9.3` as the base image. [[GH-434](https://github.com/hashicorp/consul-dataplane/pull/434)] -* Upgrade to use Go `1.21.8`. This resolves CVEs - [CVE-2024-24783](https://nvd.nist.gov/vuln/detail/CVE-2024-24783) (`crypto/x509`). - [CVE-2023-45290](https://nvd.nist.gov/vuln/detail/CVE-2023-45290) (`net/http`). - [CVE-2023-45289](https://nvd.nist.gov/vuln/detail/CVE-2023-45289) (`net/http`, `net/http/cookiejar`). - [CVE-2024-24785](https://nvd.nist.gov/vuln/detail/CVE-2024-24785) (`html/template`). - [CVE-2024-24784](https://nvd.nist.gov/vuln/detail/CVE-2024-24784) (`net/mail`). [[GH-465](https://github.com/hashicorp/consul-dataplane/pull/465)] - -## 1.2.7 (March 28, 2024) - -SECURITY: - -* Update `google.golang.org/protobuf` to v1.33.0 to address [CVE-2024-24786](https://nvd.nist.gov/vuln/detail/CVE-2024-24786). [[GH-460](https://github.com/hashicorp/consul-dataplane/pull/460)] -* Upgrade `consul-dataplane-fips` OpenShift container image to use `ubi9-minimal:9.3` as the base image. [[GH-434](https://github.com/hashicorp/consul-dataplane/pull/434)] -* Upgrade to use Go `1.21.8`. This resolves CVEs - [CVE-2024-24783](https://nvd.nist.gov/vuln/detail/CVE-2024-24783) (`crypto/x509`). - [CVE-2023-45290](https://nvd.nist.gov/vuln/detail/CVE-2023-45290) (`net/http`). - [CVE-2023-45289](https://nvd.nist.gov/vuln/detail/CVE-2023-45289) (`net/http`, `net/http/cookiejar`). - [CVE-2024-24785](https://nvd.nist.gov/vuln/detail/CVE-2024-24785) (`html/template`). - [CVE-2024-24784](https://nvd.nist.gov/vuln/detail/CVE-2024-24784) (`net/mail`). [[GH-465](https://github.com/hashicorp/consul-dataplane/pull/465)] - ## 1.1.10 (March 28, 2024) SECURITY: @@ -133,47 +29,6 @@ SECURITY: [CVE-2024-24785](https://nvd.nist.gov/vuln/detail/CVE-2024-24785) (`html/template`). [CVE-2024-24784](https://nvd.nist.gov/vuln/detail/CVE-2024-24784) (`net/mail`). [[GH-465](https://github.com/hashicorp/consul-dataplane/pull/465)] -## 1.4.0 (February 28, 2024) - -SECURITY: - -* Update Envoy version to 1.27.2 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-310](https://github.com/hashicorp/consul-dataplane/pull/310)] -* Update Envoy version to 1.28.1 to address [CVE-2024-23324](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j), and [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-416](https://github.com/hashicorp/consul-dataplane/pull/416)] -* Upgrade `consul-dataplane-fips` OpenShift container image to use `ubi9-minimal:9.3` as the base image. [[GH-434](https://github.com/hashicorp/consul-dataplane/pull/434)] - -FEATURES: - -* Add metrics exporting directly to HCP when configured in core. [[GH-370](https://github.com/hashicorp/consul-dataplane/pull/370)] - -IMPROVEMENTS: - -* Propagate merged metrics request query params to Envoy to enable metrics filtering. [[GH-372](https://github.com/hashicorp/consul-dataplane/pull/372)] -* Update Envoy version from 1.27 to 1.28 [[GH-416](https://github.com/hashicorp/consul-dataplane/pull/416)] - -BUG FIXES: - -* Exclude Prometheus scrape path query params from Envoy path match s.t. it does not break merged metrics request routing. [[GH-372](https://github.com/hashicorp/consul-dataplane/pull/372)] - -## 1.3.3 (February 14, 2024) - -SECURITY: - -* Update Envoy version to 1.27.3 to address [CVE-2024-23324](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j), and [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-421](https://github.com/hashicorp/consul-dataplane/pull/421)] - -IMPROVEMENTS: - -* Upgrade to use Go 1.21.7. [[GH-411](https://github.com/hashicorp/consul-dataplane/pull/411)] - -## 1.2.6 (February 14, 2024) - -SECURITY: - -* Update Envoy version to 1.26.7 to address [CVE-2024-23324](https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6), [CVE-2024-23325](https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26), [CVE-2024-23322](https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38), [CVE-2024-23323](https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch), [CVE-2024-23327](https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j), and [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-417](https://github.com/hashicorp/consul-dataplane/pull/417)] - -IMPROVEMENTS: - -* Upgrade to use Go 1.21.7. [[GH-411](https://github.com/hashicorp/consul-dataplane/pull/411)] - ## 1.1.9 (February 14, 2024) SECURITY: @@ -184,26 +39,6 @@ IMPROVEMENTS: * Upgrade to use Go 1.21.7. [[GH-411](https://github.com/hashicorp/consul-dataplane/pull/411)] -## 1.3.2 (January 24, 2024) - -SECURITY: - -* Upgrade OpenShift container images to use `ubi9-minimal:9.3` as the base image. [[GH-373](https://github.com/hashicorp/consul-dataplane/pull/373)] - -IMPROVEMENTS: - -* Upgrade to use Go 1.21.6. [[GH-384](https://github.com/hashicorp/consul-dataplane/pull/384)] - -## 1.2.5 (January 24, 2024) - -SECURITY: - -* Upgrade OpenShift container images to use `ubi9-minimal:9.3` as the base image. [[GH-373](https://github.com/hashicorp/consul-dataplane/pull/373)] - -IMPROVEMENTS: - -* Upgrade to use Go 1.21.6. [[GH-384](https://github.com/hashicorp/consul-dataplane/pull/384)] - ## 1.1.8 (January 24, 2024) SECURITY: @@ -214,35 +49,6 @@ IMPROVEMENTS: * Upgrade to use Go 1.21.6. [[GH-384](https://github.com/hashicorp/consul-dataplane/pull/384)] -## 1.3.1 (December 18, 2023) - -SECURITY: - -* Update Envoy version to 1.27.2 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-314](https://github.com/hashicorp/consul-dataplane/pull/314)] -* Upgrade to use Go 1.20.12. This resolves CVEs - [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283): (`path/filepath`) recognize \??\ as a Root Local Device path prefix (Windows) - [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45285): recognize device names with trailing spaces and superscripts (Windows) - [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326): (`net/http`) limit chunked data overhead - [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285): (`cmd/go`) go get may unexpectedly fallback to insecure git [[GH-353](https://github.com/hashicorp/consul-dataplane/pull/353)] - -BUG FIXES: - -* Fix issue where the internal grpc-proxy would hit the max message size limit for xDS streams with a large amount of configuration. [[GH-357](https://github.com/hashicorp/consul-dataplane/pull/357)] - -## 1.2.4 (December 18, 2023) - -SECURITY: - -* Upgrade to use Go 1.20.12. This resolves CVEs - [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283): (`path/filepath`) recognize \??\ as a Root Local Device path prefix (Windows) - [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45285): recognize device names with trailing spaces and superscripts (Windows) - [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326): (`net/http`) limit chunked data overhead - [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285): (`cmd/go`) go get may unexpectedly fallback to insecure git [[GH-353](https://github.com/hashicorp/consul-dataplane/pull/353)] - -BUG FIXES: - -* Fix issue where the internal grpc-proxy would hit the max message size limit for xDS streams with a large amount of configuration. [[GH-357](https://github.com/hashicorp/consul-dataplane/pull/357)] - ## 1.1.7 (December 18, 2023) SECURITY: @@ -257,34 +63,6 @@ BUG FIXES: * Fix issue where the internal grpc-proxy would hit the max message size limit for xDS streams with a large amount of configuration. [[GH-357](https://github.com/hashicorp/consul-dataplane/pull/357)] -## 1.3.0 (November 6, 2023) - -SECURITY: - -* Update Envoy version to 1.27.2 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-315](https://github.com/hashicorp/consul-dataplane/pull/315)] -* Upgrade `google.golang.org/grpc` to 1.56.3. - This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-323](https://github.com/hashicorp/consul-dataplane/pull/323)] -* Upgrade to use Go 1.20.10 and `x/net` 0.17.0. - This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) - / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-299](https://github.com/hashicorp/consul-dataplane/pull/299)] - -## 1.2.3 (November 1, 2023) - -SECURITY: - -* Update Envoy version to 1.26.6 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-313](https://github.com/hashicorp/consul-dataplane/pull/313)] -* Upgrade `google.golang.org/grpc` to 1.56.3. - This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-323](https://github.com/hashicorp/consul-dataplane/pull/323)] -* Upgrade to use Go 1.20.10 and `x/net` 0.17.0. - This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) - / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-299](https://github.com/hashicorp/consul-dataplane/pull/299)] -* Upgrade to use Go 1.20.8. This resolves CVEs - [CVE-2023-39320](https://github.com/advisories/GHSA-rxv8-v965-v333) (`cmd/go`), - [CVE-2023-39318](https://github.com/advisories/GHSA-vq7j-gx56-rxjh) (`html/template`), - [CVE-2023-39319](https://github.com/advisories/GHSA-vv9m-32rr-3g55) (`html/template`), - [CVE-2023-39321](https://github.com/advisories/GHSA-9v7r-x7cv-v437) (`crypto/tls`), and - [CVE-2023-39322](https://github.com/advisories/GHSA-892h-r6cr-53g4) (`crypto/tls`) [[GH-261](https://github.com/hashicorp/consul-dataplane/pull/261)] - ## 1.1.6 (November 1, 2023) SECURITY: @@ -302,70 +80,6 @@ SECURITY: [CVE-2023-39321](https://github.com/advisories/GHSA-9v7r-x7cv-v437) (`crypto/tls`), and [CVE-2023-39322](https://github.com/advisories/GHSA-892h-r6cr-53g4) (`crypto/tls`) [[GH-261](https://github.com/hashicorp/consul-dataplane/pull/261)] -## 1.0.7 (November 1, 2023) - -SECURITY: - -* Update Envoy version to 1.24.12 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-311](https://github.com/hashicorp/consul-dataplane/pull/311)] -* Upgrade `google.golang.org/grpc` to 1.56.3. - This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-323](https://github.com/hashicorp/consul-dataplane/pull/323)] -* Upgrade to use Go 1.20.10 and `x/net` 0.17.0. - This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) - / [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-299](https://github.com/hashicorp/consul-dataplane/pull/299)] -* Upgrade to use Go 1.20.8. This resolves CVEs - [CVE-2023-39320](https://github.com/advisories/GHSA-rxv8-v965-v333) (`cmd/go`), - [CVE-2023-39318](https://github.com/advisories/GHSA-vq7j-gx56-rxjh) (`html/template`), - [CVE-2023-39319](https://github.com/advisories/GHSA-vv9m-32rr-3g55) (`html/template`), - [CVE-2023-39321](https://github.com/advisories/GHSA-9v7r-x7cv-v437) (`crypto/tls`), and - [CVE-2023-39322](https://github.com/advisories/GHSA-892h-r6cr-53g4) (`crypto/tls`) [[GH-261](https://github.com/hashicorp/consul-dataplane/pull/261)] - -## 1.3.0-rc1 (October 10, 2023) - -SECURITY: - -* Update to Go 1.20.7 and Envoy 1.26.4 within the Dockerfile. [[GH-235](https://github.com/hashicorp/consul-dataplane/pull/235)] -* Upgrade to use Go 1.20.6 and `x/net/http` 0.12.0. - This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`). [[GH-219](https://github.com/hashicorp/consul-dataplane/pull/219)] -* Upgrade to use Go 1.20.7 and `x/net` 0.13.0. - This resolves [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`) - and [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978)(`net/html`). [[GH-227](https://github.com/hashicorp/consul-dataplane/pull/227)] -* Upgrade to use Go 1.20.8. This resolves CVEs - [CVE-2023-39320](https://github.com/advisories/GHSA-rxv8-v965-v333) (`cmd/go`), - [CVE-2023-39318](https://github.com/advisories/GHSA-vq7j-gx56-rxjh) (`html/template`), - [CVE-2023-39319](https://github.com/advisories/GHSA-vv9m-32rr-3g55) (`html/template`), - [CVE-2023-39321](https://github.com/advisories/GHSA-9v7r-x7cv-v437) (`crypto/tls`), and - [CVE-2023-39322](https://github.com/advisories/GHSA-892h-r6cr-53g4) (`crypto/tls`) [[GH-261](https://github.com/hashicorp/consul-dataplane/pull/261)] - -FEATURES: - -* Add -shutdown-drain-listeners, -shutdown-grace-period, -graceful-shutdown-path and -graceful-port flags to configure proxy lifecycle management settings for the Envoy container. [[GH-100](https://github.com/hashicorp/consul-dataplane/pull/100)] -* Add HTTP server with configurable port and endpoint path for initiating graceful shutdown. [[GH-115](https://github.com/hashicorp/consul-dataplane/pull/115)] -* Catch SIGTERM and SIGINT to initate graceful shutdown in accordance with proxy lifecycle management configuration. [[GH-130](https://github.com/hashicorp/consul-dataplane/pull/130)] -* Make consul dataplane handle bootstrap param response for Catalog and Mesh V2 resources [[GH-242](https://github.com/hashicorp/consul-dataplane/pull/242)] - -IMPROVEMENTS: - -* Add graceful_startup endpoint and postStart hook in order to guarantee that dataplane starts up before application container. [[GH-239](https://github.com/hashicorp/consul-dataplane/pull/239)] -* Add the `-config-file` flag to support reading configuration options from a JSON file. [[GH-164](https://github.com/hashicorp/consul-dataplane/pull/164)] -* In order to support Windows, write Envoy bootstrap configuration to a regular file instead of a named pipe. [[GH-188](https://github.com/hashicorp/consul-dataplane/pull/188)] -* connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [[GH-184](https://github.com/hashicorp/consul-dataplane/pull/184)] - -BUG FIXES: - -* Add support for envoy-extra-args. Fixes [Envoy extra-args annotation crashing consul-dataplane container](https://github.com/hashicorp/consul-k8s/issues/1846). [[GH-133](https://github.com/hashicorp/consul-dataplane/pull/133)] -* Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [[GH-238](https://github.com/hashicorp/consul-dataplane/pull/238)] -* Fix a bug where exiting envoy would inadvertently throw an error [[GH-175](https://github.com/hashicorp/consul-dataplane/pull/175)] -* Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-140](https://github.com/hashicorp/consul-dataplane/pull/140)] - -## 1.2.2 (September 5, 2023) - -SECURITY: - -* Update to Go 1.20.7 and Envoy 1.26.4 within the Dockerfile. [[GH-235](https://github.com/hashicorp/consul-dataplane/pull/235)] - -BUG FIXES: - -* Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [[GH-238](https://github.com/hashicorp/consul-dataplane/pull/238)] ## 1.1.5 (September 5, 2023) @@ -377,43 +91,6 @@ BUG FIXES: * Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [[GH-238](https://github.com/hashicorp/consul-dataplane/pull/238)] -## 1.0.6 (September 5, 2023) - -SECURITY: - -* Update to Go 1.20.7 and Envoy 1.24.10 within the Dockerfile. [[GH-237](https://github.com/hashicorp/consul-dataplane/pull/237)] - -BUG FIXES: - -* Fix a bug where container user was unable to bind to privileged ports (< 1024). The consul-dataplane container now requires the NET_BIND_SERVICE capability. [[GH-238](https://github.com/hashicorp/consul-dataplane/pull/238)] - -## 1.2.1 (August 9, 2023) - -SECURITY: - -* Upgrade to use Go 1.20.7 and `x/net/http` 0.12.0. - This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`). [[GH-219](https://github.com/hashicorp/consul-dataplane/pull/219)] -* Upgrade to use Go 1.20.7 and `x/net` 0.13.0. - This resolves [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`) - and [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978)(`net/html`). [[GH-227](https://github.com/hashicorp/consul-dataplane/pull/227)] - -FEATURES: - -* Add -shutdown-drain-listeners, -shutdown-grace-period, -graceful-shutdown-path and -graceful-port flags to configure proxy lifecycle management settings for the Envoy container. [[GH-100](https://github.com/hashicorp/consul-dataplane/pull/100)] -* Add HTTP server with configurable port and endpoint path for initiating graceful shutdown. [[GH-115](https://github.com/hashicorp/consul-dataplane/pull/115)] -* Catch SIGTERM and SIGINT to initate graceful shutdown in accordance with proxy lifecycle management configuration. [[GH-130](https://github.com/hashicorp/consul-dataplane/pull/130)] - -IMPROVEMENTS: - -* connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [[GH-184](https://github.com/hashicorp/consul-dataplane/pull/184)] - -BUG FIXES: - -* Add support for envoy-extra-args. Fixes [Envoy extra-args annotation crashing consul-dataplane container](https://github.com/hashicorp/consul-k8s/issues/1846). [[GH-133](https://github.com/hashicorp/consul-dataplane/pull/133)] -* Fix a bug where exiting envoy would inadvertently throw an error [[GH-175](https://github.com/hashicorp/consul-dataplane/pull/175)] -* Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-140](https://github.com/hashicorp/consul-dataplane/pull/140)] - - ## 1.1.4 (August 9, 2023) SECURITY: @@ -432,32 +109,6 @@ BUG FIXES: * Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-140](https://github.com/hashicorp/consul-dataplane/pull/140)] -## 1.0.5 (August 9, 2023) - -SECURITY: - -* Upgrade to use Go 1.20.6 and `x/net/http` 0.12.0. - This resolves [CVE-2023-29406](https://github.com/advisories/GHSA-f8f7-69v5-w4vx)(`net/http`). [[GH-219](https://github.com/hashicorp/consul-dataplane/pull/219)] -* Upgrade to use Go 1.20.7 and `x/net` 0.13.0. - This resolves [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`) - and [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978)(`net/html`). [[GH-227](https://github.com/hashicorp/consul-dataplane/pull/227)] - -IMPROVEMENTS: - -* connect: Add capture group labels from Envoy cluster FQDNs to Envoy exported metric labels [[GH-184](https://github.com/hashicorp/consul-dataplane/pull/184)] - -BUG FIXES: - -* Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-140](https://github.com/hashicorp/consul-dataplane/pull/140)] - -## 1.2.0 (June 28, 2023) - -SECURITY: - -* Update go-discover to 214571b6a5309addf3db7775f4ee8cf4d264fd5f within the Dockerfile. [[GH-153](https://github.com/hashicorp/consul-dataplane/pull/153)] -* Update to Envoy 1.26.2 within the Dockerfile. [[GH-142](https://github.com/hashicorp/consul-dataplane/pull/142)] -* Update to Go 1.20.4 and Envoy 1.26.1 within the Dockerfile. [[GH-97](https://github.com/hashicorp/consul-dataplane/pull/97)] - ## 1.1.3 (June 28, 2023) @@ -476,22 +127,6 @@ BUG FIXES: * Add support for envoy-extra-args. Fixes [Envoy extra-args annotation crashing consul-dataplane container](https://github.com/hashicorp/consul-k8s/issues/1846). [[GH-133](https://github.com/hashicorp/consul-dataplane/pull/133)] * Fix a bug where exiting envoy would inadvertently throw an error [[GH-175](https://github.com/hashicorp/consul-dataplane/pull/175)] -## 1.0.4 (June 28, 2023) - -SECURITY: - -* Update go-discover to 214571b6a5309addf3db7775f4ee8cf4d264fd5f within the Dockerfile. [[GH-153](https://github.com/hashicorp/consul-dataplane/pull/153)] - -FEATURES: - -* Add -shutdown-drain-listeners, -shutdown-grace-period, -graceful-shutdown-path and -graceful-port flags to configure proxy lifecycle management settings for the Envoy container. [[GH-100](https://github.com/hashicorp/consul-dataplane/pull/100)] -* Add HTTP server with configurable port and endpoint path for initiating graceful shutdown. [[GH-115](https://github.com/hashicorp/consul-dataplane/pull/115)] -* Catch SIGTERM and SIGINT to initate graceful shutdown in accordance with proxy lifecycle management configuration. [[GH-130](https://github.com/hashicorp/consul-dataplane/pull/130)] - -BUG FIXES: - -* Add support for envoy-extra-args. Fixes [Envoy extra-args annotation crashing consul-dataplane container](https://github.com/hashicorp/consul-k8s/issues/1846). [[GH-133](https://github.com/hashicorp/consul-dataplane/pull/133)] -* Fix a bug where exiting envoy would inadvertently throw an error [[GH-175](https://github.com/hashicorp/consul-dataplane/pull/175)] ## 1.1.2 (June 1, 2023) @@ -499,20 +134,6 @@ BUG FIXES: * Reverts #104 fix that caused a downstream error for Ingress/Mesh/Terminating GWs [[GH-131](https://github.com/hashicorp/consul-dataplane/pull/131)] -## 1.0.3 (June 1, 2023) - -SECURITY: - -* Update to UBI base image to 9.2. [[GH-125](https://github.com/hashicorp/consul-dataplane/pull/125)] - -IMPROVEMENTS: - -* Update bootstrap configuration to rename envoy_hcp_metrics_bind_socket_dir to envoy_telemetry_collector_bind_socket_dir to remove HCP naming references. [[GH-122](https://github.com/hashicorp/consul-dataplane/pull/122)] - -BUG FIXES: - -* Reverts #104 fix that caused a downstream error for Ingress/Mesh/Terminating GWs [[GH-131](https://github.com/hashicorp/consul-dataplane/pull/131)] - ## 1.1.1 (May 31, 2023) SECURITY: @@ -539,35 +160,6 @@ BUG FIXES: * Fix a bug that threw an error when trying to use `$HOST_IP` with metrics URLs. [[GH-106](https://github.com/hashicorp/consul-dataplane/pull/106)] * Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-104](https://github.com/hashicorp/consul-dataplane/pull/104)] -## 1.0.2 (May 16, 2023) - -SECURITY: - -* Update to Go 1.20.4 and Envoy 1.24.7 within the Dockerfile. [[GH-99](https://github.com/hashicorp/consul-dataplane/pull/99)] -* Upgrade golang/x/net to 0.7.0 -This resolves vulnerability [CVE-2022-41723](https://github.com/golang/go/issues/57855) in `x/net` [[GH-81](https://github.com/hashicorp/consul-dataplane/pull/81)] -* Upgrade to use Go 1.20.1. -This resolves vulnerabilities [CVE-2022-41724](https://go.dev/issue/58001) in `crypto/tls` and [CVE-2022-41723](https://go.dev/issue/57855) in `net/http`. [[GH-78](https://github.com/hashicorp/consul-dataplane/pull/78)] -* Upgrade to use Go 1.20.4. -This resolves vulnerabilities [CVE-2023-24537](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`go/scanner`), -[CVE-2023-24538](https://github.com/advisories/GHSA-v4m2-x4rp-hv22)(`html/template`), -[CVE-2023-24534](https://github.com/advisories/GHSA-8v5j-pwr7-w5f8)(`net/textproto`) and -[CVE-2023-24536](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`mime/multipart`). [[GH-94](https://github.com/hashicorp/consul-dataplane/pull/94)] - -FEATURES: - -* Add envoy_hcp_metrics_bind_socket_dir flag to configure a directory where a unix socket is created. -This enables Envoy metrics collection, which will be forwarded to a HCP metrics collector. [[GH-90](https://github.com/hashicorp/consul-dataplane/pull/90)] - -IMPROVEMENTS: - -* Update consul-server-connection-manager to version 0.1.2. [[GH-77](https://github.com/hashicorp/consul-dataplane/pull/77)] - -BUG FIXES: - -* Fix a bug that threw an error when trying to use `$HOST_IP` with metrics URLs. [[GH-106](https://github.com/hashicorp/consul-dataplane/pull/106)] -* Fix a bug with Envoy potentially starting with incomplete configuration by not waiting enough for initial xDS configuration. [[GH-104](https://github.com/hashicorp/consul-dataplane/pull/104)] - ## 1.1.0 (February 23, 2023) SECURITY: diff --git a/Dockerfile b/Dockerfile index c8b92424..a0acfd77 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,3 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - # This Dockerfile contains multiple targets. # Use 'docker build --target= .' to build one. # @@ -9,9 +6,8 @@ # envoy-binary pulls in the latest Envoy binary, as Envoy don't publish # prebuilt binaries in any other form. -# ARG GOLANG_VERSION -FROM envoyproxy/envoy-distroless:v1.29.5 as envoy-binary +FROM envoyproxy/envoy-distroless:v1.27.6 as envoy-binary # Modify the envoy binary to be able to bind to privileged ports (< 1024). FROM debian:bullseye-slim AS setcap-envoy-binary @@ -27,22 +23,6 @@ RUN apt-get update && apt install -y libcap2-bin RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/envoy RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/$BIN_NAME -FROM hashicorp/envoy-fips:1.29.5-fips1402 as envoy-fips-binary - -# Modify the envoy-fips binary to be able to bind to privileged ports (< 1024). -FROM debian:bullseye-slim AS setcap-envoy-fips-binary - -ARG BIN_NAME=consul-dataplane -ARG TARGETARCH -ARG TARGETOS - -COPY --from=envoy-fips-binary /usr/local/bin/envoy /usr/local/bin/ -COPY dist/$TARGETOS/$TARGETARCH/$BIN_NAME /usr/local/bin/ - -RUN apt-get update && apt install -y libcap2-bin -RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/envoy -RUN setcap CAP_NET_BIND_SERVICE=+ep /usr/local/bin/$BIN_NAME - # go-discover builds the discover binary (which we don't currently publish # either). ARG GOLANG_VERSION @@ -89,40 +69,6 @@ USER 100 ENTRYPOINT ["/usr/local/bin/dumb-init", "/usr/local/bin/consul-dataplane"] -# FIPS release-default release image -# ----------------------------------- -FROM gcr.io/distroless/base-debian11 AS release-fips-default - -ARG BIN_NAME -ARG PRODUCT_VERSION -ARG PRODUCT_REVISION -ENV PRODUCT_NAME=$BIN_NAME - -# TARGETARCH and TARGETOS are set automatically when --platform is provided. -ARG TARGETOS TARGETARCH - -LABEL name=${BIN_NAME}\ - maintainer="Consul Team " \ - vendor="HashiCorp" \ - version=${PRODUCT_VERSION} \ - release=${PRODUCT_REVISION} \ - revision=${PRODUCT_REVISION} \ - summary="Consul dataplane manages the proxy that runs within the data plane layer of Consul Service Mesh." \ - description="Consul dataplane manages the proxy that runs within the data plane layer of Consul Service Mesh." \ - org.opencontainers.image.licenses="MPL-2.0" - -COPY LICENSE /usr/share/doc/$PRODUCT_NAME/LICENSE.txt - -COPY --from=dumb-init /usr/bin/dumb-init /usr/local/bin/ -COPY --from=go-discover /go/bin/discover /usr/local/bin/ -COPY --from=setcap-envoy-fips-binary /usr/local/bin/envoy /usr/local/bin/ -COPY --from=setcap-envoy-fips-binary /usr/local/bin/$BIN_NAME /usr/local/bin/ -COPY LICENSE /licenses/copyright.txt - -USER 100 - -ENTRYPOINT ["/usr/local/bin/dumb-init", "/usr/local/bin/consul-dataplane"] - # Red Hat UBI-based image # This image is based on the Red Hat UBI base image, and has the necessary # labels, license file, and non-root user. @@ -165,48 +111,6 @@ COPY LICENSE /licenses/copyright.txt USER 100 ENTRYPOINT ["/usr/local/bin/dumb-init", "/usr/local/bin/consul-dataplane"] -# FIPS Red Hat UBI-based image -# This image is based on the Red Hat UBI base image, and has the necessary -# labels, license file, and non-root user. -# ----------------------------------- -FROM registry.access.redhat.com/ubi9-minimal:9.3 as release-fips-ubi - -ARG BIN_NAME -ENV BIN_NAME=$BIN_NAME -ARG PRODUCT_VERSION -ARG PRODUCT_REVISION -ENV PRODUCT_NAME=$BIN_NAME -# TARGETARCH and TARGETOS are set automatically when --platform is provided. -ARG TARGETOS TARGETARCH - -LABEL name=${BIN_NAME}\ - maintainer="Consul Team " \ - vendor="HashiCorp" \ - version=${PRODUCT_VERSION} \ - release=${PRODUCT_REVISION} \ - revision=${PRODUCT_REVISION} \ - summary="Consul dataplane connects an application to a Consul service mesh." \ - description="Consul dataplane connects an application to a Consul service mesh." \ - org.opencontainers.image.licenses="MPL-2.0" - -COPY LICENSE /usr/share/doc/$PRODUCT_NAME/LICENSE.txt - -RUN microdnf install -y shadow-utils - -# Create a non-root user to run the software. -RUN groupadd --gid 1000 $PRODUCT_NAME && \ - adduser --uid 100 --system -g $PRODUCT_NAME $PRODUCT_NAME && \ - usermod -a -G root $PRODUCT_NAME - -COPY --from=dumb-init /usr/bin/dumb-init /usr/local/bin/ -COPY --from=go-discover /go/bin/discover /usr/local/bin/ -COPY --from=setcap-envoy-fips-binary /usr/local/bin/envoy /usr/local/bin/ -COPY --from=setcap-envoy-fips-binary /usr/local/bin/$BIN_NAME /usr/local/bin/ -COPY LICENSE /licenses/copyright.txt - -USER 100 -ENTRYPOINT ["/usr/local/bin/dumb-init", "/usr/local/bin/consul-dataplane"] - # =================================== # # Set default target to 'release-default'. diff --git a/Dockerfile.dev b/Dockerfile.dev deleted file mode 100644 index 8339782e..00000000 --- a/Dockerfile.dev +++ /dev/null @@ -1,10 +0,0 @@ -# DANGER: this dockerfile is experimental and could be modified/removed at any time. -# A simple image for testing changes to consul-dataplane -# -# Meant to be used with the following make target -# DEV_IMAGE= make skaffold - -FROM hashicorp/consul-dataplane as cache -ARG TARGETARCH - -COPY dist/linux/${TARGETARCH}/consul-dataplane /usr/local/bin/ diff --git a/Makefile b/Makefile index ada7c187..123e7524 100644 --- a/Makefile +++ b/Makefile @@ -151,15 +151,6 @@ ifndef DP_NEXT_RELEASE_VERSION endif @$(CURDIR)/build-scripts/prepare-release.sh $(CURDIR)/pkg/version/version.go $(DP_NEXT_RELEASE_VERSION) "dev" -# This generates mocks against public proto packages in consul. At the time of writing, -# only the dns and resource packages are used in consul-dataplane so only mocks for their -# interfaces are generated here. -.PHONY: mocks -mocks: - for pkg in pbdns pbresource; do \ - mockery --srcpkg=github.com/hashicorp/consul/proto-public/$$pkg --output ./internal/mocks/$${pkg}mock --outpkg $${pkg}mock --case underscore --all; \ - done - .PHONY: go-mod-get go-mod-get: $(foreach mod,$(GO_MODULES),go-mod-get/$(mod)) ## Run go get and go mod tidy in every module for the given dependency diff --git a/build-scripts/version.sh b/build-scripts/version.sh index 6affd155..c0c604ca 100755 --- a/build-scripts/version.sh +++ b/build-scripts/version.sh @@ -1,7 +1,4 @@ #!/usr/bin/env bash -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - version_file=$1 version=$(awk '$1 == "Version" && $2 == "=" { gsub(/"/, "", $3); print $3 }' < "${version_file}") diff --git a/cmd/consul-dataplane/config.go b/cmd/consul-dataplane/config.go deleted file mode 100644 index 1823ddd4..00000000 --- a/cmd/consul-dataplane/config.go +++ /dev/null @@ -1,372 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package main - -import ( - "encoding/json" - "os" - "strings" - - "dario.cat/mergo" - - "github.com/hashicorp/consul-dataplane/pkg/consuldp" -) - -type FlagOpts struct { - dataplaneConfig DataplaneConfigFlags - - printVersion bool - configFile string -} - -type DataplaneConfigFlags struct { - Consul ConsulFlags `json:"consul,omitempty"` - Service ServiceFlags `json:"service,omitempty"` - Proxy ProxyFlags `json:"proxy,omitempty"` - Logging LogFlags `json:"logging,omitempty"` - XDSServer XDSServerFlags `json:"xdsServer,omitempty"` - DNSServer DNSServerFlags `json:"dnsServer,omitempty"` - Telemetry TelemetryFlags `json:"telemetry,omitempty"` - Envoy EnvoyFlags `json:"envoy,omitempty"` -} - -type ConsulFlags struct { - Addresses *string `json:"addresses,omitempty"` - GRPCPort *int `json:"grpcPort,omitempty"` - ServerWatchDisabled *bool `json:"serverWatchDisabled,omitempty"` - - TLS TLSFlags `json:"tls,omitempty"` - Credentials CredentialsFlags `json:"credentials,omitempty"` -} - -type TLSFlags struct { - Disabled *bool `json:"disabled,omitempty"` - CACertsPath *string `json:"caCertsPath,omitempty"` - ServerName *string `json:"serverName,omitempty"` - CertFile *string `json:"certFile,omitempty"` - KeyFile *string `json:"keyFile,omitempty"` - InsecureSkipVerify *bool `json:"insecureSkipVerify,omitempty"` -} - -type CredentialsFlags struct { - Type *string `json:"type,omitempty"` - Static StaticCredentialsFlags `json:"static,omitempty"` - Login LoginCredentialsFlags `json:"login,omitempty"` -} - -type StaticCredentialsFlags struct { - Token *string `json:"token,omitempty"` -} - -type LoginCredentialsFlags struct { - AuthMethod *string `json:"authMethod,omitempty"` - Namespace *string `json:"namespace,omitempty"` - Partition *string `json:"partition,omitempty"` - Datacenter *string `json:"datacenter,omitempty"` - BearerToken *string `json:"bearerToken,omitempty"` - BearerTokenPath *string `json:"bearerTokenPath,omitempty"` - Meta map[string]string `json:"meta,omitempty"` -} - -type ServiceFlags struct { - NodeName *string `json:"nodeName,omitempty"` - NodeID *string `json:"nodeID,omitempty"` - ServiceID *string `json:"serviceID,omitempty"` - ServiceIDPath *string `json:"serviceIDPath,omitempty"` - Namespace *string `json:"namespace,omitempty"` - Partition *string `json:"partition,omitempty"` -} - -func (pf ProxyFlags) IsEmpty() bool { - return pf.NodeName == nil && - pf.NodeID == nil && - pf.ID == nil && - pf.IDPath == nil && - pf.Namespace == nil && - pf.Partition == nil -} - -type ProxyFlags struct { - NodeName *string `json:"nodeName,omitempty"` - NodeID *string `json:"nodeID,omitempty"` - ID *string `json:"id,omitempty"` - IDPath *string `json:"idPath,omitempty"` - Namespace *string `json:"namespace,omitempty"` - Partition *string `json:"partition,omitempty"` -} - -type XDSServerFlags struct { - BindAddr *string `json:"bindAddress,omitempty"` - BindPort *int `json:"bindPort,omitempty"` -} - -type DNSServerFlags struct { - BindAddr *string `json:"bindAddress,omitempty"` - BindPort *int `json:"bindPort,omitempty"` -} - -type LogFlags struct { - Name string - LogLevel *string `json:"logLevel,omitempty"` - LogJSON *bool `json:"logJSON,omitempty"` -} - -type TelemetryFlags struct { - UseCentralConfig *bool `json:"useCentralConfig"` - Prometheus PrometheusTelemetryFlags `json:"prometheus,omitempty"` -} - -type PrometheusTelemetryFlags struct { - RetentionTime *Duration `json:"retentionTime,omitempty"` - CACertsPath *string `json:"caCertsPath,omitempty"` - KeyFile *string `json:"keyFile,omitempty"` - CertFile *string `json:"certFile,omitempty"` - ServiceMetricsURL *string `json:"serviceMetricsURL,omitempty"` - ScrapePath *string `json:"scrapePath,omitempty"` - MergePort *int `json:"mergePort,omitempty"` -} - -type EnvoyFlags struct { - AdminBindAddr *string `json:"adminBindAddress,omitempty"` - AdminBindPort *int `json:"adminBindPort,omitempty"` - ReadyBindAddr *string `json:"readyBindAddress,omitempty"` - ReadyBindPort *int `json:"readyBindPort,omitempty"` - Concurrency *int `json:"concurrency,omitempty"` - DrainTimeSeconds *int `json:"drainTimeSeconds,omitempty"` - DrainStrategy *string `json:"drainStrategy,omitempty"` - - ShutdownDrainListenersEnabled *bool `json:"shutdownDrainListenersEnabled,omitempty"` - ShutdownGracePeriodSeconds *int `json:"shutdownGracePeriodSeconds,omitempty"` - GracefulShutdownPath *string `json:"gracefulShutdownPath,omitempty"` - GracefulPort *int `json:"gracefulPort,omitempty"` - DumpEnvoyConfigOnExitEnabled *bool `json:"dumpEnvoyConfigOnExitEnabled,omitempty"` - //Time in seconds to wait for dataplane to be ready. - StartupGracePeriodSeconds *int `json:"startupGracePeriodSeconds,omitempty"` - //Endpoint for graceful startup function. - GracefulStartupPath *string `json:"gracefulStartupPath,omitempty"` -} - -const ( - DefaultLogName = "consul-dataplane" -) - -// buildDataplaneConfig builds the necessary config needed for the -// dataplane to start. We begin with the default version of the dataplane -// config(with the default values) followed by merging the file based -// config generated from the `-config-file` input into it. -// Since values given via CLI flags take the most precedence, we finally -// merge the config generated from the flags into the previously -// generated/merged config -func (f *FlagOpts) buildDataplaneConfig(extraArgs []string) (*consuldp.Config, error) { - consulDPDefaultFlags, err := buildDefaultConsulDPFlags() - if err != nil { - return nil, err - } - - if f.configFile != "" { - consulDPFileBasedFlags, err := f.buildConfigFromFile() - if err != nil { - return nil, err - } - - consulDPDefaultFlags, err = mergeConfigs(consulDPDefaultFlags, consulDPFileBasedFlags) - if err != nil { - return nil, err - } - } - - consulDPDefaultFlags, err = mergeConfigs(consulDPDefaultFlags, f.dataplaneConfig) - if err != nil { - return nil, err - } - - consuldpRuntimeConfig, err := constructRuntimeConfig(consulDPDefaultFlags, extraArgs) - if err != nil { - return nil, err - } - - return consuldpRuntimeConfig, nil -} - -// Constructs a config based on the values present in the config json file -func (f *FlagOpts) buildConfigFromFile() (DataplaneConfigFlags, error) { - var cfg DataplaneConfigFlags - data, err := os.ReadFile(f.configFile) - if err != nil { - return DataplaneConfigFlags{}, err - } - - err = json.Unmarshal(data, &cfg) - if err != nil { - return DataplaneConfigFlags{}, err - } - - return cfg, nil -} - -// Constructs a config with the default values -func buildDefaultConsulDPFlags() (DataplaneConfigFlags, error) { - data := ` - { - "consul": { - "grpcPort": 8502, - "serverWatchDisabled": false, - "tls": { - "disabled": false, - "insecureSkipVerify": false - } - }, - "logging": { - "name": "consul-dataplane", - "logJSON": false, - "logLevel": "info" - }, - "telemetry": { - "useCentralConfig": true, - "prometheus": { - "retentionTime": "60s", - "scrapePath": "/metrics", - "mergePort": 20100 - } - }, - "envoy": { - "adminBindAddress": "127.0.0.1", - "adminBindPort": 19000, - "readyBindPort": 0, - "concurrency": 2, - "drainTimeSeconds": 30, - "drainStrategy": "immediate", - "shutdownDrainListenersEnabled": false, - "shutdownGracePeriodSeconds": 0, - "gracefulShutdownPath": "/graceful_shutdown", - "gracefulPort": 20300, - "dumpEnvoyConfigOnExitEnabled": false, - "gracefulStartupPath": "/graceful_startup", - "startupGracePeriodSeconds": 0 - }, - "xdsServer": { - "bindAddress": "127.0.0.1", - "bindPort": 0 - }, - "dnsServer": { - "bindAddress": "127.0.0.1", - "bindPort": -1 - } - }` - - var defaultCfgFlags DataplaneConfigFlags - err := json.Unmarshal([]byte(data), &defaultCfgFlags) - if err != nil { - return DataplaneConfigFlags{}, err - } - - return defaultCfgFlags, nil -} - -// constructRuntimeConfig constructs the final config needed for dataplane to start -// itself after substituting all the user provided inputs -func constructRuntimeConfig(cfg DataplaneConfigFlags, extraArgs []string) (*consuldp.Config, error) { - // Handle deprecated service flags. - var proxyCfg consuldp.ProxyConfig - if !cfg.Proxy.IsEmpty() { - proxyCfg = consuldp.ProxyConfig{ - NodeName: stringVal(cfg.Proxy.NodeName), - NodeID: stringVal(cfg.Proxy.NodeID), - ProxyID: stringVal(cfg.Proxy.ID), - Namespace: stringVal(cfg.Proxy.Namespace), - Partition: stringVal(cfg.Proxy.Partition), - } - } else { - proxyCfg = consuldp.ProxyConfig{ - NodeName: stringVal(cfg.Service.NodeName), - NodeID: stringVal(cfg.Service.NodeID), - ProxyID: stringVal(cfg.Service.ServiceID), - Namespace: stringVal(cfg.Service.Namespace), - Partition: stringVal(cfg.Service.Partition), - } - } - - return &consuldp.Config{ - Consul: &consuldp.ConsulConfig{ - Addresses: stringVal(cfg.Consul.Addresses), - GRPCPort: intVal(cfg.Consul.GRPCPort), - ServerWatchDisabled: boolVal(cfg.Consul.ServerWatchDisabled), - Credentials: &consuldp.CredentialsConfig{ - Type: consuldp.CredentialsType(stringVal(cfg.Consul.Credentials.Type)), - Static: consuldp.StaticCredentialsConfig{ - Token: stringVal(cfg.Consul.Credentials.Static.Token), - }, - Login: consuldp.LoginCredentialsConfig{ - AuthMethod: stringVal(cfg.Consul.Credentials.Login.AuthMethod), - Namespace: stringVal(cfg.Consul.Credentials.Login.Namespace), - Partition: stringVal(cfg.Consul.Credentials.Login.Partition), - Datacenter: stringVal(cfg.Consul.Credentials.Login.Datacenter), - BearerToken: stringVal(cfg.Consul.Credentials.Login.BearerToken), - BearerTokenPath: stringVal(cfg.Consul.Credentials.Login.BearerTokenPath), - Meta: cfg.Consul.Credentials.Login.Meta, - }, - }, - TLS: &consuldp.TLSConfig{ - Disabled: boolVal(cfg.Consul.TLS.Disabled), - CACertsPath: stringVal(cfg.Consul.TLS.CACertsPath), - CertFile: stringVal(cfg.Consul.TLS.CertFile), - KeyFile: stringVal(cfg.Consul.TLS.KeyFile), - ServerName: stringVal(cfg.Consul.TLS.ServerName), - InsecureSkipVerify: boolVal(cfg.Consul.TLS.InsecureSkipVerify), - }, - }, - Proxy: &proxyCfg, - Logging: &consuldp.LoggingConfig{ - Name: DefaultLogName, - LogJSON: boolVal(cfg.Logging.LogJSON), - LogLevel: strings.ToUpper(stringVal(cfg.Logging.LogLevel)), - }, - Envoy: &consuldp.EnvoyConfig{ - AdminBindAddress: stringVal(cfg.Envoy.AdminBindAddr), - AdminBindPort: intVal(cfg.Envoy.AdminBindPort), - ReadyBindAddress: stringVal(cfg.Envoy.ReadyBindAddr), - ReadyBindPort: intVal(cfg.Envoy.ReadyBindPort), - EnvoyConcurrency: intVal(cfg.Envoy.Concurrency), - EnvoyDrainTimeSeconds: intVal(cfg.Envoy.DrainTimeSeconds), - EnvoyDrainStrategy: stringVal(cfg.Envoy.DrainStrategy), - ShutdownDrainListenersEnabled: boolVal(cfg.Envoy.ShutdownDrainListenersEnabled), - ShutdownGracePeriodSeconds: intVal(cfg.Envoy.ShutdownGracePeriodSeconds), - DumpEnvoyConfigOnExitEnabled: boolVal(cfg.Envoy.DumpEnvoyConfigOnExitEnabled), - GracefulShutdownPath: stringVal(cfg.Envoy.GracefulShutdownPath), - GracefulPort: intVal(cfg.Envoy.GracefulPort), - StartupGracePeriodSeconds: intVal(cfg.Envoy.StartupGracePeriodSeconds), - GracefulStartupPath: stringVal(cfg.Envoy.GracefulStartupPath), - ExtraArgs: extraArgs, - }, - Telemetry: &consuldp.TelemetryConfig{ - UseCentralConfig: boolVal(cfg.Telemetry.UseCentralConfig), - Prometheus: consuldp.PrometheusTelemetryConfig{ - RetentionTime: durationVal(cfg.Telemetry.Prometheus.RetentionTime), - CACertsPath: stringVal(cfg.Telemetry.Prometheus.CACertsPath), - CertFile: stringVal(cfg.Telemetry.Prometheus.CertFile), - KeyFile: stringVal(cfg.Telemetry.Prometheus.KeyFile), - ServiceMetricsURL: stringVal(cfg.Telemetry.Prometheus.ServiceMetricsURL), - ScrapePath: stringVal(cfg.Telemetry.Prometheus.ScrapePath), - MergePort: intVal(cfg.Telemetry.Prometheus.MergePort), - }, - }, - XDSServer: &consuldp.XDSServer{ - BindAddress: stringVal(cfg.XDSServer.BindAddr), - BindPort: intVal(cfg.XDSServer.BindPort), - }, - DNSServer: &consuldp.DNSServerConfig{ - BindAddr: stringVal(cfg.DNSServer.BindAddr), - Port: intVal(cfg.DNSServer.BindPort), - }, - }, nil -} - -func mergeConfigs(c1, c2 DataplaneConfigFlags) (DataplaneConfigFlags, error) { - err := mergo.Merge(&c1, c2, mergo.WithOverride, mergo.WithoutDereference) - if err != nil { - return DataplaneConfigFlags{}, err - } - - return c1, nil -} diff --git a/cmd/consul-dataplane/config_test.go b/cmd/consul-dataplane/config_test.go deleted file mode 100644 index 25859065..00000000 --- a/cmd/consul-dataplane/config_test.go +++ /dev/null @@ -1,1017 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package main - -import ( - "encoding/json" - "fmt" - "math/rand" - "os" - "testing" - "time" - - "github.com/stretchr/testify/require" - - "github.com/hashicorp/consul-dataplane/pkg/consuldp" -) - -func TestConfigGeneration(t *testing.T) { - type testCase struct { - desc string - flagOpts func() (*FlagOpts, error) - writeConfigFile func(t *testing.T) error - makeExpectedCfg func(f *FlagOpts) *consuldp.Config - wantErr bool - } - - testCases := []testCase{ - { - desc: "able to generate config properly when the config file input is empty", - flagOpts: func() (*FlagOpts, error) { - return generateFlagOptsWithServiceFlags() - }, - makeExpectedCfg: func(flagOpts *FlagOpts) *consuldp.Config { - return &consuldp.Config{ - Consul: &consuldp.ConsulConfig{ - Addresses: stringVal(flagOpts.dataplaneConfig.Consul.Addresses), - GRPCPort: intVal(flagOpts.dataplaneConfig.Consul.GRPCPort), - ServerWatchDisabled: true, - Credentials: &consuldp.CredentialsConfig{ - Type: "static", - Static: consuldp.StaticCredentialsConfig{ - Token: "test-token-123", - }, - Login: consuldp.LoginCredentialsConfig{ - AuthMethod: "test-iam-auth", - BearerToken: "bearer-login", - }, - }, - TLS: &consuldp.TLSConfig{ - Disabled: false, - CACertsPath: "/consul/", - CertFile: "ca-cert.pem", - KeyFile: "key.pem", - ServerName: "tls-server-name", - InsecureSkipVerify: true, - }, - }, - Proxy: &consuldp.ProxyConfig{ - NodeName: "test-node-dc1", - NodeID: "dc1.node.id", - Namespace: "default", - ProxyID: "node1.service1", - Partition: "default", - }, - Logging: &consuldp.LoggingConfig{ - Name: DefaultLogName, - LogJSON: true, - LogLevel: "WARN", - }, - DNSServer: &consuldp.DNSServerConfig{ - BindAddr: "127.0.0.1", - Port: 8604, - }, - XDSServer: &consuldp.XDSServer{ - BindAddress: "127.0.1.0", - BindPort: 0, - }, - Envoy: &consuldp.EnvoyConfig{ - AdminBindAddress: "127.0.1.0", - AdminBindPort: 18000, - ReadyBindAddress: "127.0.1.0", - ReadyBindPort: 18003, - EnvoyConcurrency: 4, - EnvoyDrainStrategy: "test-strategy", - ShutdownDrainListenersEnabled: true, - GracefulShutdownPath: "/graceful_shutdown", - EnvoyDrainTimeSeconds: 30, - GracefulPort: 20300, - GracefulStartupPath: "/graceful_startup", - }, - Telemetry: &consuldp.TelemetryConfig{ - UseCentralConfig: true, - Prometheus: consuldp.PrometheusTelemetryConfig{ - RetentionTime: 10 * time.Second, - ScrapePath: "/metrics", - MergePort: 12000, - CACertsPath: "/consul/", - CertFile: "prom-ca-cert.pem", - KeyFile: "prom-key.pem", - }, - }, - } - }, - wantErr: false, - }, - { - desc: "able to generate config properly with proxy flags when the config file input is empty", - flagOpts: func() (*FlagOpts, error) { - return generateFlagOptsWithProxyFlags() - }, - makeExpectedCfg: func(flagOpts *FlagOpts) *consuldp.Config { - return &consuldp.Config{ - Consul: &consuldp.ConsulConfig{ - Addresses: stringVal(flagOpts.dataplaneConfig.Consul.Addresses), - GRPCPort: intVal(flagOpts.dataplaneConfig.Consul.GRPCPort), - ServerWatchDisabled: true, - Credentials: &consuldp.CredentialsConfig{ - Type: "static", - Static: consuldp.StaticCredentialsConfig{ - Token: "test-token-123", - }, - Login: consuldp.LoginCredentialsConfig{ - AuthMethod: "test-iam-auth", - BearerToken: "bearer-login", - }, - }, - TLS: &consuldp.TLSConfig{ - Disabled: false, - CACertsPath: "/consul/", - CertFile: "ca-cert.pem", - KeyFile: "key.pem", - ServerName: "tls-server-name", - InsecureSkipVerify: true, - }, - }, - Proxy: &consuldp.ProxyConfig{ - NodeName: "test-node-dc1", - NodeID: "dc1.node.id", - Namespace: "default", - ProxyID: "node1.service1", - Partition: "default", - }, - Logging: &consuldp.LoggingConfig{ - Name: DefaultLogName, - LogJSON: true, - LogLevel: "WARN", - }, - DNSServer: &consuldp.DNSServerConfig{ - BindAddr: "127.0.0.1", - Port: 8604, - }, - XDSServer: &consuldp.XDSServer{ - BindAddress: "127.0.1.0", - BindPort: 0, - }, - Envoy: &consuldp.EnvoyConfig{ - AdminBindAddress: "127.0.1.0", - AdminBindPort: 18000, - ReadyBindAddress: "127.0.1.0", - ReadyBindPort: 18003, - EnvoyConcurrency: 4, - EnvoyDrainStrategy: "test-strategy", - ShutdownDrainListenersEnabled: true, - GracefulStartupPath: "/graceful_startup", - GracefulShutdownPath: "/graceful_shutdown", - EnvoyDrainTimeSeconds: 30, - GracefulPort: 20300, - }, - Telemetry: &consuldp.TelemetryConfig{ - UseCentralConfig: true, - Prometheus: consuldp.PrometheusTelemetryConfig{ - RetentionTime: 10 * time.Second, - ScrapePath: "/metrics", - MergePort: 12000, - CACertsPath: "/consul/", - CertFile: "prom-ca-cert.pem", - KeyFile: "prom-key.pem", - }, - }, - } - }, - wantErr: false, - }, - { - desc: "able to override all the config fields with CLI flags when using service flags", - flagOpts: func() (*FlagOpts, error) { - opts, err := generateFlagOptsWithServiceFlags() - if err != nil { - return nil, err - } - opts.dataplaneConfig.Consul.Credentials.Login.BearerTokenPath = strReference("/consul/bearertokenpath/") - opts.dataplaneConfig.Consul.Credentials.Login.Datacenter = strReference("dc100") - opts.dataplaneConfig.Consul.Credentials.Login.Meta = map[string]string{ - "key-1": "value-1", - "key-2": "value-2", - } - opts.dataplaneConfig.Consul.Credentials.Login.Namespace = strReference("default") - opts.dataplaneConfig.Consul.Credentials.Login.Partition = strReference("default") - - opts.dataplaneConfig.Logging.LogJSON = boolReference(false) - opts.dataplaneConfig.DNSServer.BindAddr = strReference("127.0.0.2") - opts.dataplaneConfig.XDSServer.BindPort = intReference(6060) - opts.dataplaneConfig.Envoy.DumpEnvoyConfigOnExitEnabled = boolReference(true) - return opts, nil - }, - makeExpectedCfg: func(flagOpts *FlagOpts) *consuldp.Config { - return &consuldp.Config{ - Consul: &consuldp.ConsulConfig{ - Addresses: stringVal(flagOpts.dataplaneConfig.Consul.Addresses), - GRPCPort: intVal(flagOpts.dataplaneConfig.Consul.GRPCPort), - ServerWatchDisabled: true, - Credentials: &consuldp.CredentialsConfig{ - Type: "static", - Static: consuldp.StaticCredentialsConfig{ - Token: "test-token-123", - }, - Login: consuldp.LoginCredentialsConfig{ - Meta: map[string]string{ - "key-1": "value-1", - "key-2": "value-2", - }, - AuthMethod: "test-iam-auth", - BearerToken: "bearer-login", - BearerTokenPath: "/consul/bearertokenpath/", - Namespace: "default", - Partition: "default", - Datacenter: "dc100", - }, - }, - TLS: &consuldp.TLSConfig{ - Disabled: false, - CACertsPath: "/consul/", - CertFile: "ca-cert.pem", - KeyFile: "key.pem", - ServerName: "tls-server-name", - InsecureSkipVerify: true, - }, - }, - Proxy: &consuldp.ProxyConfig{ - NodeName: "test-node-dc1", - NodeID: "dc1.node.id", - Namespace: "default", - ProxyID: "node1.service1", - Partition: "default", - }, - Logging: &consuldp.LoggingConfig{ - Name: DefaultLogName, - LogJSON: false, - LogLevel: "WARN", - }, - DNSServer: &consuldp.DNSServerConfig{ - BindAddr: "127.0.0.2", - Port: 8604, - }, - XDSServer: &consuldp.XDSServer{ - BindAddress: "127.0.1.0", - BindPort: 6060, - }, - Envoy: &consuldp.EnvoyConfig{ - AdminBindAddress: "127.0.1.0", - AdminBindPort: 18000, - ReadyBindAddress: "127.0.1.0", - ReadyBindPort: 18003, - EnvoyConcurrency: 4, - EnvoyDrainStrategy: "test-strategy", - ShutdownDrainListenersEnabled: true, - GracefulStartupPath: "/graceful_startup", - GracefulShutdownPath: "/graceful_shutdown", - EnvoyDrainTimeSeconds: 30, - GracefulPort: 20300, - DumpEnvoyConfigOnExitEnabled: true, - }, - Telemetry: &consuldp.TelemetryConfig{ - UseCentralConfig: true, - Prometheus: consuldp.PrometheusTelemetryConfig{ - RetentionTime: 10 * time.Second, - ScrapePath: "/metrics", - MergePort: 12000, - CACertsPath: "/consul/", - CertFile: "prom-ca-cert.pem", - KeyFile: "prom-key.pem", - }, - }, - } - }, - wantErr: false, - }, - { - desc: "able to override all the config fields with CLI flags when using proxy flags", - flagOpts: func() (*FlagOpts, error) { - opts, err := generateFlagOptsWithProxyFlags() - if err != nil { - return nil, err - } - opts.dataplaneConfig.Consul.Credentials.Login.BearerTokenPath = strReference("/consul/bearertokenpath/") - opts.dataplaneConfig.Consul.Credentials.Login.Datacenter = strReference("dc100") - opts.dataplaneConfig.Consul.Credentials.Login.Meta = map[string]string{ - "key-1": "value-1", - "key-2": "value-2", - } - opts.dataplaneConfig.Consul.Credentials.Login.Namespace = strReference("default") - opts.dataplaneConfig.Consul.Credentials.Login.Partition = strReference("default") - - opts.dataplaneConfig.Logging.LogJSON = boolReference(false) - opts.dataplaneConfig.DNSServer.BindAddr = strReference("127.0.0.2") - opts.dataplaneConfig.XDSServer.BindPort = intReference(6060) - opts.dataplaneConfig.Envoy.DumpEnvoyConfigOnExitEnabled = boolReference(true) - return opts, nil - }, - makeExpectedCfg: func(flagOpts *FlagOpts) *consuldp.Config { - return &consuldp.Config{ - Consul: &consuldp.ConsulConfig{ - Addresses: stringVal(flagOpts.dataplaneConfig.Consul.Addresses), - GRPCPort: intVal(flagOpts.dataplaneConfig.Consul.GRPCPort), - ServerWatchDisabled: true, - Credentials: &consuldp.CredentialsConfig{ - Type: "static", - Static: consuldp.StaticCredentialsConfig{ - Token: "test-token-123", - }, - Login: consuldp.LoginCredentialsConfig{ - Meta: map[string]string{ - "key-1": "value-1", - "key-2": "value-2", - }, - AuthMethod: "test-iam-auth", - BearerToken: "bearer-login", - BearerTokenPath: "/consul/bearertokenpath/", - Namespace: "default", - Partition: "default", - Datacenter: "dc100", - }, - }, - TLS: &consuldp.TLSConfig{ - Disabled: false, - CACertsPath: "/consul/", - CertFile: "ca-cert.pem", - KeyFile: "key.pem", - ServerName: "tls-server-name", - InsecureSkipVerify: true, - }, - }, - Proxy: &consuldp.ProxyConfig{ - NodeName: "test-node-dc1", - NodeID: "dc1.node.id", - Namespace: "default", - ProxyID: "node1.service1", - Partition: "default", - }, - Logging: &consuldp.LoggingConfig{ - Name: DefaultLogName, - LogJSON: false, - LogLevel: "WARN", - }, - DNSServer: &consuldp.DNSServerConfig{ - BindAddr: "127.0.0.2", - Port: 8604, - }, - XDSServer: &consuldp.XDSServer{ - BindAddress: "127.0.1.0", - BindPort: 6060, - }, - Envoy: &consuldp.EnvoyConfig{ - AdminBindAddress: "127.0.1.0", - AdminBindPort: 18000, - ReadyBindAddress: "127.0.1.0", - ReadyBindPort: 18003, - EnvoyConcurrency: 4, - EnvoyDrainStrategy: "test-strategy", - ShutdownDrainListenersEnabled: true, - GracefulShutdownPath: "/graceful_shutdown", - EnvoyDrainTimeSeconds: 30, - GracefulPort: 20300, - DumpEnvoyConfigOnExitEnabled: true, - GracefulStartupPath: "/graceful_startup", - }, - Telemetry: &consuldp.TelemetryConfig{ - UseCentralConfig: true, - Prometheus: consuldp.PrometheusTelemetryConfig{ - RetentionTime: 10 * time.Second, - ScrapePath: "/metrics", - MergePort: 12000, - CACertsPath: "/consul/", - CertFile: "prom-ca-cert.pem", - KeyFile: "prom-key.pem", - }, - }, - } - }, - wantErr: false, - }, - { - desc: "prefer proxy flags over service flags when both are set", - flagOpts: func() (*FlagOpts, error) { - opts, err := generateFlagOptsWithServiceFlags() - if err != nil { - return nil, err - } - opts.dataplaneConfig.Proxy.ID = strReference("proxy-id") - opts.dataplaneConfig.Proxy.NodeName = strReference("proxy-node-name") - opts.dataplaneConfig.Proxy.NodeID = strReference("proxy-node-id") - opts.dataplaneConfig.Proxy.Namespace = strReference("foo") - opts.dataplaneConfig.Proxy.Partition = strReference("bar") - - opts.dataplaneConfig.XDSServer.BindPort = intReference(6060) - return opts, nil - }, - makeExpectedCfg: func(flagOpts *FlagOpts) *consuldp.Config { - return &consuldp.Config{ - Consul: &consuldp.ConsulConfig{ - Addresses: stringVal(flagOpts.dataplaneConfig.Consul.Addresses), - GRPCPort: intVal(flagOpts.dataplaneConfig.Consul.GRPCPort), - ServerWatchDisabled: true, - Credentials: &consuldp.CredentialsConfig{ - Type: "static", - Static: consuldp.StaticCredentialsConfig{ - Token: "test-token-123", - }, - Login: consuldp.LoginCredentialsConfig{ - AuthMethod: "test-iam-auth", - BearerToken: "bearer-login", - }, - }, - TLS: &consuldp.TLSConfig{ - Disabled: false, - CACertsPath: "/consul/", - CertFile: "ca-cert.pem", - KeyFile: "key.pem", - ServerName: "tls-server-name", - InsecureSkipVerify: true, - }, - }, - Proxy: &consuldp.ProxyConfig{ - NodeName: "proxy-node-name", - NodeID: "proxy-node-id", - Namespace: "foo", - ProxyID: "proxy-id", - Partition: "bar", - }, - Logging: &consuldp.LoggingConfig{ - Name: DefaultLogName, - LogJSON: true, - LogLevel: "WARN", - }, - DNSServer: &consuldp.DNSServerConfig{ - BindAddr: "127.0.0.1", - Port: 8604, - }, - XDSServer: &consuldp.XDSServer{ - BindAddress: "127.0.1.0", - BindPort: 6060, - }, - Envoy: &consuldp.EnvoyConfig{ - AdminBindAddress: "127.0.1.0", - AdminBindPort: 18000, - ReadyBindAddress: "127.0.1.0", - ReadyBindPort: 18003, - EnvoyConcurrency: 4, - EnvoyDrainStrategy: "test-strategy", - ShutdownDrainListenersEnabled: true, - GracefulShutdownPath: "/graceful_shutdown", - GracefulStartupPath: "/graceful_startup", - EnvoyDrainTimeSeconds: 30, - GracefulPort: 20300, - }, - Telemetry: &consuldp.TelemetryConfig{ - UseCentralConfig: true, - Prometheus: consuldp.PrometheusTelemetryConfig{ - RetentionTime: 10 * time.Second, - ScrapePath: "/metrics", - MergePort: 12000, - CACertsPath: "/consul/", - CertFile: "prom-ca-cert.pem", - KeyFile: "prom-key.pem", - }, - }, - } - }, - wantErr: false, - }, - { - desc: "able to generate config properly when config file is given without flag inputs", - flagOpts: func() (*FlagOpts, error) { - opts := &FlagOpts{} - opts.configFile = "test.json" - return opts, nil - }, - writeConfigFile: func(t *testing.T) error { - inputJson := `{ - "consul": { - "addresses": "consul_server.dc1", - "grpcPort": 8502, - "serverWatchDisabled": false - }, - "proxy": { - "nodeName": "test-node-1", - "id": "frontend-service-sidecar-proxy", - "namespace": "default", - "partition": "default" - }, - "envoy": { - "adminBindAddress": "127.0.0.1", - "adminBindPort": 19000 - }, - "logging": { - "logLevel": "info", - "logJSON": false - } - }` - - err := os.WriteFile("test.json", []byte(inputJson), 0600) - if err != nil { - return err - } - - t.Cleanup(func() { - _ = os.Remove("test.json") - }) - return nil - }, - makeExpectedCfg: func(flagOpts *FlagOpts) *consuldp.Config { - return &consuldp.Config{ - Consul: &consuldp.ConsulConfig{ - Addresses: "consul_server.dc1", - GRPCPort: 8502, - ServerWatchDisabled: false, - Credentials: &consuldp.CredentialsConfig{ - Static: consuldp.StaticCredentialsConfig{}, - Login: consuldp.LoginCredentialsConfig{}, - }, - TLS: &consuldp.TLSConfig{}, - }, - Proxy: &consuldp.ProxyConfig{ - NodeName: "test-node-1", - Namespace: "default", - ProxyID: "frontend-service-sidecar-proxy", - Partition: "default", - }, - Logging: &consuldp.LoggingConfig{ - Name: DefaultLogName, - LogJSON: false, - LogLevel: "INFO", - }, - DNSServer: &consuldp.DNSServerConfig{ - BindAddr: "127.0.0.1", - Port: -1, - }, - XDSServer: &consuldp.XDSServer{ - BindAddress: "127.0.0.1", - BindPort: 0, - }, - Envoy: &consuldp.EnvoyConfig{ - AdminBindAddress: "127.0.0.1", - AdminBindPort: 19000, - ReadyBindPort: 0, - EnvoyConcurrency: 2, - EnvoyDrainStrategy: "immediate", - ShutdownDrainListenersEnabled: false, - GracefulShutdownPath: "/graceful_shutdown", - EnvoyDrainTimeSeconds: 30, - GracefulPort: 20300, - DumpEnvoyConfigOnExitEnabled: false, - GracefulStartupPath: "/graceful_startup", - }, - Telemetry: &consuldp.TelemetryConfig{ - UseCentralConfig: true, - Prometheus: consuldp.PrometheusTelemetryConfig{ - RetentionTime: 60 * time.Second, - ScrapePath: "/metrics", - MergePort: 20100, - }, - }, - } - }, - wantErr: false, - }, - { - desc: "test whether CLI flag values override the file values with service flags", - flagOpts: func() (*FlagOpts, error) { - opts, err := generateFlagOptsWithServiceFlags() - if err != nil { - return nil, err - } - opts.configFile = "test.json" - - opts.dataplaneConfig.Logging.LogLevel = strReference("info") - opts.dataplaneConfig.Logging.LogJSON = boolReference(false) - opts.dataplaneConfig.Consul.Credentials.Login.Meta = map[string]string{ - "key1": "value1", - } - - return opts, nil - }, - writeConfigFile: func(t *testing.T) error { - inputJson := `{ - "consul": { - "addresses": "consul_server.dc1", - "grpcPort": 8502, - "serverWatchDisabled": false - }, - "service": { - "nodeName": "test-node-1", - "serviceId": "frontend-service-sidecar-proxy", - "namespace": "default", - "partition": "default" - }, - "envoy": { - "adminBindAddress": "127.0.0.1", - "adminBindPort": 19000 - }, - "logging": { - "logLevel": "warn", - "logJSON": true - } - }` - - err := os.WriteFile("test.json", []byte(inputJson), 0600) - if err != nil { - return err - } - - t.Cleanup(func() { - _ = os.Remove("test.json") - }) - return nil - }, - makeExpectedCfg: func(flagOpts *FlagOpts) *consuldp.Config { - return &consuldp.Config{ - Consul: &consuldp.ConsulConfig{ - Addresses: stringVal(flagOpts.dataplaneConfig.Consul.Addresses), - GRPCPort: intVal(flagOpts.dataplaneConfig.Consul.GRPCPort), - ServerWatchDisabled: true, - Credentials: &consuldp.CredentialsConfig{ - Type: "static", - Static: consuldp.StaticCredentialsConfig{ - Token: "test-token-123", - }, - Login: consuldp.LoginCredentialsConfig{ - AuthMethod: "test-iam-auth", - BearerToken: "bearer-login", - Meta: map[string]string{ - "key1": "value1", - }, - }, - }, - TLS: &consuldp.TLSConfig{ - Disabled: false, - CACertsPath: "/consul/", - CertFile: "ca-cert.pem", - KeyFile: "key.pem", - ServerName: "tls-server-name", - InsecureSkipVerify: true, - }, - }, - Proxy: &consuldp.ProxyConfig{ - NodeName: "test-node-dc1", - NodeID: "dc1.node.id", - Namespace: "default", - ProxyID: "node1.service1", - Partition: "default", - }, - Logging: &consuldp.LoggingConfig{ - Name: DefaultLogName, - LogJSON: false, - LogLevel: "INFO", - }, - DNSServer: &consuldp.DNSServerConfig{ - BindAddr: "127.0.0.1", - Port: 8604, - }, - XDSServer: &consuldp.XDSServer{ - BindAddress: "127.0.1.0", - BindPort: 0, - }, - Envoy: &consuldp.EnvoyConfig{ - AdminBindAddress: "127.0.1.0", - AdminBindPort: 18000, - ReadyBindAddress: "127.0.1.0", - ReadyBindPort: 18003, - EnvoyConcurrency: 4, - EnvoyDrainStrategy: "test-strategy", - ShutdownDrainListenersEnabled: true, - GracefulShutdownPath: "/graceful_shutdown", - EnvoyDrainTimeSeconds: 30, - GracefulPort: 20300, - DumpEnvoyConfigOnExitEnabled: false, - GracefulStartupPath: "/graceful_startup", - }, - Telemetry: &consuldp.TelemetryConfig{ - UseCentralConfig: true, - Prometheus: consuldp.PrometheusTelemetryConfig{ - RetentionTime: 10 * time.Second, - ScrapePath: "/metrics", - MergePort: 12000, - CACertsPath: "/consul/", - CertFile: "prom-ca-cert.pem", - KeyFile: "prom-key.pem", - }, - }, - } - }, - wantErr: false, - }, - { - desc: "test whether CLI flag values override the file values with proxy flags", - flagOpts: func() (*FlagOpts, error) { - opts, err := generateFlagOptsWithProxyFlags() - if err != nil { - return nil, err - } - opts.configFile = "test.json" - - opts.dataplaneConfig.Logging.LogLevel = strReference("info") - opts.dataplaneConfig.Logging.LogJSON = boolReference(false) - opts.dataplaneConfig.Consul.Credentials.Login.Meta = map[string]string{ - "key1": "value1", - } - - return opts, nil - }, - writeConfigFile: func(t *testing.T) error { - inputJson := `{ - "consul": { - "addresses": "consul_server.dc1", - "grpcPort": 8502, - "serverWatchDisabled": false - }, - "proxy": { - "nodeName": "test-node-1", - "proxyId": "frontend-service-sidecar-proxy", - "namespace": "default", - "partition": "default" - }, - "envoy": { - "adminBindAddress": "127.0.0.1", - "adminBindPort": 19000 - }, - "logging": { - "logLevel": "warn", - "logJSON": true - } - }` - - err := os.WriteFile("test.json", []byte(inputJson), 0600) - if err != nil { - return err - } - - t.Cleanup(func() { - _ = os.Remove("test.json") - }) - return nil - }, - makeExpectedCfg: func(flagOpts *FlagOpts) *consuldp.Config { - return &consuldp.Config{ - Consul: &consuldp.ConsulConfig{ - Addresses: stringVal(flagOpts.dataplaneConfig.Consul.Addresses), - GRPCPort: intVal(flagOpts.dataplaneConfig.Consul.GRPCPort), - ServerWatchDisabled: true, - Credentials: &consuldp.CredentialsConfig{ - Type: "static", - Static: consuldp.StaticCredentialsConfig{ - Token: "test-token-123", - }, - Login: consuldp.LoginCredentialsConfig{ - AuthMethod: "test-iam-auth", - BearerToken: "bearer-login", - Meta: map[string]string{ - "key1": "value1", - }, - }, - }, - TLS: &consuldp.TLSConfig{ - Disabled: false, - CACertsPath: "/consul/", - CertFile: "ca-cert.pem", - KeyFile: "key.pem", - ServerName: "tls-server-name", - InsecureSkipVerify: true, - }, - }, - Proxy: &consuldp.ProxyConfig{ - NodeName: "test-node-dc1", - NodeID: "dc1.node.id", - Namespace: "default", - ProxyID: "node1.service1", - Partition: "default", - }, - Logging: &consuldp.LoggingConfig{ - Name: DefaultLogName, - LogJSON: false, - LogLevel: "INFO", - }, - DNSServer: &consuldp.DNSServerConfig{ - BindAddr: "127.0.0.1", - Port: 8604, - }, - XDSServer: &consuldp.XDSServer{ - BindAddress: "127.0.1.0", - BindPort: 0, - }, - Envoy: &consuldp.EnvoyConfig{ - AdminBindAddress: "127.0.1.0", - AdminBindPort: 18000, - ReadyBindAddress: "127.0.1.0", - ReadyBindPort: 18003, - EnvoyConcurrency: 4, - EnvoyDrainStrategy: "test-strategy", - ShutdownDrainListenersEnabled: true, - GracefulShutdownPath: "/graceful_shutdown", - GracefulStartupPath: "/graceful_startup", - EnvoyDrainTimeSeconds: 30, - GracefulPort: 20300, - DumpEnvoyConfigOnExitEnabled: false, - }, - Telemetry: &consuldp.TelemetryConfig{ - UseCentralConfig: true, - Prometheus: consuldp.PrometheusTelemetryConfig{ - RetentionTime: 10 * time.Second, - ScrapePath: "/metrics", - MergePort: 12000, - CACertsPath: "/consul/", - CertFile: "prom-ca-cert.pem", - KeyFile: "prom-key.pem", - }, - }, - } - }, - wantErr: false, - }, - } - - for _, tc := range testCases { - t.Run(tc.desc, func(t *testing.T) { - opts, err := tc.flagOpts() - require.NoError(t, err) - - if tc.writeConfigFile != nil { - require.NoError(t, tc.writeConfigFile(t)) - } - - cfg, err := opts.buildDataplaneConfig(nil) - - if tc.wantErr { - require.Error(t, err) - } else { - require.NoError(t, err) - expCfg := tc.makeExpectedCfg(opts) - require.Equal(t, expCfg, cfg) - } - }) - } -} - -func generateFlagOptsWithServiceFlags() (*FlagOpts, error) { - data := ` - { - "consul": { - "addresses": "` + fmt.Sprintf("consul.address.server_%d", rand.Int()) + `", - "grpcPort": ` + fmt.Sprintf("%d", rand.Int()) + `, - "serverWatchDisabled": true, - "tls": { - "disabled": false, - "caCertsPath": "/consul/", - "certFile": "ca-cert.pem", - "keyFile": "key.pem", - "serverName": "tls-server-name", - "insecureSkipVerify": true - }, - "credentials": { - "type": "static", - "static": { - "token": "test-token-123" - }, - "login": { - "authMethod": "test-iam-auth", - "bearerToken": "bearer-login" - } - } - }, - "service": { - "nodeName": "test-node-dc1", - "nodeID": "dc1.node.id", - "namespace": "default", - "serviceID": "node1.service1", - "partition": "default" - }, - "logging": { - "logJSON": true, - "logLevel": "warn" - }, - "telemetry": { - "useCentralConfig": true, - "prometheus": { - "retentionTime": "10s", - "scrapePath": "/metrics", - "mergePort": 12000, - "caCertsPath": "/consul/", - "certFile": "prom-ca-cert.pem", - "keyFile": "prom-key.pem" - } - }, - "envoy": { - "adminBindAddress": "127.0.1.0", - "adminBindPort": 18000, - "readyBindAddress": "127.0.1.0", - "readyBindPort": 18003, - "concurrency": 4, - "drainStrategy": "test-strategy", - "shutdownDrainListenersEnabled": true - }, - "xdsServer": { - "bindAddress": "127.0.1.0" - }, - "dnsServer": { - "bindPort": 8604 - } - }` - - var configFlags *DataplaneConfigFlags - err := json.Unmarshal([]byte(data), &configFlags) - if err != nil { - return nil, err - } - - return &FlagOpts{ - dataplaneConfig: *configFlags, - }, nil -} -func generateFlagOptsWithProxyFlags() (*FlagOpts, error) { - data := ` - { - "consul": { - "addresses": "` + fmt.Sprintf("consul.address.server_%d", rand.Int()) + `", - "grpcPort": ` + fmt.Sprintf("%d", rand.Int()) + `, - "serverWatchDisabled": true, - "tls": { - "disabled": false, - "caCertsPath": "/consul/", - "certFile": "ca-cert.pem", - "keyFile": "key.pem", - "serverName": "tls-server-name", - "insecureSkipVerify": true - }, - "credentials": { - "type": "static", - "static": { - "token": "test-token-123" - }, - "login": { - "authMethod": "test-iam-auth", - "bearerToken": "bearer-login" - } - } - }, - "proxy": { - "nodeName": "test-node-dc1", - "nodeID": "dc1.node.id", - "namespace": "default", - "id": "node1.service1", - "partition": "default" - }, - "logging": { - "logJSON": true, - "logLevel": "warn" - }, - "telemetry": { - "useCentralConfig": true, - "prometheus": { - "retentionTime": "10s", - "scrapePath": "/metrics", - "mergePort": 12000, - "caCertsPath": "/consul/", - "certFile": "prom-ca-cert.pem", - "keyFile": "prom-key.pem" - } - }, - "envoy": { - "adminBindAddress": "127.0.1.0", - "adminBindPort": 18000, - "readyBindAddress": "127.0.1.0", - "readyBindPort": 18003, - "concurrency": 4, - "drainStrategy": "test-strategy", - "shutdownDrainListenersEnabled": true - }, - "xdsServer": { - "bindAddress": "127.0.1.0" - }, - "dnsServer": { - "bindPort": 8604 - } - }` - - var configFlags *DataplaneConfigFlags - err := json.Unmarshal([]byte(data), &configFlags) - if err != nil { - return nil, err - } - - return &FlagOpts{ - dataplaneConfig: *configFlags, - }, nil -} - -func strReference(s string) *string { - return &s -} - -func boolReference(b bool) *bool { - return &b -} - -func intReference(i int) *int { - return &i -} diff --git a/cmd/consul-dataplane/duration.go b/cmd/consul-dataplane/duration.go deleted file mode 100644 index c2ad7baa..00000000 --- a/cmd/consul-dataplane/duration.go +++ /dev/null @@ -1,40 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package main - -import ( - "encoding/json" - "fmt" - "time" -) - -// Duration wraps the time.duration field to support -// unmarshalling JSON values to the time.duration fields -// in destination structs -type Duration struct { - Duration time.Duration -} - -func (d *Duration) UnmarshalJSON(b []byte) error { - var unmarshalledJson interface{} - - err := json.Unmarshal(b, &unmarshalledJson) - if err != nil { - return err - } - - switch value := unmarshalledJson.(type) { - case float64: - d.Duration = time.Duration(value) - case string: - d.Duration, err = time.ParseDuration(value) - if err != nil { - return err - } - default: - return fmt.Errorf("invalid duration: %#v", unmarshalledJson) - } - - return nil -} diff --git a/cmd/consul-dataplane/duration_test.go b/cmd/consul-dataplane/duration_test.go deleted file mode 100644 index 1c22eefd..00000000 --- a/cmd/consul-dataplane/duration_test.go +++ /dev/null @@ -1,66 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package main - -import ( - "encoding/json" - "testing" - "time" - - "github.com/stretchr/testify/require" -) - -type DurationTestInput struct { - Key1 string `json:"key1"` - Key2 string `json:"key2"` - Duration *Duration `json:"duration,omitempty"` -} - -func TestUnmarshalForStringBasedDurationInput(t *testing.T) { - data := ` - { - "key1": "value1", - "key2": "value2", - "duration": "100s" - } - ` - - d, err := time.ParseDuration("100s") - require.NoError(t, err) - - expectedDuration := &Duration{ - Duration: d, - } - - var durationTestInput *DurationTestInput - err = json.Unmarshal([]byte(data), &durationTestInput) - require.NoError(t, err) - - require.NotNil(t, durationTestInput) - require.NotNil(t, durationTestInput.Duration) - require.Equal(t, expectedDuration.Duration, durationTestInput.Duration.Duration) -} - -func TestUnmarshalForFloatBasedDurationInput(t *testing.T) { - data := ` - { - "key1": "value1", - "key2": "value2", - "duration": 4.5 - } - ` - - in := 4.5 - expectedDuration := &Duration{ - Duration: time.Duration(in), - } - - var durationTestInput *DurationTestInput - err := json.Unmarshal([]byte(data), &durationTestInput) - require.NoError(t, err) - - require.NotNil(t, durationTestInput) - require.NotNil(t, durationTestInput.Duration) - require.Equal(t, expectedDuration.Duration, durationTestInput.Duration.Duration) -} diff --git a/cmd/consul-dataplane/env.go b/cmd/consul-dataplane/env.go index 982dca96..7903dc9a 100644 --- a/cmd/consul-dataplane/env.go +++ b/cmd/consul-dataplane/env.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package main import ( @@ -12,71 +9,29 @@ import ( ) var ( - asInt = func(s string) (*int, error) { - if s == "" { - return nil, nil - } - - n, err := strconv.Atoi(s) - if err != nil { - return nil, err - } - - return &n, nil - } - - asBool = func(s string) (*bool, error) { - if s == "" { - return nil, nil - } - - b, err := strconv.ParseBool(s) - if err != nil { - return nil, err - } - - return &b, nil - } - - asDuration = func(s string) (*Duration, error) { - if s == "" { - return nil, nil - } - - t, err := time.ParseDuration(s) - if err != nil { - return nil, err - } - - return &Duration{Duration: t}, nil - } - - asString = func(s string) (*string, error) { - if s == "" { - return nil, nil - } - - return &s, nil - } + asInt = strconv.Atoi + asBool = strconv.ParseBool + asDuration = time.ParseDuration + asString = func(s string) (string, error) { return s, nil } ) -func parseEnv[T any](name string, parseFn func(string) (*T, error)) *T { - val, err := parseEnvError(name, parseFn) +func parseEnv[T any](name string, defaultVal T, parseFn func(string) (T, error)) T { + val, err := parseEnvError(name, defaultVal, parseFn) if err != nil { log.Fatal(err) } return val } -func parseEnvError[T any](name string, parseFn func(string) (*T, error)) (*T, error) { +func parseEnvError[T any](name string, defaultVal T, parseFn func(string) (T, error)) (T, error) { valStr, ok := os.LookupEnv(name) if !ok { // Env var is not present in the environment. - return nil, nil + return defaultVal, nil } valT, err := parseFn(valStr) if err != nil { - return nil, fmt.Errorf("unable to parse environment variable %s=%s as %T", name, valStr, valT) + return defaultVal, fmt.Errorf("unable to parse environment variable %s=%s as %T", name, valStr, valT) } return valT, nil } diff --git a/cmd/consul-dataplane/flags.go b/cmd/consul-dataplane/flags.go index 640d8a78..9c02e8f6 100644 --- a/cmd/consul-dataplane/flags.go +++ b/cmd/consul-dataplane/flags.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package main // This file contains flag wrappers that support reading from an environment @@ -12,41 +9,40 @@ import ( "flag" "fmt" "log" - "strconv" "time" ) -func StringVar(fs *flag.FlagSet, p **string, name, env, usage string) { +func StringVar(p *string, name, defaultVal, env, usage string) { usage = includeEnvUsage(env, usage) // The order here is important. The flag will sets the value to the default // value, prior to flag parsing. So after the flag is created, we override // the value to the env var, if it is set, or otherwise the defaultVal. - fs.Var(newStringPtrValue(p), name, usage) - *p = parseEnv(env, asString) + flag.StringVar(p, name, defaultVal, usage) + *p = parseEnv(env, defaultVal, asString) } -func IntVar(fs *flag.FlagSet, p **int, name, env, usage string) { +func IntVar(p *int, name string, defaultVal int, env, usage string) { usage = includeEnvUsage(env, usage) - fs.Var(newIntPtrValue(p), name, usage) - *p = parseEnv(env, asInt) + flag.IntVar(p, name, defaultVal, usage) + *p = parseEnv(env, defaultVal, asInt) } -func BoolVar(fs *flag.FlagSet, p **bool, name, env, usage string) { +func BoolVar(p *bool, name string, defaultVal bool, env, usage string) { usage = includeEnvUsage(env, usage) - fs.Var(newBoolPtrValue(p), name, usage) - *p = parseEnv(env, asBool) + flag.BoolVar(p, name, defaultVal, usage) + *p = parseEnv(env, defaultVal, asBool) } -func DurationVar(fs *flag.FlagSet, p **Duration, name, env, usage string) { +func DurationVar(p *time.Duration, name string, defaultVal time.Duration, env, usage string) { usage = includeEnvUsage(env, usage) - fs.Var(newDurationPtrValue(p), name, usage) - *p = parseEnv(env, asDuration) + flag.DurationVar(p, name, defaultVal, usage) + *p = parseEnv(env, defaultVal, asDuration) } // MapVar supports repeated flags and the environment variables numbered {1,9}. -func MapVar(fs *flag.FlagSet, v flag.Value, name, env, usage string) { +func MapVar(v flag.Value, name, env, usage string) { usage = includeEnvUsage(fmt.Sprintf("%s{1,9}", env), usage) - fs.Var(v, name, usage) + flag.Var(v, name, usage) for varName, value := range multiValueEnv(env) { err := v.Set(value) if err != nil { @@ -58,170 +54,3 @@ func MapVar(fs *flag.FlagSet, v flag.Value, name, env, usage string) { func includeEnvUsage(env, usage string) string { return fmt.Sprintf("%s Environment variable: %s.", usage, env) } - -// stringPtrValue is a flag.Value which stores the value in a *string. -// If the value was not set the pointer is nil. -type stringPtrValue struct { - v **string - b bool -} - -func newStringPtrValue(p **string) *stringPtrValue { - return &stringPtrValue{p, false} -} - -func (s *stringPtrValue) Set(val string) error { - *s.v, s.b = &val, true - return nil -} - -func (s *stringPtrValue) Get() interface{} { - if s.b { - return *s.v - } - return (*string)(nil) -} - -func (s *stringPtrValue) String() string { - if s.b { - return **s.v - } - return "" -} - -// intPtrValue is a flag.Value which stores the value in a *int if it -// can be parsed with strconv.Atoi. If the value was not set the pointer -// is nil. -type intPtrValue struct { - v **int - b bool -} - -func newIntPtrValue(p **int) *intPtrValue { - return &intPtrValue{p, false} -} - -func (s *intPtrValue) Set(val string) error { - n, err := strconv.Atoi(val) - if err != nil { - return err - } - *s.v, s.b = &n, true - return nil -} - -func (s *intPtrValue) Get() interface{} { - if s.b { - return *s.v - } - return (*int)(nil) -} - -func (s *intPtrValue) String() string { - if s.b { - return strconv.Itoa(**s.v) - } - return "" -} - -// boolPtrValue is a flag.Value which stores the value in a *bool if it -// can be parsed with strconv.ParseBool. If the value was not set the -// pointer is nil. -type boolPtrValue struct { - v **bool - b bool -} - -func newBoolPtrValue(p **bool) *boolPtrValue { - return &boolPtrValue{p, false} -} - -func (s *boolPtrValue) IsBoolFlag() bool { return true } - -func (s *boolPtrValue) Set(val string) error { - b, err := strconv.ParseBool(val) - if err != nil { - return err - } - *s.v, s.b = &b, true - return nil -} - -func (s *boolPtrValue) Get() interface{} { - if s.b { - return *s.v - } - return (*bool)(nil) -} - -func (s *boolPtrValue) String() string { - if s.b { - return strconv.FormatBool(**s.v) - } - return "" -} - -// durationPtrValue is a flag.Value which stores the value in a -// *time.Duration if it can be parsed with time.ParseDuration. If the -// value was not set the pointer is nil. -type durationPtrValue struct { - v **Duration - b bool -} - -func newDurationPtrValue(p **Duration) *durationPtrValue { - return &durationPtrValue{p, false} -} - -func (s *durationPtrValue) Set(val string) error { - d, err := time.ParseDuration(val) - if err != nil { - return err - } - *s.v, s.b = &Duration{Duration: d}, true - return nil -} - -func (s *durationPtrValue) Get() interface{} { - if s.b { - return *s.v - } - return (*time.Duration)(nil) -} - -func (s *durationPtrValue) String() string { - if s.b { - return (*(*s).v).Duration.String() - } - return "" -} - -func durationVal(t *Duration) time.Duration { - if t == nil { - return 0 - } - - return t.Duration -} - -func stringVal(s *string) string { - if s == nil { - return "" - } - - return *s -} - -func intVal(v *int) int { - if v == nil { - return 0 - } - return *v -} - -func boolVal(v *bool) bool { - if v == nil { - return false - } - return *v -} diff --git a/cmd/consul-dataplane/main.go b/cmd/consul-dataplane/main.go index 3fc258e8..ca57e2c9 100644 --- a/cmd/consul-dataplane/main.go +++ b/cmd/consul-dataplane/main.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package main import ( @@ -12,154 +9,255 @@ import ( "os/signal" "strings" "syscall" + "time" "github.com/hashicorp/consul-dataplane/pkg/consuldp" "github.com/hashicorp/consul-dataplane/pkg/version" ) var ( - flagOpts *FlagOpts - flags *flag.FlagSet + printVersion bool + + addresses string + grpcPort int + serverWatchDisabled bool + + tlsDisabled bool + tlsCACertsPath string + tlsServerName string + tlsCertFile string + tlsKeyFile string + tlsInsecureSkipVerify bool + + logLevel string + logJSON bool + + nodeName string + nodeID string + serviceID string + serviceIDPath string + namespace string + partition string + + credentialType string + token string + loginAuthMethod string + loginNamespace string + loginPartition string + loginDatacenter string + loginBearerToken string + loginBearerTokenPath string + loginMeta map[string]string + + useCentralTelemetryConfig bool + + promRetentionTime time.Duration + promCACertsPath string + promKeyFile string + promCertFile string + promServiceMetricsURL string + promScrapePath string + promMergePort int + + adminBindAddr string + adminBindPort int + readyBindAddr string + readyBindPort int + envoyConcurrency int + envoyDrainTimeSeconds int + envoyDrainStrategy string + + xdsBindAddr string + xdsBindPort int + + consulDNSBindAddr string + consulDNSPort int + + shutdownDrainListenersEnabled bool + shutdownGracePeriodSeconds int + gracefulShutdownPath string + gracefulPort int + + dumpEnvoyConfigOnExitEnabled bool ) func init() { - flags = flag.NewFlagSet("", flag.ContinueOnError) - flagOpts = &FlagOpts{} - flags.BoolVar(&flagOpts.printVersion, "version", false, "Prints the current version of consul-dataplane.") + flag.BoolVar(&printVersion, "version", false, "Prints the current version of consul-dataplane.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.Addresses, "addresses", "DP_CONSUL_ADDRESSES", "Consul server gRPC addresses. Value can be:\n"+ + StringVar(&addresses, "addresses", "", "DP_CONSUL_ADDRESSES", "Consul server gRPC addresses. Value can be:\n"+ "1. A DNS name that resolves to server addresses or the DNS name of a load balancer in front of the Consul servers; OR\n"+ "2. An executable command in the format, 'exec='. The executable\n"+ " a) on success - should exit 0 and print to stdout whitespace delimited IP (v4/v6) addresses\n"+ " b) on failure - exit with a non-zero code and optionally print an error message of up to 1024 bytes to stderr.\n"+ " Refer to https://github.com/hashicorp/go-netaddrs#summary for more details and examples.\n") - IntVar(flags, &flagOpts.dataplaneConfig.Consul.GRPCPort, "grpc-port", "DP_CONSUL_GRPC_PORT", "The Consul server gRPC port to which consul-dataplane connects.") + IntVar(&grpcPort, "grpc-port", 8502, "DP_CONSUL_GRPC_PORT", "The Consul server gRPC port to which consul-dataplane connects.") - BoolVar(flags, &flagOpts.dataplaneConfig.Consul.ServerWatchDisabled, "server-watch-disabled", "DP_SERVER_WATCH_DISABLED", "Setting this prevents consul-dataplane from consuming the server update stream. This is useful for situations where Consul servers are behind a load balancer.") + BoolVar(&serverWatchDisabled, "server-watch-disabled", false, "DP_SERVER_WATCH_DISABLED", "Setting this prevents consul-dataplane from consuming the server update stream. This is useful for situations where Consul servers are behind a load balancer.") - StringVar(flags, &flagOpts.dataplaneConfig.Logging.LogLevel, "log-level", "DP_LOG_LEVEL", "Log level of the messages to print. "+ + StringVar(&logLevel, "log-level", "info", "DP_LOG_LEVEL", "Log level of the messages to print. "+ "Available log levels are \"trace\", \"debug\", \"info\", \"warn\", and \"error\".") - BoolVar(flags, &flagOpts.dataplaneConfig.Logging.LogJSON, "log-json", "DP_LOG_JSON", "Enables log messages in JSON format.") - - StringVar(flags, &flagOpts.dataplaneConfig.Service.NodeName, "service-node-name", "DP_SERVICE_NODE_NAME", - "[Deprecated; use -proxy-node-name instead] The name of the Consul node to which the proxy service instance is registered.") - StringVar(flags, &flagOpts.dataplaneConfig.Service.NodeID, "service-node-id", "DP_SERVICE_NODE_ID", - "[Deprecated; use -proxy-node-id instead] The ID of the Consul node to which the proxy service instance is registered.") - StringVar(flags, &flagOpts.dataplaneConfig.Service.ServiceID, "proxy-service-id", "DP_PROXY_SERVICE_ID", - "[Deprecated; use -proxy-id instead] The proxy service instance's ID.") - StringVar(flags, &flagOpts.dataplaneConfig.Service.ServiceIDPath, "proxy-service-id-path", "DP_PROXY_SERVICE_ID_PATH", - "[Deprecated; use -proxy-id-path instead] The path to a file containing the proxy service instance's ID.") - StringVar(flags, &flagOpts.dataplaneConfig.Service.Namespace, "service-namespace", "DP_SERVICE_NAMESPACE", - "[Deprecated; use -proxy-namespace instead] The Consul Enterprise namespace in which the proxy service instance is registered.") - StringVar(flags, &flagOpts.dataplaneConfig.Service.Partition, "service-partition", "DP_SERVICE_PARTITION", - "[Deprecated; use -proxy-partition instead] The Consul Enterprise partition in which the proxy service instance is registered.") - - StringVar(flags, &flagOpts.dataplaneConfig.Proxy.NodeName, "proxy-node-name", "DP_PROXY_NODE_NAME", - "The name of the Consul node to which the proxy service instance is registered.") - StringVar(flags, &flagOpts.dataplaneConfig.Proxy.NodeID, "proxy-node-id", "DP_PROXY_NODE_ID", - "The ID of the Consul node to which the proxy service instance is registered.") - StringVar(flags, &flagOpts.dataplaneConfig.Proxy.ID, "proxy-id", "DP_PROXY_ID", - "In Consul's V1 Catalog API, the proxy service instance's ID.") - StringVar(flags, &flagOpts.dataplaneConfig.Proxy.IDPath, "proxy-id-path", "DP_PROXY_ID_PATH", - "In Consul's V1 Catalog API, the path to a file containing the proxy service instance's ID.") - StringVar(flags, &flagOpts.dataplaneConfig.Proxy.Namespace, "proxy-namespace", "DP_PROXY_NAMESPACE", - "The Consul Enterprise namespace in which the proxy service instance is registered.") - StringVar(flags, &flagOpts.dataplaneConfig.Proxy.Partition, "proxy-partition", "DP_PROXY_PARTITION", - "The Consul Enterprise partition in which the proxy service instance is registered.") - - StringVar(flags, &flagOpts.dataplaneConfig.Consul.Credentials.Type, "credential-type", "DP_CREDENTIAL_TYPE", "The type of credentials, either static or login, used to authenticate with Consul servers.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.Credentials.Static.Token, "static-token", "DP_CREDENTIAL_STATIC_TOKEN", "The ACL token used to authenticate requests to Consul servers when -credential-type is set to static.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.Credentials.Login.AuthMethod, "login-auth-method", "DP_CREDENTIAL_LOGIN_AUTH_METHOD", "The auth method used to log in.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.Credentials.Login.Namespace, "login-namespace", "DP_CREDENTIAL_LOGIN_NAMESPACE", "The Consul Enterprise namespace containing the auth method.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.Credentials.Login.Partition, "login-partition", "DP_CREDENTIAL_LOGIN_PARTITION", "The Consul Enterprise partition containing the auth method.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.Credentials.Login.Datacenter, "login-datacenter", "DP_CREDENTIAL_LOGIN_DATACENTER", "The datacenter containing the auth method.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.Credentials.Login.BearerToken, "login-bearer-token", "DP_CREDENTIAL_LOGIN_BEARER_TOKEN", "The bearer token presented to the auth method.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.Credentials.Login.BearerTokenPath, "login-bearer-token-path", "DP_CREDENTIAL_LOGIN_BEARER_TOKEN_PATH", "The path to a file containing the bearer token presented to the auth method.") - MapVar(flags, (*FlagMapValue)(&flagOpts.dataplaneConfig.Consul.Credentials.Login.Meta), "login-meta", "DP_CREDENTIAL_LOGIN_META", `A set of key/value pairs to attach to the ACL token. Each pair is formatted as "=". This flag may be passed multiple times.`) - - BoolVar(flags, &flagOpts.dataplaneConfig.Telemetry.UseCentralConfig, "telemetry-use-central-config", "DP_TELEMETRY_USE_CENTRAL_CONFIG", "Controls whether the proxy applies the central telemetry configuration.") - - DurationVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.RetentionTime, "telemetry-prom-retention-time", "DP_TELEMETRY_PROM_RETENTION_TIME", "The duration for prometheus metrics aggregation.") - StringVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.CACertsPath, "telemetry-prom-ca-certs-path", "DP_TELEMETRY_PROM_CA_CERTS_PATH", "The path to a file or directory containing CA certificates used to verify the Prometheus server's certificate.") - StringVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.KeyFile, "telemetry-prom-key-file", "DP_TELEMETRY_PROM_KEY_FILE", "The path to the client private key used to serve Prometheus metrics.") - StringVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.CertFile, "telemetry-prom-cert-file", "DP_TELEMETRY_PROM_CERT_FILE", "The path to the client certificate used to serve Prometheus metrics.") - StringVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.ServiceMetricsURL, "telemetry-prom-service-metrics-url", "DP_TELEMETRY_PROM_SERVICE_METRICS_URL", "Prometheus metrics at this URL are scraped and included in Consul Dataplane's main Prometheus metrics.") - StringVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.ScrapePath, "telemetry-prom-scrape-path", "DP_TELEMETRY_PROM_SCRAPE_PATH", "The URL path where Envoy serves Prometheus metrics.") - IntVar(flags, &flagOpts.dataplaneConfig.Telemetry.Prometheus.MergePort, "telemetry-prom-merge-port", "DP_TELEMETRY_PROM_MERGE_PORT", "The port to serve merged Prometheus metrics.") - - StringVar(flags, &flagOpts.dataplaneConfig.Envoy.AdminBindAddr, "envoy-admin-bind-address", "DP_ENVOY_ADMIN_BIND_ADDRESS", "The address on which the Envoy admin server is available.") - IntVar(flags, &flagOpts.dataplaneConfig.Envoy.AdminBindPort, "envoy-admin-bind-port", "DP_ENVOY_ADMIN_BIND_PORT", "The port on which the Envoy admin server is available.") - StringVar(flags, &flagOpts.dataplaneConfig.Envoy.ReadyBindAddr, "envoy-ready-bind-address", "DP_ENVOY_READY_BIND_ADDRESS", "The address on which Envoy's readiness probe is available.") - IntVar(flags, &flagOpts.dataplaneConfig.Envoy.ReadyBindPort, "envoy-ready-bind-port", "DP_ENVOY_READY_BIND_PORT", "The port on which Envoy's readiness probe is available.") - IntVar(flags, &flagOpts.dataplaneConfig.Envoy.Concurrency, "envoy-concurrency", "DP_ENVOY_CONCURRENCY", "The number of worker threads that Envoy uses.") - IntVar(flags, &flagOpts.dataplaneConfig.Envoy.DrainTimeSeconds, "envoy-drain-time-seconds", "DP_ENVOY_DRAIN_TIME", "The time in seconds for which Envoy will drain connections.") - StringVar(flags, &flagOpts.dataplaneConfig.Envoy.DrainStrategy, "envoy-drain-strategy", "DP_ENVOY_DRAIN_STRATEGY", "The behaviour of Envoy during the drain sequence. Determines whether all open connections should be encouraged to drain immediately or to increase the percentage gradually as the drain time elapses.") - - StringVar(flags, &flagOpts.dataplaneConfig.XDSServer.BindAddr, "xds-bind-addr", "DP_XDS_BIND_ADDR", "The address on which the Envoy xDS server is available.") - IntVar(flags, &flagOpts.dataplaneConfig.XDSServer.BindPort, "xds-bind-port", "DP_XDS_BIND_PORT", "The port on which the Envoy xDS server is available.") - - BoolVar(flags, &flagOpts.dataplaneConfig.Consul.TLS.Disabled, "tls-disabled", "DP_TLS_DISABLED", "Communicate with Consul servers over a plaintext connection. Useful for testing, but not recommended for production.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.TLS.CACertsPath, "ca-certs", "DP_CA_CERTS", "The path to a file or directory containing CA certificates used to verify the server's certificate.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.TLS.CertFile, "tls-cert", "DP_TLS_CERT", "The path to a client certificate file. This is required if tls.grpc.verify_incoming is enabled on the server.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.TLS.KeyFile, "tls-key", "DP_TLS_KEY", "The path to a client private key file. This is required if tls.grpc.verify_incoming is enabled on the server.") - StringVar(flags, &flagOpts.dataplaneConfig.Consul.TLS.ServerName, "tls-server-name", "DP_TLS_SERVER_NAME", "The hostname to expect in the server certificate's subject. This is required if -addresses is not a DNS name.") - BoolVar(flags, &flagOpts.dataplaneConfig.Consul.TLS.InsecureSkipVerify, "tls-insecure-skip-verify", "DP_TLS_INSECURE_SKIP_VERIFY", "Do not verify the server's certificate. Useful for testing, but not recommended for production.") - - StringVar(flags, &flagOpts.dataplaneConfig.DNSServer.BindAddr, "consul-dns-bind-addr", "DP_CONSUL_DNS_BIND_ADDR", "The address that will be bound to the consul dns proxy.") - IntVar(flags, &flagOpts.dataplaneConfig.DNSServer.BindPort, "consul-dns-bind-port", "DP_CONSUL_DNS_BIND_PORT", "The port the consul dns proxy will listen on. By default -1 disables the dns proxy") + BoolVar(&logJSON, "log-json", false, "DP_LOG_JSON", "Enables log messages in JSON format.") + + StringVar(&nodeName, "service-node-name", "", "DP_SERVICE_NODE_NAME", "The name of the Consul node to which the proxy service instance is registered.") + StringVar(&nodeID, "service-node-id", "", "DP_SERVICE_NODE_ID", "The ID of the Consul node to which the proxy service instance is registered.") + StringVar(&serviceID, "proxy-service-id", "", "DP_PROXY_SERVICE_ID", "The proxy service instance's ID.") + StringVar(&serviceIDPath, "proxy-service-id-path", "", "DP_PROXY_SERVICE_ID_PATH", "The path to a file containing the proxy service instance's ID.") + StringVar(&namespace, "service-namespace", "", "DP_SERVICE_NAMESPACE", "The Consul Enterprise namespace in which the proxy service instance is registered.") + StringVar(&partition, "service-partition", "", "DP_SERVICE_PARTITION", "The Consul Enterprise partition in which the proxy service instance is registered.") + + StringVar(&credentialType, "credential-type", "", "DP_CREDENTIAL_TYPE", "The type of credentials, either static or login, used to authenticate with Consul servers.") + StringVar(&token, "static-token", "", "DP_CREDENTIAL_STATIC_TOKEN", "The ACL token used to authenticate requests to Consul servers when -credential-type is set to static.") + StringVar(&loginAuthMethod, "login-auth-method", "", "DP_CREDENTIAL_LOGIN_AUTH_METHOD", "The auth method used to log in.") + StringVar(&loginNamespace, "login-namespace", "", "DP_CREDENTIAL_LOGIN_NAMESPACE", "The Consul Enterprise namespace containing the auth method.") + StringVar(&loginPartition, "login-partition", "", "DP_CREDENTIAL_LOGIN_PARTITION", "The Consul Enterprise partition containing the auth method.") + StringVar(&loginDatacenter, "login-datacenter", "", "DP_CREDENTIAL_LOGIN_DATACENTER", "The datacenter containing the auth method.") + StringVar(&loginBearerToken, "login-bearer-token", "", "DP_CREDENTIAL_LOGIN_BEARER_TOKEN", "The bearer token presented to the auth method.") + StringVar(&loginBearerTokenPath, "login-bearer-token-path", "", "DP_CREDENTIAL_LOGIN_BEARER_TOKEN_PATH", "The path to a file containing the bearer token presented to the auth method.") + MapVar((*FlagMapValue)(&loginMeta), "login-meta", "DP_CREDENTIAL_LOGIN_META", `A set of key/value pairs to attach to the ACL token. Each pair is formatted as "=". This flag may be passed multiple times.`) + + BoolVar(&useCentralTelemetryConfig, "telemetry-use-central-config", true, "DP_TELEMETRY_USE_CENTRAL_CONFIG", "Controls whether the proxy applies the central telemetry configuration.") + + DurationVar(&promRetentionTime, "telemetry-prom-retention-time", 60*time.Second, "DP_TELEMETRY_PROM_RETENTION_TIME", "The duration for prometheus metrics aggregation.") + StringVar(&promCACertsPath, "telemetry-prom-ca-certs-path", "", "DP_TELEMETRY_PROM_CA_CERTS_PATH", "The path to a file or directory containing CA certificates used to verify the Prometheus server's certificate.") + StringVar(&promKeyFile, "telemetry-prom-key-file", "", "DP_TELEMETRY_PROM_KEY_FILE", "The path to the client private key used to serve Prometheus metrics.") + StringVar(&promCertFile, "telemetry-prom-cert-file", "", "DP_TELEMETRY_PROM_CERT_FILE", "The path to the client certificate used to serve Prometheus metrics.") + StringVar(&promServiceMetricsURL, "telemetry-prom-service-metrics-url", "", "DP_TELEMETRY_PROM_SERVICE_METRICS_URL", "Prometheus metrics at this URL are scraped and included in Consul Dataplane's main Prometheus metrics.") + StringVar(&promScrapePath, "telemetry-prom-scrape-path", "/metrics", "DP_TELEMETRY_PROM_SCRAPE_PATH", "The URL path where Envoy serves Prometheus metrics.") + IntVar(&promMergePort, "telemetry-prom-merge-port", 20100, "DP_TELEMETRY_PROM_MERGE_PORT", "The port to serve merged Prometheus metrics.") + + StringVar(&adminBindAddr, "envoy-admin-bind-address", "127.0.0.1", "DP_ENVOY_ADMIN_BIND_ADDRESS", "The address on which the Envoy admin server is available.") + IntVar(&adminBindPort, "envoy-admin-bind-port", 19000, "DP_ENVOY_ADMIN_BIND_PORT", "The port on which the Envoy admin server is available.") + StringVar(&readyBindAddr, "envoy-ready-bind-address", "", "DP_ENVOY_READY_BIND_ADDRESS", "The address on which Envoy's readiness probe is available.") + IntVar(&readyBindPort, "envoy-ready-bind-port", 0, "DP_ENVOY_READY_BIND_PORT", "The port on which Envoy's readiness probe is available.") + IntVar(&envoyConcurrency, "envoy-concurrency", 2, "DP_ENVOY_CONCURRENCY", "The number of worker threads that Envoy uses.") + IntVar(&envoyDrainTimeSeconds, "envoy-drain-time-seconds", 30, "DP_ENVOY_DRAIN_TIME", "The time in seconds for which Envoy will drain connections.") + StringVar(&envoyDrainStrategy, "envoy-drain-strategy", "immediate", "DP_ENVOY_DRAIN_STRATEGY", "The behaviour of Envoy during the drain sequence. Determines whether all open connections should be encouraged to drain immediately or to increase the percentage gradually as the drain time elapses.") + + StringVar(&xdsBindAddr, "xds-bind-addr", "127.0.0.1", "DP_XDS_BIND_ADDR", "The address on which the Envoy xDS server is available.") + IntVar(&xdsBindPort, "xds-bind-port", 0, "DP_XDS_BIND_PORT", "The port on which the Envoy xDS server is available.") + + BoolVar(&tlsDisabled, "tls-disabled", false, "DP_TLS_DISABLED", "Communicate with Consul servers over a plaintext connection. Useful for testing, but not recommended for production.") + StringVar(&tlsCACertsPath, "ca-certs", "", "DP_CA_CERTS", "The path to a file or directory containing CA certificates used to verify the server's certificate.") + StringVar(&tlsCertFile, "tls-cert", "", "DP_TLS_CERT", "The path to a client certificate file. This is required if tls.grpc.verify_incoming is enabled on the server.") + StringVar(&tlsKeyFile, "tls-key", "", "DP_TLS_KEY", "The path to a client private key file. This is required if tls.grpc.verify_incoming is enabled on the server.") + StringVar(&tlsServerName, "tls-server-name", "", "DP_TLS_SERVER_NAME", "The hostname to expect in the server certificate's subject. This is required if -addresses is not a DNS name.") + BoolVar(&tlsInsecureSkipVerify, "tls-insecure-skip-verify", false, "DP_TLS_INSECURE_SKIP_VERIFY", "Do not verify the server's certificate. Useful for testing, but not recommended for production.") + + StringVar(&consulDNSBindAddr, "consul-dns-bind-addr", "127.0.0.1", "DP_CONSUL_DNS_BIND_ADDR", "The address that will be bound to the consul dns proxy.") + IntVar(&consulDNSPort, "consul-dns-bind-port", -1, "DP_CONSUL_DNS_BIND_PORT", "The port the consul dns proxy will listen on. By default -1 disables the dns proxy") // Default is false because it will generally be configured appropriately by Helm // configuration or pod annotation. - BoolVar(flags, &flagOpts.dataplaneConfig.Envoy.ShutdownDrainListenersEnabled, "shutdown-drain-listeners", "DP_SHUTDOWN_DRAIN_LISTENERS", "Wait for proxy listeners to drain before terminating the proxy container.") + BoolVar(&shutdownDrainListenersEnabled, "shutdown-drain-listeners", false, "DP_SHUTDOWN_DRAIN_LISTENERS", "Wait for proxy listeners to drain before terminating the proxy container.") // Default is 0 because it will generally be configured appropriately by Helm // configuration or pod annotation. - IntVar(flags, &flagOpts.dataplaneConfig.Envoy.ShutdownGracePeriodSeconds, "shutdown-grace-period-seconds", "DP_SHUTDOWN_GRACE_PERIOD_SECONDS", "Amount of time to wait after receiving a SIGTERM signal before terminating the proxy.") - StringVar(flags, &flagOpts.dataplaneConfig.Envoy.GracefulShutdownPath, "graceful-shutdown-path", "DP_GRACEFUL_SHUTDOWN_PATH", "An HTTP path to serve the graceful shutdown endpoint.") - IntVar(flags, &flagOpts.dataplaneConfig.Envoy.GracefulPort, "graceful-port", "DP_GRACEFUL_PORT", "A port to serve HTTP endpoints for graceful shutdown.") - IntVar(flags, &flagOpts.dataplaneConfig.Envoy.StartupGracePeriodSeconds, "startup-grace-period-seconds", "DP_STARTUP_GRACE_PERIOD_SECONDS", "Amount of time to wait for consul-dataplane startup.") - StringVar(flags, &flagOpts.dataplaneConfig.Envoy.GracefulStartupPath, "graceful-startup-path", "DP_GRACEFUL_STARTUP_PATH", "An HTTP path to serve the graceful startup endpoint.") - // Default is false, may be useful for debugging unexpected termination. - BoolVar(flags, &flagOpts.dataplaneConfig.Envoy.DumpEnvoyConfigOnExitEnabled, "dump-envoy-config-on-exit", "DP_DUMP_ENVOY_CONFIG_ON_EXIT", "Call the Envoy /config_dump endpoint during consul-dataplane controlled shutdown.") + IntVar(&shutdownGracePeriodSeconds, "shutdown-grace-period-seconds", 0, "DP_SHUTDOWN_GRACE_PERIOD_SECONDS", "Amount of time to wait after receiving a SIGTERM signal before terminating the proxy.") + StringVar(&gracefulShutdownPath, "graceful-shutdown-path", "/graceful_shutdown", "DP_GRACEFUL_SHUTDOWN_PATH", "An HTTP path to serve the graceful shutdown endpoint.") + IntVar(&gracefulPort, "graceful-port", 20300, "DP_GRACEFUL_PORT", "A port to serve HTTP endpoints for graceful shutdown.") - flags.StringVar(&flagOpts.configFile, "config-file", "", "The json config file for configuring consul data plane") + // Default is false, may be useful for debugging unexpected termination. + BoolVar(&dumpEnvoyConfigOnExitEnabled, "dump-envoy-config-on-exit", false, "DP_DUMP_ENVOY_CONFIG_ON_EXIT", "Call the Envoy /config_dump endpoint during consul-dataplane controlled shutdown.") } // validateFlags performs semantic validation of the flag values func validateFlags() { - if flagOpts.dataplaneConfig.Logging.LogLevel != nil { - switch strings.ToUpper(*flagOpts.dataplaneConfig.Logging.LogLevel) { - case "TRACE", "DEBUG", "INFO", "WARN", "ERROR": - default: - log.Fatal("invalid log level. valid values - TRACE, DEBUG, INFO, WARN, ERROR") - } - } - - if flagOpts.configFile != "" && !strings.HasSuffix(flagOpts.configFile, ".json") { - log.Fatal("invalid config file format. Should be a json file") + switch strings.ToUpper(logLevel) { + case "TRACE", "DEBUG", "INFO", "WARN", "ERROR": + default: + log.Fatal("invalid log level. valid values - TRACE, DEBUG, INFO, WARN, ERROR") } } func run() error { - err := flags.Parse(os.Args[1:]) - if err != nil { - return err - } + flag.Parse() - if flagOpts.printVersion { + if printVersion { fmt.Printf("Consul Dataplane v%s\n", version.GetHumanVersion()) fmt.Printf("Revision %s\n", version.GitCommit) return nil } readServiceIDFromFile() - readProxyIDFromFile() validateFlags() - consuldpCfg, err := flagOpts.buildDataplaneConfig(flags.Args()) - if err != nil { - return err + consuldpCfg := &consuldp.Config{ + Consul: &consuldp.ConsulConfig{ + Addresses: addresses, + GRPCPort: grpcPort, + Credentials: &consuldp.CredentialsConfig{ + Type: consuldp.CredentialsType(credentialType), + Static: consuldp.StaticCredentialsConfig{ + Token: token, + }, + Login: consuldp.LoginCredentialsConfig{ + AuthMethod: loginAuthMethod, + Namespace: loginNamespace, + Partition: loginPartition, + Datacenter: loginDatacenter, + BearerToken: loginBearerToken, + BearerTokenPath: loginBearerTokenPath, + Meta: loginMeta, + }, + }, + ServerWatchDisabled: serverWatchDisabled, + TLS: &consuldp.TLSConfig{ + Disabled: tlsDisabled, + CACertsPath: tlsCACertsPath, + ServerName: tlsServerName, + CertFile: tlsCertFile, + KeyFile: tlsKeyFile, + InsecureSkipVerify: tlsInsecureSkipVerify, + }, + }, + Service: &consuldp.ServiceConfig{ + NodeName: nodeName, + NodeID: nodeID, + ServiceID: serviceID, + Namespace: namespace, + Partition: partition, + }, + Logging: &consuldp.LoggingConfig{ + Name: "consul-dataplane", + LogLevel: strings.ToUpper(logLevel), + LogJSON: logJSON, + }, + Telemetry: &consuldp.TelemetryConfig{ + UseCentralConfig: useCentralTelemetryConfig, + Prometheus: consuldp.PrometheusTelemetryConfig{ + RetentionTime: promRetentionTime, + CACertsPath: promCACertsPath, + KeyFile: promKeyFile, + CertFile: promCertFile, + ServiceMetricsURL: promServiceMetricsURL, + ScrapePath: promScrapePath, + MergePort: promMergePort, + }, + }, + Envoy: &consuldp.EnvoyConfig{ + AdminBindAddress: adminBindAddr, + AdminBindPort: adminBindPort, + ReadyBindAddress: readyBindAddr, + ReadyBindPort: readyBindPort, + EnvoyConcurrency: envoyConcurrency, + EnvoyDrainTimeSeconds: envoyDrainTimeSeconds, + EnvoyDrainStrategy: envoyDrainStrategy, + ShutdownDrainListenersEnabled: shutdownDrainListenersEnabled, + ShutdownGracePeriodSeconds: shutdownGracePeriodSeconds, + GracefulShutdownPath: gracefulShutdownPath, + GracefulPort: gracefulPort, + DumpEnvoyConfigOnExitEnabled: dumpEnvoyConfigOnExitEnabled, + ExtraArgs: flag.Args(), + }, + XDSServer: &consuldp.XDSServer{ + BindAddress: xdsBindAddr, + BindPort: xdsBindPort, + }, + DNSServer: &consuldp.DNSServerConfig{ + BindAddr: consulDNSBindAddr, + Port: consulDNSPort, + }, } consuldpInstance, err := consuldp.NewConsulDP(consuldpCfg) @@ -197,33 +295,11 @@ func main() { // because this option only really makes sense as a CLI flag (and we handle // all flag parsing here). func readServiceIDFromFile() { - if flagOpts.dataplaneConfig.Service.ServiceID == nil && - flagOpts.dataplaneConfig.Service.ServiceIDPath != nil && - *flagOpts.dataplaneConfig.Service.ServiceIDPath != "" { - id, err := os.ReadFile(*flagOpts.dataplaneConfig.Service.ServiceIDPath) + if serviceID == "" && serviceIDPath != "" { + id, err := os.ReadFile(serviceIDPath) if err != nil { log.Fatalf("failed to read given -proxy-service-id-path: %v", err) } - s := string(id) - flagOpts.dataplaneConfig.Service.ServiceID = &s - } -} - -// readProxyIDFromFile reads the proxy ID from the file specified by the -// -proxy-id-path flag. -// -// We do this here, rather than in the consuldp package's config handling, -// because this option only really makes sense as a CLI flag (and we handle -// all flag parsing here). -func readProxyIDFromFile() { - if flagOpts.dataplaneConfig.Proxy.ID == nil && - flagOpts.dataplaneConfig.Proxy.IDPath != nil && - *flagOpts.dataplaneConfig.Proxy.IDPath != "" { - id, err := os.ReadFile(*flagOpts.dataplaneConfig.Proxy.IDPath) - if err != nil { - log.Fatalf("failed to read given -proxy-id-path: %v", err) - } - s := string(id) - flagOpts.dataplaneConfig.Proxy.ID = &s + serviceID = string(id) } } diff --git a/cmd/consul-dataplane/map_flag.go b/cmd/consul-dataplane/map_flag.go index 625dc0f5..1465808d 100644 --- a/cmd/consul-dataplane/map_flag.go +++ b/cmd/consul-dataplane/map_flag.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package main import ( diff --git a/cmd/consul-dataplane/map_flag_test.go b/cmd/consul-dataplane/map_flag_test.go index 0edf1e9d..76e1ca9e 100644 --- a/cmd/consul-dataplane/map_flag_test.go +++ b/cmd/consul-dataplane/map_flag_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package main import ( diff --git a/go.mod b/go.mod index d27502fd..bdeee5b7 100644 --- a/go.mod +++ b/go.mod @@ -3,17 +3,16 @@ module github.com/hashicorp/consul-dataplane go 1.20 require ( - dario.cat/mergo v1.0.0 github.com/armon/go-metrics v0.4.1 github.com/hashi-derek/grpc-proxy v0.0.0-20231207191910-191266484d75 - github.com/hashicorp/consul-server-connection-manager v0.1.8 - github.com/hashicorp/consul/proto-public v0.6.1 + github.com/hashicorp/consul-server-connection-manager v0.1.6 + github.com/hashicorp/consul/proto-public v0.4.0 github.com/hashicorp/go-hclog v1.2.2 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-rootcerts v1.0.2 github.com/mitchellh/mapstructure v1.5.0 github.com/prometheus/client_golang v1.13.0 - github.com/stretchr/testify v1.8.4 + github.com/stretchr/testify v1.8.3 google.golang.org/grpc v1.56.3 google.golang.org/protobuf v1.33.0 ) @@ -40,7 +39,6 @@ require ( github.com/prometheus/common v0.37.0 // indirect github.com/prometheus/procfs v0.8.0 // indirect github.com/stretchr/objx v0.5.0 // indirect - golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/sync v0.3.0 // indirect golang.org/x/sys v0.19.0 // indirect diff --git a/go.sum b/go.sum index e81ea690..dbaa4250 100644 --- a/go.sum +++ b/go.sum @@ -30,8 +30,6 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= -dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= @@ -145,10 +143,10 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/hashi-derek/grpc-proxy v0.0.0-20231207191910-191266484d75 h1:V5Uqf7VoWMd6UhNf/5EMA8LMPUm95GYvk2YF5SzT24o= github.com/hashi-derek/grpc-proxy v0.0.0-20231207191910-191266484d75/go.mod h1:5eEnHfK72jOkp4gC1dI/Q/E9MFNOM/ewE/vql5ijV3g= -github.com/hashicorp/consul-server-connection-manager v0.1.8 h1:ZXSWoqeoieyZq55X40NA9t0a+vokyg8cAlmgMSvvA4k= -github.com/hashicorp/consul-server-connection-manager v0.1.8/go.mod h1:ca1Mq2xBFnFPpW+X+CBct8z59YmSkuW5VEMqnV141H4= -github.com/hashicorp/consul/proto-public v0.6.1 h1:+uzH3olCrksXYWAYHKqK782CtK9scfqH+Unlw3UHhCg= -github.com/hashicorp/consul/proto-public v0.6.1/go.mod h1:cXXbOg74KBNGajC+o8RlA502Esf0R9prcoJgiOX/2Tg= +github.com/hashicorp/consul-server-connection-manager v0.1.6 h1:ktj8Fi+dRXn9hhM+FXsfEJayhzzgTqfH08Ne5M6Fmug= +github.com/hashicorp/consul-server-connection-manager v0.1.6/go.mod h1:HngMIv57MT+pqCVeRQMa1eTB5dqnyMm8uxjyv+Hn8cs= +github.com/hashicorp/consul/proto-public v0.4.0 h1:amEli9TgZBatDzvqW+k9E2HQEfOrIkIAlAreeP7vIlA= +github.com/hashicorp/consul/proto-public v0.4.0/go.mod h1:yOSsnXuMvtPPs9X9U44fb1xbUyOxY9jxuYs4R+ilxYU= github.com/hashicorp/consul/sdk v0.13.0 h1:lce3nFlpv8humJL8rNrrGHYSKc3q+Kxfeg3Ii1m6ZWU= github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -188,6 +186,7 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= @@ -210,7 +209,6 @@ github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3Rllmb github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= @@ -249,6 +247,7 @@ github.com/prometheus/procfs v0.7.3/go.mod h1:cz+aTbrPOrUb4q7XlbU9ygM+/jj0fzG6c1 github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= +github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= @@ -265,8 +264,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= +github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -293,8 +292,6 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= -golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -569,7 +566,7 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/integration-tests/go.mod b/integration-tests/go.mod index 4c9471ba..403eb392 100644 --- a/integration-tests/go.mod +++ b/integration-tests/go.mod @@ -5,11 +5,11 @@ go 1.20 require ( github.com/docker/docker v20.10.20+incompatible github.com/docker/go-connections v0.4.0 - github.com/hashicorp/consul/api v1.29.1 + github.com/hashicorp/consul/api v1.10.1-0.20230111184009-6d2880e89478 github.com/miekg/dns v1.1.50 - github.com/stretchr/testify v1.8.4 + github.com/stretchr/testify v1.8.1 github.com/testcontainers/testcontainers-go v0.17.0 - golang.org/x/mod v0.12.0 + golang.org/x/mod v0.8.0 gopkg.in/square/go-jose.v2 v2.5.1 ) @@ -18,43 +18,41 @@ require ( github.com/Microsoft/go-winio v0.5.2 // indirect github.com/armon/go-metrics v0.4.1 // indirect github.com/cenkalti/backoff/v4 v4.2.0 // indirect - github.com/containerd/containerd v1.6.18 // indirect - github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect + github.com/containerd/containerd v1.6.12 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/docker/distribution v2.8.1+incompatible // indirect github.com/docker/go-units v0.5.0 // indirect - github.com/fatih/color v1.16.0 // indirect + github.com/fatih/color v1.13.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/protobuf v1.5.4 // indirect + github.com/google/btree v1.0.0 // indirect github.com/google/uuid v1.3.0 // indirect - github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-hclog v1.5.0 // indirect + github.com/hashicorp/go-hclog v1.2.2 // indirect github.com/hashicorp/go-immutable-radix v1.3.1 // indirect - github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/hashicorp/serf v0.10.1 // indirect github.com/klauspost/compress v1.11.13 // indirect github.com/magiconair/properties v1.8.7 // indirect - github.com/mattn/go-colorable v0.1.13 // indirect - github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mattn/go-colorable v0.1.12 // indirect + github.com/mattn/go-isatty v0.0.16 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect - github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/mitchellh/mapstructure v1.4.2 // indirect github.com/moby/patternmatcher v0.5.0 // indirect github.com/moby/sys/sequential v0.5.0 // indirect github.com/moby/term v0.0.0-20221128092401-c43b287e0e0f // indirect github.com/morikuni/aec v1.0.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.0-rc2 // indirect - github.com/opencontainers/runc v1.1.12 // indirect + github.com/opencontainers/runc v1.1.4 // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect github.com/sirupsen/logrus v1.9.0 // indirect golang.org/x/crypto v0.22.0 // indirect - golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/sys v0.19.0 // indirect - golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect + golang.org/x/tools v0.6.0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e // indirect google.golang.org/grpc v1.56.3 // indirect google.golang.org/protobuf v1.33.0 // indirect diff --git a/integration-tests/go.sum b/integration-tests/go.sum index 3302dd74..d4cf98b5 100644 --- a/integration-tests/go.sum +++ b/integration-tests/go.sum @@ -1,9 +1,10 @@ github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 h1:UQHMgLO+TxOElx5B5HZ4hJQsoJ/PvUvKRhJHDQXO8P8= github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= +github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Microsoft/go-winio v0.5.2 h1:a9IhgEQBCUEk6QCdml9CiJGhAws+YwffDHEMp1VMrpA= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY= +github.com/Microsoft/hcsshim v0.9.5 h1:AbV+VPfTrIVffukazHcpxmz/sRiE6YaMDzHWR9BXZHo= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -21,71 +22,80 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/cenkalti/backoff/v4 v4.2.0 h1:HN5dHm3WBOgndBH6E8V0q2jIYIR3s9yglV8k/+MN3u4= github.com/cenkalti/backoff/v4 v4.2.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/checkpoint-restore/go-criu/v5 v5.3.0/go.mod h1:E/eQpaFtUKGOOSEBZgmKAcn+zUUwWxqcaKZlF54wK8E= +github.com/cilium/ebpf v0.7.0/go.mod h1:/oI2+1shJiTGAMgl6/RgJr36Eo1jzrRcAWbcXO2usCA= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= -github.com/containerd/containerd v1.6.18 h1:qZbsLvmyu+Vlty0/Ex5xc0z2YtKpIsb5n45mAMI+2Ns= -github.com/containerd/containerd v1.6.18/go.mod h1:1RdCUu95+gc2v9t3IL+zIlpClSmew7/0YS8O5eQZrOw= +github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U= +github.com/containerd/containerd v1.6.12 h1:kJ9b3mOFKf8yqo05Ob+tMoxvt1pbVWhnB0re9Y+k+8c= +github.com/containerd/containerd v1.6.12/go.mod h1:K4Bw7gjgh4TnkmQY+py/PYQGp4e7xgnHAeg87VeWb3A= github.com/containerd/continuity v0.3.0 h1:nisirsYROK15TAMVukJOUyGJjz4BNQJBVsNvAXZJ/eg= +github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= +github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU= github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI= +github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= -github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= +github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v20.10.3-0.20221013203545-33ab36d6b304+incompatible h1:ieHXawdo9MXKnRkKuVWEfEN3PDQUqIjz/T8vMfIaHkM= github.com/docker/docker v20.10.3-0.20221013203545-33ab36d6b304+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= +github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k= github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= +github.com/godbus/dbus/v5 v5.0.6/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/btree v1.0.1 h1:gK4Kx5IaGY9CD5sPJ36FHiBJ6ZXl0kilRiiCj+jdYp4= +github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= +github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/hashicorp/consul/api v1.29.1 h1:UEwOjYJrd3lG1x5w7HxDRMGiAUPrb3f103EoeKuuEcc= -github.com/hashicorp/consul/api v1.29.1/go.mod h1:lumfRkY/coLuqMICkI7Fh3ylMG31mQSRZyef2c5YvJI= -github.com/hashicorp/consul/proto-public v0.6.1 h1:+uzH3olCrksXYWAYHKqK782CtK9scfqH+Unlw3UHhCg= -github.com/hashicorp/consul/sdk v0.16.1 h1:V8TxTnImoPD5cj0U9Spl0TUxcytjcbbJeADFF07KdHg= +github.com/hashicorp/consul/api v1.10.1-0.20230111184009-6d2880e89478 h1:eascRLWw8PlLKqPsx05R8DVl8hVlRsvWemIWDvBXpnY= +github.com/hashicorp/consul/api v1.10.1-0.20230111184009-6d2880e89478/go.mod h1:c1u8FzGHcavbEtRW/p1YditvfMgn4QsKNgz2rnCDF7c= +github.com/hashicorp/consul/sdk v0.13.0 h1:lce3nFlpv8humJL8rNrrGHYSKc3q+Kxfeg3Ii1m6ZWU= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= -github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v1.5.0 h1:bI2ocEMgcVlz55Oj1xZNBsVi900c7II+fWDyV9o+13c= -github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-hclog v1.2.2 h1:ihRI7YFwcZdiSD7SIenIhHfQH3OuDvWerAUBZbeQS3M= +github.com/hashicorp/go-hclog v1.2.2/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc= github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-msgpack v0.5.3 h1:zKjpN5BK/P5lMYrLmBHdBULWbJ0XpYR+7NGzqkZzoD4= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= -github.com/hashicorp/go-msgpack v0.5.5 h1:i9R9JSrqIz0QVLz3sz+i3YJdT7TTSLcfLLzJi9aZTuI= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.0/go.mod h1:spPvp8C1qA32ftKqdAHm4hHTbPw+vmowP0z+KUhOZdA= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= -github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= @@ -94,7 +104,7 @@ github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0S github.com/hashicorp/go-syslog v1.0.0/go.mod h1:qPfqrKkXGihmCqbJM2mZgkZGvKG1dFdvsLplgctolz4= github.com/hashicorp/go-uuid v1.0.0/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.1/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= -github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.2 h1:cfejS+Tpcp13yd5nYHWDI6qVCny6wyX2Mt5SGur2IGE= github.com/hashicorp/go-version v1.2.1 h1:zEfKbn2+PDgroKdiOzqiE8rsmLqU2uwi5PB5pBJ3TkI= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.4 h1:YDjusn29QI/Das2iO9M0BHnIbxPeyuCHsjMW+lJfyTc= @@ -115,27 +125,26 @@ github.com/klauspost/compress v1.11.13/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdY github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= +github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= -github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12 h1:jF+Du6AlPIjs2BiUiQlKOX0rt3SujHxPnksPKZbaA40= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= -github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= -github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.16 h1:bq3VjFmv/sOjHtdEhmkEV4x1AJtvUvOJ2PFAZ5+peKQ= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= -github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= -github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= github.com/miekg/dns v1.1.41/go.mod h1:p6aan82bvRIyn+zDIv9xYNUpwa73JcSh9BKwknJysuI= @@ -145,10 +154,11 @@ github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXx github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/mapstructure v0.0.0-20160808181253-ca63d7c062ee/go.mod h1:FVVH3fgwuzCH5S8UJGiWEs2h04kUh9fWfEaFds41c1Y= -github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= -github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/mitchellh/mapstructure v1.4.2 h1:6h7AQ0yhTcIsmFmnAwQls75jp2Gzs4iB8W7pjMO+rqo= +github.com/mitchellh/mapstructure v1.4.2/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo= github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc= +github.com/moby/sys/mountinfo v0.5.0/go.mod h1:3bMD3Rg+zkqx8MRYPi7Pyb0Ie97QEBmdxbhnCLlSvSU= github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc= github.com/moby/sys/sequential v0.5.0/go.mod h1:tH2cOOs5V9MlPiXcQzRC+eEyab644PWKGRYaaV5ZZlo= github.com/moby/term v0.0.0-20221128092401-c43b287e0e0f h1:J/7hjLaHLD7epG0m6TBMGmp4NQ+ibBYLfeyJWdAIFLA= @@ -159,13 +169,16 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= +github.com/mrunalp/fileutils v0.5.0/go.mod h1:M1WthSahJixYnrXQl/DFQuteStB1weuxD2QJNHXfbSQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2 h1:2zx/Stx4Wc5pIPDvIxHXvXtQFW/7XWJGmnM7r3wg034= github.com/opencontainers/image-spec v1.1.0-rc2/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= -github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf3phss= -github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= +github.com/opencontainers/runc v1.1.4 h1:nRCz/8sKg6K6jgYAFLDlXzPeITBZJyX28DBVhWD+5dg= +github.com/opencontainers/runc v1.1.4/go.mod h1:1J5XiS+vdZ3wCyZybsuxXZWGrgSr8fFJHLXuG2PsnNg= +github.com/opencontainers/runtime-spec v1.0.3-0.20210326190908-1c3f411f0417/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= +github.com/opencontainers/selinux v1.10.0/go.mod h1:2i0OySw99QjzBBQByd1Gr9gSjvuho1lHsJxIJ3gGbJI= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -173,9 +186,8 @@ github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= -github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw= @@ -190,27 +202,39 @@ github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+GxbHq6oeK9A= github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= +github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= +github.com/seccomp/libseccomp-golang v0.9.2-0.20220502022130-f33da4d89646/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg= +github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= +github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= +github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww= github.com/testcontainers/testcontainers-go v0.17.0 h1:UdKSw2DJXinlS6ijbFb4VHpQzD+EfTwcTq1/19a+8PU= github.com/testcontainers/testcontainers-go v0.17.0/go.mod h1:n5trpHrB68IUelEqGNC8VipaCo6jOGusU44kIK11XRs= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM= +github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= +github.com/vishvananda/netlink v1.1.0/go.mod h1:cTgwzPIzzgDAYoQrMm0EdrjRUBkTqKYppBueQtXaqoE= +github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df/go.mod h1:JP3t17pCcGlemwknint6hfoeCVQrEMVwxRLRjXpq+BU= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= @@ -221,13 +245,11 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= -golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 h1:m64FZMko/V45gv0bNmrNYoDEq8U5YUhetc9cBWKS1TQ= -golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63/go.mod h1:0v4NqG35kSWCMzLaMeX+IQrlSnVE/bqGSyC2cz/9Le8= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc= -golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.8.0 h1:LUYupSeNrTNCGzR/hVBk2NHZO4hXcVaW1k4Qx7rjPx8= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -235,6 +257,7 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= +golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210410081132-afb366fc7cd1/go.mod h1:9tjilg8BloeKEkVJvy7fQ90B1CfIiPueXVOjqfkSzI8= @@ -247,7 +270,7 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= +golang.org/x/sync v0.1.0 h1:wsuoTGHzEhffawBOhz5CYhcrV4IdKZbEyZjBMuTp12o= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -255,9 +278,11 @@ golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190606203320-7fc4e5ec1444/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20191115151921-52ab43148777/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -270,12 +295,14 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210906170528-6f6e22806c34/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20211116061358-0a5406a5449c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -291,8 +318,8 @@ golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= -golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 h1:Vve/L0v7CXXuxUmaMGIEK/dEeq7uiqb5qBgQrZzIE7E= -golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846/go.mod h1:Sc0INKfu04TlqNoRA1hgpFZbhYXHPr4V5DzpSBTPqQM= +golang.org/x/tools v0.6.0 h1:BOw41kyTf3PuCW1pVQf8+Cyg8pMlkYB1oo9iJ6D/lKM= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -301,6 +328,8 @@ google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e h1: google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= +google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= +google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= diff --git a/integration-tests/helpers/auth_method.go b/integration-tests/helpers/auth_method.go index a041473b..94b67f27 100644 --- a/integration-tests/helpers/auth_method.go +++ b/integration-tests/helpers/auth_method.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package helpers import ( diff --git a/integration-tests/helpers/dataplane.go b/integration-tests/helpers/dataplane.go index b1bbc9bf..29428a13 100644 --- a/integration-tests/helpers/dataplane.go +++ b/integration-tests/helpers/dataplane.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package helpers import ( diff --git a/integration-tests/helpers/helpers.go b/integration-tests/helpers/helpers.go index 49610860..f5a62e32 100644 --- a/integration-tests/helpers/helpers.go +++ b/integration-tests/helpers/helpers.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package helpers import ( diff --git a/integration-tests/helpers/pod.go b/integration-tests/helpers/pod.go index 2db96088..e9ffea00 100644 --- a/integration-tests/helpers/pod.go +++ b/integration-tests/helpers/pod.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package helpers import ( diff --git a/integration-tests/helpers/server.go b/integration-tests/helpers/server.go index 71757711..9f1e952b 100644 --- a/integration-tests/helpers/server.go +++ b/integration-tests/helpers/server.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package helpers import ( diff --git a/integration-tests/helpers/service.go b/integration-tests/helpers/service.go index ae6e3bc2..2f9d7dd4 100644 --- a/integration-tests/helpers/service.go +++ b/integration-tests/helpers/service.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package helpers import ( diff --git a/integration-tests/helpers/suite.go b/integration-tests/helpers/suite.go index 6a002e05..26a3ba6b 100644 --- a/integration-tests/helpers/suite.go +++ b/integration-tests/helpers/suite.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package helpers import ( diff --git a/integration-tests/helpers/tls.go b/integration-tests/helpers/tls.go index 456858bc..5e79d036 100644 --- a/integration-tests/helpers/tls.go +++ b/integration-tests/helpers/tls.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package helpers import ( diff --git a/integration-tests/main_test.go b/integration-tests/main_test.go index 01b827fe..ac13d0dc 100644 --- a/integration-tests/main_test.go +++ b/integration-tests/main_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package integrationtests import ( diff --git a/internal/bootstrap/bootstrap_config.go b/internal/bootstrap/bootstrap_config.go index 51ee754d..abfcf1b7 100644 --- a/internal/bootstrap/bootstrap_config.go +++ b/internal/bootstrap/bootstrap_config.go @@ -16,8 +16,6 @@ import ( "path" "strings" "text/template" - - "github.com/hashicorp/go-hclog" ) const ( @@ -161,17 +159,6 @@ type BootstrapConfig struct { // the bootstrap config. It's format may vary based on Envoy version used. // See https://www.envoyproxy.io/docs/envoy/v1.9.0/api-v2/config/trace/v2/trace.proto. TracingConfigJSON string `mapstructure:"envoy_tracing_json"` - - Logger hclog.Logger -} - -// log returns the Logger for BootstrapConfig or a null Logger if none is configured. -// This method is meant to support tests that do not configure a Logger. -func (c *BootstrapConfig) log() hclog.Logger { - if c.Logger == nil { - return hclog.NewNullLogger() - } - return c.Logger } // Template returns the bootstrap template to use as a base. @@ -654,24 +641,6 @@ func (c *BootstrapConfig) generateListenerConfig(args *BootstrapTplArgs, bindAdd clusterPort = prometheusBackendPort clusterName = "prometheus_backend" } - - if !strings.HasPrefix(matchValue, "/") { - // Must begin with '/' for match to work and to support request URL parsing. - // - // Warn rather than returning an error for the sake of backwards compatibility. - c.log().Warn(fmt.Sprintf("%s path %s must begin with '/', adding for path match", name, matchValue)) - matchValue = "/" + matchValue - } - if u, err := url.ParseRequestURI(matchValue); err == nil && u.RawQuery != "" { - // Strip query params from the match value (prefix or path), since Envoy does - // not expect a query and will strip the query from a request path before - // comparing against the configured value (i.e. the match value must not ever - // have a query in order to work). - // - // Warn rather than returning an error for the sake of backwards compatibility. - c.log().Warn(fmt.Sprintf("%s path %s must not contain a query, stripping for path match", name, matchValue)) - matchValue = u.Path - } clusterJSON := `{ "name": "` + clusterName + `", diff --git a/internal/bootstrap/bootstrap_tpl.go b/internal/bootstrap/bootstrap_tpl.go index b6476589..60ab8846 100644 --- a/internal/bootstrap/bootstrap_tpl.go +++ b/internal/bootstrap/bootstrap_tpl.go @@ -294,6 +294,12 @@ const bootstrapTemplate = `{ "api_type": "DELTA_GRPC", "transport_api_version": "V3", "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "{{ .Token }}" + } + ], "envoy_grpc": { "cluster_name": "{{ .LocalAgentClusterName }}" } diff --git a/internal/bootstrap/helpers_test.go b/internal/bootstrap/helpers_test.go index 7579afb5..2e7b759d 100644 --- a/internal/bootstrap/helpers_test.go +++ b/internal/bootstrap/helpers_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package bootstrap import ( diff --git a/internal/mocks/pbdnsmock/dns_service_client.go b/internal/mocks/pbdnsmock/dns_service_client.go deleted file mode 100644 index cdde7e82..00000000 --- a/internal/mocks/pbdnsmock/dns_service_client.go +++ /dev/null @@ -1,69 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbdnsmock - -import ( - context "context" - - grpc "google.golang.org/grpc" - - mock "github.com/stretchr/testify/mock" - - pbdns "github.com/hashicorp/consul/proto-public/pbdns" -) - -// DNSServiceClient is an autogenerated mock type for the DNSServiceClient type -type DNSServiceClient struct { - mock.Mock -} - -// Query provides a mock function with given fields: ctx, in, opts -func (_m *DNSServiceClient) Query(ctx context.Context, in *pbdns.QueryRequest, opts ...grpc.CallOption) (*pbdns.QueryResponse, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for Query") - } - - var r0 *pbdns.QueryResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbdns.QueryRequest, ...grpc.CallOption) (*pbdns.QueryResponse, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbdns.QueryRequest, ...grpc.CallOption) *pbdns.QueryResponse); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbdns.QueryResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbdns.QueryRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// NewDNSServiceClient creates a new instance of DNSServiceClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewDNSServiceClient(t interface { - mock.TestingT - Cleanup(func()) -}) *DNSServiceClient { - mock := &DNSServiceClient{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbdnsmock/dns_service_server.go b/internal/mocks/pbdnsmock/dns_service_server.go deleted file mode 100644 index c4cb5013..00000000 --- a/internal/mocks/pbdnsmock/dns_service_server.go +++ /dev/null @@ -1,59 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbdnsmock - -import ( - context "context" - - pbdns "github.com/hashicorp/consul/proto-public/pbdns" - mock "github.com/stretchr/testify/mock" -) - -// DNSServiceServer is an autogenerated mock type for the DNSServiceServer type -type DNSServiceServer struct { - mock.Mock -} - -// Query provides a mock function with given fields: _a0, _a1 -func (_m *DNSServiceServer) Query(_a0 context.Context, _a1 *pbdns.QueryRequest) (*pbdns.QueryResponse, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for Query") - } - - var r0 *pbdns.QueryResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbdns.QueryRequest) (*pbdns.QueryResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbdns.QueryRequest) *pbdns.QueryResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbdns.QueryResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbdns.QueryRequest) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// NewDNSServiceServer creates a new instance of DNSServiceServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewDNSServiceServer(t interface { - mock.TestingT - Cleanup(func()) -}) *DNSServiceServer { - mock := &DNSServiceServer{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbdnsmock/is_cloning_dns_service_client.go b/internal/mocks/pbdnsmock/is_cloning_dns_service_client.go deleted file mode 100644 index 6f655bb5..00000000 --- a/internal/mocks/pbdnsmock/is_cloning_dns_service_client.go +++ /dev/null @@ -1,42 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbdnsmock - -import mock "github.com/stretchr/testify/mock" - -// IsCloningDNSServiceClient is an autogenerated mock type for the IsCloningDNSServiceClient type -type IsCloningDNSServiceClient struct { - mock.Mock -} - -// IsCloningDNSServiceClient provides a mock function with given fields: -func (_m *IsCloningDNSServiceClient) IsCloningDNSServiceClient() bool { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for IsCloningDNSServiceClient") - } - - var r0 bool - if rf, ok := ret.Get(0).(func() bool); ok { - r0 = rf() - } else { - r0 = ret.Get(0).(bool) - } - - return r0 -} - -// NewIsCloningDNSServiceClient creates a new instance of IsCloningDNSServiceClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewIsCloningDNSServiceClient(t interface { - mock.TestingT - Cleanup(func()) -}) *IsCloningDNSServiceClient { - mock := &IsCloningDNSServiceClient{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbdnsmock/unsafe_dns_service_server.go b/internal/mocks/pbdnsmock/unsafe_dns_service_server.go deleted file mode 100644 index 3592b56b..00000000 --- a/internal/mocks/pbdnsmock/unsafe_dns_service_server.go +++ /dev/null @@ -1,29 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbdnsmock - -import mock "github.com/stretchr/testify/mock" - -// UnsafeDNSServiceServer is an autogenerated mock type for the UnsafeDNSServiceServer type -type UnsafeDNSServiceServer struct { - mock.Mock -} - -// mustEmbedUnimplementedDNSServiceServer provides a mock function with given fields: -func (_m *UnsafeDNSServiceServer) mustEmbedUnimplementedDNSServiceServer() { - _m.Called() -} - -// NewUnsafeDNSServiceServer creates a new instance of UnsafeDNSServiceServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewUnsafeDNSServiceServer(t interface { - mock.TestingT - Cleanup(func()) -}) *UnsafeDNSServiceServer { - mock := &UnsafeDNSServiceServer{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbresourcemock/is_cloning_resource_service_client.go b/internal/mocks/pbresourcemock/is_cloning_resource_service_client.go deleted file mode 100644 index 0cb2619a..00000000 --- a/internal/mocks/pbresourcemock/is_cloning_resource_service_client.go +++ /dev/null @@ -1,42 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbresourcemock - -import mock "github.com/stretchr/testify/mock" - -// IsCloningResourceServiceClient is an autogenerated mock type for the IsCloningResourceServiceClient type -type IsCloningResourceServiceClient struct { - mock.Mock -} - -// IsCloningResourceServiceClient provides a mock function with given fields: -func (_m *IsCloningResourceServiceClient) IsCloningResourceServiceClient() bool { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for IsCloningResourceServiceClient") - } - - var r0 bool - if rf, ok := ret.Get(0).(func() bool); ok { - r0 = rf() - } else { - r0 = ret.Get(0).(bool) - } - - return r0 -} - -// NewIsCloningResourceServiceClient creates a new instance of IsCloningResourceServiceClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewIsCloningResourceServiceClient(t interface { - mock.TestingT - Cleanup(func()) -}) *IsCloningResourceServiceClient { - mock := &IsCloningResourceServiceClient{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbresourcemock/is_watch_event__event.go b/internal/mocks/pbresourcemock/is_watch_event__event.go deleted file mode 100644 index 91e3a5ec..00000000 --- a/internal/mocks/pbresourcemock/is_watch_event__event.go +++ /dev/null @@ -1,29 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbresourcemock - -import mock "github.com/stretchr/testify/mock" - -// isWatchEvent_Event is an autogenerated mock type for the isWatchEvent_Event type -type isWatchEvent_Event struct { - mock.Mock -} - -// isWatchEvent_Event provides a mock function with given fields: -func (_m *isWatchEvent_Event) isWatchEvent_Event() { - _m.Called() -} - -// newIsWatchEvent_Event creates a new instance of isWatchEvent_Event. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func newIsWatchEvent_Event(t interface { - mock.TestingT - Cleanup(func()) -}) *isWatchEvent_Event { - mock := &isWatchEvent_Event{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbresourcemock/resource_service__watch_list_client.go b/internal/mocks/pbresourcemock/resource_service__watch_list_client.go deleted file mode 100644 index b2f4e63c..00000000 --- a/internal/mocks/pbresourcemock/resource_service__watch_list_client.go +++ /dev/null @@ -1,185 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbresourcemock - -import ( - context "context" - - mock "github.com/stretchr/testify/mock" - metadata "google.golang.org/grpc/metadata" - - pbresource "github.com/hashicorp/consul/proto-public/pbresource" -) - -// ResourceService_WatchListClient is an autogenerated mock type for the ResourceService_WatchListClient type -type ResourceService_WatchListClient struct { - mock.Mock -} - -// CloseSend provides a mock function with given fields: -func (_m *ResourceService_WatchListClient) CloseSend() error { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for CloseSend") - } - - var r0 error - if rf, ok := ret.Get(0).(func() error); ok { - r0 = rf() - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// Context provides a mock function with given fields: -func (_m *ResourceService_WatchListClient) Context() context.Context { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for Context") - } - - var r0 context.Context - if rf, ok := ret.Get(0).(func() context.Context); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(context.Context) - } - } - - return r0 -} - -// Header provides a mock function with given fields: -func (_m *ResourceService_WatchListClient) Header() (metadata.MD, error) { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for Header") - } - - var r0 metadata.MD - var r1 error - if rf, ok := ret.Get(0).(func() (metadata.MD, error)); ok { - return rf() - } - if rf, ok := ret.Get(0).(func() metadata.MD); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(metadata.MD) - } - } - - if rf, ok := ret.Get(1).(func() error); ok { - r1 = rf() - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// Recv provides a mock function with given fields: -func (_m *ResourceService_WatchListClient) Recv() (*pbresource.WatchEvent, error) { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for Recv") - } - - var r0 *pbresource.WatchEvent - var r1 error - if rf, ok := ret.Get(0).(func() (*pbresource.WatchEvent, error)); ok { - return rf() - } - if rf, ok := ret.Get(0).(func() *pbresource.WatchEvent); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.WatchEvent) - } - } - - if rf, ok := ret.Get(1).(func() error); ok { - r1 = rf() - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// RecvMsg provides a mock function with given fields: m -func (_m *ResourceService_WatchListClient) RecvMsg(m interface{}) error { - ret := _m.Called(m) - - if len(ret) == 0 { - panic("no return value specified for RecvMsg") - } - - var r0 error - if rf, ok := ret.Get(0).(func(interface{}) error); ok { - r0 = rf(m) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// SendMsg provides a mock function with given fields: m -func (_m *ResourceService_WatchListClient) SendMsg(m interface{}) error { - ret := _m.Called(m) - - if len(ret) == 0 { - panic("no return value specified for SendMsg") - } - - var r0 error - if rf, ok := ret.Get(0).(func(interface{}) error); ok { - r0 = rf(m) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// Trailer provides a mock function with given fields: -func (_m *ResourceService_WatchListClient) Trailer() metadata.MD { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for Trailer") - } - - var r0 metadata.MD - if rf, ok := ret.Get(0).(func() metadata.MD); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(metadata.MD) - } - } - - return r0 -} - -// NewResourceService_WatchListClient creates a new instance of ResourceService_WatchListClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewResourceService_WatchListClient(t interface { - mock.TestingT - Cleanup(func()) -}) *ResourceService_WatchListClient { - mock := &ResourceService_WatchListClient{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbresourcemock/resource_service__watch_list_server.go b/internal/mocks/pbresourcemock/resource_service__watch_list_server.go deleted file mode 100644 index 2ff3cd3a..00000000 --- a/internal/mocks/pbresourcemock/resource_service__watch_list_server.go +++ /dev/null @@ -1,146 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbresourcemock - -import ( - context "context" - - mock "github.com/stretchr/testify/mock" - metadata "google.golang.org/grpc/metadata" - - pbresource "github.com/hashicorp/consul/proto-public/pbresource" -) - -// ResourceService_WatchListServer is an autogenerated mock type for the ResourceService_WatchListServer type -type ResourceService_WatchListServer struct { - mock.Mock -} - -// Context provides a mock function with given fields: -func (_m *ResourceService_WatchListServer) Context() context.Context { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for Context") - } - - var r0 context.Context - if rf, ok := ret.Get(0).(func() context.Context); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(context.Context) - } - } - - return r0 -} - -// RecvMsg provides a mock function with given fields: m -func (_m *ResourceService_WatchListServer) RecvMsg(m interface{}) error { - ret := _m.Called(m) - - if len(ret) == 0 { - panic("no return value specified for RecvMsg") - } - - var r0 error - if rf, ok := ret.Get(0).(func(interface{}) error); ok { - r0 = rf(m) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// Send provides a mock function with given fields: _a0 -func (_m *ResourceService_WatchListServer) Send(_a0 *pbresource.WatchEvent) error { - ret := _m.Called(_a0) - - if len(ret) == 0 { - panic("no return value specified for Send") - } - - var r0 error - if rf, ok := ret.Get(0).(func(*pbresource.WatchEvent) error); ok { - r0 = rf(_a0) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// SendHeader provides a mock function with given fields: _a0 -func (_m *ResourceService_WatchListServer) SendHeader(_a0 metadata.MD) error { - ret := _m.Called(_a0) - - if len(ret) == 0 { - panic("no return value specified for SendHeader") - } - - var r0 error - if rf, ok := ret.Get(0).(func(metadata.MD) error); ok { - r0 = rf(_a0) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// SendMsg provides a mock function with given fields: m -func (_m *ResourceService_WatchListServer) SendMsg(m interface{}) error { - ret := _m.Called(m) - - if len(ret) == 0 { - panic("no return value specified for SendMsg") - } - - var r0 error - if rf, ok := ret.Get(0).(func(interface{}) error); ok { - r0 = rf(m) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// SetHeader provides a mock function with given fields: _a0 -func (_m *ResourceService_WatchListServer) SetHeader(_a0 metadata.MD) error { - ret := _m.Called(_a0) - - if len(ret) == 0 { - panic("no return value specified for SetHeader") - } - - var r0 error - if rf, ok := ret.Get(0).(func(metadata.MD) error); ok { - r0 = rf(_a0) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// SetTrailer provides a mock function with given fields: _a0 -func (_m *ResourceService_WatchListServer) SetTrailer(_a0 metadata.MD) { - _m.Called(_a0) -} - -// NewResourceService_WatchListServer creates a new instance of ResourceService_WatchListServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewResourceService_WatchListServer(t interface { - mock.TestingT - Cleanup(func()) -}) *ResourceService_WatchListServer { - mock := &ResourceService_WatchListServer{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbresourcemock/resource_service_client.go b/internal/mocks/pbresourcemock/resource_service_client.go deleted file mode 100644 index f136cbd1..00000000 --- a/internal/mocks/pbresourcemock/resource_service_client.go +++ /dev/null @@ -1,328 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbresourcemock - -import ( - context "context" - - grpc "google.golang.org/grpc" - - mock "github.com/stretchr/testify/mock" - - pbresource "github.com/hashicorp/consul/proto-public/pbresource" -) - -// ResourceServiceClient is an autogenerated mock type for the ResourceServiceClient type -type ResourceServiceClient struct { - mock.Mock -} - -// Delete provides a mock function with given fields: ctx, in, opts -func (_m *ResourceServiceClient) Delete(ctx context.Context, in *pbresource.DeleteRequest, opts ...grpc.CallOption) (*pbresource.DeleteResponse, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for Delete") - } - - var r0 *pbresource.DeleteResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.DeleteRequest, ...grpc.CallOption) (*pbresource.DeleteResponse, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.DeleteRequest, ...grpc.CallOption) *pbresource.DeleteResponse); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.DeleteResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.DeleteRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// List provides a mock function with given fields: ctx, in, opts -func (_m *ResourceServiceClient) List(ctx context.Context, in *pbresource.ListRequest, opts ...grpc.CallOption) (*pbresource.ListResponse, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for List") - } - - var r0 *pbresource.ListResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ListRequest, ...grpc.CallOption) (*pbresource.ListResponse, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ListRequest, ...grpc.CallOption) *pbresource.ListResponse); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.ListResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.ListRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// ListByOwner provides a mock function with given fields: ctx, in, opts -func (_m *ResourceServiceClient) ListByOwner(ctx context.Context, in *pbresource.ListByOwnerRequest, opts ...grpc.CallOption) (*pbresource.ListByOwnerResponse, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for ListByOwner") - } - - var r0 *pbresource.ListByOwnerResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ListByOwnerRequest, ...grpc.CallOption) (*pbresource.ListByOwnerResponse, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ListByOwnerRequest, ...grpc.CallOption) *pbresource.ListByOwnerResponse); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.ListByOwnerResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.ListByOwnerRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// MutateAndValidate provides a mock function with given fields: ctx, in, opts -func (_m *ResourceServiceClient) MutateAndValidate(ctx context.Context, in *pbresource.MutateAndValidateRequest, opts ...grpc.CallOption) (*pbresource.MutateAndValidateResponse, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for MutateAndValidate") - } - - var r0 *pbresource.MutateAndValidateResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.MutateAndValidateRequest, ...grpc.CallOption) (*pbresource.MutateAndValidateResponse, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.MutateAndValidateRequest, ...grpc.CallOption) *pbresource.MutateAndValidateResponse); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.MutateAndValidateResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.MutateAndValidateRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// Read provides a mock function with given fields: ctx, in, opts -func (_m *ResourceServiceClient) Read(ctx context.Context, in *pbresource.ReadRequest, opts ...grpc.CallOption) (*pbresource.ReadResponse, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for Read") - } - - var r0 *pbresource.ReadResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ReadRequest, ...grpc.CallOption) (*pbresource.ReadResponse, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ReadRequest, ...grpc.CallOption) *pbresource.ReadResponse); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.ReadResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.ReadRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// WatchList provides a mock function with given fields: ctx, in, opts -func (_m *ResourceServiceClient) WatchList(ctx context.Context, in *pbresource.WatchListRequest, opts ...grpc.CallOption) (pbresource.ResourceService_WatchListClient, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for WatchList") - } - - var r0 pbresource.ResourceService_WatchListClient - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.WatchListRequest, ...grpc.CallOption) (pbresource.ResourceService_WatchListClient, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.WatchListRequest, ...grpc.CallOption) pbresource.ResourceService_WatchListClient); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(pbresource.ResourceService_WatchListClient) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.WatchListRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// Write provides a mock function with given fields: ctx, in, opts -func (_m *ResourceServiceClient) Write(ctx context.Context, in *pbresource.WriteRequest, opts ...grpc.CallOption) (*pbresource.WriteResponse, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for Write") - } - - var r0 *pbresource.WriteResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.WriteRequest, ...grpc.CallOption) (*pbresource.WriteResponse, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.WriteRequest, ...grpc.CallOption) *pbresource.WriteResponse); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.WriteResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.WriteRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// WriteStatus provides a mock function with given fields: ctx, in, opts -func (_m *ResourceServiceClient) WriteStatus(ctx context.Context, in *pbresource.WriteStatusRequest, opts ...grpc.CallOption) (*pbresource.WriteStatusResponse, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - if len(ret) == 0 { - panic("no return value specified for WriteStatus") - } - - var r0 *pbresource.WriteStatusResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.WriteStatusRequest, ...grpc.CallOption) (*pbresource.WriteStatusResponse, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.WriteStatusRequest, ...grpc.CallOption) *pbresource.WriteStatusResponse); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.WriteStatusResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.WriteStatusRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// NewResourceServiceClient creates a new instance of ResourceServiceClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewResourceServiceClient(t interface { - mock.TestingT - Cleanup(func()) -}) *ResourceServiceClient { - mock := &ResourceServiceClient{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbresourcemock/resource_service_server.go b/internal/mocks/pbresourcemock/resource_service_server.go deleted file mode 100644 index 2cbf4c84..00000000 --- a/internal/mocks/pbresourcemock/resource_service_server.go +++ /dev/null @@ -1,257 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbresourcemock - -import ( - context "context" - - pbresource "github.com/hashicorp/consul/proto-public/pbresource" - mock "github.com/stretchr/testify/mock" -) - -// ResourceServiceServer is an autogenerated mock type for the ResourceServiceServer type -type ResourceServiceServer struct { - mock.Mock -} - -// Delete provides a mock function with given fields: _a0, _a1 -func (_m *ResourceServiceServer) Delete(_a0 context.Context, _a1 *pbresource.DeleteRequest) (*pbresource.DeleteResponse, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for Delete") - } - - var r0 *pbresource.DeleteResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.DeleteRequest) (*pbresource.DeleteResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.DeleteRequest) *pbresource.DeleteResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.DeleteResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.DeleteRequest) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// List provides a mock function with given fields: _a0, _a1 -func (_m *ResourceServiceServer) List(_a0 context.Context, _a1 *pbresource.ListRequest) (*pbresource.ListResponse, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for List") - } - - var r0 *pbresource.ListResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ListRequest) (*pbresource.ListResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ListRequest) *pbresource.ListResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.ListResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.ListRequest) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// ListByOwner provides a mock function with given fields: _a0, _a1 -func (_m *ResourceServiceServer) ListByOwner(_a0 context.Context, _a1 *pbresource.ListByOwnerRequest) (*pbresource.ListByOwnerResponse, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for ListByOwner") - } - - var r0 *pbresource.ListByOwnerResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ListByOwnerRequest) (*pbresource.ListByOwnerResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ListByOwnerRequest) *pbresource.ListByOwnerResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.ListByOwnerResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.ListByOwnerRequest) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// MutateAndValidate provides a mock function with given fields: _a0, _a1 -func (_m *ResourceServiceServer) MutateAndValidate(_a0 context.Context, _a1 *pbresource.MutateAndValidateRequest) (*pbresource.MutateAndValidateResponse, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for MutateAndValidate") - } - - var r0 *pbresource.MutateAndValidateResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.MutateAndValidateRequest) (*pbresource.MutateAndValidateResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.MutateAndValidateRequest) *pbresource.MutateAndValidateResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.MutateAndValidateResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.MutateAndValidateRequest) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// Read provides a mock function with given fields: _a0, _a1 -func (_m *ResourceServiceServer) Read(_a0 context.Context, _a1 *pbresource.ReadRequest) (*pbresource.ReadResponse, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for Read") - } - - var r0 *pbresource.ReadResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ReadRequest) (*pbresource.ReadResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.ReadRequest) *pbresource.ReadResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.ReadResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.ReadRequest) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// WatchList provides a mock function with given fields: _a0, _a1 -func (_m *ResourceServiceServer) WatchList(_a0 *pbresource.WatchListRequest, _a1 pbresource.ResourceService_WatchListServer) error { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for WatchList") - } - - var r0 error - if rf, ok := ret.Get(0).(func(*pbresource.WatchListRequest, pbresource.ResourceService_WatchListServer) error); ok { - r0 = rf(_a0, _a1) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// Write provides a mock function with given fields: _a0, _a1 -func (_m *ResourceServiceServer) Write(_a0 context.Context, _a1 *pbresource.WriteRequest) (*pbresource.WriteResponse, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for Write") - } - - var r0 *pbresource.WriteResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.WriteRequest) (*pbresource.WriteResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.WriteRequest) *pbresource.WriteResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.WriteResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.WriteRequest) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// WriteStatus provides a mock function with given fields: _a0, _a1 -func (_m *ResourceServiceServer) WriteStatus(_a0 context.Context, _a1 *pbresource.WriteStatusRequest) (*pbresource.WriteStatusResponse, error) { - ret := _m.Called(_a0, _a1) - - if len(ret) == 0 { - panic("no return value specified for WriteStatus") - } - - var r0 *pbresource.WriteStatusResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.WriteStatusRequest) (*pbresource.WriteStatusResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbresource.WriteStatusRequest) *pbresource.WriteStatusResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbresource.WriteStatusResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbresource.WriteStatusRequest) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// NewResourceServiceServer creates a new instance of ResourceServiceServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewResourceServiceServer(t interface { - mock.TestingT - Cleanup(func()) -}) *ResourceServiceServer { - mock := &ResourceServiceServer{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbresourcemock/server_stream.go b/internal/mocks/pbresourcemock/server_stream.go deleted file mode 100644 index a3d576e3..00000000 --- a/internal/mocks/pbresourcemock/server_stream.go +++ /dev/null @@ -1,183 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbresourcemock - -import ( - context "context" - - mock "github.com/stretchr/testify/mock" - metadata "google.golang.org/grpc/metadata" - - protoreflect "google.golang.org/protobuf/reflect/protoreflect" -) - -// serverStream is an autogenerated mock type for the serverStream type -type serverStream[T protoreflect.ProtoMessage] struct { - mock.Mock -} - -// CloseSend provides a mock function with given fields: -func (_m *serverStream[T]) CloseSend() error { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for CloseSend") - } - - var r0 error - if rf, ok := ret.Get(0).(func() error); ok { - r0 = rf() - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// Context provides a mock function with given fields: -func (_m *serverStream[T]) Context() context.Context { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for Context") - } - - var r0 context.Context - if rf, ok := ret.Get(0).(func() context.Context); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(context.Context) - } - } - - return r0 -} - -// Header provides a mock function with given fields: -func (_m *serverStream[T]) Header() (metadata.MD, error) { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for Header") - } - - var r0 metadata.MD - var r1 error - if rf, ok := ret.Get(0).(func() (metadata.MD, error)); ok { - return rf() - } - if rf, ok := ret.Get(0).(func() metadata.MD); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(metadata.MD) - } - } - - if rf, ok := ret.Get(1).(func() error); ok { - r1 = rf() - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// Recv provides a mock function with given fields: -func (_m *serverStream[T]) Recv() (T, error) { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for Recv") - } - - var r0 T - var r1 error - if rf, ok := ret.Get(0).(func() (T, error)); ok { - return rf() - } - if rf, ok := ret.Get(0).(func() T); ok { - r0 = rf() - } else { - r0 = ret.Get(0).(T) - } - - if rf, ok := ret.Get(1).(func() error); ok { - r1 = rf() - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// RecvMsg provides a mock function with given fields: m -func (_m *serverStream[T]) RecvMsg(m interface{}) error { - ret := _m.Called(m) - - if len(ret) == 0 { - panic("no return value specified for RecvMsg") - } - - var r0 error - if rf, ok := ret.Get(0).(func(interface{}) error); ok { - r0 = rf(m) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// SendMsg provides a mock function with given fields: m -func (_m *serverStream[T]) SendMsg(m interface{}) error { - ret := _m.Called(m) - - if len(ret) == 0 { - panic("no return value specified for SendMsg") - } - - var r0 error - if rf, ok := ret.Get(0).(func(interface{}) error); ok { - r0 = rf(m) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// Trailer provides a mock function with given fields: -func (_m *serverStream[T]) Trailer() metadata.MD { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for Trailer") - } - - var r0 metadata.MD - if rf, ok := ret.Get(0).(func() metadata.MD); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(metadata.MD) - } - } - - return r0 -} - -// newServerStream creates a new instance of serverStream. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func newServerStream[T protoreflect.ProtoMessage](t interface { - mock.TestingT - Cleanup(func()) -}) *serverStream[T] { - mock := &serverStream[T]{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/mocks/pbresourcemock/unsafe_resource_service_server.go b/internal/mocks/pbresourcemock/unsafe_resource_service_server.go deleted file mode 100644 index 11c486ee..00000000 --- a/internal/mocks/pbresourcemock/unsafe_resource_service_server.go +++ /dev/null @@ -1,29 +0,0 @@ -// Code generated by mockery v2.41.0. DO NOT EDIT. - -package pbresourcemock - -import mock "github.com/stretchr/testify/mock" - -// UnsafeResourceServiceServer is an autogenerated mock type for the UnsafeResourceServiceServer type -type UnsafeResourceServiceServer struct { - mock.Mock -} - -// mustEmbedUnimplementedResourceServiceServer provides a mock function with given fields: -func (_m *UnsafeResourceServiceServer) mustEmbedUnimplementedResourceServiceServer() { - _m.Called() -} - -// NewUnsafeResourceServiceServer creates a new instance of UnsafeResourceServiceServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewUnsafeResourceServiceServer(t interface { - mock.TestingT - Cleanup(func()) -}) *UnsafeResourceServiceServer { - mock := &UnsafeResourceServiceServer{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/pkg/consuldp/bootstrap.go b/pkg/consuldp/bootstrap.go index f6185018..a7c9d5f5 100644 --- a/pkg/consuldp/bootstrap.go +++ b/pkg/consuldp/bootstrap.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import ( @@ -28,12 +25,11 @@ const ( // bootstrapConfig generates the Envoy bootstrap config in JSON format. func (cdp *ConsulDataplane) bootstrapConfig(ctx context.Context) (*bootstrap.BootstrapConfig, []byte, error) { - svc := cdp.cfg.Proxy + svc := cdp.cfg.Service envoy := cdp.cfg.Envoy req := &pbdataplane.GetEnvoyBootstrapParamsRequest{ - ServiceId: svc.ProxyID, - ProxyId: svc.ProxyID, + ServiceId: svc.ServiceID, Namespace: svc.Namespace, Partition: svc.Partition, } @@ -53,14 +49,6 @@ func (cdp *ConsulDataplane) bootstrapConfig(ctx context.Context) (*bootstrap.Boo return nil, nil, fmt.Errorf("failed to get envoy bootstrap params: %w", err) } - // store the final resolved service for others to use. - cdp.resolvedProxyConfig = ProxyConfig{ - NodeName: rsp.NodeName, - ProxyID: cdp.cfg.Proxy.ProxyID, - Namespace: rsp.Namespace, - Partition: rsp.Partition, - } - prom := cdp.cfg.Telemetry.Prometheus args := &bootstrap.BootstrapTplArgs{ GRPC: bootstrap.GRPC{ @@ -69,7 +57,7 @@ func (cdp *ConsulDataplane) bootstrapConfig(ctx context.Context) (*bootstrap.Boo AgentTLS: false, }, ProxyCluster: rsp.Service, - ProxyID: svc.ProxyID, + ProxyID: svc.ServiceID, NodeName: rsp.NodeName, ProxySourceService: rsp.Service, AdminAccessLogConfig: rsp.AccessLogs, @@ -85,11 +73,6 @@ func (cdp *ConsulDataplane) bootstrapConfig(ctx context.Context) (*bootstrap.Boo PrometheusScrapePath: prom.ScrapePath, } - if rsp.Identity != "" { - args.ProxyCluster = rsp.Identity - args.ProxySourceService = rsp.Identity - } - if cdp.xdsServer.listenerNetwork == "unix" { args.GRPC.AgentSocket = cdp.xdsServer.listenerAddress } else { @@ -129,10 +112,8 @@ func (cdp *ConsulDataplane) bootstrapConfig(ctx context.Context) (*bootstrap.Boo args.PrometheusBackendPort = strconv.Itoa(prom.MergePort) } - bootstrapConfig.Logger = cdp.logger.Named("bootstrap-config") - // Note: we pass true for omitDeprecatedTags here - consul-dataplane is clean - // slate, and we don't need to maintain this legacy behavior. + // slate and we don't need to maintain this legacy behavior. cfg, err := bootstrapConfig.GenerateJSON(args, true) return &bootstrapConfig, cfg, err } diff --git a/pkg/consuldp/bootstrap_test.go b/pkg/consuldp/bootstrap_test.go index 9a89581b..f0a4d106 100644 --- a/pkg/consuldp/bootstrap_test.go +++ b/pkg/consuldp/bootstrap_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import ( @@ -15,7 +12,6 @@ import ( "testing" "github.com/hashicorp/consul/proto-public/pbdataplane" - "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" "google.golang.org/protobuf/types/known/structpb" @@ -40,15 +36,14 @@ func TestBootstrapConfig(t *testing.T) { } testCases := map[string]struct { - cfg *Config - rsp *pbdataplane.GetEnvoyBootstrapParamsResponse - resolvedProxyConfig *ProxyConfig + cfg *Config + rsp *pbdataplane.GetEnvoyBootstrapParamsResponse }{ "access-logs": { - cfg: &Config{ - Proxy: &ProxyConfig{ - ProxyID: "web-proxy", - NodeName: nodeName, + &Config{ + Service: &ServiceConfig{ + ServiceID: "web-proxy", + NodeName: nodeName, }, Envoy: &EnvoyConfig{ AdminBindAddress: "127.0.0.1", @@ -59,7 +54,7 @@ func TestBootstrapConfig(t *testing.T) { }, XDSServer: &XDSServer{BindAddress: "127.0.0.1", BindPort: xdsBindPort}, }, - rsp: &pbdataplane.GetEnvoyBootstrapParamsResponse{ + &pbdataplane.GetEnvoyBootstrapParamsResponse{ Service: "web", NodeName: nodeName, Config: makeStruct(map[string]any{ @@ -69,10 +64,10 @@ func TestBootstrapConfig(t *testing.T) { }, }, "basic": { - cfg: &Config{ - Proxy: &ProxyConfig{ - ProxyID: "web-proxy", - NodeName: nodeName, + &Config{ + Service: &ServiceConfig{ + ServiceID: "web-proxy", + NodeName: nodeName, }, Envoy: &EnvoyConfig{ AdminBindAddress: "127.0.0.1", @@ -83,7 +78,7 @@ func TestBootstrapConfig(t *testing.T) { }, XDSServer: &XDSServer{BindAddress: "127.0.0.1", BindPort: xdsBindPort}, }, - rsp: &pbdataplane.GetEnvoyBootstrapParamsResponse{ + &pbdataplane.GetEnvoyBootstrapParamsResponse{ Service: "web", NodeName: nodeName, Config: makeStruct(map[string]any{ @@ -92,10 +87,10 @@ func TestBootstrapConfig(t *testing.T) { }, }, "central-telemetry-config": { - cfg: &Config{ - Proxy: &ProxyConfig{ - ProxyID: "web-proxy", - NodeName: nodeName, + &Config{ + Service: &ServiceConfig{ + ServiceID: "web-proxy", + NodeName: nodeName, }, Envoy: &EnvoyConfig{ AdminBindAddress: "127.0.0.1", @@ -106,7 +101,7 @@ func TestBootstrapConfig(t *testing.T) { }, XDSServer: &XDSServer{BindAddress: "127.0.0.1", BindPort: xdsBindPort}, }, - rsp: &pbdataplane.GetEnvoyBootstrapParamsResponse{ + &pbdataplane.GetEnvoyBootstrapParamsResponse{ Service: "web", NodeName: nodeName, Config: makeStruct(map[string]any{ @@ -116,8 +111,8 @@ func TestBootstrapConfig(t *testing.T) { }, "hcp-metrics": { cfg: &Config{ - Proxy: &ProxyConfig{ - ProxyID: "web-proxy", + Service: &ServiceConfig{ + ServiceID: "web-proxy", NodeName: nodeName, Namespace: "default", }, @@ -140,10 +135,10 @@ func TestBootstrapConfig(t *testing.T) { }, }, "custom-prometheus-scrape-path": { - cfg: &Config{ - Proxy: &ProxyConfig{ - ProxyID: "web-proxy", - NodeName: nodeName, + &Config{ + Service: &ServiceConfig{ + ServiceID: "web-proxy", + NodeName: nodeName, }, Envoy: &EnvoyConfig{ AdminBindAddress: "127.0.0.1", @@ -158,7 +153,7 @@ func TestBootstrapConfig(t *testing.T) { }, XDSServer: &XDSServer{BindAddress: "127.0.0.1", BindPort: xdsBindPort}, }, - rsp: &pbdataplane.GetEnvoyBootstrapParamsResponse{ + &pbdataplane.GetEnvoyBootstrapParamsResponse{ Service: "web", NodeName: nodeName, Config: makeStruct(map[string]any{ @@ -166,72 +161,11 @@ func TestBootstrapConfig(t *testing.T) { }), }, }, - "custom-prometheus-scrape-path-with-query": { - cfg: &Config{ - Proxy: &ProxyConfig{ - ProxyID: "web-proxy", - NodeName: nodeName, - }, - Envoy: &EnvoyConfig{ - AdminBindAddress: "127.0.0.1", - AdminBindPort: 19000, - }, - Telemetry: &TelemetryConfig{ - UseCentralConfig: true, - Prometheus: PrometheusTelemetryConfig{ - MergePort: 20100, - // Expect query is _not_ included in xDS path match - ScrapePath: "/custom/scrape/path?usedonly", - }, - }, - XDSServer: &XDSServer{BindAddress: "127.0.0.1", BindPort: xdsBindPort}, - }, - rsp: &pbdataplane.GetEnvoyBootstrapParamsResponse{ - Service: "web", - NodeName: nodeName, - Config: makeStruct(map[string]any{ - "envoy_prometheus_bind_addr": "0.0.0.0:20200", - }), - }, - }, - "non-default tenancy": { - cfg: &Config{ - Proxy: &ProxyConfig{ - ProxyID: "web-proxy", - NodeName: nodeName, - // No tenancy provided here to make sure it comes from the bootstrap call - }, - Envoy: &EnvoyConfig{ - AdminBindAddress: "127.0.0.1", - AdminBindPort: 19000, - }, - Telemetry: &TelemetryConfig{ - UseCentralConfig: false, - }, - XDSServer: &XDSServer{BindAddress: "127.0.0.1", BindPort: xdsBindPort}, - }, - rsp: &pbdataplane.GetEnvoyBootstrapParamsResponse{ - Service: "web", - NodeName: nodeName, - Config: makeStruct(map[string]any{ - "envoy_dogstatsd_url": "this-should-not-appear-in-generated-config", - }), - Namespace: "test-namespace", - Partition: "test-partition", - }, - // We want to ensure cdp is configured with the resolved tenancy - resolvedProxyConfig: &ProxyConfig{ - NodeName: nodeName, - ProxyID: "web-proxy", - Namespace: "test-namespace", - Partition: "test-partition", - }, - }, "ready-listener": { - cfg: &Config{ - Proxy: &ProxyConfig{ - ProxyID: "web-proxy", - NodeName: nodeName, + &Config{ + Service: &ServiceConfig{ + ServiceID: "web-proxy", + NodeName: nodeName, }, Envoy: &EnvoyConfig{ AdminBindAddress: "127.0.0.1", @@ -244,16 +178,16 @@ func TestBootstrapConfig(t *testing.T) { }, XDSServer: &XDSServer{BindAddress: "127.0.0.1", BindPort: xdsBindPort}, }, - rsp: &pbdataplane.GetEnvoyBootstrapParamsResponse{ + &pbdataplane.GetEnvoyBootstrapParamsResponse{ Service: "web", NodeName: nodeName, }, }, "unix-socket-xds-server": { - cfg: &Config{ - Proxy: &ProxyConfig{ - ProxyID: "web-proxy", - NodeName: nodeName, + &Config{ + Service: &ServiceConfig{ + ServiceID: "web-proxy", + NodeName: nodeName, }, Envoy: &EnvoyConfig{ AdminBindAddress: "127.0.0.1", @@ -264,7 +198,7 @@ func TestBootstrapConfig(t *testing.T) { }, XDSServer: &XDSServer{BindAddress: fmt.Sprintf("unix://%s", socketPath)}, }, - rsp: &pbdataplane.GetEnvoyBootstrapParamsResponse{ + &pbdataplane.GetEnvoyBootstrapParamsResponse{ Service: "web", NodeName: nodeName, Config: makeStruct(map[string]any{ @@ -281,17 +215,15 @@ func TestBootstrapConfig(t *testing.T) { client := NewMockDataplaneServiceClient(t) client.EXPECT(). GetEnvoyBootstrapParams(mock.Anything, &pbdataplane.GetEnvoyBootstrapParamsRequest{ - NodeSpec: &pbdataplane.GetEnvoyBootstrapParamsRequest_NodeName{NodeName: tc.cfg.Proxy.NodeName}, - ServiceId: tc.cfg.Proxy.ProxyID, - ProxyId: tc.cfg.Proxy.ProxyID, - Namespace: tc.cfg.Proxy.Namespace, + NodeSpec: &pbdataplane.GetEnvoyBootstrapParamsRequest_NodeName{NodeName: tc.cfg.Service.NodeName}, + ServiceId: tc.cfg.Service.ServiceID, + Namespace: tc.cfg.Service.Namespace, }).Call. Return(tc.rsp, nil) dp := &ConsulDataplane{ cfg: tc.cfg, dpServiceClient: client, - logger: hclog.NewNullLogger(), } if strings.HasPrefix(tc.cfg.XDSServer.BindAddress, "unix://") { @@ -305,10 +237,6 @@ func TestBootstrapConfig(t *testing.T) { golden(t, bsCfg) validateBootstrapConfig(t, bsCfg) - - if tc.resolvedProxyConfig != nil { - require.Equal(t, *tc.resolvedProxyConfig, dp.resolvedProxyConfig) - } }) } } diff --git a/pkg/consuldp/config.go b/pkg/consuldp/config.go index 8687f65a..444ff28e 100644 --- a/pkg/consuldp/config.go +++ b/pkg/consuldp/config.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import ( @@ -209,21 +206,21 @@ type LoggingConfig struct { LogJSON bool } -// ProxyConfig contains details of the proxy service instance. -type ProxyConfig struct { +// ServiceConfig contains details of the proxy service instance. +type ServiceConfig struct { // NodeName is the name of the node to which the proxy service instance is // registered. NodeName string // NodeName is the ID of the node to which the proxy service instance is // registered. NodeID string - // ProxyID is the ID of the proxy service instance or workload. - ProxyID string + // ServiceID is the ID of the proxy service instance. + ServiceID string // Namespace is the Consul Enterprise namespace in which the proxy service - // instance or workload is registered. + // instance is registered. Namespace string // Partition is the Consul Enterprise partition in which the proxy service - // instance or workload is registered. + // instance is registered. Partition string } @@ -291,12 +288,8 @@ type EnvoyConfig struct { ShutdownDrainListenersEnabled bool // ShutdownGracePeriodSeconds is the amount of time to wait after receiving a SIGTERM before terminating the proxy container. ShutdownGracePeriodSeconds int - // GracefulShutdownPath is the path on which the HTTP endpoint to initiate a graceful shutdown of Envoy is served. + // GracefulShutdownPath is the path on which the HTTP endpoint to initiate a graceful shutdown of Envoy is served GracefulShutdownPath string - // StartupGracePeriodSeconds is the amount of time to block application after startup for Envoy proxy to be ready. - StartupGracePeriodSeconds int - // GracefulStartupPath is the path where the HTTP endpoint to initiate a graceful startup of Envoy is served. - GracefulStartupPath string // GracefulPort is the port on which the HTTP server for graceful shutdown endpoints will be available. GracefulPort int // DumpEnvoyConfigOnExitEnabled configures whether to call Envoy's /config_dump endpoint during consul-dataplane controlled shutdown. @@ -318,7 +311,7 @@ type XDSServer struct { type Config struct { DNSServer *DNSServerConfig Consul *ConsulConfig - Proxy *ProxyConfig + Service *ServiceConfig Logging *LoggingConfig Telemetry *TelemetryConfig Envoy *EnvoyConfig diff --git a/pkg/consuldp/config_test.go b/pkg/consuldp/config_test.go index 4ec0eca7..c011fb87 100644 --- a/pkg/consuldp/config_test.go +++ b/pkg/consuldp/config_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import ( diff --git a/pkg/consuldp/consul_dataplane.go b/pkg/consuldp/consul_dataplane.go index f822a984..326bae2c 100644 --- a/pkg/consuldp/consul_dataplane.go +++ b/pkg/consuldp/consul_dataplane.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import ( @@ -47,8 +44,6 @@ type ConsulDataplane struct { aclToken string metricsConfig *metricsConfig lifecycleConfig *lifecycleConfig - - resolvedProxyConfig ProxyConfig } // NewConsulDP creates a new instance of ConsulDataplane @@ -79,10 +74,12 @@ func validateConfig(cfg *Config) error { return errors.New("consul addresses not specified") case cfg.Consul.GRPCPort == 0: return errors.New("consul server gRPC port not specified") - case cfg.Proxy == nil: - return errors.New("proxy details not specified") - case cfg.Proxy.ProxyID == "": - return errors.New("proxy ID not specified") + case cfg.Service == nil: + return errors.New("service details not specified") + case cfg.Service.NodeID == "" && cfg.Service.NodeName == "": + return errors.New("node name or ID not specified") + case cfg.Service.ServiceID == "": + return errors.New("proxy service ID not specified") case cfg.Envoy == nil: return errors.New("envoy settings not specified") case cfg.Envoy.AdminBindAddress == "": @@ -257,13 +254,10 @@ func (cdp *ConsulDataplane) startDNSProxy(ctx context.Context) error { dnsClientInterface := pbdns.NewDNSServiceClient(cdp.serverConn) dnsServer, err := dns.NewDNSServer(dns.DNSServerParams{ - BindAddr: cdp.cfg.DNSServer.BindAddr, - Port: cdp.cfg.DNSServer.Port, - Client: dnsClientInterface, - Logger: cdp.logger, - Partition: cdp.resolvedProxyConfig.Partition, - Namespace: cdp.resolvedProxyConfig.Namespace, - Token: cdp.aclToken, + BindAddr: cdp.cfg.DNSServer.BindAddr, + Port: cdp.cfg.DNSServer.Port, + Client: dnsClientInterface, + Logger: cdp.logger, }) if err == dns.ErrServerDisabled { cdp.logger.Info("dns proxy disabled: configure the Consul DNS port to enable") diff --git a/pkg/consuldp/consul_dataplane_test.go b/pkg/consuldp/consul_dataplane_test.go index d4d6d37a..1622c472 100644 --- a/pkg/consuldp/consul_dataplane_test.go +++ b/pkg/consuldp/consul_dataplane_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import ( @@ -22,9 +19,9 @@ func validConfig() *Config { }, }, }, - Proxy: &ProxyConfig{ - NodeName: "agentless-node", - ProxyID: "web-proxy", + Service: &ServiceConfig{ + NodeName: "agentless-node", + ServiceID: "web-proxy", }, Logging: &LoggingConfig{ LogLevel: "INFO", @@ -88,14 +85,30 @@ func TestNewConsulDPError(t *testing.T) { expectErr: "consul server gRPC port not specified", }, { - name: "missing proxy config", - modFn: func(c *Config) { c.Proxy = nil }, - expectErr: "proxy details not specified", + name: "missing service config", + modFn: func(c *Config) { c.Service = nil }, + expectErr: "service details not specified", + }, + { + name: "missing node details", + modFn: func(c *Config) { + c.Service.NodeName = "" + c.Service.NodeID = "" + }, + expectErr: "node name or ID not specified", + }, + { + name: "missing node details", + modFn: func(c *Config) { + c.Service.NodeName = "" + c.Service.NodeID = "" + }, + expectErr: "node name or ID not specified", }, { - name: "missing proxy id", - modFn: func(c *Config) { c.Proxy.ProxyID = "" }, - expectErr: "proxy ID not specified", + name: "missing service id", + modFn: func(c *Config) { c.Service.ServiceID = "" }, + expectErr: "proxy service ID not specified", }, { name: "missing envoy config", diff --git a/pkg/consuldp/lifecycle.go b/pkg/consuldp/lifecycle.go index beb00464..68a6d600 100644 --- a/pkg/consuldp/lifecycle.go +++ b/pkg/consuldp/lifecycle.go @@ -9,7 +9,6 @@ import ( "net/http" "strconv" "sync" - "sync/atomic" "time" "github.com/hashicorp/go-hclog" @@ -25,7 +24,6 @@ const ( cdpLifecycleUrl = "http://" + cdpLifecycleBindAddr defaultLifecycleShutdownPath = "/graceful_shutdown" - defaultLifecycleStartupPath = "/graceful_startup" ) // lifecycleConfig handles all configuration related to managing the Envoy proxy @@ -38,9 +36,8 @@ type lifecycleConfig struct { shutdownGracePeriodSeconds int gracefulPort int gracefulShutdownPath string - startupGracePeriodSeconds int - gracefulStartupPath string - dumpEnvoyConfigOnExitEnabled bool + + dumpEnvoyConfigOnExitEnabled bool // manager for controlling the Envoy proxy process proxy envoy.ProxyManager @@ -61,9 +58,8 @@ func NewLifecycleConfig(cfg *Config, proxy envoy.ProxyManager) *lifecycleConfig gracefulPort: cfg.Envoy.GracefulPort, gracefulShutdownPath: cfg.Envoy.GracefulShutdownPath, dumpEnvoyConfigOnExitEnabled: cfg.Envoy.DumpEnvoyConfigOnExitEnabled, - startupGracePeriodSeconds: cfg.Envoy.StartupGracePeriodSeconds, - gracefulStartupPath: cfg.Envoy.GracefulStartupPath, - proxy: proxy, + + proxy: proxy, errorExitCh: make(chan struct{}, 1), mu: sync.Mutex{}, @@ -88,11 +84,18 @@ func (m *lifecycleConfig) startLifecycleManager(ctx context.Context) error { // management control mux := http.NewServeMux() - m.logger.Info(fmt.Sprintf("setting graceful shutdown path: %s\n", m.shutdownPath())) - mux.HandleFunc(m.shutdownPath(), m.gracefulShutdownHandler) + // Determine what HTTP endpoint paths to configure for the proxy lifecycle + // management server. These can be set as flags. + cdpLifecycleShutdownPath := defaultLifecycleShutdownPath + if m.gracefulShutdownPath != "" { + cdpLifecycleShutdownPath = m.gracefulShutdownPath + } + + // Set config to allow introspection of default path for testing + m.gracefulShutdownPath = cdpLifecycleShutdownPath - m.logger.Info(fmt.Sprintf("setting graceful startup path: %s\n", m.startupPath())) - mux.HandleFunc(m.startupPath(), m.gracefulStartupHandler) + m.logger.Info(fmt.Sprintf("setting graceful shutdown path: %s\n", cdpLifecycleShutdownPath)) + mux.HandleFunc(cdpLifecycleShutdownPath, m.gracefulShutdownHandler) // Determine what the proxy lifecycle management server bind port is. It can be // set as a flag. @@ -208,60 +211,3 @@ func (m *lifecycleConfig) gracefulShutdown() { // Wait for context timeout to elapse wg.Wait() } - -func (m *lifecycleConfig) gracefulStartupHandler(rw http.ResponseWriter, _ *http.Request) { - //Unlike in gracefulShutdown, we want to delay the OK response until envoy is ready - //in order to block application container. - m.gracefulStartup() - rw.WriteHeader(http.StatusOK) -} - -// gracefulStartup blocks until the startup grace period has elapsed or we have confirmed that -// Envoy proxy is ready. -func (m *lifecycleConfig) gracefulStartup() { - if m.startupGracePeriodSeconds == 0 { - return - } - - ctx, cancel := context.WithTimeout(context.Background(), time.Duration(m.startupGracePeriodSeconds)*time.Second) - defer cancel() - - var ready atomic.Bool - go func() { - for ctx.Err() == nil { - r, err := m.proxy.Ready() - if err != nil { - m.logger.Info(fmt.Sprintf("error when querying proxy readiness, %s", err.Error())) - } - if r { - ready.Store(true) - cancel() - break - } - time.Sleep(50 * time.Millisecond) - } - }() - - <-ctx.Done() - if !ready.Load() { - m.logger.Warn("grace period elapsed before proxy ready") - } -} - -func (m *lifecycleConfig) shutdownPath() string { - if m.gracefulShutdownPath == "" { - // Set config to allow introspection of default path for testing - m.gracefulShutdownPath = defaultLifecycleShutdownPath - } - - return m.gracefulShutdownPath -} - -func (m *lifecycleConfig) startupPath() string { - if m.gracefulStartupPath == "" { - // Set config to allow introspection of default path for testing - m.gracefulStartupPath = defaultLifecycleStartupPath - } - - return m.gracefulStartupPath -} diff --git a/pkg/consuldp/lifecycle_test.go b/pkg/consuldp/lifecycle_test.go index 24d1a280..6ead73da 100644 --- a/pkg/consuldp/lifecycle_test.go +++ b/pkg/consuldp/lifecycle_test.go @@ -21,8 +21,6 @@ var ( envoyAdminAddr = "127.0.0.1" ) -// TestLifecycleServerClosed tests that the lifecycle manager properly starts up -// and shuts down when the context passed into it is cancelled. func TestLifecycleServerClosed(t *testing.T) { cfg := Config{ Envoy: &EnvoyConfig{ @@ -40,156 +38,35 @@ func TestLifecycleServerClosed(t *testing.T) { require.Eventually(t, func() bool { return !m.running }, time.Second*2, time.Second) -} - -// TestLifecycleServer_Startup the graceful startup functionality of the dataplane -// using different grace period and simulated startup duration configurations. -func TestLifecycleServer_Startup(t *testing.T) { - cases := map[string]struct { - startupGracePeriodSeconds int - gracefulStartupPath string - gracefulPort int - proxyStartupDelaySeconds int - }{ - "startup grace period with default path, no startup time": { - startupGracePeriodSeconds: 5, - }, - "startup time with default path, no grace period": { - proxyStartupDelaySeconds: 5, - }, - "startup time and grace period with default path, grace period > startup time": { - startupGracePeriodSeconds: 10, - proxyStartupDelaySeconds: 5, - }, - "startup time and grace period with default path, grace period < startup time": { - startupGracePeriodSeconds: 5, - proxyStartupDelaySeconds: 10, - }, - "startup time and grace period with custom path, grace period < startup time": { - startupGracePeriodSeconds: 5, - proxyStartupDelaySeconds: 10, - gracefulStartupPath: "/custom_startup", - }, - } - for name, c := range cases { - c := c - log.Printf("config = %v", c) - - t.Run(name, func(t *testing.T) { - // Add a small margin of error for assertions checking expected - // behavior within the shutdown grace period window. - - cfg := Config{ - Envoy: &EnvoyConfig{ - AdminBindAddress: envoyAdminAddr, - AdminBindPort: envoyAdminPort, - GracefulPort: c.gracefulPort, - GracefulStartupPath: c.gracefulStartupPath, - StartupGracePeriodSeconds: c.startupGracePeriodSeconds, - }, - } - m := NewLifecycleConfig(&cfg, &mockProxy{ - startupDelaySeconds: c.proxyStartupDelaySeconds, - }) - - require.NotNil(t, m) - require.NotNil(t, m.proxy) - require.NotNil(t, m.errorExitCh) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - err := m.startLifecycleManager(ctx) - require.NoError(t, err) - - // Have consul-dataplane's lifecycle server start on an open port - // and figure out what port was used so we can make requests to it. - // Conveniently, this seems to wait until the server is ready for requests. - portCh := make(chan int, 1) - if c.gracefulPort == 0 { - m.lifecycleServer.Addr = "127.0.0.1:0" - } - m.lifecycleServer.BaseContext = func(l net.Listener) context.Context { - portCh <- l.Addr().(*net.TCPAddr).Port - return context.Background() - } - - var port int - select { - case port = <-portCh: - case <-time.After(5 * time.Second): - } - - // Check lifecycle server graceful port configuration - if c.gracefulPort != 0 { - require.Equal(t, c.gracefulPort, port, "failed to set lifecycle server port") - } else { - require.NotEqual(t, 0, port, "failed to figure out lifecycle server port") - } - log.Printf("port = %v\n", port) - - // Check lifecycle server graceful startup path configuration - if c.gracefulStartupPath != "" { - require.Equal(t, m.gracefulStartupPath, c.gracefulStartupPath, "failed to set lifecycle server graceful startup HTTP endpoint path") - } - startupURL := fmt.Sprintf("http://127.0.0.1:%d%s", port, m.gracefulStartupPath) - - // Start the mock proxy. - go func() { - fmt.Print("starting go func") - err := m.proxy.Run(ctx) - require.NoError(t, err) - fmt.Print("proxy should be running") - }() - start := time.Now() - log.Printf("sending startup check request to %s\n", startupURL) - resp, err := http.Get(startupURL) - require.NoError(t, err) - require.True(t, resp.StatusCode == 200) - duration := time.Since(start) - var expectedTime int - if c.proxyStartupDelaySeconds < c.startupGracePeriodSeconds { - expectedTime = c.proxyStartupDelaySeconds - } else { - expectedTime = c.startupGracePeriodSeconds - } - require.True(t, duration.Seconds()-float64(time.Duration(expectedTime)) < 1) - require.NoError(t, err) - require.NotNil(t, resp) - - body, err := io.ReadAll(resp.Body) - require.NoError(t, err) - require.NotNil(t, body) - }) - } } -// TestLifecycleServer_Shutdown the graceful shutdown functionality of the dataplane -// with different grace period and listener draining configurations. -func TestLifecycleServer_Shutdown(t *testing.T) { +func TestLifecycleServerEnabled(t *testing.T) { cases := map[string]struct { shutdownDrainListenersEnabled bool shutdownGracePeriodSeconds int gracefulShutdownPath string gracefulPort int }{ - "connection draining disabled without shutdown grace period": { + // TODO: testing the actual Envoy behavior here such as how open or new + // connections are handled should happpen in integration or acceptance tests + "connection draining disabled without grace period": { // All inbound and outbound connections are terminated immediately. }, - "connection draining enabled without shutdown grace period": { + "connection draining enabled without grace period": { // This should immediately send "Connection: close" to inbound HTTP1 // connections, GOAWAY to inbound HTTP2, and terminate connections on // request completion. Outbound connections should start being rejected // immediately. shutdownDrainListenersEnabled: true, }, - "connection draining disabled with shutdown grace period": { + "connection draining disabled with grace period": { // This should immediately terminate any open inbound connections. // Outbound connections should be allowed until the grace period has // elapsed. shutdownGracePeriodSeconds: 5, }, - "connection draining enabled with shutdown grace period": { + "connection draining enabled with grace period": { // This should immediately send "Connection: close" to inbound HTTP1 // connections, GOAWAY to inbound HTTP2, and terminate connections on // request completion. @@ -203,10 +80,11 @@ func TestLifecycleServer_Shutdown(t *testing.T) { shutdownDrainListenersEnabled: true, shutdownGracePeriodSeconds: 5, gracefulShutdownPath: "/quit-nicely", - gracefulPort: 23108, + // TODO: should this be random or use freeport? logic disallows passing + // zero value explicitly + gracefulPort: 23108, }, } - for name, c := range cases { c := c log.Printf("config = %v", c) @@ -267,16 +145,12 @@ func TestLifecycleServer_Shutdown(t *testing.T) { if c.gracefulShutdownPath != "" { require.Equal(t, m.gracefulShutdownPath, c.gracefulShutdownPath, "failed to set lifecycle server graceful shutdown HTTP endpoint path") } - shutdownUrl := fmt.Sprintf("http://127.0.0.1:%d%s", port, m.gracefulShutdownPath) - // Start the mock proxy. - go func() { - err := m.proxy.Run(ctx) - require.NoError(t, err) - }() + // Check lifecycle server graceful shutdown path configuration + url := fmt.Sprintf("http://127.0.0.1:%d%s", port, m.gracefulShutdownPath) + log.Printf("sending request to %s\n", url) - log.Printf("sending request to %s\n", shutdownUrl) - resp, err := http.Get(shutdownUrl) + resp, err := http.Get(url) // HTTP handler is not blocking, so need to wait and check mock // client for expected method calls to proxy manager within @@ -311,19 +185,14 @@ func TestLifecycleServer_Shutdown(t *testing.T) { } type mockProxy struct { - runCalled int - drainCalled int - quitCalled int - killCalled int - isReady bool - startupDelaySeconds int + runCalled int + drainCalled int + quitCalled int + killCalled int } func (p *mockProxy) Run(ctx context.Context) error { p.runCalled++ - time.Sleep(time.Duration(p.startupDelaySeconds) * time.Second) - p.isReady = true - return nil } @@ -344,6 +213,3 @@ func (p *mockProxy) Kill() error { func (p *mockProxy) DumpConfig() error { return nil } -func (p *mockProxy) Ready() (bool, error) { - return p.isReady, nil -} diff --git a/pkg/consuldp/metrics.go b/pkg/consuldp/metrics.go index 64213a07..f9d53085 100644 --- a/pkg/consuldp/metrics.go +++ b/pkg/consuldp/metrics.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import ( @@ -61,37 +58,6 @@ const ( Statsd ) -type urlFn func(*http.Request) string - -// staticUrlFn returns a urlFn that redirects to the given URL (not validated) unmodified. -func staticUrlFn(redirectUrl string) urlFn { - return func(_ *http.Request) string { - return redirectUrl - } -} - -// retainQueryUrlFn returns a urlFn that retains the original query params of the inbound -// request when redirecting. -func retainQueryUrlFn(redirectUrl string) (urlFn, error) { - parsedUrl, err := url.Parse(redirectUrl) - if err != nil { - return nil, fmt.Errorf("failed to parse redirect URL: %w", err) - } - - return func(req *http.Request) string { - targetUrl := *parsedUrl - // Add and re-encode to sanitize invalid query params. - targetQuery := targetUrl.Query() - for k, vs := range req.URL.Query() { - for _, v := range vs { - targetQuery.Add(k, v) - } - } - targetUrl.RawQuery = targetQuery.Encode() - return targetUrl.String() - }, nil -} - // metricsConfig handles all configuration related to merging // the metrics and presenting them on promScrapeServer type metricsConfig struct { @@ -111,7 +77,7 @@ type metricsConfig struct { // merged metrics config promScrapeServer *http.Server // the server that will serve all the merged metrics client httpClient // the client that will scrape the urls - urls []urlFn // the urls that will be scraped + urls []string // the urls that will be scraped // consuldp metrics server cdpMetricsServer *http.Server // cdp metrics prometheus scrape server @@ -178,15 +144,9 @@ func (m *metricsConfig) startMetrics(ctx context.Context, bcfg *bootstrap.Bootst // will actually scrape. mux := http.NewServeMux() mux.HandleFunc("/stats/prometheus", m.mergedMetricsHandler) - // Retain request query for Envoy endpoint to enable customizing response (see - // https://www.envoyproxy.io/docs/envoy/latest/operations/admin#get--stats?format=prometheus&usedonly). - envoyUrlFn, err := retainQueryUrlFn(fmt.Sprintf("http://%s:%v/stats/prometheus", m.envoyAdminAddr, m.envoyAdminBindPort)) - if err != nil { - return err - } - m.urls = []urlFn{staticUrlFn(cdpMetricsUrl), envoyUrlFn} + m.urls = []string{cdpMetricsUrl, fmt.Sprintf("http://%s:%v/stats/prometheus", m.envoyAdminAddr, m.envoyAdminBindPort)} if m.cfg != nil && m.cfg.Prometheus.ServiceMetricsURL != "" { - m.urls = append(m.urls, staticUrlFn(m.cfg.Prometheus.ServiceMetricsURL)) + m.urls = append(m.urls, m.cfg.Prometheus.ServiceMetricsURL) } // 3. Determine what the merged metrics bind port is. It can be set as a flag. @@ -286,12 +246,11 @@ func (m *metricsConfig) metricsServerExited() <-chan struct{} { // Consul Dataplane, Envoy and (optionally) the service/application. The Envoy // and service metrics are scraped synchronously during the handling of this // request. -func (m *metricsConfig) mergedMetricsHandler(rw http.ResponseWriter, req *http.Request) { - for _, urlFn := range m.urls { - urlStr := urlFn(req) - m.logger.Debug("scraping url for merging", "url", urlStr) - if err := m.scrapeMetrics(rw, urlStr); err != nil { - m.scrapeError(rw, urlStr, err) +func (m *metricsConfig) mergedMetricsHandler(rw http.ResponseWriter, _ *http.Request) { + for _, url := range m.urls { + m.logger.Debug("scraping url for merging", "url", url) + if err := m.scrapeMetrics(rw, url); err != nil { + m.scrapeError(rw, url, err) return } } diff --git a/pkg/consuldp/metrics_test.go b/pkg/consuldp/metrics_test.go index 6dd7fd5b..46ad351c 100644 --- a/pkg/consuldp/metrics_test.go +++ b/pkg/consuldp/metrics_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import ( @@ -18,19 +15,16 @@ import ( "time" "github.com/armon/go-metrics" - "github.com/stretchr/testify/require" - "github.com/hashicorp/consul-dataplane/internal/bootstrap" metricscache "github.com/hashicorp/consul-dataplane/pkg/metrics-cache" + "github.com/stretchr/testify/require" ) var ( dogStatsdAddr = "127.0.0.1" envoyMetricsPort = 19000 envoyMetricsAddr = "127.0.0.1" - - // net/url encodes value-less query params with an '=' - envoyMetricsUrl = fmt.Sprintf("http://%s:%v/stats/prometheus?usedonly=", envoyMetricsAddr, envoyMetricsPort) + envoyMetricsUrl = fmt.Sprintf("http://%s:%v/stats/prometheus", envoyMetricsAddr, envoyMetricsPort) emptyTags = []metrics.Label{} ) @@ -173,7 +167,7 @@ func TestMetricsServerEnabled(t *testing.T) { require.IsType(t, &http.Client{}, m.client) require.Greater(t, m.client.(*http.Client).Timeout, time.Duration(0)) - // Mock get requests to Envoy and Proxy instance metrics + // Mock get requests to Envoy and Service instance metrics // so that they return a fake metric string. m.client = &mockClient{} @@ -202,8 +196,7 @@ func TestMetricsServerEnabled(t *testing.T) { require.NotEqual(t, port, 0, "test failed to figure out metrics server port") log.Printf("port = %v", port) - // Include a query to test that it is propagated _only_ to Envoy's stats endpoint. - url := fmt.Sprintf("http://127.0.0.1:%d/stats/prometheus?usedonly", port) + url := fmt.Sprintf("http://127.0.0.1:%d/stats/prometheus", port) resp, err := http.Get(url) require.NoError(t, err) require.NotNil(t, resp) diff --git a/pkg/consuldp/stats.go b/pkg/consuldp/stats.go index a3fb7a14..06d96136 100644 --- a/pkg/consuldp/stats.go +++ b/pkg/consuldp/stats.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import "github.com/armon/go-metrics/prometheus" diff --git a/pkg/consuldp/testdata/TestBootstrapConfig/access-logs.golden b/pkg/consuldp/testdata/TestBootstrapConfig/access-logs.golden index 8cb8627c..93788081 100644 --- a/pkg/consuldp/testdata/TestBootstrapConfig/access-logs.golden +++ b/pkg/consuldp/testdata/TestBootstrapConfig/access-logs.golden @@ -169,6 +169,12 @@ "api_type": "DELTA_GRPC", "transport_api_version": "V3", "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "" + } + ], "envoy_grpc": { "cluster_name": "consul-dataplane" } diff --git a/pkg/consuldp/testdata/TestBootstrapConfig/basic.golden b/pkg/consuldp/testdata/TestBootstrapConfig/basic.golden index 954706c5..4d415571 100644 --- a/pkg/consuldp/testdata/TestBootstrapConfig/basic.golden +++ b/pkg/consuldp/testdata/TestBootstrapConfig/basic.golden @@ -157,6 +157,12 @@ "api_type": "DELTA_GRPC", "transport_api_version": "V3", "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "" + } + ], "envoy_grpc": { "cluster_name": "consul-dataplane" } diff --git a/pkg/consuldp/testdata/TestBootstrapConfig/central-telemetry-config.golden b/pkg/consuldp/testdata/TestBootstrapConfig/central-telemetry-config.golden index a8275d2e..887415e5 100644 --- a/pkg/consuldp/testdata/TestBootstrapConfig/central-telemetry-config.golden +++ b/pkg/consuldp/testdata/TestBootstrapConfig/central-telemetry-config.golden @@ -171,6 +171,12 @@ "api_type": "DELTA_GRPC", "transport_api_version": "V3", "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "" + } + ], "envoy_grpc": { "cluster_name": "consul-dataplane" } diff --git a/pkg/consuldp/testdata/TestBootstrapConfig/custom-prometheus-scrape-path-with-query.golden b/pkg/consuldp/testdata/TestBootstrapConfig/custom-prometheus-scrape-path-with-query.golden deleted file mode 100644 index 5454b373..00000000 --- a/pkg/consuldp/testdata/TestBootstrapConfig/custom-prometheus-scrape-path-with-query.golden +++ /dev/null @@ -1,255 +0,0 @@ -{ - "admin": { - "access_log_path": "/dev/null", - "address": { - "socket_address": { - "address": "127.0.0.1", - "port_value": 19000 - } - } - }, - "node": { - "cluster": "web", - "id": "web-proxy", - "metadata": { - "node_name": "agentless-node", - "namespace": "default", - "partition": "default" - } - }, - "layered_runtime": { - "layers": [ - { - "name": "base", - "static_layer": { - "re2.max_program_size.error_level": 1048576 - } - } - ] - }, - "static_resources": { - "clusters": [ - { - "name": "consul-dataplane", - "ignore_health_on_host_removal": false, - "connect_timeout": "1s", - "type": "STATIC", - "http2_protocol_options": {}, - "loadAssignment": { - "clusterName": "consul-dataplane", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socket_address": { - "address": "127.0.0.1", - "port_value": 1234 - } - } - } - } - ] - } - ] - } - }, - { - "name": "prometheus_backend", - "ignore_health_on_host_removal": false, - "connect_timeout": "5s", - "type": "STATIC", - "http_protocol_options": {}, - "loadAssignment": { - "clusterName": "prometheus_backend", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socket_address": { - "address": "127.0.0.1", - "port_value": 20100 - } - } - } - } - ] - } - ] - } - } - ], - "listeners": [ - { - "name": "envoy_prometheus_metrics_listener", - "address": { - "socket_address": { - "address": "0.0.0.0", - "port_value": 20200 - } - }, - "filter_chains": [ - { - "filters": [ - { - "name": "envoy.filters.network.http_connection_manager", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager", - "stat_prefix": "envoy_prometheus_metrics", - "codec_type": "HTTP1", - "route_config": { - "name": "self_admin_route", - "virtual_hosts": [ - { - "name": "self_admin", - "domains": [ - "*" - ], - "routes": [ - { - "match": { - "path": "/custom/scrape/path" - }, - "route": { - "cluster": "prometheus_backend", - "prefix_rewrite": "/stats/prometheus" - } - }, - { - "match": { - "prefix": "/" - }, - "direct_response": { - "status": 404 - } - } - ] - } - ] - }, - "http_filters": [ - { - "name": "envoy.filters.http.router", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router" - } - } - ] - } - } - ] - } - ] - } - ] - }, - "stats_config": { - "stats_tags": [ - { - "regex": "^cluster\\.(?:passthrough~)?((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.custom_hash" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.service_subset" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.service" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.namespace" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:([^.]+)\\.)?[^.]+\\.internal[^.]*\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.partition" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?([^.]+)\\.internal[^.]*\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.datacenter" - }, - { - "regex": "^cluster\\.([^.]+\\.(?:[^.]+\\.)?([^.]+)\\.external\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.peer" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.routing_type" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)", - "tag_name": "consul.destination.trust_domain" - }, - { - "regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.target" - }, - { - "regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)", - "tag_name": "consul.destination.full_target" - }, - { - "regex": "^(?:tcp|http)\\.upstream(?:_peered)?\\.(([^.]+)(?:\\.[^.]+)?(?:\\.[^.]+)?\\.[^.]+\\.)", - "tag_name": "consul.upstream.service" - }, - { - "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?(?:\\.[^.]+)?\\.([^.]+)\\.)", - "tag_name": "consul.upstream.datacenter" - }, - { - "regex": "^(?:tcp|http)\\.upstream_peered\\.([^.]+(?:\\.[^.]+)?\\.([^.]+)\\.)", - "tag_name": "consul.upstream.peer" - }, - { - "regex": "^(?:tcp|http)\\.upstream(?:_peered)?\\.([^.]+(?:\\.([^.]+))?(?:\\.[^.]+)?\\.[^.]+\\.)", - "tag_name": "consul.upstream.namespace" - }, - { - "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?(?:\\.([^.]+))?\\.[^.]+\\.)", - "tag_name": "consul.upstream.partition" - }, - { - "tag_name": "local_cluster", - "fixed_value": "web" - }, - { - "tag_name": "consul.source.service", - "fixed_value": "web" - }, - { - "tag_name": "consul.source.namespace", - "fixed_value": "default" - }, - { - "tag_name": "consul.source.partition", - "fixed_value": "default" - } - ], - "use_all_default_tags": true - }, - "dynamic_resources": { - "lds_config": { - "ads": {}, - "initial_fetch_timeout": "0s", - "resource_api_version": "V3" - }, - "cds_config": { - "ads": {}, - "initial_fetch_timeout": "0s", - "resource_api_version": "V3" - }, - "ads_config": { - "api_type": "DELTA_GRPC", - "transport_api_version": "V3", - "grpc_services": { - "envoy_grpc": { - "cluster_name": "consul-dataplane" - } - } - } - } -} diff --git a/pkg/consuldp/testdata/TestBootstrapConfig/custom-prometheus-scrape-path.golden b/pkg/consuldp/testdata/TestBootstrapConfig/custom-prometheus-scrape-path.golden index 5454b373..ab51a2ba 100644 --- a/pkg/consuldp/testdata/TestBootstrapConfig/custom-prometheus-scrape-path.golden +++ b/pkg/consuldp/testdata/TestBootstrapConfig/custom-prometheus-scrape-path.golden @@ -246,6 +246,12 @@ "api_type": "DELTA_GRPC", "transport_api_version": "V3", "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "" + } + ], "envoy_grpc": { "cluster_name": "consul-dataplane" } diff --git a/pkg/consuldp/testdata/TestBootstrapConfig/hcp-metrics.golden b/pkg/consuldp/testdata/TestBootstrapConfig/hcp-metrics.golden index 95b14442..01e90db0 100644 --- a/pkg/consuldp/testdata/TestBootstrapConfig/hcp-metrics.golden +++ b/pkg/consuldp/testdata/TestBootstrapConfig/hcp-metrics.golden @@ -195,6 +195,12 @@ "api_type": "DELTA_GRPC", "transport_api_version": "V3", "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "" + } + ], "envoy_grpc": { "cluster_name": "consul-dataplane" } diff --git a/pkg/consuldp/testdata/TestBootstrapConfig/non-default_tenancy.golden b/pkg/consuldp/testdata/TestBootstrapConfig/non-default_tenancy.golden deleted file mode 100644 index c34e65e7..00000000 --- a/pkg/consuldp/testdata/TestBootstrapConfig/non-default_tenancy.golden +++ /dev/null @@ -1,166 +0,0 @@ -{ - "admin": { - "access_log_path": "/dev/null", - "address": { - "socket_address": { - "address": "127.0.0.1", - "port_value": 19000 - } - } - }, - "node": { - "cluster": "web", - "id": "web-proxy", - "metadata": { - "node_name": "agentless-node", - "namespace": "test-namespace", - "partition": "test-partition" - } - }, - "layered_runtime": { - "layers": [ - { - "name": "base", - "static_layer": { - "re2.max_program_size.error_level": 1048576 - } - } - ] - }, - "static_resources": { - "clusters": [ - { - "name": "consul-dataplane", - "ignore_health_on_host_removal": false, - "connect_timeout": "1s", - "type": "STATIC", - "http2_protocol_options": {}, - "loadAssignment": { - "clusterName": "consul-dataplane", - "endpoints": [ - { - "lbEndpoints": [ - { - "endpoint": { - "address": { - "socket_address": { - "address": "127.0.0.1", - "port_value": 1234 - } - } - } - } - ] - } - ] - } - } - ] - }, - "stats_config": { - "stats_tags": [ - { - "regex": "^cluster\\.(?:passthrough~)?((?:([^.]+)~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.custom_hash" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:([^.]+)\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.service_subset" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?([^.]+)\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.service" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.namespace" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:([^.]+)\\.)?[^.]+\\.internal[^.]*\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.partition" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?([^.]+)\\.internal[^.]*\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.datacenter" - }, - { - "regex": "^cluster\\.([^.]+\\.(?:[^.]+\\.)?([^.]+)\\.external\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.peer" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.([^.]+)\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.routing_type" - }, - { - "regex": "^cluster\\.(?:passthrough~)?((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.([^.]+)\\.consul\\.)", - "tag_name": "consul.destination.trust_domain" - }, - { - "regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+)\\.[^.]+\\.[^.]+\\.consul\\.)", - "tag_name": "consul.destination.target" - }, - { - "regex": "^cluster\\.(?:passthrough~)?(((?:[^.]+~)?(?:[^.]+\\.)?[^.]+\\.[^.]+\\.(?:[^.]+\\.)?[^.]+\\.[^.]+\\.[^.]+)\\.consul\\.)", - "tag_name": "consul.destination.full_target" - }, - { - "regex": "^(?:tcp|http)\\.upstream(?:_peered)?\\.(([^.]+)(?:\\.[^.]+)?(?:\\.[^.]+)?\\.[^.]+\\.)", - "tag_name": "consul.upstream.service" - }, - { - "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?(?:\\.[^.]+)?\\.([^.]+)\\.)", - "tag_name": "consul.upstream.datacenter" - }, - { - "regex": "^(?:tcp|http)\\.upstream_peered\\.([^.]+(?:\\.[^.]+)?\\.([^.]+)\\.)", - "tag_name": "consul.upstream.peer" - }, - { - "regex": "^(?:tcp|http)\\.upstream(?:_peered)?\\.([^.]+(?:\\.([^.]+))?(?:\\.[^.]+)?\\.[^.]+\\.)", - "tag_name": "consul.upstream.namespace" - }, - { - "regex": "^(?:tcp|http)\\.upstream\\.([^.]+(?:\\.[^.]+)?(?:\\.([^.]+))?\\.[^.]+\\.)", - "tag_name": "consul.upstream.partition" - }, - { - "tag_name": "local_cluster", - "fixed_value": "web" - }, - { - "tag_name": "consul.source.service", - "fixed_value": "web" - }, - { - "tag_name": "consul.source.namespace", - "fixed_value": "test-namespace" - }, - { - "tag_name": "consul.source.partition", - "fixed_value": "test-partition" - } - ], - "use_all_default_tags": true - }, - "dynamic_resources": { - "lds_config": { - "ads": {}, - "initial_fetch_timeout": "0s", - "resource_api_version": "V3" - }, - "cds_config": { - "ads": {}, - "initial_fetch_timeout": "0s", - "resource_api_version": "V3" - }, - "ads_config": { - "api_type": "DELTA_GRPC", - "transport_api_version": "V3", - "grpc_services": { - "envoy_grpc": { - "cluster_name": "consul-dataplane" - } - } - } - } -} diff --git a/pkg/consuldp/testdata/TestBootstrapConfig/ready-listener.golden b/pkg/consuldp/testdata/TestBootstrapConfig/ready-listener.golden index bd0c82c7..830c4f8e 100644 --- a/pkg/consuldp/testdata/TestBootstrapConfig/ready-listener.golden +++ b/pkg/consuldp/testdata/TestBootstrapConfig/ready-listener.golden @@ -246,6 +246,12 @@ "api_type": "DELTA_GRPC", "transport_api_version": "V3", "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "" + } + ], "envoy_grpc": { "cluster_name": "consul-dataplane" } diff --git a/pkg/consuldp/testdata/TestBootstrapConfig/unix-socket-xds-server.golden b/pkg/consuldp/testdata/TestBootstrapConfig/unix-socket-xds-server.golden index 62340b2a..7b1036b5 100644 --- a/pkg/consuldp/testdata/TestBootstrapConfig/unix-socket-xds-server.golden +++ b/pkg/consuldp/testdata/TestBootstrapConfig/unix-socket-xds-server.golden @@ -156,6 +156,12 @@ "api_type": "DELTA_GRPC", "transport_api_version": "V3", "grpc_services": { + "initial_metadata": [ + { + "key": "x-consul-token", + "value": "" + } + ], "envoy_grpc": { "cluster_name": "consul-dataplane" } diff --git a/pkg/consuldp/xds.go b/pkg/consuldp/xds.go index e85e1de9..51e00c3f 100644 --- a/pkg/consuldp/xds.go +++ b/pkg/consuldp/xds.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import ( diff --git a/pkg/consuldp/xds_test.go b/pkg/consuldp/xds_test.go index e8751fee..214012db 100644 --- a/pkg/consuldp/xds_test.go +++ b/pkg/consuldp/xds_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package consuldp import ( diff --git a/pkg/dns/.mockery.yaml b/pkg/dns/.mockery.yaml deleted file mode 100644 index a159390b..00000000 --- a/pkg/dns/.mockery.yaml +++ /dev/null @@ -1,11 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -with-expecter: true -recursive: true -include-regex: ".*" -dir: "mocks/" -outpkg: "mocks" -mockname: "{{.InterfaceName}}" -packages: - github.com/hashicorp/consul/proto-public/pbdns: diff --git a/pkg/dns/dns.go b/pkg/dns/dns.go index 93d7f8ba..39199339 100644 --- a/pkg/dns/dns.go +++ b/pkg/dns/dns.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package dns import ( @@ -16,7 +13,6 @@ import ( "github.com/hashicorp/consul/proto-public/pbdns" "github.com/hashicorp/go-hclog" - "google.golang.org/grpc/metadata" ) // ErrServerDisabled is returned when the server is disabled @@ -31,10 +27,6 @@ type DNSServerParams struct { Port int Logger hclog.Logger Client pbdns.DNSServiceClient - - Partition string - Namespace string - Token string } // DNSServerInterface is the interface for athe DNSServer @@ -58,10 +50,6 @@ type DNSServer struct { client pbdns.DNSServiceClient connUDP net.PacketConn listenerTCP net.Listener - - partition string - namespace string - token string } // NewDNSServer creates a new DNS proxy server @@ -77,9 +65,6 @@ func NewDNSServer(p DNSServerParams) (DNSServerInterface, error) { s.port = p.Port s.client = p.Client s.logger = p.Logger.Named("dns-proxy") - s.partition = p.Partition - s.namespace = p.Namespace - s.token = p.Token return s, nil } @@ -209,12 +194,6 @@ func (d *DNSServer) queryConsulAndRespondUDP(buf []byte, addr net.Addr) { ctx, done := context.WithTimeout(context.Background(), time.Minute*1) defer done() - ctx = metadata.AppendToOutgoingContext(ctx, - "x-consul-partition", d.partition, - "x-consul-namespace", d.namespace, - "x-consul-token", d.token, - ) - resp, err := d.client.Query(ctx, req) if err != nil { logger.Error("error resolving consul request", "error", err) @@ -295,12 +274,6 @@ func (d *DNSServer) proxyTCPAcceptedConn(ctx context.Context, conn net.Conn, cli ctx, done := context.WithTimeout(context.Background(), time.Minute*1) defer done() - ctx = metadata.AppendToOutgoingContext(ctx, - "x-consul-partition", d.partition, - "x-consul-namespace", d.namespace, - "x-consul-token", d.token, - ) - resp, err := client.Query(ctx, req) if err != nil { logger.Error("error resolving consul request", "error", err) diff --git a/pkg/dns/dns_test.go b/pkg/dns/dns_test.go index 6a9f984f..8789a37a 100644 --- a/pkg/dns/dns_test.go +++ b/pkg/dns/dns_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package dns import ( @@ -17,11 +14,7 @@ import ( "github.com/hashicorp/consul/proto-public/pbdns" "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" "github.com/stretchr/testify/suite" - "google.golang.org/grpc/metadata" - - "github.com/hashicorp/consul-dataplane/pkg/dns/mocks" ) type MockedNetConn struct { @@ -44,7 +37,7 @@ func genRandomBytes(size int) (blk []byte) { } func (s *DNSTestSuite) Test_DisabledServer() { - mockedDNSConsulClient := mocks.NewDNSServiceClient(s.T()) + mockedDNSConsulClient := pbdns.NewMockDNSServiceClient(s.T()) server, err := NewDNSServer(DNSServerParams{ BindAddr: "127.0.0.1", Port: -1, // disabled server @@ -66,7 +59,7 @@ func (s *DNSTestSuite) Test_DisabledServer() { } func (s *DNSTestSuite) Test_AlreadyRunning() { - mockedDNSConsulClient := mocks.NewDNSServiceClient(s.T()) + mockedDNSConsulClient := pbdns.NewMockDNSServiceClient(s.T()) server, err := NewDNSServer(DNSServerParams{ BindAddr: "127.0.0.1", Port: 0, // disabled server @@ -85,7 +78,7 @@ func (s *DNSTestSuite) Test_AlreadyRunning() { } func (s *DNSTestSuite) Test_ServerStop() { - mockedDNSConsulClient := mocks.NewDNSServiceClient(s.T()) + mockedDNSConsulClient := pbdns.NewMockDNSServiceClient(s.T()) server, err := NewDNSServer(DNSServerParams{ BindAddr: "127.0.0.1", Port: 0, // let the os choose a port @@ -124,7 +117,7 @@ func (s *DNSTestSuite) Test_ServerStop() { } func (s *DNSTestSuite) Test_UDPProxy() { - mockedDNSConsulClient := mocks.NewDNSServiceClient(s.T()) + mockedDNSConsulClient := pbdns.NewMockDNSServiceClient(s.T()) addr := &net.UDPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 0} connUdp, err := net.ListenUDP("udp", addr) s.Require().NoError(err) @@ -132,12 +125,9 @@ func (s *DNSTestSuite) Test_UDPProxy() { defer cancel() server := DNSServer{ - client: mockedDNSConsulClient, - connUDP: connUdp, - logger: hclog.Default(), - partition: "test-partition", - namespace: "test-namespace", - token: "test-token", + client: mockedDNSConsulClient, + connUDP: connUdp, + logger: hclog.Default(), } go server.proxyUDP(runCtx) @@ -180,17 +170,6 @@ func (s *DNSTestSuite) Test_UDPProxy() { } mockedDNSConsulClient.On("Query", mock.Anything, mock.Anything). - Run(func(args mock.Arguments) { - ctx, ok := args.Get(0).(context.Context) - require.True(s.T(), ok, "error casting to context.Context") - - md, ok := metadata.FromOutgoingContext(ctx) - require.True(s.T(), ok, "error getting metadata from context") - - require.Equal(s.T(), "test-token", md.Get("x-consul-token")[0], "token not set in context") - require.Equal(s.T(), "test-namespace", md.Get("x-consul-namespace")[0], "namespace not set in context") - require.Equal(s.T(), "test-partition", md.Get("x-consul-partition")[0], "partition not set in context") - }). Return(clientResp, tc.expectedGRPC).Once() addr := fmt.Sprintf("127.0.0.1:%v", server.UdpPort()) @@ -226,7 +205,7 @@ func (s *DNSTestSuite) Test_UDPProxy() { } func (s *DNSTestSuite) Test_ProxydnsTCP() { - mockedDNSConsulClient := mocks.NewDNSServiceClient(s.T()) + mockedDNSConsulClient := pbdns.NewMockDNSServiceClient(s.T()) addr := &net.TCPAddr{IP: net.IPv4(127, 0, 0, 1), Port: 0} listenerTCP, err := net.ListenTCP("tcp", addr) s.Require().NoError(err) @@ -238,9 +217,6 @@ func (s *DNSTestSuite) Test_ProxydnsTCP() { client: mockedDNSConsulClient, listenerTCP: listenerTCP, logger: hclog.Default(), - partition: "test-partition", - namespace: "test-namespace", - token: "test-token", } go server.proxyTCP(runCtx) @@ -282,17 +258,6 @@ func (s *DNSTestSuite) Test_ProxydnsTCP() { } mockedDNSConsulClient.On("Query", mock.Anything, mock.Anything). - Run(func(args mock.Arguments) { - ctx, ok := args.Get(0).(context.Context) - require.True(s.T(), ok, "error casting to context.Context") - - md, ok := metadata.FromOutgoingContext(ctx) - require.True(s.T(), ok, "error getting metadata from context") - - require.Equal(s.T(), "test-token", md.Get("x-consul-token")[0], "token not set in context") - require.Equal(s.T(), "test-namespace", md.Get("x-consul-namespace")[0], "namespace not set in context") - require.Equal(s.T(), "test-partition", md.Get("x-consul-partition")[0], "partition not set in context") - }). Return(clientResp, tc.expectedGRPC). Once() addr := fmt.Sprintf("127.0.0.1:%v", server.TcpPort()) diff --git a/pkg/dns/mocks/mock_DNSServiceClient.go b/pkg/dns/mocks/mock_DNSServiceClient.go deleted file mode 100644 index 55566e3d..00000000 --- a/pkg/dns/mocks/mock_DNSServiceClient.go +++ /dev/null @@ -1,110 +0,0 @@ -// Code generated by mockery v2.37.1. DO NOT EDIT. - -package mocks - -import ( - context "context" - - grpc "google.golang.org/grpc" - - mock "github.com/stretchr/testify/mock" - - pbdns "github.com/hashicorp/consul/proto-public/pbdns" -) - -// DNSServiceClient is an autogenerated mock type for the DNSServiceClient type -type DNSServiceClient struct { - mock.Mock -} - -type DNSServiceClient_Expecter struct { - mock *mock.Mock -} - -func (_m *DNSServiceClient) EXPECT() *DNSServiceClient_Expecter { - return &DNSServiceClient_Expecter{mock: &_m.Mock} -} - -// Query provides a mock function with given fields: ctx, in, opts -func (_m *DNSServiceClient) Query(ctx context.Context, in *pbdns.QueryRequest, opts ...grpc.CallOption) (*pbdns.QueryResponse, error) { - _va := make([]interface{}, len(opts)) - for _i := range opts { - _va[_i] = opts[_i] - } - var _ca []interface{} - _ca = append(_ca, ctx, in) - _ca = append(_ca, _va...) - ret := _m.Called(_ca...) - - var r0 *pbdns.QueryResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbdns.QueryRequest, ...grpc.CallOption) (*pbdns.QueryResponse, error)); ok { - return rf(ctx, in, opts...) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbdns.QueryRequest, ...grpc.CallOption) *pbdns.QueryResponse); ok { - r0 = rf(ctx, in, opts...) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbdns.QueryResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbdns.QueryRequest, ...grpc.CallOption) error); ok { - r1 = rf(ctx, in, opts...) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// DNSServiceClient_Query_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Query' -type DNSServiceClient_Query_Call struct { - *mock.Call -} - -// Query is a helper method to define mock.On call -// - ctx context.Context -// - in *pbdns.QueryRequest -// - opts ...grpc.CallOption -func (_e *DNSServiceClient_Expecter) Query(ctx interface{}, in interface{}, opts ...interface{}) *DNSServiceClient_Query_Call { - return &DNSServiceClient_Query_Call{Call: _e.mock.On("Query", - append([]interface{}{ctx, in}, opts...)...)} -} - -func (_c *DNSServiceClient_Query_Call) Run(run func(ctx context.Context, in *pbdns.QueryRequest, opts ...grpc.CallOption)) *DNSServiceClient_Query_Call { - _c.Call.Run(func(args mock.Arguments) { - variadicArgs := make([]grpc.CallOption, len(args)-2) - for i, a := range args[2:] { - if a != nil { - variadicArgs[i] = a.(grpc.CallOption) - } - } - run(args[0].(context.Context), args[1].(*pbdns.QueryRequest), variadicArgs...) - }) - return _c -} - -func (_c *DNSServiceClient_Query_Call) Return(_a0 *pbdns.QueryResponse, _a1 error) *DNSServiceClient_Query_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *DNSServiceClient_Query_Call) RunAndReturn(run func(context.Context, *pbdns.QueryRequest, ...grpc.CallOption) (*pbdns.QueryResponse, error)) *DNSServiceClient_Query_Call { - _c.Call.Return(run) - return _c -} - -// NewDNSServiceClient creates a new instance of DNSServiceClient. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewDNSServiceClient(t interface { - mock.TestingT - Cleanup(func()) -}) *DNSServiceClient { - mock := &DNSServiceClient{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/pkg/dns/mocks/mock_DNSServiceServer.go b/pkg/dns/mocks/mock_DNSServiceServer.go deleted file mode 100644 index e1398912..00000000 --- a/pkg/dns/mocks/mock_DNSServiceServer.go +++ /dev/null @@ -1,92 +0,0 @@ -// Code generated by mockery v2.37.1. DO NOT EDIT. - -package mocks - -import ( - context "context" - - pbdns "github.com/hashicorp/consul/proto-public/pbdns" - mock "github.com/stretchr/testify/mock" -) - -// DNSServiceServer is an autogenerated mock type for the DNSServiceServer type -type DNSServiceServer struct { - mock.Mock -} - -type DNSServiceServer_Expecter struct { - mock *mock.Mock -} - -func (_m *DNSServiceServer) EXPECT() *DNSServiceServer_Expecter { - return &DNSServiceServer_Expecter{mock: &_m.Mock} -} - -// Query provides a mock function with given fields: _a0, _a1 -func (_m *DNSServiceServer) Query(_a0 context.Context, _a1 *pbdns.QueryRequest) (*pbdns.QueryResponse, error) { - ret := _m.Called(_a0, _a1) - - var r0 *pbdns.QueryResponse - var r1 error - if rf, ok := ret.Get(0).(func(context.Context, *pbdns.QueryRequest) (*pbdns.QueryResponse, error)); ok { - return rf(_a0, _a1) - } - if rf, ok := ret.Get(0).(func(context.Context, *pbdns.QueryRequest) *pbdns.QueryResponse); ok { - r0 = rf(_a0, _a1) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*pbdns.QueryResponse) - } - } - - if rf, ok := ret.Get(1).(func(context.Context, *pbdns.QueryRequest) error); ok { - r1 = rf(_a0, _a1) - } else { - r1 = ret.Error(1) - } - - return r0, r1 -} - -// DNSServiceServer_Query_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'Query' -type DNSServiceServer_Query_Call struct { - *mock.Call -} - -// Query is a helper method to define mock.On call -// - _a0 context.Context -// - _a1 *pbdns.QueryRequest -func (_e *DNSServiceServer_Expecter) Query(_a0 interface{}, _a1 interface{}) *DNSServiceServer_Query_Call { - return &DNSServiceServer_Query_Call{Call: _e.mock.On("Query", _a0, _a1)} -} - -func (_c *DNSServiceServer_Query_Call) Run(run func(_a0 context.Context, _a1 *pbdns.QueryRequest)) *DNSServiceServer_Query_Call { - _c.Call.Run(func(args mock.Arguments) { - run(args[0].(context.Context), args[1].(*pbdns.QueryRequest)) - }) - return _c -} - -func (_c *DNSServiceServer_Query_Call) Return(_a0 *pbdns.QueryResponse, _a1 error) *DNSServiceServer_Query_Call { - _c.Call.Return(_a0, _a1) - return _c -} - -func (_c *DNSServiceServer_Query_Call) RunAndReturn(run func(context.Context, *pbdns.QueryRequest) (*pbdns.QueryResponse, error)) *DNSServiceServer_Query_Call { - _c.Call.Return(run) - return _c -} - -// NewDNSServiceServer creates a new instance of DNSServiceServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewDNSServiceServer(t interface { - mock.TestingT - Cleanup(func()) -}) *DNSServiceServer { - mock := &DNSServiceServer{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/pkg/dns/mocks/mock_UnsafeDNSServiceServer.go b/pkg/dns/mocks/mock_UnsafeDNSServiceServer.go deleted file mode 100644 index ec44b563..00000000 --- a/pkg/dns/mocks/mock_UnsafeDNSServiceServer.go +++ /dev/null @@ -1,64 +0,0 @@ -// Code generated by mockery v2.37.1. DO NOT EDIT. - -package mocks - -import mock "github.com/stretchr/testify/mock" - -// UnsafeDNSServiceServer is an autogenerated mock type for the UnsafeDNSServiceServer type -type UnsafeDNSServiceServer struct { - mock.Mock -} - -type UnsafeDNSServiceServer_Expecter struct { - mock *mock.Mock -} - -func (_m *UnsafeDNSServiceServer) EXPECT() *UnsafeDNSServiceServer_Expecter { - return &UnsafeDNSServiceServer_Expecter{mock: &_m.Mock} -} - -// mustEmbedUnimplementedDNSServiceServer provides a mock function with given fields: -func (_m *UnsafeDNSServiceServer) mustEmbedUnimplementedDNSServiceServer() { - _m.Called() -} - -// UnsafeDNSServiceServer_mustEmbedUnimplementedDNSServiceServer_Call is a *mock.Call that shadows Run/Return methods with type explicit version for method 'mustEmbedUnimplementedDNSServiceServer' -type UnsafeDNSServiceServer_mustEmbedUnimplementedDNSServiceServer_Call struct { - *mock.Call -} - -// mustEmbedUnimplementedDNSServiceServer is a helper method to define mock.On call -func (_e *UnsafeDNSServiceServer_Expecter) mustEmbedUnimplementedDNSServiceServer() *UnsafeDNSServiceServer_mustEmbedUnimplementedDNSServiceServer_Call { - return &UnsafeDNSServiceServer_mustEmbedUnimplementedDNSServiceServer_Call{Call: _e.mock.On("mustEmbedUnimplementedDNSServiceServer")} -} - -func (_c *UnsafeDNSServiceServer_mustEmbedUnimplementedDNSServiceServer_Call) Run(run func()) *UnsafeDNSServiceServer_mustEmbedUnimplementedDNSServiceServer_Call { - _c.Call.Run(func(args mock.Arguments) { - run() - }) - return _c -} - -func (_c *UnsafeDNSServiceServer_mustEmbedUnimplementedDNSServiceServer_Call) Return() *UnsafeDNSServiceServer_mustEmbedUnimplementedDNSServiceServer_Call { - _c.Call.Return() - return _c -} - -func (_c *UnsafeDNSServiceServer_mustEmbedUnimplementedDNSServiceServer_Call) RunAndReturn(run func()) *UnsafeDNSServiceServer_mustEmbedUnimplementedDNSServiceServer_Call { - _c.Call.Return(run) - return _c -} - -// NewUnsafeDNSServiceServer creates a new instance of UnsafeDNSServiceServer. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewUnsafeDNSServiceServer(t interface { - mock.TestingT - Cleanup(func()) -}) *UnsafeDNSServiceServer { - mock := &UnsafeDNSServiceServer{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/pkg/envoy/get_process_attr.go b/pkg/envoy/get_process_attr.go deleted file mode 100644 index 89fc2576..00000000 --- a/pkg/envoy/get_process_attr.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -//go:build !windows -// +build !windows - -package envoy - -import "syscall" - -func getProcessAttr() *syscall.SysProcAttr { - return &syscall.SysProcAttr{ - Setpgid: true, - } -} diff --git a/pkg/envoy/get_process_attr_windows.go b/pkg/envoy/get_process_attr_windows.go deleted file mode 100644 index a347c96c..00000000 --- a/pkg/envoy/get_process_attr_windows.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -//go:build windows -// +build windows - -package envoy - -import "syscall" - -func getProcessAttr() *syscall.SysProcAttr { - return &syscall.SysProcAttr{ - CreationFlags: syscall.CREATE_NEW_PROCESS_GROUP, - } -} diff --git a/pkg/envoy/proxy.go b/pkg/envoy/proxy.go index 8b780077..1214f871 100644 --- a/pkg/envoy/proxy.go +++ b/pkg/envoy/proxy.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package envoy import ( @@ -13,6 +10,7 @@ import ( "os/exec" "strings" "sync/atomic" + "syscall" "time" "github.com/hashicorp/go-hclog" @@ -40,7 +38,6 @@ type ProxyManager interface { Quit() error Kill() error DumpConfig() error - Ready() (bool, error) } // Proxy manages an Envoy proxy process. @@ -151,7 +148,9 @@ func (p *Proxy) Run(ctx context.Context) error { // Start Envoy in its own process group to avoid directly receiving // SIGTERM intended for consul-dataplane, let proxy manager handle // graceful shutdown if configured. - p.cmd.SysProcAttr = getProcessAttr() + p.cmd.SysProcAttr = &syscall.SysProcAttr{ + Setpgid: true, + } p.cfg.Logger.Debug("running envoy proxy", "command", strings.Join(p.cmd.Args, " ")) if err := p.cmd.Start(); err != nil { @@ -210,7 +209,10 @@ func (p *Proxy) Quit() error { envoyShutdownUrl := fmt.Sprintf("http://%s:%v/quitquitquit", p.cfg.AdminAddr, p.cfg.AdminBindPort) switch p.getState() { - case stateExited, stateStopped: + case stateExited: + // Nothing to do! + return nil + case stateStopped: // Nothing to do! return nil case stateDraining: @@ -381,25 +383,3 @@ func removeArgAndGetValue(stringAr []string, key string) ([]string, string) { } return stringAr, "" } - -func (p *Proxy) Ready() (bool, error) { - - switch p.getState() { - case stateExited, stateStopped, stateDraining: - // Nothing to do! - return false, nil - case stateRunning, stateInitial: - // Query ready endpoint to check if proxy is Ready - envoyReadyURL := fmt.Sprintf("http://%s:%v/ready", p.cfg.AdminAddr, p.cfg.AdminBindPort) - rsp, err := p.client.Get(envoyReadyURL) - defer rsp.Body.Close() - if err != nil { - p.cfg.Logger.Error("envoy: admin endpoint not available", "error", err) - return false, err - } - return rsp.StatusCode == 200, nil - default: - return false, nil - } - -} diff --git a/pkg/envoy/proxy_test.go b/pkg/envoy/proxy_test.go index 5db6d881..2259c2f8 100644 --- a/pkg/envoy/proxy_test.go +++ b/pkg/envoy/proxy_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package envoy import ( diff --git a/pkg/metrics-cache/metricscache.go b/pkg/metrics-cache/metricscache.go index 1b6819f2..c5530b31 100644 --- a/pkg/metrics-cache/metricscache.go +++ b/pkg/metrics-cache/metricscache.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package metricscache import ( diff --git a/pkg/metrics-cache/metricscache_test.go b/pkg/metrics-cache/metricscache_test.go index 22167348..e9409617 100644 --- a/pkg/metrics-cache/metricscache_test.go +++ b/pkg/metrics-cache/metricscache_test.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package metricscache import ( diff --git a/pkg/version/fips_build.go b/pkg/version/fips_build.go deleted file mode 100644 index 663c74ae..00000000 --- a/pkg/version/fips_build.go +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -//go:build fips - -package version - -// This validates during compilation that we are being built with a FIPS enabled go toolchain -import ( - _ "crypto/tls/fipsonly" - "runtime" - "strings" -) - -// IsFIPS returns true if consul-dataplane is operating in FIPS-140-2 mode. -func IsFIPS() bool { - return true -} - -func GetFIPSInfo() string { - str := "Enabled" - // Try to get the crypto module name - gover := strings.Split(runtime.Version(), "X:") - if len(gover) >= 2 { - gover_last := gover[len(gover)-1] - // Able to find crypto module name; add that to status string. - str = "FIPS 140-2 Enabled, crypto module " + gover_last - } - return str -} diff --git a/pkg/version/non_fips_build.go b/pkg/version/non_fips_build.go deleted file mode 100644 index 7a0407f5..00000000 --- a/pkg/version/non_fips_build.go +++ /dev/null @@ -1,15 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -//go:build !fips - -package version - -// IsFIPS returns true if consul-dataplane is operating in FIPS-140-2 mode. -func IsFIPS() bool { - return false -} - -func GetFIPSInfo() string { - return "" -} diff --git a/pkg/version/version.go b/pkg/version/version.go index 3bd1170c..408ac7eb 100644 --- a/pkg/version/version.go +++ b/pkg/version/version.go @@ -1,6 +1,3 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - package version import ( @@ -17,7 +14,7 @@ var ( // // Version must conform to the format expected by github.com/hashicorp/go-version // for tests to work. - Version = "1.6.0" + Version = "1.1.12" // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release @@ -38,10 +35,6 @@ func GetHumanVersion() string { } } - if IsFIPS() { - version = fmt.Sprintf("%s+fips1402", version) - } - // Strip off any single quotes added by the git information. return strings.ReplaceAll(version, "'", "") }