From 928dcff6f4a5481314bcc398fe02e943620d27fb Mon Sep 17 00:00:00 2001 From: Sotiris Nanopoulos Date: Mon, 20 Jan 2025 09:19:55 -0500 Subject: [PATCH 1/6] Refactor internal/envoy/v3 package functions Take two of https://github.com/projectcontour/contour/pull/5523 That introduces a struct `NewEnvoysGen` that allows us to modify the behaviour of Envoy config generation. This will help with https://github.com/projectcontour/contour/pull/6806 On the debate on `singleton` vs `struct` approach. I thought this again and I realized that `struct` is probably worth the big diff here. For the following reason: * It allows us to test the behaviour much easier. With a singleton it would be impossible for higher level tests like tests in `internal/featuretests` to modify the behaviour of the Envoy config generation. With a struct, we can just pass the config options to the struct and test the behaviour. Signed-off-by: Sotiris Nanopoulos --- cmd/contour/contour.go | 5 +- cmd/contour/serve.go | 8 +- internal/envoy/v3/auth.go | 8 +- internal/envoy/v3/auth_test.go | 5 +- internal/envoy/v3/bootstrap.go | 20 +- internal/envoy/v3/bootstrap_test.go | 5 +- internal/envoy/v3/cluster.go | 16 +- internal/envoy/v3/cluster_test.go | 73 ++--- internal/envoy/v3/config_gen.go | 53 ++++ internal/envoy/v3/listener.go | 13 +- internal/envoy/v3/listener_test.go | 73 +++-- internal/envoy/v3/socket_test.go | 14 +- internal/envoy/v3/stats.go | 10 +- internal/envoy/v3/stats_test.go | 12 +- .../featuretests/v3/backendclientauth_test.go | 5 +- internal/featuretests/v3/cluster_test.go | 36 ++- internal/featuretests/v3/envoy.go | 69 +++-- internal/featuretests/v3/externalname_test.go | 9 +- internal/featuretests/v3/featuretests.go | 9 +- .../v3/global_authorization_test.go | 5 +- .../featuretests/v3/globalratelimit_test.go | 6 +- internal/featuretests/v3/listeners_test.go | 45 ++- .../v3/loadbalancerpolicy_test.go | 28 +- internal/featuretests/v3/timeouts_test.go | 11 +- .../v3/tlsprotocolversion_test.go | 5 +- internal/featuretests/v3/tracing_test.go | 6 +- internal/xdscache/v3/cluster.go | 15 +- internal/xdscache/v3/cluster_test.go | 53 ++-- internal/xdscache/v3/listener.go | 17 +- internal/xdscache/v3/listener_test.go | 263 +++++++++--------- 30 files changed, 579 insertions(+), 318 deletions(-) create mode 100644 internal/envoy/v3/config_gen.go diff --git a/cmd/contour/contour.go b/cmd/contour/contour.go index c8422ad0d09..c7c9ef1a9df 100644 --- a/cmd/contour/contour.go +++ b/cmd/contour/contour.go @@ -104,7 +104,10 @@ func main() { if err := envoy.ValidAdminAddress(bootstrapCtx.AdminAddress); err != nil { log.WithField("flag", "--admin-address").WithError(err).Fatal("failed to parse bootstrap args") } - if err := envoy_v3.WriteBootstrap(bootstrapCtx); err != nil { + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + if err := envoyGen.WriteBootstrap(bootstrapCtx); err != nil { log.WithError(err).Fatal("failed to write bootstrap configuration") } case certgenApp.FullCommand(): diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index 1c48f9fce88..1a67f06fc3c 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -493,11 +493,15 @@ func (s *Server) doServe() error { endpointHandler = xdscache_v3.NewEndpointsTranslator(s.log.WithField("context", "endpointstranslator")) } + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + resources := []xdscache.ResourceCache{ - xdscache_v3.NewListenerCache(listenerConfig, *contourConfiguration.Envoy.Metrics, *contourConfiguration.Envoy.Health, *contourConfiguration.Envoy.Network.EnvoyAdminPort), + xdscache_v3.NewListenerCache(listenerConfig, *contourConfiguration.Envoy.Metrics, *contourConfiguration.Envoy.Health, *contourConfiguration.Envoy.Network.EnvoyAdminPort, envoyGen), xdscache_v3.NewSecretsCache(envoy_v3.StatsSecrets(contourConfiguration.Envoy.Metrics.TLS)), &xdscache_v3.RouteCache{}, - &xdscache_v3.ClusterCache{}, + xdscache_v3.NewClusterCache(envoyGen), endpointHandler, xdscache_v3.NewRuntimeCache(xdscache_v3.ConfigurableRuntimeSettings{ MaxRequestsPerIOCycle: contourConfiguration.Envoy.Listener.MaxRequestsPerIOCycle, diff --git a/internal/envoy/v3/auth.go b/internal/envoy/v3/auth.go index 0989c2409c8..ed8f217c26f 100644 --- a/internal/envoy/v3/auth.go +++ b/internal/envoy/v3/auth.go @@ -26,12 +26,12 @@ import ( // UpstreamTLSContext creates an envoy_transport_socket_tls_v3.UpstreamTlsContext. By default // UpstreamTLSContext returns a HTTP/1.1 TLS enabled context. A list of // additional ALPN protocols can be provided. -func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, upstreamTLS *dag.UpstreamTLS, alpnProtocols ...string) *envoy_transport_socket_tls_v3.UpstreamTlsContext { +func (e *EnvoyGen) UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, upstreamTLS *dag.UpstreamTLS, alpnProtocols ...string) *envoy_transport_socket_tls_v3.UpstreamTlsContext { var clientSecretConfigs []*envoy_transport_socket_tls_v3.SdsSecretConfig if clientSecret != nil { clientSecretConfigs = []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: envoy.Secretname(clientSecret), - SdsConfig: ConfigSource("contour"), + SdsConfig: e.GetConfigSource(), }} } @@ -115,7 +115,7 @@ func validationContext(ca []byte, subjectNames []string, skipVerifyPeerCert bool } // DownstreamTLSContext creates a new DownstreamTlsContext. -func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion, tlsMaxProtoVersion envoy_transport_socket_tls_v3.TlsParameters_TlsProtocol, cipherSuites []string, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_transport_socket_tls_v3.DownstreamTlsContext { +func (e *EnvoyGen) DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion, tlsMaxProtoVersion envoy_transport_socket_tls_v3.TlsParameters_TlsProtocol, cipherSuites []string, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_transport_socket_tls_v3.DownstreamTlsContext { context := &envoy_transport_socket_tls_v3.DownstreamTlsContext{ CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: &envoy_transport_socket_tls_v3.TlsParameters{ @@ -125,7 +125,7 @@ func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion, tlsMaxPr }, TlsCertificateSdsSecretConfigs: []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: envoy.Secretname(serverSecret), - SdsConfig: ConfigSource("contour"), + SdsConfig: e.GetConfigSource(), }}, AlpnProtocols: alpnProtos, }, diff --git a/internal/envoy/v3/auth_test.go b/internal/envoy/v3/auth_test.go index f81dd888f63..e935eb87de7 100644 --- a/internal/envoy/v3/auth_test.go +++ b/internal/envoy/v3/auth_test.go @@ -174,7 +174,10 @@ func TestUpstreamTLSContext(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := UpstreamTLSContext(tc.validation, tc.externalName, nil, tc.upstreamTLS, tc.alpnProtocols...) + e := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) + got := e.UpstreamTLSContext(tc.validation, tc.externalName, nil, tc.upstreamTLS, tc.alpnProtocols...) protobuf.ExpectEqual(t, tc.want, got) }) } diff --git a/internal/envoy/v3/bootstrap.go b/internal/envoy/v3/bootstrap.go index a70d3268c8f..614d8c48129 100644 --- a/internal/envoy/v3/bootstrap.go +++ b/internal/envoy/v3/bootstrap.go @@ -47,9 +47,9 @@ import ( ) // WriteBootstrap writes bootstrap configuration to files. -func WriteBootstrap(c *envoy.BootstrapConfig) error { +func (e *EnvoyGen) WriteBootstrap(c *envoy.BootstrapConfig) error { // Create Envoy bootstrap config and associated resource files. - steps, err := bootstrap(c) + steps, err := e.bootstrap(c) if err != nil { return err } @@ -77,13 +77,13 @@ func WriteBootstrap(c *envoy.BootstrapConfig) error { type bootstrapf func(*envoy.BootstrapConfig) (string, proto.Message) // bootstrap creates a new v3 bootstrap configuration and associated resource files. -func bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) { +func (e *EnvoyGen) bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) { var steps []bootstrapf if c.GrpcClientCert == "" && c.GrpcClientKey == "" && c.GrpcCABundle == "" { steps = append(steps, func(*envoy.BootstrapConfig) (string, proto.Message) { - return c.Path, bootstrapConfig(c) + return c.Path, e.bootstrapConfig(c) }) return steps, nil @@ -122,7 +122,7 @@ func bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) { steps = append(steps, func(*envoy.BootstrapConfig) (string, proto.Message) { - b := bootstrapConfig(c) + b := e.bootstrapConfig(c) b.StaticResources.Clusters[0].TransportSocket = UpstreamTLSTransportSocket( upstreamFileTLSContext(c)) return c.Path, b @@ -150,7 +150,7 @@ func bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) { return sdsValidationContextPath, validationContextSdsSecretConfig(c) }, func(*envoy.BootstrapConfig) (string, proto.Message) { - b := bootstrapConfig(c) + b := e.bootstrapConfig(c) b.StaticResources.Clusters[0].TransportSocket = UpstreamTLSTransportSocket( upstreamSdsTLSContext(sdsTLSCertificatePath, sdsValidationContextPath)) return c.Path, b @@ -160,7 +160,7 @@ func bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) { return steps, nil } -func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_config_bootstrap_v3.Bootstrap { +func (e *EnvoyGen) bootstrapConfig(c *envoy.BootstrapConfig) *envoy_config_bootstrap_v3.Bootstrap { bootstrap := &envoy_config_bootstrap_v3.Bootstrap{ LayeredRuntime: &envoy_config_bootstrap_v3.LayeredRuntime{ Layers: []*envoy_config_bootstrap_v3.RuntimeLayer{ @@ -169,7 +169,7 @@ func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_config_bootstrap_v3.Bootst LayerSpecifier: &envoy_config_bootstrap_v3.RuntimeLayer_RtdsLayer_{ RtdsLayer: &envoy_config_bootstrap_v3.RuntimeLayer_RtdsLayer{ Name: DynamicRuntimeLayerName, - RtdsConfig: ConfigSource("contour"), + RtdsConfig: e.GetConfigSource(), }, }, }, @@ -187,8 +187,8 @@ func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_config_bootstrap_v3.Bootst }, }, DynamicResources: &envoy_config_bootstrap_v3.Bootstrap_DynamicResources{ - LdsConfig: ConfigSource("contour"), - CdsConfig: ConfigSource("contour"), + LdsConfig: e.GetConfigSource(), + CdsConfig: e.GetConfigSource(), }, StaticResources: &envoy_config_bootstrap_v3.Bootstrap_StaticResources{ Clusters: []*envoy_config_cluster_v3.Cluster{{ diff --git a/internal/envoy/v3/bootstrap_test.go b/internal/envoy/v3/bootstrap_test.go index cc1c9a9fd87..d116e20cab1 100644 --- a/internal/envoy/v3/bootstrap_test.go +++ b/internal/envoy/v3/bootstrap_test.go @@ -2010,7 +2010,10 @@ func TestBootstrap(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { tc := tc - steps, gotError := bootstrap(&tc.config) + envoyGen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) + steps, gotError := envoyGen.bootstrap(&tc.config) assert.Equal(t, tc.wantedError, gotError != nil) gotConfigs := map[string]proto.Message{} diff --git a/internal/envoy/v3/cluster.go b/internal/envoy/v3/cluster.go index 24346c48421..667de51d4d7 100644 --- a/internal/envoy/v3/cluster.go +++ b/internal/envoy/v3/cluster.go @@ -43,7 +43,7 @@ func clusterDefaults() *envoy_config_cluster_v3.Cluster { } // Cluster creates new envoy_config_cluster_v3.Cluster from dag.Cluster. -func Cluster(c *dag.Cluster) *envoy_config_cluster_v3.Cluster { +func (e *EnvoyGen) Cluster(c *dag.Cluster) *envoy_config_cluster_v3.Cluster { service := c.Upstream cluster := clusterDefaults() @@ -85,7 +85,7 @@ func Cluster(c *dag.Cluster) *envoy_config_cluster_v3.Cluster { switch c.Protocol { case "tls": cluster.TransportSocket = UpstreamTLSTransportSocket( - UpstreamTLSContext( + e.UpstreamTLSContext( c.UpstreamValidation, c.SNI, c.ClientCertificate, @@ -95,7 +95,7 @@ func Cluster(c *dag.Cluster) *envoy_config_cluster_v3.Cluster { case "h2": httpVersion = HTTPVersion2 cluster.TransportSocket = UpstreamTLSTransportSocket( - UpstreamTLSContext( + e.UpstreamTLSContext( c.UpstreamValidation, c.SNI, c.ClientCertificate, @@ -136,7 +136,7 @@ func Cluster(c *dag.Cluster) *envoy_config_cluster_v3.Cluster { } // ExtensionCluster builds a envoy_config_cluster_v3.Cluster struct for the given extension service. -func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_config_cluster_v3.Cluster { +func (e *EnvoyGen) ExtensionCluster(ext *dag.ExtensionCluster) *envoy_config_cluster_v3.Cluster { cluster := clusterDefaults() // The Envoy cluster name has already been set. @@ -156,7 +156,7 @@ func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_config_cluster_v3.Cluste // Cluster will be discovered via EDS. cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS) cluster.EdsClusterConfig = &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: e.GetConfigSource(), ServiceName: ext.Upstream.ClusterName, } @@ -167,7 +167,7 @@ func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_config_cluster_v3.Cluste case "h2": http2Version = HTTPVersion2 cluster.TransportSocket = UpstreamTLSTransportSocket( - UpstreamTLSContext( + e.UpstreamTLSContext( ext.UpstreamValidation, ext.SNI, ext.ClientCertificate, @@ -208,7 +208,7 @@ func applyCircuitBreakers(cluster *envoy_config_cluster_v3.Cluster, settings dag } // DNSNameCluster builds a envoy_config_cluster_v3.Cluster for the given *dag.DNSNameCluster. -func DNSNameCluster(c *dag.DNSNameCluster) *envoy_config_cluster_v3.Cluster { +func (e *EnvoyGen) DNSNameCluster(c *dag.DNSNameCluster) *envoy_config_cluster_v3.Cluster { cluster := clusterDefaults() cluster.Name = envoy.DNSNameClusterName(c) @@ -222,7 +222,7 @@ func DNSNameCluster(c *dag.DNSNameCluster) *envoy_config_cluster_v3.Cluster { var transportSocket *envoy_config_core_v3.TransportSocket if c.Scheme == "https" { - transportSocket = UpstreamTLSTransportSocket(UpstreamTLSContext(c.UpstreamValidation, c.Address, nil, c.UpstreamTLS)) + transportSocket = UpstreamTLSTransportSocket(e.UpstreamTLSContext(c.UpstreamValidation, c.Address, nil, c.UpstreamTLS)) } cluster.LoadAssignment = ClusterLoadAssignment(envoy.DNSNameClusterName(c), SocketAddress(c.Address, c.Port)) diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index cc9f64bcec5..762b12f5fb0 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -137,6 +137,10 @@ func TestCluster(t *testing.T) { }, } + envoyGen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) + edsConfig := envoyGen.GetConfigSource() tests := map[string]struct { cluster *dag.Cluster want *envoy_config_cluster_v3.Cluster @@ -150,7 +154,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, }, @@ -165,7 +169,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, TypedExtensionProtocolOptions: map[string]*anypb.Any{ @@ -190,11 +194,11 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, TransportSocket: UpstreamTLSTransportSocket( - UpstreamTLSContext(nil, "", nil, nil, "h2"), + envoyGen.UpstreamTLSContext(nil, "", nil, nil, "h2"), ), TypedExtensionProtocolOptions: map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": protobuf.MustMarshalAny( @@ -305,11 +309,11 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, TransportSocket: UpstreamTLSTransportSocket( - UpstreamTLSContext(nil, "", nil, nil), + envoyGen.UpstreamTLSContext(nil, "", nil, nil), ), }, }, @@ -325,7 +329,7 @@ func TestCluster(t *testing.T) { ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: ExternalNameClusterLoadAssignment(service(svcExternal, "tls")), TransportSocket: UpstreamTLSTransportSocket( - UpstreamTLSContext(nil, "projectcontour.local", nil, nil), + envoyGen.UpstreamTLSContext(nil, "projectcontour.local", nil, nil), ), }, }, @@ -345,11 +349,11 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, TransportSocket: UpstreamTLSTransportSocket( - UpstreamTLSContext( + envoyGen.UpstreamTLSContext( &dag.PeerValidationContext{ CACertificates: []*dag.Secret{ secret, @@ -382,11 +386,11 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, TransportSocket: UpstreamTLSTransportSocket( - UpstreamTLSContext( + envoyGen.UpstreamTLSContext( &dag.PeerValidationContext{ CACertificates: []*dag.Secret{ secret, @@ -423,7 +427,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -457,7 +461,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -491,7 +495,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -525,7 +529,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -559,7 +563,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -583,7 +587,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, LbPolicy: envoy_config_cluster_v3.Cluster_RANDOM, @@ -599,7 +603,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, @@ -615,7 +619,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, }, @@ -635,7 +639,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, IgnoreHealthOnHostRemoval: true, @@ -661,11 +665,11 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, TransportSocket: UpstreamTLSTransportSocket( - UpstreamTLSContext(nil, "", clientSecret, nil), + envoyGen.UpstreamTLSContext(nil, "", clientSecret, nil), ), }, }, @@ -679,7 +683,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, ConnectTimeout: durationpb.New(10 * time.Second), @@ -695,7 +699,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, TypedExtensionProtocolOptions: map[string]*anypb.Any{ @@ -728,7 +732,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, LbConfig: &envoy_config_cluster_v3.Cluster_RoundRobinLbConfig_{ @@ -762,7 +766,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, LbPolicy: envoy_config_cluster_v3.Cluster_LEAST_REQUEST, @@ -792,7 +796,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), @@ -808,7 +812,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, TypedExtensionProtocolOptions: map[string]*anypb.Any{ @@ -840,7 +844,7 @@ func TestCluster(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource("contour"), + EdsConfig: edsConfig, ServiceName: "default/kuard/http", }, TypedExtensionProtocolOptions: map[string]*anypb.Any{ @@ -864,7 +868,7 @@ func TestCluster(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := Cluster(tc.cluster) + got := envoyGen.Cluster(tc.cluster) want := clusterDefaults() proto.Merge(want, tc.want) @@ -875,6 +879,9 @@ func TestCluster(t *testing.T) { } func TestDNSNameCluster(t *testing.T) { + envoyGen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) tests := map[string]struct { cluster *dag.DNSNameCluster want *envoy_config_cluster_v3.Cluster @@ -993,7 +1000,7 @@ func TestDNSNameCluster(t *testing.T) { }, }, }, - TransportSocket: UpstreamTLSTransportSocket(UpstreamTLSContext(nil, "foo.projectcontour.io", nil, nil)), + TransportSocket: UpstreamTLSTransportSocket(envoyGen.UpstreamTLSContext(nil, "foo.projectcontour.io", nil, nil)), }, }, "HTTPS cluster with upstream validation": { @@ -1035,7 +1042,7 @@ func TestDNSNameCluster(t *testing.T) { }, }, }, - TransportSocket: UpstreamTLSTransportSocket(UpstreamTLSContext(&dag.PeerValidationContext{ + TransportSocket: UpstreamTLSTransportSocket(envoyGen.UpstreamTLSContext(&dag.PeerValidationContext{ CACertificates: []*dag.Secret{ { Object: &core_v1.Secret{ @@ -1053,7 +1060,7 @@ func TestDNSNameCluster(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := DNSNameCluster(tc.cluster) + got := envoyGen.DNSNameCluster(tc.cluster) want := clusterDefaults() proto.Merge(want, tc.want) diff --git a/internal/envoy/v3/config_gen.go b/internal/envoy/v3/config_gen.go new file mode 100644 index 00000000000..bc80893d0f8 --- /dev/null +++ b/internal/envoy/v3/config_gen.go @@ -0,0 +1,53 @@ +// Copyright Project Contour Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package v3 + +import ( + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + + "github.com/projectcontour/contour/internal/timeout" +) + +// DefaultXDSClusterName is the default name of the Contour cluster as defined in the +// Envoy bootstrap configuration. +const DefaultXDSClusterName = "contour" + +type EnvoyGen struct { + xdsClusterName string +} + +type EnvoyGenOpt struct { + XDSClusterName string +} + +func NewEnvoysGen(opt EnvoyGenOpt) *EnvoyGen { + return &EnvoyGen{ + xdsClusterName: opt.XDSClusterName, + } +} + +func (e *EnvoyGen) GetConfigSource() *envoy_config_core_v3.ConfigSource { + return &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{ + GrpcService(e.xdsClusterName, "", timeout.DefaultSetting()), + }, + }, + }, + } +} diff --git a/internal/envoy/v3/listener.go b/internal/envoy/v3/listener.go index 213a71af9bf..61c6be9b169 100644 --- a/internal/envoy/v3/listener.go +++ b/internal/envoy/v3/listener.go @@ -169,6 +169,7 @@ const ( type httpConnectionManagerBuilder struct { routeConfigName string + routeConfigSource *envoy_config_core_v3.ConfigSource metricsPrefix string accessLoggers []*envoy_config_accesslog_v3.AccessLog requestTimeout timeout.Setting @@ -490,7 +491,7 @@ func (b *httpConnectionManagerBuilder) Get() *envoy_config_listener_v3.Filter { RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: b.routeConfigName, - ConfigSource: ConfigSource("contour"), + ConfigSource: b.routeConfigSource, }, }, Tracing: b.tracingConfig, @@ -580,8 +581,8 @@ func (b *httpConnectionManagerBuilder) Get() *envoy_config_listener_v3.Filter { // HTTPConnectionManager creates a new HTTP Connection Manager filter // for the supplied route, access log, and client request timeout. -func HTTPConnectionManager(routename string, accesslogger []*envoy_config_accesslog_v3.AccessLog, requestTimeout time.Duration) *envoy_config_listener_v3.Filter { - return HTTPConnectionManagerBuilder(). +func (e *EnvoyGen) HTTPConnectionManager(routename string, accesslogger []*envoy_config_accesslog_v3.AccessLog, requestTimeout time.Duration) *envoy_config_listener_v3.Filter { + return e.HTTPConnectionManagerBuilder(). RouteConfigName(routename). MetricsPrefix(routename). AccessLoggers(accesslogger). @@ -592,8 +593,10 @@ func HTTPConnectionManager(routename string, accesslogger []*envoy_config_access // HTTPConnectionManagerBuilder creates a new HTTP connection manager builder. // nolint:revive -func HTTPConnectionManagerBuilder() *httpConnectionManagerBuilder { - return &httpConnectionManagerBuilder{} +func (e *EnvoyGen) HTTPConnectionManagerBuilder() *httpConnectionManagerBuilder { + return &httpConnectionManagerBuilder{ + routeConfigSource: e.GetConfigSource(), + } } // TCPProxy creates a new TCPProxy filter. diff --git a/internal/envoy/v3/listener_test.go b/internal/envoy/v3/listener_test.go index e2aa3a64fee..097b0deed36 100644 --- a/internal/envoy/v3/listener_test.go +++ b/internal/envoy/v3/listener_test.go @@ -78,6 +78,10 @@ func TestProtoNamesForVersions(t *testing.T) { } func TestListener(t *testing.T) { + envoygen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) + tests := map[string]struct { name, address string port int @@ -91,13 +95,13 @@ func TestListener(t *testing.T) { address: "0.0.0.0", port: 9000, f: []*envoy_config_listener_v3.Filter{ - HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), + envoygen.HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), }, want: &envoy_config_listener_v3.Listener{ Name: "http", Address: SocketAddress("0.0.0.0", 9000), FilterChains: FilterChains( - HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), + envoygen.HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), ), SocketOptions: NewSocketOptions().TCPKeepalive().Build(), }, @@ -110,7 +114,7 @@ func TestListener(t *testing.T) { ProxyProtocol(), }, f: []*envoy_config_listener_v3.Filter{ - HTTPConnectionManager("http-proxy", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), + envoygen.HTTPConnectionManager("http-proxy", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), }, want: &envoy_config_listener_v3.Listener{ Name: "http-proxy", @@ -119,7 +123,7 @@ func TestListener(t *testing.T) { ProxyProtocol(), ), FilterChains: FilterChains( - HTTPConnectionManager("http-proxy", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), + envoygen.HTTPConnectionManager("http-proxy", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), ), SocketOptions: NewSocketOptions().TCPKeepalive().Build(), }, @@ -164,14 +168,14 @@ func TestListener(t *testing.T) { port: 9000, perConnectionBufferLimitBytes: ptr.To(uint32(32768)), f: []*envoy_config_listener_v3.Filter{ - HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), + envoygen.HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), }, want: &envoy_config_listener_v3.Listener{ Name: "http", Address: SocketAddress("0.0.0.0", 9000), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), FilterChains: FilterChains( - HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), + envoygen.HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), ), SocketOptions: NewSocketOptions().TCPKeepalive().Build(), }, @@ -469,12 +473,16 @@ func TestDownstreamTLSContext(t *testing.T) { }, } + envoyGen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) + tests := map[string]struct { got *envoy_transport_socket_tls_v3.DownstreamTlsContext want *envoy_transport_socket_tls_v3.DownstreamTlsContext }{ "TLS context without client authentication": { - DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, nil, "h2", "http/1.1"), + envoyGen.DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, nil, "h2", "http/1.1"), &envoy_transport_socket_tls_v3.DownstreamTlsContext{ CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, @@ -484,7 +492,7 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "TLS context with client authentication": { - DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContext, "h2", "http/1.1"), + envoyGen.DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContext, "h2", "http/1.1"), &envoy_transport_socket_tls_v3.DownstreamTlsContext{ CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, @@ -496,7 +504,7 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "Downstream validation shall not support subjectName validation": { - DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithSubjectName, "h2", "http/1.1"), + envoyGen.DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithSubjectName, "h2", "http/1.1"), &envoy_transport_socket_tls_v3.DownstreamTlsContext{ CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, @@ -508,7 +516,7 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "skip client cert validation": { - DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextSkipClientCertValidation, "h2", "http/1.1"), + envoyGen.DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextSkipClientCertValidation, "h2", "http/1.1"), &envoy_transport_socket_tls_v3.DownstreamTlsContext{ CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, @@ -520,7 +528,7 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "skip client cert validation with ca": { - DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextSkipClientCertValidationWithCA, "h2", "http/1.1"), + envoyGen.DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextSkipClientCertValidationWithCA, "h2", "http/1.1"), &envoy_transport_socket_tls_v3.DownstreamTlsContext{ CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, @@ -532,7 +540,7 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "optional client cert validation with ca": { - DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextOptionalClientCertValidationWithCA, "h2", "http/1.1"), + envoyGen.DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextOptionalClientCertValidationWithCA, "h2", "http/1.1"), &envoy_transport_socket_tls_v3.DownstreamTlsContext{ CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, @@ -544,7 +552,7 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "Downstream validation with CRL check": { - DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithCRLCheck, "h2", "http/1.1"), + envoyGen.DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithCRLCheck, "h2", "http/1.1"), &envoy_transport_socket_tls_v3.DownstreamTlsContext{ CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, @@ -556,7 +564,7 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "Downstream validation with CRL check but only for leaf-certificate": { - DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithCRLCheckOnlyLeaf, "h2", "http/1.1"), + envoyGen.DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithCRLCheckOnlyLeaf, "h2", "http/1.1"), &envoy_transport_socket_tls_v3.DownstreamTlsContext{ CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, @@ -577,6 +585,9 @@ func TestDownstreamTLSContext(t *testing.T) { } func TestHTTPConnectionManager(t *testing.T) { + envoyGen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) defaultHTTPFilters := []*envoy_filter_network_http_connection_manager_v3.HttpFilter{ { Name: CompressorFilterName, @@ -1461,7 +1472,7 @@ func TestHTTPConnectionManager(t *testing.T) { } for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := HTTPConnectionManagerBuilder(). + got := envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(tc.routename). MetricsPrefix(tc.routename). AccessLoggers(tc.accesslogger). @@ -1720,10 +1731,14 @@ func TestFilterChainTLS_Match(t *testing.T) { // TestBuilderValidation tests that validation checks that // DefaultFilters adds the required HTTP connection manager filters. func TestBuilderValidation(t *testing.T) { - require.Error(t, HTTPConnectionManagerBuilder().Validate(), + envoygen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) + + require.Error(t, envoygen.HTTPConnectionManagerBuilder().Validate(), "ConnectionManager with no filters should not pass validation") - require.Error(t, HTTPConnectionManagerBuilder().AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ + require.Error(t, envoygen.HTTPConnectionManagerBuilder().AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: "foo", ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: &anypb.Any{ @@ -1733,10 +1748,10 @@ func TestBuilderValidation(t *testing.T) { }).Validate(), "ConnectionManager with only non-router filter should not pass validation") - require.NoError(t, HTTPConnectionManagerBuilder().DefaultFilters().Validate(), + require.NoError(t, envoygen.HTTPConnectionManagerBuilder().DefaultFilters().Validate(), "ConnectionManager with default filters failed validation") - badBuilder := HTTPConnectionManagerBuilder().DefaultFilters() + badBuilder := envoygen.HTTPConnectionManagerBuilder().DefaultFilters() badBuilder.filters = append(badBuilder.filters, &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: "foo", ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ @@ -1828,39 +1843,43 @@ func TestAddFilter(t *testing.T) { }, } + envoygen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) + tests := map[string]struct { builder *httpConnectionManagerBuilder add *envoy_filter_network_http_connection_manager_v3.HttpFilter want []*envoy_filter_network_http_connection_manager_v3.HttpFilter }{ "Nil add to empty builder": { - builder: HTTPConnectionManagerBuilder(), + builder: envoygen.HTTPConnectionManagerBuilder(), add: nil, want: nil, }, "Add a single router filter to empty builder": { - builder: HTTPConnectionManagerBuilder(), + builder: envoygen.HTTPConnectionManagerBuilder(), add: routerFilter, want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{routerFilter}, }, "Add a single non-router filter to empty builder": { - builder: HTTPConnectionManagerBuilder(), + builder: envoygen.HTTPConnectionManagerBuilder(), add: grpcWebFilter, want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{grpcWebFilter}, }, "Add a single router filter to non-empty builder": { - builder: HTTPConnectionManagerBuilder().AddFilter(grpcWebFilter), + builder: envoygen.HTTPConnectionManagerBuilder().AddFilter(grpcWebFilter), add: routerFilter, want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{grpcWebFilter, routerFilter}, }, "Add a filter to a builder with a router": { - builder: HTTPConnectionManagerBuilder().AddFilter(routerFilter), + builder: envoygen.HTTPConnectionManagerBuilder().AddFilter(routerFilter), add: grpcWebFilter, want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{grpcWebFilter, routerFilter}, }, "Add to the default filters": { - builder: HTTPConnectionManagerBuilder().DefaultFilters(), + builder: envoygen.HTTPConnectionManagerBuilder().DefaultFilters(), add: authzFilter(), want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{ compressFilter, @@ -1875,7 +1894,7 @@ func TestAddFilter(t *testing.T) { }, }, "Add to the default filters with AuthorizationServerBufferSettings": { - builder: HTTPConnectionManagerBuilder().DefaultFilters(), + builder: envoygen.HTTPConnectionManagerBuilder().DefaultFilters(), add: authzFilter("ext-auth-server.com", &dag.AuthorizationServerBufferSettings{ MaxRequestBytes: 10, AllowPartialMessage: true, @@ -1907,7 +1926,7 @@ func TestAddFilter(t *testing.T) { } assert.Panics(t, func() { - HTTPConnectionManagerBuilder().DefaultFilters().AddFilter(routerFilter) + envoygen.HTTPConnectionManagerBuilder().DefaultFilters().AddFilter(routerFilter) }) } diff --git a/internal/envoy/v3/socket_test.go b/internal/envoy/v3/socket_test.go index d81d3b45247..26337beb5b9 100644 --- a/internal/envoy/v3/socket_test.go +++ b/internal/envoy/v3/socket_test.go @@ -26,16 +26,19 @@ import ( ) func TestUpstreamTLSTransportSocket(t *testing.T) { + envoyGen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) tests := map[string]struct { ctxt *envoy_transport_socket_tls_v3.UpstreamTlsContext want *envoy_config_core_v3.TransportSocket }{ "h2": { - ctxt: UpstreamTLSContext(nil, "", nil, nil, "h2"), + ctxt: envoyGen.UpstreamTLSContext(nil, "", nil, nil, "h2"), want: &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(UpstreamTLSContext(nil, "", nil, nil, "h2")), + TypedConfig: protobuf.MustMarshalAny(envoyGen.UpstreamTLSContext(nil, "", nil, nil, "h2")), }, }, }, @@ -50,6 +53,9 @@ func TestUpstreamTLSTransportSocket(t *testing.T) { } func TestDownstreamTLSTransportSocket(t *testing.T) { + envoyGen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) serverSecret := &dag.Secret{ Object: &core_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ @@ -67,11 +73,11 @@ func TestDownstreamTLSTransportSocket(t *testing.T) { want *envoy_config_core_v3.TransportSocket }{ "default/tls": { - ctxt: DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "client-subject-name", "h2", "http/1.1"), + ctxt: envoyGen.DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "client-subject-name", "h2", "http/1.1"), want: &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "client-subject-name", "h2", "http/1.1")), + TypedConfig: protobuf.MustMarshalAny(envoyGen.DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "client-subject-name", "h2", "http/1.1")), }, }, }, diff --git a/internal/envoy/v3/stats.go b/internal/envoy/v3/stats.go index a444218db88..7842d57dd53 100644 --- a/internal/envoy/v3/stats.go +++ b/internal/envoy/v3/stats.go @@ -38,7 +38,7 @@ const ( // The listeners are configured to serve: // - prometheus metrics on /stats (either over HTTP or HTTPS) // - readiness probe on /ready (always over HTTP) -func StatsListeners(metrics contour_v1alpha1.MetricsConfig, health contour_v1alpha1.HealthConfig) []*envoy_config_listener_v3.Listener { +func (e *EnvoyGen) StatsListeners(metrics contour_v1alpha1.MetricsConfig, health contour_v1alpha1.HealthConfig) []*envoy_config_listener_v3.Listener { var listeners []*envoy_config_listener_v3.Listener switch { @@ -50,7 +50,7 @@ func StatsListeners(metrics contour_v1alpha1.MetricsConfig, health contour_v1alp SocketOptions: NewSocketOptions().TCPKeepalive().Build(), FilterChains: filterChain("stats", DownstreamTLSTransportSocket( - downstreamTLSContext(metrics.TLS.CAFile != "")), routeForAdminInterface("/stats", "/stats/prometheus")), + e.downstreamTLSContext(metrics.TLS.CAFile != "")), routeForAdminInterface("/stats", "/stats/prometheus")), }, { Name: "health", Address: SocketAddress(health.Address, health.Port), @@ -185,7 +185,7 @@ func routeForAdminInterface(paths ...string) *envoy_filter_network_http_connecti // downstreamTLSContext creates TLS context when HTTPS is used to protect Envoy stats endpoint. // Certificates and key are hardcoded to the SDS secrets which are returned by StatsSecrets. -func downstreamTLSContext(clientValidation bool) *envoy_transport_socket_tls_v3.DownstreamTlsContext { +func (e *EnvoyGen) downstreamTLSContext(clientValidation bool) *envoy_transport_socket_tls_v3.DownstreamTlsContext { context := &envoy_transport_socket_tls_v3.DownstreamTlsContext{ CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: &envoy_transport_socket_tls_v3.TlsParameters{ @@ -194,7 +194,7 @@ func downstreamTLSContext(clientValidation bool) *envoy_transport_socket_tls_v3. }, TlsCertificateSdsSecretConfigs: []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: metricsServerCertSDSName, - SdsConfig: ConfigSource("contour"), + SdsConfig: e.GetConfigSource(), }}, }, } @@ -203,7 +203,7 @@ func downstreamTLSContext(clientValidation bool) *envoy_transport_socket_tls_v3. context.CommonTlsContext.ValidationContextType = &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContextSdsSecretConfig{ ValidationContextSdsSecretConfig: &envoy_transport_socket_tls_v3.SdsSecretConfig{ Name: metricsCaBundleSDSName, - SdsConfig: ConfigSource("contour"), + SdsConfig: e.GetConfigSource(), }, } context.RequireClientCertificate = wrapperspb.Bool(true) diff --git a/internal/envoy/v3/stats_test.go b/internal/envoy/v3/stats_test.go index cdabc908bf5..465069e90a1 100644 --- a/internal/envoy/v3/stats_test.go +++ b/internal/envoy/v3/stats_test.go @@ -115,6 +115,10 @@ func TestStatsListeners(t *testing.T) { }, } + envoyGen := NewEnvoysGen(EnvoyGenOpt{ + XDSClusterName: DefaultXDSClusterName, + }) + type testcase struct { metrics contour_v1alpha1.MetricsConfig health contour_v1alpha1.HealthConfig @@ -125,7 +129,7 @@ func TestStatsListeners(t *testing.T) { t.Helper() t.Run(name, func(t *testing.T) { t.Helper() - got := StatsListeners(tc.metrics, tc.health) + got := envoyGen.StatsListeners(tc.metrics, tc.health) protobuf.ExpectEqual(t, tc.want, got) }) } @@ -216,7 +220,7 @@ func TestStatsListeners(t *testing.T) { }, TlsCertificateSdsSecretConfigs: []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: "metrics-tls-certificate", - SdsConfig: ConfigSource("contour"), + SdsConfig: envoyGen.GetConfigSource(), }}, }, }, @@ -307,12 +311,12 @@ func TestStatsListeners(t *testing.T) { }, TlsCertificateSdsSecretConfigs: []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: "metrics-tls-certificate", - SdsConfig: ConfigSource("contour"), + SdsConfig: envoyGen.GetConfigSource(), }}, ValidationContextType: &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContextSdsSecretConfig{ ValidationContextSdsSecretConfig: &envoy_transport_socket_tls_v3.SdsSecretConfig{ Name: "metrics-ca-certificate", - SdsConfig: ConfigSource("contour"), + SdsConfig: envoyGen.GetConfigSource(), }, }, }, diff --git a/internal/featuretests/v3/backendclientauth_test.go b/internal/featuretests/v3/backendclientauth_test.go index cac489eb8cc..770e41b700f 100644 --- a/internal/featuretests/v3/backendclientauth_test.go +++ b/internal/featuretests/v3/backendclientauth_test.go @@ -181,6 +181,9 @@ func TestBackendClientAuthenticationWithIngress(t *testing.T) { } func TestBackendClientAuthenticationWithExtensionService(t *testing.T) { + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) rh, c, done := setup(t, proxyClientCertificateOpt(t)) defer done() @@ -209,7 +212,7 @@ func TestBackendClientAuthenticationWithExtensionService(t *testing.T) { rh.OnAdd(ext) tlsSocket := envoy_v3.UpstreamTLSTransportSocket( - envoy_v3.UpstreamTLSContext( + envoyGen.UpstreamTLSContext( &dag.PeerValidationContext{ CACertificates: []*dag.Secret{{Object: featuretests.CASecret(t, "secret", &featuretests.CACertificate)}}, SubjectNames: []string{"subjname"}, diff --git a/internal/featuretests/v3/cluster_test.go b/internal/featuretests/v3/cluster_test.go index 2680585ba4b..c53db04a9cc 100644 --- a/internal/featuretests/v3/cluster_test.go +++ b/internal/featuretests/v3/cluster_test.go @@ -423,6 +423,10 @@ func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { rh, c, done := setup(t, circuitBreakerGlobalOpt(t, g)) defer done() + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() + s1 := fixture.NewService("kuard"). Annotate("projectcontour.io/max-connections", "9000"). Annotate("projectcontour.io/max-pending-requests", "4096"). @@ -452,7 +456,7 @@ func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { AltStatName: "default_kuard_8080", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -490,7 +494,7 @@ func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { AltStatName: "default_kuard_8080", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -527,7 +531,7 @@ func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { AltStatName: "default_kuard_8080", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -558,6 +562,9 @@ func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { rh, c, done := setup(t, circuitBreakerGlobalOpt(t, g)) defer done() + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() s1 := fixture.NewService("kuard"). Annotate("projectcontour.io/max-connections", "9000"). Annotate("projectcontour.io/max-pending-requests", "4096"). @@ -596,7 +603,7 @@ func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { AltStatName: "default_kuard_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -633,7 +640,7 @@ func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { AltStatName: "default_kuard_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -670,7 +677,7 @@ func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { AltStatName: "default_kuard_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -701,6 +708,9 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { rh, c, done := setup(t, circuitBreakerGlobalOpt(t, g)) defer done() + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() s1 := fixture.NewService("kuard"). Annotate("projectcontour.io/max-connections", "9000"). Annotate("projectcontour.io/max-pending-requests", "4096"). @@ -782,7 +792,7 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { AltStatName: "default_kuard_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -819,7 +829,7 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { AltStatName: "default_kuard_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -856,7 +866,7 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { AltStatName: "default_kuard_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -931,6 +941,10 @@ func TestClusterLoadBalancerStrategyPerRoute(t *testing.T) { rh, c, done := setup(t) defer done() + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() + rh.OnAdd(fixture.NewService("kuard"). WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}), ) @@ -975,7 +989,7 @@ func TestClusterLoadBalancerStrategyPerRoute(t *testing.T) { AltStatName: "default_kuard_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, LbPolicy: envoy_config_cluster_v3.Cluster_RANDOM, @@ -985,7 +999,7 @@ func TestClusterLoadBalancerStrategyPerRoute(t *testing.T) { AltStatName: "default_kuard_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, LbPolicy: envoy_config_cluster_v3.Cluster_LEAST_REQUEST, diff --git a/internal/featuretests/v3/envoy.go b/internal/featuretests/v3/envoy.go index 7b4d1ca8501..6b96c3490ec 100644 --- a/internal/featuretests/v3/envoy.go +++ b/internal/featuretests/v3/envoy.go @@ -178,7 +178,9 @@ func cluster(name, servicename, statName string) *envoy_config_cluster_v3.Cluste ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: statName, EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource(), ServiceName: servicename, }, }) @@ -197,7 +199,9 @@ func tlsCluster(c *envoy_config_cluster_v3.Cluster, ca *core_v1.Secret, subjectN } c.TransportSocket = envoy_v3.UpstreamTLSTransportSocket( - envoy_v3.UpstreamTLSContext( + envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).UpstreamTLSContext( &dag.PeerValidationContext{ CACertificates: s, SubjectNames: []string{subjectName}, @@ -218,7 +222,9 @@ func tlsClusterWithoutValidation(c *envoy_config_cluster_v3.Cluster, sni string, } c.TransportSocket = envoy_v3.UpstreamTLSTransportSocket( - envoy_v3.UpstreamTLSContext( + envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).UpstreamTLSContext( nil, sni, secret, @@ -429,7 +435,9 @@ func appendFilterChains(chains ...*envoy_config_listener_v3.FilterChain) []*envo func filterchaintls(domain string, secret *core_v1.Secret, filter *envoy_config_listener_v3.Filter, peerValidationContext *dag.PeerValidationContext, alpn ...string) *envoy_config_listener_v3.FilterChain { return envoy_v3.FilterChainTLS( domain, - envoy_v3.DownstreamTLSContext( + envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).DownstreamTLSContext( &dag.Secret{Object: secret}, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, @@ -442,8 +450,11 @@ func filterchaintls(domain string, secret *core_v1.Secret, filter *envoy_config_ // filterchaintlsfallback returns a FilterChain for the given TLS fallback certificate. func filterchaintlsfallback(fallbackSecret *core_v1.Secret, peerValidationContext *dag.PeerValidationContext, alpn ...string) *envoy_config_listener_v3.FilterChain { + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) return envoy_v3.FilterChainTLSFallback( - envoy_v3.DownstreamTLSContext( + envoyGen.DownstreamTLSContext( &dag.Secret{Object: fallbackSecret}, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, @@ -451,7 +462,7 @@ func filterchaintlsfallback(fallbackSecret *core_v1.Secret, peerValidationContex peerValidationContext, alpn...), envoy_v3.Filters( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). RouteConfigName(xdscache_v3.ENVOY_FALLBACK_ROUTECONFIG). MetricsPrefix(xdscache_v3.ENVOY_HTTPS_LISTENER). @@ -464,8 +475,11 @@ func filterchaintlsfallback(fallbackSecret *core_v1.Secret, peerValidationContex // filterchaintlsfallbackauthz does same thing as filterchaintlsfallback but inserts a // `ext_authz` filter with the specified configuration into the filter chain. func filterchaintlsfallbackauthz(fallbackSecret *core_v1.Secret, authz *envoy_filter_http_ext_authz_v3.ExtAuthz, peerValidationContext *dag.PeerValidationContext, alpn ...string) *envoy_config_listener_v3.FilterChain { + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) return envoy_v3.FilterChainTLSFallback( - envoy_v3.DownstreamTLSContext( + envoyGen.DownstreamTLSContext( &dag.Secret{Object: fallbackSecret}, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, @@ -473,7 +487,7 @@ func filterchaintlsfallbackauthz(fallbackSecret *core_v1.Secret, authz *envoy_fi peerValidationContext, alpn...), envoy_v3.Filters( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: envoy_v3.ExtAuthzFilterName, @@ -490,7 +504,10 @@ func filterchaintlsfallbackauthz(fallbackSecret *core_v1.Secret, authz *envoy_fi } func httpsFilterFor(vhost string) *envoy_config_listener_v3.Filter { - return envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + return envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). RouteConfigName(path.Join("https", vhost)). @@ -500,7 +517,10 @@ func httpsFilterFor(vhost string) *envoy_config_listener_v3.Filter { } func httpFilterForGateway() *envoy_config_listener_v3.Filter { - return envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + return envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). RouteConfigName("http-80"). AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). @@ -509,7 +529,10 @@ func httpFilterForGateway() *envoy_config_listener_v3.Filter { } func httpsFilterForGateway(listener, vhost string) *envoy_config_listener_v3.Filter { - return envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + return envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). RouteConfigName(path.Join(listener, vhost)). @@ -522,7 +545,10 @@ func httpsFilterForGateway(listener, vhost string) *envoy_config_listener_v3.Fil // httpsFilterWithXfccFor does the same as httpsFilterFor but enable // client certs details forwarding func httpsFilterWithXfccFor(vhost string, d *dag.ClientCertificateDetails) *envoy_config_listener_v3.Filter { - return envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + return envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). RouteConfigName(path.Join("https", vhost)). @@ -539,7 +565,10 @@ func authzFilterFor( vhost string, authz *envoy_filter_http_ext_authz_v3.ExtAuthz, ) *envoy_config_listener_v3.Filter { - return envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + return envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ @@ -558,7 +587,10 @@ func jwtAuthnFilterFor( vhost string, jwt *envoy_filter_http_jwt_authn_v3.JwtAuthentication, ) *envoy_config_listener_v3.Filter { - return envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + return envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ @@ -620,7 +652,9 @@ func tcpproxyWeighted(statPrefix string, clusters ...clusterWeight) *envoy_confi func statsListener() *envoy_config_listener_v3.Listener { // Single listener with metrics and health endpoints. - listeners := envoy_v3.StatsListeners( + listeners := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).StatsListeners( contour_v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, contour_v1alpha1.HealthConfig{Address: "0.0.0.0", Port: 8002}) return listeners[0] @@ -631,11 +665,14 @@ func envoyAdminListener(port int) *envoy_config_listener_v3.Listener { } func defaultHTTPListener() *envoy_config_listener_v3.Listener { + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) return &envoy_config_listener_v3.Listener{ Name: "ingress_http", Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), 0), + envoyGen.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), 0), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } diff --git a/internal/featuretests/v3/externalname_test.go b/internal/featuretests/v3/externalname_test.go index 2d3bbe43922..a3f7a7bfc51 100644 --- a/internal/featuretests/v3/externalname_test.go +++ b/internal/featuretests/v3/externalname_test.go @@ -42,6 +42,9 @@ func TestExternalNameService(t *testing.T) { rh, c, done := setup(t, enableExternalNameService(t)) defer done() + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) s1 := fixture.NewService("kuard"). WithSpec(core_v1.ServiceSpec{ Ports: []core_v1.ServicePort{{ @@ -219,7 +222,7 @@ func TestExternalNameService(t *testing.T) { }, &envoy_config_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( - envoy_v3.UpstreamTLSContext(nil, "external.address", nil, nil, "h2"), + envoyGen.UpstreamTLSContext(nil, "external.address", nil, nil, "h2"), ), }, ), @@ -271,7 +274,7 @@ func TestExternalNameService(t *testing.T) { externalNameCluster("default/kuard/80/f9439c1de8", "default/kuard", "default_kuard_80", "foo.io", 80), &envoy_config_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( - envoy_v3.UpstreamTLSContext(nil, "external.address", nil, nil), + envoyGen.UpstreamTLSContext(nil, "external.address", nil, nil), ), }, ), @@ -305,7 +308,7 @@ func TestExternalNameService(t *testing.T) { externalNameCluster("default/kuard/80/7d449598f5", "default/kuard", "default_kuard_80", "foo.io", 80), &envoy_config_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( - envoy_v3.UpstreamTLSContext(nil, "foo.io", nil, nil), + envoyGen.UpstreamTLSContext(nil, "foo.io", nil, nil), ), }, ), diff --git a/internal/featuretests/v3/featuretests.go b/internal/featuretests/v3/featuretests.go index 3eb982a0d9a..b3e7cbfa157 100644 --- a/internal/featuretests/v3/featuretests.go +++ b/internal/featuretests/v3/featuretests.go @@ -48,6 +48,8 @@ import ( contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/metrics" @@ -91,16 +93,21 @@ func setup(t *testing.T, opts ...any) (ResourceEventHandlerWrapper, *Contour, fu } } + envoyGen := v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + resources := []xdscache.ResourceCache{ xdscache_v3.NewListenerCache( conf, contour_v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, contour_v1alpha1.HealthConfig{Address: "0.0.0.0", Port: 8002}, 0, + envoyGen, ), &xdscache_v3.SecretCache{}, &xdscache_v3.RouteCache{}, - &xdscache_v3.ClusterCache{}, + xdscache_v3.NewClusterCache(envoyGen), et, } diff --git a/internal/featuretests/v3/global_authorization_test.go b/internal/featuretests/v3/global_authorization_test.go index b5ad014d377..8a9a629c198 100644 --- a/internal/featuretests/v3/global_authorization_test.go +++ b/internal/featuretests/v3/global_authorization_test.go @@ -859,7 +859,10 @@ func TestGlobalAuthorization(t *testing.T) { // getGlobalExtAuthHCM returns a HTTP Connection Manager with Global External Authorization configured. func getGlobalExtAuthHCM() *envoy_config_listener_v3.Filter { - return envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: "contour", + }) + return envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName("ingress_http"). MetricsPrefix("ingress_http"). AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). diff --git a/internal/featuretests/v3/globalratelimit_test.go b/internal/featuretests/v3/globalratelimit_test.go index 258681ba2e3..759655a98dc 100644 --- a/internal/featuretests/v3/globalratelimit_test.go +++ b/internal/featuretests/v3/globalratelimit_test.go @@ -64,9 +64,13 @@ func globalRateLimitFilterExists(t *testing.T, rh ResourceEventHandlerWrapper, c httpListener := defaultHTTPListener() + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + // replace the default filter chains with an HCM that includes the global // rate limit filter. - hcm := envoy_v3.HTTPConnectionManagerBuilder(). + hcm := envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName("ingress_http"). MetricsPrefix("ingress_http"). AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). diff --git a/internal/featuretests/v3/listeners_test.go b/internal/featuretests/v3/listeners_test.go index 8167dc6dfe5..2c1038ea0a0 100644 --- a/internal/featuretests/v3/listeners_test.go +++ b/internal/featuretests/v3/listeners_test.go @@ -51,6 +51,9 @@ func customAdminPort(t *testing.T, port int) []xdscache.ResourceCache { contour_v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, contour_v1alpha1.HealthConfig{Address: "0.0.0.0", Port: 8002}, port, + envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }), ), &xdscache_v3.SecretCache{}, &xdscache_v3.RouteCache{}, @@ -274,6 +277,9 @@ func TestHTTPProxyTLSListener(t *testing.T) { rh, c, done := setup(t) defer done() + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) secret1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc1 := fixture.NewService("backend"). @@ -395,7 +401,7 @@ func TestHTTPProxyTLSListener(t *testing.T) { FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", - envoy_v3.DownstreamTLSContext( + envoyGen.DownstreamTLSContext( &dag.Secret{Object: secret1}, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, @@ -426,6 +432,9 @@ func TestTLSListenerCipherSuites(t *testing.T) { }) defer done() + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) secret1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc1 := fixture.NewService("backend"). @@ -470,7 +479,7 @@ func TestTLSListenerCipherSuites(t *testing.T) { FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", - envoy_v3.DownstreamTLSContext( + envoyGen.DownstreamTLSContext( &dag.Secret{Object: secret1}, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, @@ -808,6 +817,9 @@ func TestLDSCustomAccessLogPaths(t *testing.T) { }) defer done() + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc1 := fixture.NewService("backend"). @@ -855,7 +867,7 @@ func TestLDSCustomAccessLogPaths(t *testing.T) { httpListener := defaultHTTPListener() httpListener.FilterChains = envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/tmp/http_access.log", "", nil, contour_v1alpha1.LogLevelInfo), 0), + envoyGen.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/tmp/http_access.log", "", nil, contour_v1alpha1.LogLevelInfo), 0), ) httpsListener := &envoy_config_listener_v3.Listener{ @@ -866,7 +878,7 @@ func TestLDSCustomAccessLogPaths(t *testing.T) { ), FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("kuard.example.com", s1, - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("kuard.example.com")). DefaultFilters(). RouteConfigName("https/kuard.example.com"). @@ -974,7 +986,9 @@ func TestHTTPProxyTLSVersion(t *testing.T) { }) defer done() - + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) secret1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) rh.OnAdd(secret1) @@ -1015,7 +1029,7 @@ func TestHTTPProxyTLSVersion(t *testing.T) { FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", - envoy_v3.DownstreamTLSContext( + envoyGen.DownstreamTLSContext( &dag.Secret{Object: secret1}, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, @@ -1073,7 +1087,7 @@ func TestHTTPProxyTLSVersion(t *testing.T) { FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", - envoy_v3.DownstreamTLSContext( + envoyGen.DownstreamTLSContext( &dag.Secret{Object: secret1}, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, @@ -1163,6 +1177,9 @@ func TestHTTPProxyXffNumTrustedHops(t *testing.T) { }) defer done() + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) rh.OnAdd(fixture.NewService("backend"). WithPorts(core_v1.ServicePort{Name: "http", Port: 80})) @@ -1193,7 +1210,7 @@ func TestHTTPProxyXffNumTrustedHops(t *testing.T) { // verify that the xff-num-trusted-hops have been set to 1. httpListener := defaultHTTPListener() - httpListener.FilterChains = envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + httpListener.FilterChains = envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName("ingress_http"). MetricsPrefix("ingress_http"). AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). @@ -1217,6 +1234,9 @@ func TestHTTPProxyServerHeaderTransformation(t *testing.T) { }) defer done() + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) rh.OnAdd(fixture.NewService("backend"). WithPorts(core_v1.ServicePort{Name: "http", Port: 80})) @@ -1247,7 +1267,7 @@ func TestHTTPProxyServerHeaderTransformation(t *testing.T) { // verify that the server-header-transformation has been set to append_if_absent. httpListener := defaultHTTPListener() - httpListener.FilterChains = envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + httpListener.FilterChains = envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName("ingress_http"). MetricsPrefix("ingress_http"). AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). @@ -1480,6 +1500,9 @@ func TestSocketOptions(t *testing.T) { }) defer done() + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) svc1 := fixture.NewService("backend"). WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(svc1) @@ -1533,7 +1556,7 @@ func TestSocketOptions(t *testing.T) { Name: "ingress_http", Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), 0), + envoyGen.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), 0), ), SocketOptions: socketOpts, }, @@ -1546,7 +1569,7 @@ func TestSocketOptions(t *testing.T) { FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", - envoy_v3.DownstreamTLSContext( + envoyGen.DownstreamTLSContext( &dag.Secret{Object: secret1}, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, diff --git a/internal/featuretests/v3/loadbalancerpolicy_test.go b/internal/featuretests/v3/loadbalancerpolicy_test.go index d51b7653e7f..99313d061a1 100644 --- a/internal/featuretests/v3/loadbalancerpolicy_test.go +++ b/internal/featuretests/v3/loadbalancerpolicy_test.go @@ -32,6 +32,10 @@ func TestLoadBalancerPolicySessionAffinity(t *testing.T) { rh, c, done := setup(t) defer done() + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() + s1 := fixture.NewService("app").WithPorts( core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) @@ -61,7 +65,7 @@ func TestLoadBalancerPolicySessionAffinity(t *testing.T) { ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_80", EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: s1.Namespace + "/" + s1.Name, }, LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, @@ -113,7 +117,7 @@ func TestLoadBalancerPolicySessionAffinity(t *testing.T) { ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_80", EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: s1.Namespace + "/" + s1.Name, }, LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, @@ -123,7 +127,7 @@ func TestLoadBalancerPolicySessionAffinity(t *testing.T) { ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_8080", EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: s1.Namespace + "/" + s1.Name, }, LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, @@ -157,6 +161,10 @@ func TestLoadBalancerPolicyRequestHashHeader(t *testing.T) { rh, c, done := setup(t) defer done() + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() + s1 := fixture.NewService("app").WithPorts( core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) @@ -198,7 +206,7 @@ func TestLoadBalancerPolicyRequestHashHeader(t *testing.T) { ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_80", EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: s1.Namespace + "/" + s1.Name, }, LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, @@ -230,6 +238,10 @@ func TestLoadBalancerPolicyRequestHashSourceIP(t *testing.T) { rh, c, done := setup(t) defer done() + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() + s1 := fixture.NewService("app").WithPorts( core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) @@ -268,7 +280,7 @@ func TestLoadBalancerPolicyRequestHashSourceIP(t *testing.T) { ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_80", EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: s1.Namespace + "/" + s1.Name, }, LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, @@ -300,6 +312,10 @@ func TestLoadBalancerPolicyRequestHashQueryParameter(t *testing.T) { rh, c, done := setup(t) defer done() + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() + s1 := fixture.NewService("app").WithPorts( core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) @@ -341,7 +357,7 @@ func TestLoadBalancerPolicyRequestHashQueryParameter(t *testing.T) { ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_80", EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: s1.Namespace + "/" + s1.Name, }, LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, diff --git a/internal/featuretests/v3/timeouts_test.go b/internal/featuretests/v3/timeouts_test.go index 56ec2c576d0..7d0ede484a5 100644 --- a/internal/featuretests/v3/timeouts_test.go +++ b/internal/featuretests/v3/timeouts_test.go @@ -35,6 +35,10 @@ func TestTimeoutsNotSpecified(t *testing.T) { rh, c, done := setup(t) defer done() + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: "contour", + }) + s1 := fixture.NewService("backend"). WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(s1) @@ -61,7 +65,7 @@ func TestTimeoutsNotSpecified(t *testing.T) { httpListener := defaultHTTPListener() httpListener.FilterChains = envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(xdscache_v3.ENVOY_HTTP_LISTENER). MetricsPrefix(xdscache_v3.ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -89,6 +93,9 @@ func TestNonZeroTimeoutsSpecified(t *testing.T) { rh, c, done := setup(t, withTimeouts) defer done() + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: "contour", + }) s1 := fixture.NewService("backend"). WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) @@ -115,7 +122,7 @@ func TestNonZeroTimeoutsSpecified(t *testing.T) { rh.OnAdd(hp1) httpListener := defaultHTTPListener() - httpListener.FilterChains = envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + httpListener.FilterChains = envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(xdscache_v3.ENVOY_HTTP_LISTENER). MetricsPrefix(xdscache_v3.ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). diff --git a/internal/featuretests/v3/tlsprotocolversion_test.go b/internal/featuretests/v3/tlsprotocolversion_test.go index 6c3ab8ee0e1..d447100dfc2 100644 --- a/internal/featuretests/v3/tlsprotocolversion_test.go +++ b/internal/featuretests/v3/tlsprotocolversion_test.go @@ -40,6 +40,9 @@ func TestTLSProtocolVersion(t *testing.T) { WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(s1) + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) i1 := &networking_v1.Ingress{ ObjectMeta: fixture.ObjectMeta("simple"), Spec: networking_v1.IngressSpec{ @@ -125,7 +128,7 @@ func TestTLSProtocolVersion(t *testing.T) { FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", - envoy_v3.DownstreamTLSContext( + envoyGen.DownstreamTLSContext( &dag.Secret{Object: sec1}, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, diff --git a/internal/featuretests/v3/tracing_test.go b/internal/featuretests/v3/tracing_test.go index 68b148e2b5c..1c144f9f1d7 100644 --- a/internal/featuretests/v3/tracing_test.go +++ b/internal/featuretests/v3/tracing_test.go @@ -61,6 +61,10 @@ func TestTracing(t *testing.T) { rh, c, done := setup(t, withTrace) defer done() + envoygen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) + rh.OnAdd(fixture.NewService("projectcontour/otel-collector"). WithPorts(core_v1.ServicePort{Port: 4317})) @@ -114,7 +118,7 @@ func TestTracing(t *testing.T) { rh.OnAdd(p) httpListener := defaultHTTPListener() - httpListener.FilterChains = envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + httpListener.FilterChains = envoy_v3.FilterChains(envoygen.HTTPConnectionManagerBuilder(). RouteConfigName(xdscache_v3.ENVOY_HTTP_LISTENER). MetricsPrefix(xdscache_v3.ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). diff --git a/internal/xdscache/v3/cluster.go b/internal/xdscache/v3/cluster.go index 115f96d01e4..77d3b22fb5e 100644 --- a/internal/xdscache/v3/cluster.go +++ b/internal/xdscache/v3/cluster.go @@ -34,6 +34,15 @@ type ClusterCache struct { mu sync.Mutex values map[string]*envoy_config_cluster_v3.Cluster contour.Cond + + envoyGen *envoy_v3.EnvoyGen +} + +func NewClusterCache(envoyGen *envoy_v3.EnvoyGen) *ClusterCache { + return &ClusterCache{ + values: make(map[string]*envoy_config_cluster_v3.Cluster), + envoyGen: envoyGen, + } } // Update replaces the contents of the cache with the supplied map. @@ -83,20 +92,20 @@ func (c *ClusterCache) OnChange(root *dag.DAG) { for _, cluster := range root.GetClusters() { name := envoy.Clustername(cluster) if _, ok := clusters[name]; !ok { - clusters[name] = envoy_v3.Cluster(cluster) + clusters[name] = c.envoyGen.Cluster(cluster) } } for name, ec := range root.GetExtensionClusters() { if _, ok := clusters[name]; !ok { - clusters[name] = envoy_v3.ExtensionCluster(ec) + clusters[name] = c.envoyGen.ExtensionCluster(ec) } } for _, cluster := range root.GetDNSNameClusters() { name := envoy.DNSNameClusterName(cluster) if _, ok := clusters[name]; !ok { - clusters[name] = envoy_v3.DNSNameCluster(cluster) + clusters[name] = c.envoyGen.DNSNameCluster(cluster) } } diff --git a/internal/xdscache/v3/cluster_test.go b/internal/xdscache/v3/cluster_test.go index b370948c6e8..4d0346f576c 100644 --- a/internal/xdscache/v3/cluster_test.go +++ b/internal/xdscache/v3/cluster_test.go @@ -35,6 +35,9 @@ import ( ) func TestClusterCacheContents(t *testing.T) { + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() tests := map[string]struct { contents map[string]*envoy_config_cluster_v3.Cluster want []proto.Message @@ -50,7 +53,7 @@ func TestClusterCacheContents(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, }), @@ -60,7 +63,7 @@ func TestClusterCacheContents(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, }), @@ -79,6 +82,9 @@ func TestClusterCacheContents(t *testing.T) { } func TestClusterCacheQuery(t *testing.T) { + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() tests := map[string]struct { contents map[string]*envoy_config_cluster_v3.Cluster query []string @@ -91,7 +97,7 @@ func TestClusterCacheQuery(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, }), @@ -102,7 +108,7 @@ func TestClusterCacheQuery(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, }), @@ -115,7 +121,7 @@ func TestClusterCacheQuery(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, }), @@ -126,7 +132,7 @@ func TestClusterCacheQuery(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, }), @@ -139,7 +145,7 @@ func TestClusterCacheQuery(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, }), @@ -159,6 +165,9 @@ func TestClusterCacheQuery(t *testing.T) { } func TestClusterVisit(t *testing.T) { + envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }).GetConfigSource() tests := map[string]struct { objs []any want map[string]*envoy_config_cluster_v3.Cluster @@ -192,7 +201,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard", }, }), @@ -228,7 +237,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard/https", }, }), @@ -268,7 +277,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_kuard_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard/http", }, TypedExtensionProtocolOptions: map[string]*anypb.Any{ @@ -310,7 +319,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "beurocratic-company-test-domain-1_tiny-cog-department-test-instance_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "beurocratic-company-test-domain-1/tiny-cog-department-test-instance/svc-0", }, }), @@ -358,7 +367,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_backend_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/backend/http", }, }, @@ -367,7 +376,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_backend_8080", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/backend/alt", }, }, @@ -411,7 +420,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_backend_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/backend/http", }, HealthChecks: []*envoy_config_core_v3.HealthCheck{{ @@ -473,7 +482,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_backend_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/backend/http", }, HealthChecks: []*envoy_config_core_v3.HealthCheck{{ @@ -530,7 +539,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_backend_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/backend/http", }, }, @@ -574,7 +583,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_backend_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/backend/http", }, LbPolicy: envoy_config_cluster_v3.Cluster_LEAST_REQUEST, @@ -619,7 +628,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_backend_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/backend/http", }, LbPolicy: envoy_config_cluster_v3.Cluster_RANDOM, @@ -671,7 +680,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_backend_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/backend/http", }, LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, @@ -718,7 +727,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_backend_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/backend/http", }, }, @@ -763,7 +772,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_kuard_80", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard/http", }, CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ @@ -817,7 +826,7 @@ func TestClusterVisit(t *testing.T) { AltStatName: "default_kuard_443", ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.ConfigSource("contour"), + EdsConfig: envoyConfigSource, ServiceName: "default/kuard/https", }, }), diff --git a/internal/xdscache/v3/listener.go b/internal/xdscache/v3/listener.go index 6176fdcaad0..ea23aee8ff6 100644 --- a/internal/xdscache/v3/listener.go +++ b/internal/xdscache/v3/listener.go @@ -281,7 +281,8 @@ type ListenerCache struct { values map[string]*envoy_config_listener_v3.Listener staticValues map[string]*envoy_config_listener_v3.Listener - Config ListenerConfig + envoyGen *envoy_v3.EnvoyGen + Config ListenerConfig contour.Cond } @@ -291,13 +292,15 @@ func NewListenerCache( metricsConfig contour_v1alpha1.MetricsConfig, healthConfig contour_v1alpha1.HealthConfig, adminPort int, + envoyGen *envoy_v3.EnvoyGen, ) *ListenerCache { listenerCache := &ListenerCache{ Config: listenerConfig, staticValues: map[string]*envoy_config_listener_v3.Listener{}, + envoyGen: envoyGen, } - for _, l := range envoy_v3.StatsListeners(metricsConfig, healthConfig) { + for _, l := range envoyGen.StatsListeners(metricsConfig, healthConfig) { listenerCache.staticValues[l.Name] = l } @@ -392,7 +395,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { // Note: Ensure the filter chain order matches with the filter chain // order for the HTTPS virtualhosts. if len(listener.VirtualHosts) > 0 { - cm := envoy_v3.HTTPConnectionManagerBuilder(). + cm := c.envoyGen.HTTPConnectionManagerBuilder(). Codec(envoy_v3.CodecForVersions(cfg.DefaultHTTPVersions...)). DefaultFilters(). RouteConfigName(httpRouteConfigName(listener)). @@ -464,7 +467,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { // metrics prefix to keep compatibility with previous // Contour versions since the metrics prefix will be // coded into monitoring dashboards. - cm := envoy_v3.HTTPConnectionManagerBuilder(). + cm := c.envoyGen.HTTPConnectionManagerBuilder(). Codec(envoy_v3.CodecForVersions(cfg.DefaultHTTPVersions...)). AddFilter(envoy_v3.FilterMisdirectedRequests(vh.VirtualHost.Name)). DefaultFilters(). @@ -515,7 +518,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { maxVer = cfg.maxTLSVersion() } - downstreamTLS = envoy_v3.DownstreamTLSContext( + downstreamTLS = c.envoyGen.DownstreamTLSContext( vh.Secret, minVer, maxVer, @@ -534,7 +537,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { if vh.FallbackCertificate != nil && !envoy_v3.ContainsFallbackFilterChain(listeners[listener.Name].FilterChains) { // Construct the downstreamTLSContext passing the configured fallbackCertificate. The TLS min/max ProtocolVersion will use // the value defined in the Contour Configuration file if defined. - downstreamTLS = envoy_v3.DownstreamTLSContext( + downstreamTLS = c.envoyGen.DownstreamTLSContext( vh.FallbackCertificate, cfg.minTLSVersion(), cfg.maxTLSVersion(), @@ -548,7 +551,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { authzFilter = envoy_v3.FilterExternalAuthz(vh.ExternalAuthorization) } - cm := envoy_v3.HTTPConnectionManagerBuilder(). + cm := c.envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). AddFilter(authzFilter). RouteConfigName(fallbackCertRouteConfigName(listener)). diff --git a/internal/xdscache/v3/listener_test.go b/internal/xdscache/v3/listener_test.go index 095f248210a..e40403d6ef0 100644 --- a/internal/xdscache/v3/listener_test.go +++ b/internal/xdscache/v3/listener_test.go @@ -46,6 +46,9 @@ import ( ) func TestListenerCacheContents(t *testing.T) { + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) tests := map[string]struct { contents map[string]*envoy_config_listener_v3.Listener want []proto.Message @@ -58,14 +61,14 @@ func TestListenerCacheContents(t *testing.T) { contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), want: []proto.Message{ &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, }, @@ -83,6 +86,9 @@ func TestListenerCacheContents(t *testing.T) { } func TestListenerCacheQuery(t *testing.T) { + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) tests := map[string]struct { contents map[string]*envoy_config_listener_v3.Listener query []string @@ -92,7 +98,7 @@ func TestListenerCacheQuery(t *testing.T) { contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), query: []string{ENVOY_HTTP_LISTENER}, @@ -100,7 +106,7 @@ func TestListenerCacheQuery(t *testing.T) { &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, }, @@ -109,7 +115,7 @@ func TestListenerCacheQuery(t *testing.T) { contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), query: []string{ENVOY_HTTP_LISTENER, "stats-listener"}, @@ -117,7 +123,7 @@ func TestListenerCacheQuery(t *testing.T) { &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, }, @@ -126,7 +132,7 @@ func TestListenerCacheQuery(t *testing.T) { contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), query: []string{"stats-listener"}, @@ -145,8 +151,11 @@ func TestListenerCacheQuery(t *testing.T) { } func TestListenerVisit(t *testing.T) { + envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + XDSClusterName: envoy_v3.DefaultXDSClusterName, + }) httpsFilterFor := func(vhost string) *envoy_config_listener_v3.Filter { - return envoy_v3.HTTPConnectionManagerBuilder(). + return envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -155,7 +164,7 @@ func TestListenerVisit(t *testing.T) { Get() } - fallbackCertFilter := envoy_v3.HTTPConnectionManagerBuilder(). + fallbackCertFilter := envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). @@ -231,7 +240,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), }, @@ -262,7 +271,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), }, @@ -297,7 +306,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -309,7 +318,7 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -368,7 +377,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -380,13 +389,13 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"sortedfirst.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("sortedfirst.example.com")), }, { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"sortedsecond.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("sortedsecond.example.com")), }}, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -423,7 +432,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), }, @@ -455,7 +464,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -464,7 +473,7 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -528,7 +537,7 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -573,7 +582,7 @@ func TestListenerVisit(t *testing.T) { ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.ProxyProtocol(), ), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -586,7 +595,7 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -627,7 +636,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy("/tmp/http_access.log", "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy("/tmp/http_access.log", "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -639,8 +648,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("whatever.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -686,7 +695,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -695,7 +704,7 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -743,7 +752,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -752,7 +761,7 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -796,7 +805,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -805,7 +814,7 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -848,7 +857,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -857,7 +866,7 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -900,7 +909,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -909,7 +918,7 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, []string{"ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384"}, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, []string{"ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384"}, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -963,7 +972,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). @@ -978,8 +987,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -992,8 +1001,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). @@ -1054,7 +1063,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). @@ -1069,8 +1078,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -1083,8 +1092,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). @@ -1145,7 +1154,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). @@ -1160,8 +1169,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -1174,8 +1183,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). @@ -1236,7 +1245,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). @@ -1251,8 +1260,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -1265,8 +1274,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). @@ -1327,7 +1336,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). @@ -1342,8 +1351,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -1356,8 +1365,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). @@ -1418,7 +1427,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). @@ -1433,8 +1442,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -1447,8 +1456,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). @@ -1502,7 +1511,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -1511,13 +1520,13 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }, { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(fallbackCertFilter), Name: "fallback-certificate", }}, @@ -1590,7 +1599,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -1600,21 +1609,21 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.another.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.another.com")), }, { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }, { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(fallbackCertFilter), Name: "fallback-certificate", }, @@ -1699,7 +1708,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, @@ -1708,7 +1717,7 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -1750,7 +1759,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -1794,7 +1803,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -1838,7 +1847,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -1882,7 +1891,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -1926,7 +1935,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -1971,7 +1980,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -1987,8 +1996,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -2034,7 +2043,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2077,7 +2086,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2120,7 +2129,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2162,7 +2171,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2206,7 +2215,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2222,8 +2231,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -2272,7 +2281,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2288,8 +2297,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -2337,7 +2346,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2353,8 +2362,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -2402,7 +2411,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2418,8 +2427,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -2473,7 +2482,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName("ingress_http"). MetricsPrefix("ingress_http"). AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2546,7 +2555,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2584,8 +2593,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -2673,7 +2682,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). @@ -2710,8 +2719,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -2746,8 +2755,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). @@ -2818,7 +2827,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().TOS(64).TrafficClass(64).Build(), }), }, @@ -2853,7 +2862,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2895,7 +2904,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -2911,8 +2920,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -2958,7 +2967,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -3000,7 +3009,7 @@ func TestListenerVisit(t *testing.T) { want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -3016,8 +3025,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -3064,7 +3073,7 @@ func TestListenerVisit(t *testing.T) { Address: envoy_v3.SocketAddress("0.0.0.0", 8080), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManagerBuilder(). + envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -3106,7 +3115,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -3122,8 +3131,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). @@ -3183,7 +3192,7 @@ func TestListenerVisit(t *testing.T) { Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). + FilterChains: envoy_v3.FilterChains(envoyGen.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). @@ -3199,8 +3208,8 @@ func TestListenerVisit(t *testing.T) { FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), - Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). + TransportSocket: transportSocket(envoyGen, "secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + Filters: envoy_v3.Filters(envoyGen.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). AddFilter(envoy_v3.FilterJWTAuthN([]dag.JWTProvider{{ @@ -3237,7 +3246,8 @@ func TestListenerVisit(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { lc := ListenerCache{ - Config: tc.ListenerConfig, + Config: tc.ListenerConfig, + envoyGen: envoyGen, } lc.OnChange(buildDAGFallback(t, tc.fallbackCertificate, tc.objs...)) @@ -3246,7 +3256,7 @@ func TestListenerVisit(t *testing.T) { } } -func transportSocket(secretName string, tlsMinProtoVersion, tlsMaxProtoVersion envoy_transport_socket_tls_v3.TlsParameters_TlsProtocol, cipherSuites []string, alpnprotos ...string) *envoy_config_core_v3.TransportSocket { +func transportSocket(envoyGen *envoy_v3.EnvoyGen, secretName string, tlsMinProtoVersion, tlsMaxProtoVersion envoy_transport_socket_tls_v3.TlsParameters_TlsProtocol, cipherSuites []string, alpnprotos ...string) *envoy_config_core_v3.TransportSocket { secret := &dag.Secret{ Object: &core_v1.Secret{ ObjectMeta: meta_v1.ObjectMeta{ @@ -3257,8 +3267,9 @@ func transportSocket(secretName string, tlsMinProtoVersion, tlsMaxProtoVersion e Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, } + return envoy_v3.DownstreamTLSTransportSocket( - envoy_v3.DownstreamTLSContext(secret, tlsMinProtoVersion, tlsMaxProtoVersion, cipherSuites, nil, alpnprotos...), + envoyGen.DownstreamTLSContext(secret, tlsMinProtoVersion, tlsMaxProtoVersion, cipherSuites, nil, alpnprotos...), ) } From 926e0932ebe7f6015d1421817701ab6308cd9f48 Mon Sep 17 00:00:00 2001 From: Sotiris Nanopoulos Date: Mon, 20 Jan 2025 10:14:59 -0500 Subject: [PATCH 2/6] kick ci Signed-off-by: Sotiris Nanopoulos From e61e8330e36403a6f1bd3f526c7ec57615ad0d35 Mon Sep 17 00:00:00 2001 From: Sotiris Nanopoulos Date: Thu, 23 Jan 2025 17:06:11 -0500 Subject: [PATCH 3/6] fixup name Signed-off-by: Sotiris Nanopoulos --- cmd/contour/contour.go | 2 +- cmd/contour/serve.go | 2 +- internal/envoy/v3/auth_test.go | 2 +- internal/envoy/v3/bootstrap_test.go | 2 +- internal/envoy/v3/cluster_test.go | 4 +-- internal/envoy/v3/config_gen.go | 2 +- internal/envoy/v3/listener_test.go | 10 +++---- internal/envoy/v3/socket_test.go | 4 +-- internal/envoy/v3/stats_test.go | 2 +- .../featuretests/v3/backendclientauth_test.go | 2 +- internal/featuretests/v3/cluster_test.go | 8 +++--- internal/featuretests/v3/envoy.go | 28 +++++++++---------- internal/featuretests/v3/externalname_test.go | 2 +- internal/featuretests/v3/featuretests.go | 2 +- .../v3/global_authorization_test.go | 2 +- .../featuretests/v3/globalratelimit_test.go | 2 +- internal/featuretests/v3/listeners_test.go | 16 +++++------ .../v3/loadbalancerpolicy_test.go | 8 +++--- internal/featuretests/v3/timeouts_test.go | 4 +-- .../v3/tlsprotocolversion_test.go | 2 +- internal/featuretests/v3/tracing_test.go | 2 +- internal/xdscache/v3/cluster_test.go | 6 ++-- internal/xdscache/v3/listener_test.go | 6 ++-- 23 files changed, 60 insertions(+), 60 deletions(-) diff --git a/cmd/contour/contour.go b/cmd/contour/contour.go index c7c9ef1a9df..8fb99cfddcc 100644 --- a/cmd/contour/contour.go +++ b/cmd/contour/contour.go @@ -104,7 +104,7 @@ func main() { if err := envoy.ValidAdminAddress(bootstrapCtx.AdminAddress); err != nil { log.WithField("flag", "--admin-address").WithError(err).Fatal("failed to parse bootstrap args") } - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) if err := envoyGen.WriteBootstrap(bootstrapCtx); err != nil { diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index 1a67f06fc3c..3ae89f5de70 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -493,7 +493,7 @@ func (s *Server) doServe() error { endpointHandler = xdscache_v3.NewEndpointsTranslator(s.log.WithField("context", "endpointstranslator")) } - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) diff --git a/internal/envoy/v3/auth_test.go b/internal/envoy/v3/auth_test.go index e935eb87de7..ad7f29bcb49 100644 --- a/internal/envoy/v3/auth_test.go +++ b/internal/envoy/v3/auth_test.go @@ -174,7 +174,7 @@ func TestUpstreamTLSContext(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - e := NewEnvoysGen(EnvoyGenOpt{ + e := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) got := e.UpstreamTLSContext(tc.validation, tc.externalName, nil, tc.upstreamTLS, tc.alpnProtocols...) diff --git a/internal/envoy/v3/bootstrap_test.go b/internal/envoy/v3/bootstrap_test.go index d116e20cab1..7da5218e8b1 100644 --- a/internal/envoy/v3/bootstrap_test.go +++ b/internal/envoy/v3/bootstrap_test.go @@ -2010,7 +2010,7 @@ func TestBootstrap(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { tc := tc - envoyGen := NewEnvoysGen(EnvoyGenOpt{ + envoyGen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) steps, gotError := envoyGen.bootstrap(&tc.config) diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index 762b12f5fb0..1f162522d8b 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -137,7 +137,7 @@ func TestCluster(t *testing.T) { }, } - envoyGen := NewEnvoysGen(EnvoyGenOpt{ + envoyGen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) edsConfig := envoyGen.GetConfigSource() @@ -879,7 +879,7 @@ func TestCluster(t *testing.T) { } func TestDNSNameCluster(t *testing.T) { - envoyGen := NewEnvoysGen(EnvoyGenOpt{ + envoyGen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) tests := map[string]struct { diff --git a/internal/envoy/v3/config_gen.go b/internal/envoy/v3/config_gen.go index bc80893d0f8..e36744ed63d 100644 --- a/internal/envoy/v3/config_gen.go +++ b/internal/envoy/v3/config_gen.go @@ -31,7 +31,7 @@ type EnvoyGenOpt struct { XDSClusterName string } -func NewEnvoysGen(opt EnvoyGenOpt) *EnvoyGen { +func NewEnvoyGen(opt EnvoyGenOpt) *EnvoyGen { return &EnvoyGen{ xdsClusterName: opt.XDSClusterName, } diff --git a/internal/envoy/v3/listener_test.go b/internal/envoy/v3/listener_test.go index 097b0deed36..3ee3fd59cfa 100644 --- a/internal/envoy/v3/listener_test.go +++ b/internal/envoy/v3/listener_test.go @@ -78,7 +78,7 @@ func TestProtoNamesForVersions(t *testing.T) { } func TestListener(t *testing.T) { - envoygen := NewEnvoysGen(EnvoyGenOpt{ + envoygen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) @@ -473,7 +473,7 @@ func TestDownstreamTLSContext(t *testing.T) { }, } - envoyGen := NewEnvoysGen(EnvoyGenOpt{ + envoyGen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) @@ -585,7 +585,7 @@ func TestDownstreamTLSContext(t *testing.T) { } func TestHTTPConnectionManager(t *testing.T) { - envoyGen := NewEnvoysGen(EnvoyGenOpt{ + envoyGen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) defaultHTTPFilters := []*envoy_filter_network_http_connection_manager_v3.HttpFilter{ @@ -1731,7 +1731,7 @@ func TestFilterChainTLS_Match(t *testing.T) { // TestBuilderValidation tests that validation checks that // DefaultFilters adds the required HTTP connection manager filters. func TestBuilderValidation(t *testing.T) { - envoygen := NewEnvoysGen(EnvoyGenOpt{ + envoygen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) @@ -1843,7 +1843,7 @@ func TestAddFilter(t *testing.T) { }, } - envoygen := NewEnvoysGen(EnvoyGenOpt{ + envoygen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) diff --git a/internal/envoy/v3/socket_test.go b/internal/envoy/v3/socket_test.go index 26337beb5b9..2b27149a085 100644 --- a/internal/envoy/v3/socket_test.go +++ b/internal/envoy/v3/socket_test.go @@ -26,7 +26,7 @@ import ( ) func TestUpstreamTLSTransportSocket(t *testing.T) { - envoyGen := NewEnvoysGen(EnvoyGenOpt{ + envoyGen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) tests := map[string]struct { @@ -53,7 +53,7 @@ func TestUpstreamTLSTransportSocket(t *testing.T) { } func TestDownstreamTLSTransportSocket(t *testing.T) { - envoyGen := NewEnvoysGen(EnvoyGenOpt{ + envoyGen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) serverSecret := &dag.Secret{ diff --git a/internal/envoy/v3/stats_test.go b/internal/envoy/v3/stats_test.go index 465069e90a1..b86b37dab97 100644 --- a/internal/envoy/v3/stats_test.go +++ b/internal/envoy/v3/stats_test.go @@ -115,7 +115,7 @@ func TestStatsListeners(t *testing.T) { }, } - envoyGen := NewEnvoysGen(EnvoyGenOpt{ + envoyGen := NewEnvoyGen(EnvoyGenOpt{ XDSClusterName: DefaultXDSClusterName, }) diff --git a/internal/featuretests/v3/backendclientauth_test.go b/internal/featuretests/v3/backendclientauth_test.go index 770e41b700f..3cbc8519787 100644 --- a/internal/featuretests/v3/backendclientauth_test.go +++ b/internal/featuretests/v3/backendclientauth_test.go @@ -181,7 +181,7 @@ func TestBackendClientAuthenticationWithIngress(t *testing.T) { } func TestBackendClientAuthenticationWithExtensionService(t *testing.T) { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) rh, c, done := setup(t, proxyClientCertificateOpt(t)) diff --git a/internal/featuretests/v3/cluster_test.go b/internal/featuretests/v3/cluster_test.go index c53db04a9cc..0d8caae75a0 100644 --- a/internal/featuretests/v3/cluster_test.go +++ b/internal/featuretests/v3/cluster_test.go @@ -423,7 +423,7 @@ func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { rh, c, done := setup(t, circuitBreakerGlobalOpt(t, g)) defer done() - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() @@ -562,7 +562,7 @@ func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { rh, c, done := setup(t, circuitBreakerGlobalOpt(t, g)) defer done() - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() s1 := fixture.NewService("kuard"). @@ -708,7 +708,7 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { rh, c, done := setup(t, circuitBreakerGlobalOpt(t, g)) defer done() - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() s1 := fixture.NewService("kuard"). @@ -941,7 +941,7 @@ func TestClusterLoadBalancerStrategyPerRoute(t *testing.T) { rh, c, done := setup(t) defer done() - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() diff --git a/internal/featuretests/v3/envoy.go b/internal/featuretests/v3/envoy.go index 6b96c3490ec..c50e5e25bff 100644 --- a/internal/featuretests/v3/envoy.go +++ b/internal/featuretests/v3/envoy.go @@ -178,7 +178,7 @@ func cluster(name, servicename, statName string) *envoy_config_cluster_v3.Cluste ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: statName, EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + EdsConfig: envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource(), ServiceName: servicename, @@ -199,7 +199,7 @@ func tlsCluster(c *envoy_config_cluster_v3.Cluster, ca *core_v1.Secret, subjectN } c.TransportSocket = envoy_v3.UpstreamTLSTransportSocket( - envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).UpstreamTLSContext( &dag.PeerValidationContext{ @@ -222,7 +222,7 @@ func tlsClusterWithoutValidation(c *envoy_config_cluster_v3.Cluster, sni string, } c.TransportSocket = envoy_v3.UpstreamTLSTransportSocket( - envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).UpstreamTLSContext( nil, @@ -435,7 +435,7 @@ func appendFilterChains(chains ...*envoy_config_listener_v3.FilterChain) []*envo func filterchaintls(domain string, secret *core_v1.Secret, filter *envoy_config_listener_v3.Filter, peerValidationContext *dag.PeerValidationContext, alpn ...string) *envoy_config_listener_v3.FilterChain { return envoy_v3.FilterChainTLS( domain, - envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).DownstreamTLSContext( &dag.Secret{Object: secret}, @@ -450,7 +450,7 @@ func filterchaintls(domain string, secret *core_v1.Secret, filter *envoy_config_ // filterchaintlsfallback returns a FilterChain for the given TLS fallback certificate. func filterchaintlsfallback(fallbackSecret *core_v1.Secret, peerValidationContext *dag.PeerValidationContext, alpn ...string) *envoy_config_listener_v3.FilterChain { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) return envoy_v3.FilterChainTLSFallback( @@ -475,7 +475,7 @@ func filterchaintlsfallback(fallbackSecret *core_v1.Secret, peerValidationContex // filterchaintlsfallbackauthz does same thing as filterchaintlsfallback but inserts a // `ext_authz` filter with the specified configuration into the filter chain. func filterchaintlsfallbackauthz(fallbackSecret *core_v1.Secret, authz *envoy_filter_http_ext_authz_v3.ExtAuthz, peerValidationContext *dag.PeerValidationContext, alpn ...string) *envoy_config_listener_v3.FilterChain { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) return envoy_v3.FilterChainTLSFallback( @@ -504,7 +504,7 @@ func filterchaintlsfallbackauthz(fallbackSecret *core_v1.Secret, authz *envoy_fi } func httpsFilterFor(vhost string) *envoy_config_listener_v3.Filter { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) return envoyGen.HTTPConnectionManagerBuilder(). @@ -517,7 +517,7 @@ func httpsFilterFor(vhost string) *envoy_config_listener_v3.Filter { } func httpFilterForGateway() *envoy_config_listener_v3.Filter { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) return envoyGen.HTTPConnectionManagerBuilder(). @@ -529,7 +529,7 @@ func httpFilterForGateway() *envoy_config_listener_v3.Filter { } func httpsFilterForGateway(listener, vhost string) *envoy_config_listener_v3.Filter { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) return envoyGen.HTTPConnectionManagerBuilder(). @@ -545,7 +545,7 @@ func httpsFilterForGateway(listener, vhost string) *envoy_config_listener_v3.Fil // httpsFilterWithXfccFor does the same as httpsFilterFor but enable // client certs details forwarding func httpsFilterWithXfccFor(vhost string, d *dag.ClientCertificateDetails) *envoy_config_listener_v3.Filter { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) return envoyGen.HTTPConnectionManagerBuilder(). @@ -565,7 +565,7 @@ func authzFilterFor( vhost string, authz *envoy_filter_http_ext_authz_v3.ExtAuthz, ) *envoy_config_listener_v3.Filter { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) return envoyGen.HTTPConnectionManagerBuilder(). @@ -587,7 +587,7 @@ func jwtAuthnFilterFor( vhost string, jwt *envoy_filter_http_jwt_authn_v3.JwtAuthentication, ) *envoy_config_listener_v3.Filter { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) return envoyGen.HTTPConnectionManagerBuilder(). @@ -652,7 +652,7 @@ func tcpproxyWeighted(statPrefix string, clusters ...clusterWeight) *envoy_confi func statsListener() *envoy_config_listener_v3.Listener { // Single listener with metrics and health endpoints. - listeners := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + listeners := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).StatsListeners( contour_v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, @@ -665,7 +665,7 @@ func envoyAdminListener(port int) *envoy_config_listener_v3.Listener { } func defaultHTTPListener() *envoy_config_listener_v3.Listener { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) return &envoy_config_listener_v3.Listener{ diff --git a/internal/featuretests/v3/externalname_test.go b/internal/featuretests/v3/externalname_test.go index a3f7a7bfc51..3b2347e4563 100644 --- a/internal/featuretests/v3/externalname_test.go +++ b/internal/featuretests/v3/externalname_test.go @@ -42,7 +42,7 @@ func TestExternalNameService(t *testing.T) { rh, c, done := setup(t, enableExternalNameService(t)) defer done() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) s1 := fixture.NewService("kuard"). diff --git a/internal/featuretests/v3/featuretests.go b/internal/featuretests/v3/featuretests.go index b3e7cbfa157..559f6bb9ad4 100644 --- a/internal/featuretests/v3/featuretests.go +++ b/internal/featuretests/v3/featuretests.go @@ -93,7 +93,7 @@ func setup(t *testing.T, opts ...any) (ResourceEventHandlerWrapper, *Contour, fu } } - envoyGen := v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) diff --git a/internal/featuretests/v3/global_authorization_test.go b/internal/featuretests/v3/global_authorization_test.go index 8a9a629c198..36cb797386c 100644 --- a/internal/featuretests/v3/global_authorization_test.go +++ b/internal/featuretests/v3/global_authorization_test.go @@ -859,7 +859,7 @@ func TestGlobalAuthorization(t *testing.T) { // getGlobalExtAuthHCM returns a HTTP Connection Manager with Global External Authorization configured. func getGlobalExtAuthHCM() *envoy_config_listener_v3.Filter { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: "contour", }) return envoyGen.HTTPConnectionManagerBuilder(). diff --git a/internal/featuretests/v3/globalratelimit_test.go b/internal/featuretests/v3/globalratelimit_test.go index 759655a98dc..2374da0ce39 100644 --- a/internal/featuretests/v3/globalratelimit_test.go +++ b/internal/featuretests/v3/globalratelimit_test.go @@ -64,7 +64,7 @@ func globalRateLimitFilterExists(t *testing.T, rh ResourceEventHandlerWrapper, c httpListener := defaultHTTPListener() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) diff --git a/internal/featuretests/v3/listeners_test.go b/internal/featuretests/v3/listeners_test.go index 2c1038ea0a0..b7b4270e62c 100644 --- a/internal/featuretests/v3/listeners_test.go +++ b/internal/featuretests/v3/listeners_test.go @@ -51,7 +51,7 @@ func customAdminPort(t *testing.T, port int) []xdscache.ResourceCache { contour_v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, contour_v1alpha1.HealthConfig{Address: "0.0.0.0", Port: 8002}, port, - envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }), ), @@ -277,7 +277,7 @@ func TestHTTPProxyTLSListener(t *testing.T) { rh, c, done := setup(t) defer done() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) secret1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) @@ -432,7 +432,7 @@ func TestTLSListenerCipherSuites(t *testing.T) { }) defer done() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) secret1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) @@ -817,7 +817,7 @@ func TestLDSCustomAccessLogPaths(t *testing.T) { }) defer done() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) @@ -986,7 +986,7 @@ func TestHTTPProxyTLSVersion(t *testing.T) { }) defer done() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) secret1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) @@ -1177,7 +1177,7 @@ func TestHTTPProxyXffNumTrustedHops(t *testing.T) { }) defer done() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) @@ -1234,7 +1234,7 @@ func TestHTTPProxyServerHeaderTransformation(t *testing.T) { }) defer done() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) @@ -1500,7 +1500,7 @@ func TestSocketOptions(t *testing.T) { }) defer done() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) svc1 := fixture.NewService("backend"). diff --git a/internal/featuretests/v3/loadbalancerpolicy_test.go b/internal/featuretests/v3/loadbalancerpolicy_test.go index 99313d061a1..630032aa850 100644 --- a/internal/featuretests/v3/loadbalancerpolicy_test.go +++ b/internal/featuretests/v3/loadbalancerpolicy_test.go @@ -32,7 +32,7 @@ func TestLoadBalancerPolicySessionAffinity(t *testing.T) { rh, c, done := setup(t) defer done() - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() @@ -161,7 +161,7 @@ func TestLoadBalancerPolicyRequestHashHeader(t *testing.T) { rh, c, done := setup(t) defer done() - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() @@ -238,7 +238,7 @@ func TestLoadBalancerPolicyRequestHashSourceIP(t *testing.T) { rh, c, done := setup(t) defer done() - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() @@ -312,7 +312,7 @@ func TestLoadBalancerPolicyRequestHashQueryParameter(t *testing.T) { rh, c, done := setup(t) defer done() - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() diff --git a/internal/featuretests/v3/timeouts_test.go b/internal/featuretests/v3/timeouts_test.go index 7d0ede484a5..bd658185a7b 100644 --- a/internal/featuretests/v3/timeouts_test.go +++ b/internal/featuretests/v3/timeouts_test.go @@ -35,7 +35,7 @@ func TestTimeoutsNotSpecified(t *testing.T) { rh, c, done := setup(t) defer done() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: "contour", }) @@ -93,7 +93,7 @@ func TestNonZeroTimeoutsSpecified(t *testing.T) { rh, c, done := setup(t, withTimeouts) defer done() - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: "contour", }) diff --git a/internal/featuretests/v3/tlsprotocolversion_test.go b/internal/featuretests/v3/tlsprotocolversion_test.go index d447100dfc2..6f25fda7f84 100644 --- a/internal/featuretests/v3/tlsprotocolversion_test.go +++ b/internal/featuretests/v3/tlsprotocolversion_test.go @@ -40,7 +40,7 @@ func TestTLSProtocolVersion(t *testing.T) { WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(s1) - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) i1 := &networking_v1.Ingress{ diff --git a/internal/featuretests/v3/tracing_test.go b/internal/featuretests/v3/tracing_test.go index 1c144f9f1d7..435361c5d60 100644 --- a/internal/featuretests/v3/tracing_test.go +++ b/internal/featuretests/v3/tracing_test.go @@ -61,7 +61,7 @@ func TestTracing(t *testing.T) { rh, c, done := setup(t, withTrace) defer done() - envoygen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoygen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) diff --git a/internal/xdscache/v3/cluster_test.go b/internal/xdscache/v3/cluster_test.go index 4d0346f576c..2999aa8a1b3 100644 --- a/internal/xdscache/v3/cluster_test.go +++ b/internal/xdscache/v3/cluster_test.go @@ -35,7 +35,7 @@ import ( ) func TestClusterCacheContents(t *testing.T) { - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() tests := map[string]struct { @@ -82,7 +82,7 @@ func TestClusterCacheContents(t *testing.T) { } func TestClusterCacheQuery(t *testing.T) { - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() tests := map[string]struct { @@ -165,7 +165,7 @@ func TestClusterCacheQuery(t *testing.T) { } func TestClusterVisit(t *testing.T) { - envoyConfigSource := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }).GetConfigSource() tests := map[string]struct { diff --git a/internal/xdscache/v3/listener_test.go b/internal/xdscache/v3/listener_test.go index e40403d6ef0..dedad7dbf2e 100644 --- a/internal/xdscache/v3/listener_test.go +++ b/internal/xdscache/v3/listener_test.go @@ -46,7 +46,7 @@ import ( ) func TestListenerCacheContents(t *testing.T) { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) tests := map[string]struct { @@ -86,7 +86,7 @@ func TestListenerCacheContents(t *testing.T) { } func TestListenerCacheQuery(t *testing.T) { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) tests := map[string]struct { @@ -151,7 +151,7 @@ func TestListenerCacheQuery(t *testing.T) { } func TestListenerVisit(t *testing.T) { - envoyGen := envoy_v3.NewEnvoysGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, }) httpsFilterFor := func(vhost string) *envoy_config_listener_v3.Filter { From 2214dd686b79a53ae9ba569fa7af4d28a93ff485 Mon Sep 17 00:00:00 2001 From: Sotiris Nanopoulos Date: Thu, 23 Jan 2025 17:33:26 -0500 Subject: [PATCH 4/6] stop exporting some functions from the package Signed-off-by: Sotiris Nanopoulos --- design/external-authorization-design.md | 2 +- internal/envoy/v3/bootstrap.go | 8 ++++---- internal/envoy/v3/cluster.go | 6 +++--- internal/envoy/v3/cluster_test.go | 16 ++++++++-------- internal/envoy/v3/endpoint.go | 4 ++-- internal/envoy/v3/endpoint_test.go | 4 ++-- internal/envoy/v3/listener.go | 4 ++-- internal/envoy/v3/ratelimit.go | 4 ++-- internal/envoy/v3/ratelimit_test.go | 2 +- internal/envoy/v3/regex.go | 6 +++--- internal/envoy/v3/regex_test.go | 2 +- internal/envoy/v3/route.go | 18 +++++++++--------- internal/envoy/v3/route_test.go | 4 ++-- 13 files changed, 40 insertions(+), 40 deletions(-) diff --git a/design/external-authorization-design.md b/design/external-authorization-design.md index 8a298bfc914..1f9fe6051be 100644 --- a/design/external-authorization-design.md +++ b/design/external-authorization-design.md @@ -34,7 +34,7 @@ This document describes a design for performing request authorization for virtua A new `ExtensionService` CRD adds a way to represent and track an authorization service. This CRD is relatively generic, so that it can be reused for Envoy rate limiting and logging services. The core of the `ExtensionService` CRD is subset of the `projectcontour.v1.HTTPProxy` `Service` specification. -Re-using the `Service` type allows the operator to specify configuration in familiar and consistent terms, especially TLS configuration. +Reusing the `Service` type allows the operator to specify configuration in familiar and consistent terms, especially TLS configuration. Note that only the Envoy [GRPC authorization protocol][2] will be supported. The GRPC protocol is a superset of the HTTP protocol and requires less configuration. diff --git a/internal/envoy/v3/bootstrap.go b/internal/envoy/v3/bootstrap.go index 614d8c48129..af242791877 100644 --- a/internal/envoy/v3/bootstrap.go +++ b/internal/envoy/v3/bootstrap.go @@ -196,7 +196,7 @@ func (e *EnvoyGen) bootstrapConfig(c *envoy.BootstrapConfig) *envoy_config_boots Name: "contour", AltStatName: strings.Join([]string{c.Namespace, "contour", strconv.Itoa(c.GetXdsGRPCPort())}, "_"), ConnectTimeout: durationpb.New(5 * time.Second), - ClusterDiscoveryType: ClusterDiscoveryTypeForAddress(c.GetXdsAddress(), envoy_config_cluster_v3.Cluster_STRICT_DNS), + ClusterDiscoveryType: clusterDiscoveryTypeForAddress(c.GetXdsAddress(), envoy_config_cluster_v3.Cluster_STRICT_DNS), LbPolicy: envoy_config_cluster_v3.Cluster_ROUND_ROBIN, LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "contour", @@ -233,12 +233,12 @@ func (e *EnvoyGen) bootstrapConfig(c *envoy.BootstrapConfig) *envoy_config_boots Name: "envoy-admin", AltStatName: strings.Join([]string{c.Namespace, "envoy-admin", strconv.Itoa(c.GetAdminPort())}, "_"), ConnectTimeout: durationpb.New(250 * time.Millisecond), - ClusterDiscoveryType: ClusterDiscoveryTypeForAddress(c.GetAdminAddress(), envoy_config_cluster_v3.Cluster_STATIC), + ClusterDiscoveryType: clusterDiscoveryTypeForAddress(c.GetAdminAddress(), envoy_config_cluster_v3.Cluster_STATIC), LbPolicy: envoy_config_cluster_v3.Cluster_ROUND_ROBIN, LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "envoy-admin", Endpoints: Endpoints( - UnixSocketAddress(c.GetAdminAddress()), + unixSocketAddress(c.GetAdminAddress()), ), }, }}, @@ -249,7 +249,7 @@ func (e *EnvoyGen) bootstrapConfig(c *envoy.BootstrapConfig) *envoy_config_boots }, Admin: &envoy_config_bootstrap_v3.Admin{ AccessLog: adminAccessLog(c.GetAdminAccessLogPath()), - Address: UnixSocketAddress(c.GetAdminAddress()), + Address: unixSocketAddress(c.GetAdminAddress()), }, } if c.MaximumHeapSizeBytes > 0 { diff --git a/internal/envoy/v3/cluster.go b/internal/envoy/v3/cluster.go index 667de51d4d7..e77795a15ae 100644 --- a/internal/envoy/v3/cluster.go +++ b/internal/envoy/v3/cluster.go @@ -71,7 +71,7 @@ func (e *EnvoyGen) Cluster(c *dag.Cluster) *envoy_config_cluster_v3.Cluster { } cluster.ClusterDiscoveryType = clusterDiscoveryType - cluster.LoadAssignment = ExternalNameClusterLoadAssignment(service) + cluster.LoadAssignment = externalNameClusterLoadAssignment(service) } // Drain connections immediately if using healthchecks and the endpoint is known to be removed @@ -300,10 +300,10 @@ func ClusterDiscoveryType(t envoy_config_cluster_v3.Cluster_DiscoveryType) *envo return &envoy_config_cluster_v3.Cluster_Type{Type: t} } -// ClusterDiscoveryTypeForAddress returns the type of a ClusterDiscovery as a Cluster_type. +// clusterDiscoveryTypeForAddress returns the type of a ClusterDiscovery as a Cluster_type. // If the provided address is an IP, overrides the type to STATIC, otherwise uses the // passed in type. -func ClusterDiscoveryTypeForAddress(address string, t envoy_config_cluster_v3.Cluster_DiscoveryType) *envoy_config_cluster_v3.Cluster_Type { +func clusterDiscoveryTypeForAddress(address string, t envoy_config_cluster_v3.Cluster_DiscoveryType) *envoy_config_cluster_v3.Cluster_Type { clusterType := t if net.ParseIP(address) != nil { clusterType = envoy_config_cluster_v3.Cluster_STATIC diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index 1f162522d8b..a7620f05a4b 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -220,7 +220,7 @@ func TestCluster(t *testing.T) { Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), + LoadAssignment: externalNameClusterLoadAssignment(service(s2)), }, }, "externalName service healthcheckport": { @@ -231,7 +231,7 @@ func TestCluster(t *testing.T) { Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: ExternalNameClusterLoadAssignment(healthcheckService(s3)), + LoadAssignment: externalNameClusterLoadAssignment(healthcheckService(s3)), }, }, "externalName service - dns-lookup-family v4": { @@ -243,7 +243,7 @@ func TestCluster(t *testing.T) { Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), + LoadAssignment: externalNameClusterLoadAssignment(service(s2)), DnsLookupFamily: envoy_config_cluster_v3.Cluster_V4_ONLY, }, }, @@ -256,7 +256,7 @@ func TestCluster(t *testing.T) { Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), + LoadAssignment: externalNameClusterLoadAssignment(service(s2)), DnsLookupFamily: envoy_config_cluster_v3.Cluster_V6_ONLY, }, }, @@ -269,7 +269,7 @@ func TestCluster(t *testing.T) { Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), + LoadAssignment: externalNameClusterLoadAssignment(service(s2)), DnsLookupFamily: envoy_config_cluster_v3.Cluster_AUTO, }, }, @@ -282,7 +282,7 @@ func TestCluster(t *testing.T) { Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_LOGICAL_DNS), - LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), + LoadAssignment: externalNameClusterLoadAssignment(service(s2)), DnsLookupFamily: envoy_config_cluster_v3.Cluster_ALL, }, }, @@ -295,7 +295,7 @@ func TestCluster(t *testing.T) { Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), + LoadAssignment: externalNameClusterLoadAssignment(service(s2)), DnsLookupFamily: envoy_config_cluster_v3.Cluster_AUTO, }, }, @@ -327,7 +327,7 @@ func TestCluster(t *testing.T) { Name: "default/kuard/443/a996a742af", AltStatName: "default_kuard_443", ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: ExternalNameClusterLoadAssignment(service(svcExternal, "tls")), + LoadAssignment: externalNameClusterLoadAssignment(service(svcExternal, "tls")), TransportSocket: UpstreamTLSTransportSocket( envoyGen.UpstreamTLSContext(nil, "projectcontour.local", nil, nil), ), diff --git a/internal/envoy/v3/endpoint.go b/internal/envoy/v3/endpoint.go index abec93ef006..3bbf183f937 100644 --- a/internal/envoy/v3/endpoint.go +++ b/internal/envoy/v3/endpoint.go @@ -75,8 +75,8 @@ func ClusterLoadAssignment(name string, addrs ...*envoy_config_core_v3.Address) } } -// ExternalNameClusterLoadAssignment creates a *envoy_config_endpoint_v3.ClusterLoadAssignment pointing to service's ExternalName DNS address. -func ExternalNameClusterLoadAssignment(service *dag.Service) *envoy_config_endpoint_v3.ClusterLoadAssignment { +// externalNameClusterLoadAssignment creates a *envoy_config_endpoint_v3.ClusterLoadAssignment pointing to service's ExternalName DNS address. +func externalNameClusterLoadAssignment(service *dag.Service) *envoy_config_endpoint_v3.ClusterLoadAssignment { cla := ClusterLoadAssignment( xds.ClusterLoadAssignmentName( types.NamespacedName{Name: service.Weighted.ServiceName, Namespace: service.Weighted.ServiceNamespace}, diff --git a/internal/envoy/v3/endpoint_test.go b/internal/envoy/v3/endpoint_test.go index 1bb8f3a2ad6..90761f1eb3e 100644 --- a/internal/envoy/v3/endpoint_test.go +++ b/internal/envoy/v3/endpoint_test.go @@ -144,7 +144,7 @@ func TestExternalNameClusterLoadAssignment(t *testing.T) { ExternalName: "foo.io", } - got := ExternalNameClusterLoadAssignment(s1) + got := externalNameClusterLoadAssignment(s1) want := &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/kuard/http", Endpoints: Endpoints( @@ -153,7 +153,7 @@ func TestExternalNameClusterLoadAssignment(t *testing.T) { } protobuf.RequireEqual(t, want, got) - got = ExternalNameClusterLoadAssignment(s2) + got = externalNameClusterLoadAssignment(s2) want = &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/kuard/http", Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ diff --git a/internal/envoy/v3/listener.go b/internal/envoy/v3/listener.go index 61c6be9b169..bb0ad88d948 100644 --- a/internal/envoy/v3/listener.go +++ b/internal/envoy/v3/listener.go @@ -674,8 +674,8 @@ func TCPProxy(statPrefix string, proxy *dag.TCPProxy, accesslogger []*envoy_conf } } -// UnixSocketAddress creates a new Unix Socket envoy_config_core_v3.Address. -func UnixSocketAddress(address string) *envoy_config_core_v3.Address { +// unixSocketAddress creates a new Unix Socket envoy_config_core_v3.Address. +func unixSocketAddress(address string) *envoy_config_core_v3.Address { return &envoy_config_core_v3.Address{ Address: &envoy_config_core_v3.Address_Pipe{ Pipe: &envoy_config_core_v3.Pipe{ diff --git a/internal/envoy/v3/ratelimit.go b/internal/envoy/v3/ratelimit.go index 024f0bb48b4..000e9cb8a6c 100644 --- a/internal/envoy/v3/ratelimit.go +++ b/internal/envoy/v3/ratelimit.go @@ -33,9 +33,9 @@ import ( "github.com/projectcontour/contour/internal/timeout" ) -// LocalRateLimitConfig returns a config for the HTTP local rate +// localRateLimitConfig returns a config for the HTTP local rate // limit filter. -func LocalRateLimitConfig(config *dag.LocalRateLimitPolicy, statPrefix string) *anypb.Any { +func localRateLimitConfig(config *dag.LocalRateLimitPolicy, statPrefix string) *anypb.Any { if config == nil { return nil } diff --git a/internal/envoy/v3/ratelimit_test.go b/internal/envoy/v3/ratelimit_test.go index c9f376133ed..85a8a35d55c 100644 --- a/internal/envoy/v3/ratelimit_test.go +++ b/internal/envoy/v3/ratelimit_test.go @@ -89,7 +89,7 @@ func TestLocalRateLimitConfig(t *testing.T) { } for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := LocalRateLimitConfig(tc.policy, tc.statPrefix) + got := localRateLimitConfig(tc.policy, tc.statPrefix) assert.Equal(t, tc.want, got) }) } diff --git a/internal/envoy/v3/regex.go b/internal/envoy/v3/regex.go index 60835b2d7a2..877d06626d7 100644 --- a/internal/envoy/v3/regex.go +++ b/internal/envoy/v3/regex.go @@ -17,9 +17,9 @@ import ( envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" ) -// SafeRegexMatch returns a envoy_matcher_v3.RegexMatcher for the supplied regex. -// SafeRegexMatch does not escape regex meta characters. -func SafeRegexMatch(regex string) *envoy_matcher_v3.RegexMatcher { +// safeRegexMatch returns a envoy_matcher_v3.RegexMatcher for the supplied regex. +// safeRegexMatch does not escape regex meta characters. +func safeRegexMatch(regex string) *envoy_matcher_v3.RegexMatcher { return &envoy_matcher_v3.RegexMatcher{ Regex: regex, } diff --git a/internal/envoy/v3/regex_test.go b/internal/envoy/v3/regex_test.go index 84a666feae3..e87e9082175 100644 --- a/internal/envoy/v3/regex_test.go +++ b/internal/envoy/v3/regex_test.go @@ -46,7 +46,7 @@ func TestSafeRegexMatch(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := SafeRegexMatch(tc.regex) + got := safeRegexMatch(tc.regex) protobuf.ExpectEqual(t, tc.want, got) }) } diff --git a/internal/envoy/v3/route.go b/internal/envoy/v3/route.go index 4cd4ea75425..86a5a254ad5 100644 --- a/internal/envoy/v3/route.go +++ b/internal/envoy/v3/route.go @@ -63,7 +63,7 @@ func VirtualHostAndRoutes(vh *dag.VirtualHost, dagRoutes []*dag.Route, secure bo if evh.TypedPerFilterConfig == nil { evh.TypedPerFilterConfig = map[string]*anypb.Any{} } - evh.TypedPerFilterConfig[LocalRateLimitFilterName] = LocalRateLimitConfig(vh.RateLimitPolicy.Local, "vhost."+vh.Name) + evh.TypedPerFilterConfig[LocalRateLimitFilterName] = localRateLimitConfig(vh.RateLimitPolicy.Local, "vhost."+vh.Name) } if vh.RateLimitPolicy != nil && vh.RateLimitPolicy.Global != nil { @@ -155,7 +155,7 @@ func buildRoute(dagRoute *dag.Route, vhostName string, secure bool) *envoy_confi // Apply per-route local rate limit policy. if dagRoute.RateLimitPolicy != nil && dagRoute.RateLimitPolicy.Local != nil { - route.TypedPerFilterConfig[LocalRateLimitFilterName] = LocalRateLimitConfig(dagRoute.RateLimitPolicy.Local, "vhost."+vhostName) + route.TypedPerFilterConfig[LocalRateLimitFilterName] = localRateLimitConfig(dagRoute.RateLimitPolicy.Local, "vhost."+vhostName) } if dagRoute.RateLimitPerRoute != nil { @@ -292,7 +292,7 @@ func PathRouteMatch(pathMatchCondition dag.MatchCondition) *envoy_config_route_v PathSpecifier: &envoy_config_route_v3.RouteMatch_SafeRegex{ // Add an anchor since we at the very least have a / as a string literal prefix. // Reduces regex program size so Envoy doesn't reject long prefix matches. - SafeRegex: SafeRegexMatch("^" + c.Regex), + SafeRegex: safeRegexMatch("^" + c.Regex), }, } case *dag.PrefixMatchCondition: @@ -379,7 +379,7 @@ func routeRedirect(redirect *dag.Redirect) *envoy_config_route_v3.Route_Redirect case len(redirect.PathRewritePolicy.PrefixRegexRemove) > 0: r.Redirect.PathRewriteSpecifier = &envoy_config_route_v3.RedirectAction_RegexRewrite{ RegexRewrite: &envoy_matcher_v3.RegexMatchAndSubstitute{ - Pattern: SafeRegexMatch(redirect.PathRewritePolicy.PrefixRegexRemove), + Pattern: safeRegexMatch(redirect.PathRewritePolicy.PrefixRegexRemove), Substitution: "/", }, } @@ -416,12 +416,12 @@ func routeRoute(r *dag.Route) *envoy_config_route_v3.Route_Route { ra.PrefixRewrite = r.PathRewritePolicy.PrefixRewrite case len(r.PathRewritePolicy.FullPathRewrite) > 0: ra.RegexRewrite = &envoy_matcher_v3.RegexMatchAndSubstitute{ - Pattern: SafeRegexMatch("^/.*$"), // match the entire path + Pattern: safeRegexMatch("^/.*$"), // match the entire path Substitution: r.PathRewritePolicy.FullPathRewrite, } case len(r.PathRewritePolicy.PrefixRegexRemove) > 0: ra.RegexRewrite = &envoy_matcher_v3.RegexMatchAndSubstitute{ - Pattern: SafeRegexMatch(r.PathRewritePolicy.PrefixRegexRemove), + Pattern: safeRegexMatch(r.PathRewritePolicy.PrefixRegexRemove), Substitution: "/", } } @@ -745,7 +745,7 @@ func corsPolicy(cp *dag.CORSPolicy) *envoy_filter_http_cors_v3.CorsPolicy { m.IgnoreCase = true case dag.CORSAllowOriginMatchRegex: m.MatchPattern = &envoy_matcher_v3.StringMatcher_SafeRegex{ - SafeRegex: SafeRegexMatch(ao.Value), + SafeRegex: safeRegexMatch(ao.Value), } } ecp.AllowOriginStringMatch = append(ecp.AllowOriginStringMatch, m) @@ -794,7 +794,7 @@ func headerMatcher(headers []dag.HeaderMatchCondition) []*envoy_config_route_v3. header.HeaderMatchSpecifier = &envoy_config_route_v3.HeaderMatcher_StringMatch{ StringMatch: &envoy_matcher_v3.StringMatcher{ MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ - SafeRegex: SafeRegexMatch(h.Value), + SafeRegex: safeRegexMatch(h.Value), }, }, } @@ -838,7 +838,7 @@ func queryParamMatcher(queryParams []dag.QueryParamMatchCondition) []*envoy_conf queryParam.QueryParameterMatchSpecifier = &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ StringMatch: &envoy_matcher_v3.StringMatcher{ MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ - SafeRegex: SafeRegexMatch(q.Value), + SafeRegex: safeRegexMatch(q.Value), }, }, } diff --git a/internal/envoy/v3/route_test.go b/internal/envoy/v3/route_test.go index 152776134ae..e12c0454a3c 100644 --- a/internal/envoy/v3/route_test.go +++ b/internal/envoy/v3/route_test.go @@ -2186,7 +2186,7 @@ func TestRouteMatch(t *testing.T) { // is permitted to be a bare regex. // We add an anchor since we should always have a / prefix to reduce // complexity. - SafeRegex: SafeRegexMatch("^/v.1/*"), + SafeRegex: safeRegexMatch("^/v.1/*"), }, }, }, @@ -2576,7 +2576,7 @@ func TestRouteMatch(t *testing.T) { QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ StringMatch: &envoy_matcher_v3.StringMatcher{ MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ - SafeRegex: SafeRegexMatch("^query-.*"), + SafeRegex: safeRegexMatch("^query-.*"), }, }, }, From 3544fe856c2815e8938a2e98235f7222cc7b5cd5 Mon Sep 17 00:00:00 2001 From: Sotiris Nanopoulos Date: Thu, 23 Jan 2025 17:46:28 -0500 Subject: [PATCH 5/6] make grpcService not exported Signed-off-by: Sotiris Nanopoulos --- internal/envoy/v3/cluster.go | 22 +++------------------- internal/envoy/v3/config_gen.go | 2 +- internal/envoy/v3/listener.go | 6 +++--- internal/envoy/v3/ratelimit.go | 2 +- internal/envoy/v3/tracing.go | 2 +- internal/xdscache/v3/cluster_test.go | 9 ++++++--- 6 files changed, 15 insertions(+), 28 deletions(-) diff --git a/internal/envoy/v3/cluster.go b/internal/envoy/v3/cluster.go index e77795a15ae..4717b966f8b 100644 --- a/internal/envoy/v3/cluster.go +++ b/internal/envoy/v3/cluster.go @@ -61,7 +61,7 @@ func (e *EnvoyGen) Cluster(c *dag.Cluster) *envoy_config_cluster_v3.Cluster { case 0: // external name not set, cluster will be discovered via EDS cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS) - cluster.EdsClusterConfig = edsconfig("contour", service) + cluster.EdsClusterConfig = e.edsconfig(service) default: // external name set, use hard coded DNS name // external name set to LOGICAL_DNS when user selects the ALL loookup family @@ -231,9 +231,9 @@ func (e *EnvoyGen) DNSNameCluster(c *dag.DNSNameCluster) *envoy_config_cluster_v return cluster } -func edsconfig(cluster string, service *dag.Service) *envoy_config_cluster_v3.Cluster_EdsClusterConfig { +func (e *EnvoyGen) edsconfig(service *dag.Service) *envoy_config_cluster_v3.Cluster_EdsClusterConfig { return &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ - EdsConfig: ConfigSource(cluster), + EdsConfig: e.GetConfigSource(), ServiceName: xds.ClusterLoadAssignmentName( types.NamespacedName{Name: service.Weighted.ServiceName, Namespace: service.Weighted.ServiceNamespace}, service.Weighted.ServicePort.Name, @@ -279,22 +279,6 @@ func ClusterCommonLBConfig() *envoy_config_cluster_v3.Cluster_CommonLbConfig { } } -// ConfigSource returns a *envoy_config_core_v3.ConfigSource for cluster. -func ConfigSource(cluster string) *envoy_config_core_v3.ConfigSource { - return &envoy_config_core_v3.ConfigSource{ - ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ - ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_config_core_v3.GrpcService{ - GrpcService(cluster, "", timeout.DefaultSetting()), - }, - }, - }, - } -} - // ClusterDiscoveryType returns the type of a ClusterDiscovery as a Cluster_type. func ClusterDiscoveryType(t envoy_config_cluster_v3.Cluster_DiscoveryType) *envoy_config_cluster_v3.Cluster_Type { return &envoy_config_cluster_v3.Cluster_Type{Type: t} diff --git a/internal/envoy/v3/config_gen.go b/internal/envoy/v3/config_gen.go index e36744ed63d..03d3260aadb 100644 --- a/internal/envoy/v3/config_gen.go +++ b/internal/envoy/v3/config_gen.go @@ -45,7 +45,7 @@ func (e *EnvoyGen) GetConfigSource() *envoy_config_core_v3.ConfigSource { ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, GrpcServices: []*envoy_config_core_v3.GrpcService{ - GrpcService(e.xdsClusterName, "", timeout.DefaultSetting()), + grpcService(e.xdsClusterName, "", timeout.DefaultSetting()), }, }, }, diff --git a/internal/envoy/v3/listener.go b/internal/envoy/v3/listener.go index bb0ad88d948..d458e65bfef 100644 --- a/internal/envoy/v3/listener.go +++ b/internal/envoy/v3/listener.go @@ -797,7 +797,7 @@ end func FilterExternalAuthz(externalAuthorization *dag.ExternalAuthorization) *envoy_filter_network_http_connection_manager_v3.HttpFilter { authConfig := envoy_filter_http_ext_authz_v3.ExtAuthz{ Services: &envoy_filter_http_ext_authz_v3.ExtAuthz_GrpcService{ - GrpcService: GrpcService(externalAuthorization.AuthorizationService.Name, externalAuthorization.AuthorizationService.SNI, externalAuthorization.AuthorizationResponseTimeout), + GrpcService: grpcService(externalAuthorization.AuthorizationService.Name, externalAuthorization.AuthorizationService.SNI, externalAuthorization.AuthorizationResponseTimeout), }, // Pretty sure we always want this. Why have an // external auth service if it is not going to affect @@ -930,8 +930,8 @@ func FilterChainTLSFallback(downstream *envoy_transport_socket_tls_v3.Downstream return fc } -// GRPCService returns a envoy_config_core_v3.GrpcService for the given parameters. -func GrpcService(clusterName, sni string, timeout timeout.Setting) *envoy_config_core_v3.GrpcService { +// grpcService returns a envoy_config_core_v3.GrpcService for the given parameters. +func grpcService(clusterName, sni string, timeout timeout.Setting) *envoy_config_core_v3.GrpcService { authority := strings.ReplaceAll(clusterName, "/", ".") if sni != "" { authority = sni diff --git a/internal/envoy/v3/ratelimit.go b/internal/envoy/v3/ratelimit.go index 000e9cb8a6c..ef323b33625 100644 --- a/internal/envoy/v3/ratelimit.go +++ b/internal/envoy/v3/ratelimit.go @@ -148,7 +148,7 @@ func GlobalRateLimitFilter(config *GlobalRateLimitConfig) *envoy_filter_network_ Timeout: envoy.Timeout(config.Timeout), FailureModeDeny: !config.FailOpen, RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ - GrpcService: GrpcService(dag.ExtensionClusterName(config.ExtensionService), config.SNI, timeout.DefaultSetting()), + GrpcService: grpcService(dag.ExtensionClusterName(config.ExtensionService), config.SNI, timeout.DefaultSetting()), TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, EnableXRatelimitHeaders: enableXRateLimitHeaders(config.EnableXRateLimitHeaders), diff --git a/internal/envoy/v3/tracing.go b/internal/envoy/v3/tracing.go index f66ca8b3ba8..b67dbe2e1ef 100644 --- a/internal/envoy/v3/tracing.go +++ b/internal/envoy/v3/tracing.go @@ -50,7 +50,7 @@ func TracingConfig(tracing *EnvoyTracingConfig) *envoy_filter_network_http_conne Name: "envoy.tracers.opentelemetry", ConfigType: &envoy_config_trace_v3.Tracing_Http_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&envoy_config_trace_v3.OpenTelemetryConfig{ - GrpcService: GrpcService(dag.ExtensionClusterName(tracing.ExtensionService), tracing.SNI, tracing.Timeout), + GrpcService: grpcService(dag.ExtensionClusterName(tracing.ExtensionService), tracing.SNI, tracing.Timeout), ServiceName: tracing.ServiceName, }), }, diff --git a/internal/xdscache/v3/cluster_test.go b/internal/xdscache/v3/cluster_test.go index 2999aa8a1b3..045630f3948 100644 --- a/internal/xdscache/v3/cluster_test.go +++ b/internal/xdscache/v3/cluster_test.go @@ -165,9 +165,10 @@ func TestClusterCacheQuery(t *testing.T) { } func TestClusterVisit(t *testing.T) { - envoyConfigSource := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ + envoyGen := envoy_v3.NewEnvoyGen(envoy_v3.EnvoyGenOpt{ XDSClusterName: envoy_v3.DefaultXDSClusterName, - }).GetConfigSource() + }) + envoyConfigSource := envoyGen.GetConfigSource() tests := map[string]struct { objs []any want map[string]*envoy_config_cluster_v3.Cluster @@ -835,7 +836,9 @@ func TestClusterVisit(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - var cc ClusterCache + cc := ClusterCache{ + envoyGen: envoyGen, + } cc.OnChange(buildDAG(t, tc.objs...)) protobuf.ExpectEqual(t, tc.want, cc.values) }) From b055e7a436290b59bb1fc033cb34f8b6563ec97e Mon Sep 17 00:00:00 2001 From: Sotiris Nanopoulos Date: Thu, 23 Jan 2025 17:54:02 -0500 Subject: [PATCH 6/6] use a different name in tests to avoid test passing because the new default and old are the same Signed-off-by: Sotiris Nanopoulos --- internal/envoy/v3/cluster_test.go | 2 +- internal/envoy/v3/listener_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index a7620f05a4b..ba37a8e7ef4 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -880,7 +880,7 @@ func TestCluster(t *testing.T) { func TestDNSNameCluster(t *testing.T) { envoyGen := NewEnvoyGen(EnvoyGenOpt{ - XDSClusterName: DefaultXDSClusterName, + XDSClusterName: "notcontour", }) tests := map[string]struct { cluster *dag.DNSNameCluster diff --git a/internal/envoy/v3/listener_test.go b/internal/envoy/v3/listener_test.go index 3ee3fd59cfa..7f91b3d6626 100644 --- a/internal/envoy/v3/listener_test.go +++ b/internal/envoy/v3/listener_test.go @@ -1732,7 +1732,7 @@ func TestFilterChainTLS_Match(t *testing.T) { // DefaultFilters adds the required HTTP connection manager filters. func TestBuilderValidation(t *testing.T) { envoygen := NewEnvoyGen(EnvoyGenOpt{ - XDSClusterName: DefaultXDSClusterName, + XDSClusterName: "notcontour", }) require.Error(t, envoygen.HTTPConnectionManagerBuilder().Validate(),