From 34ca9e146c4d740efc7c0f4308998d950c49acd9 Mon Sep 17 00:00:00 2001 From: "update-envoy[bot]" <135279899+update-envoy[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 15:59:02 +0000 Subject: [PATCH] Mirrored from envoyproxy/envoy @ b7e13f1d806f244da5fef2578e61c1e06a12fb33 Signed-off-by: update-envoy[bot] <135279899+update-envoy[bot]@users.noreply.github.com> --- envoy/COMMIT | 2 +- .../filters/network/rbac/v3/rbac.pb.go | 80 +++++++------------ .../network/rbac/v3/rbac.pb.validate.go | 29 ------- .../network/rbac/v3/rbac_vtproto.pb.go | 15 ---- 4 files changed, 31 insertions(+), 95 deletions(-) diff --git a/envoy/COMMIT b/envoy/COMMIT index e0788ecc9..1ce360768 100644 --- a/envoy/COMMIT +++ b/envoy/COMMIT @@ -1 +1 @@ -7f231c139f2c2a74d79fad98f21781a715ae5bae +b7e13f1d806f244da5fef2578e61c1e06a12fb33 diff --git a/envoy/extensions/filters/network/rbac/v3/rbac.pb.go b/envoy/extensions/filters/network/rbac/v3/rbac.pb.go index 819a3dd24..e24be8db7 100755 --- a/envoy/extensions/filters/network/rbac/v3/rbac.pb.go +++ b/envoy/extensions/filters/network/rbac/v3/rbac.pb.go @@ -14,7 +14,6 @@ import ( _ "github.com/envoyproxy/protoc-gen-validate/validate" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - durationpb "google.golang.org/protobuf/types/known/durationpb" reflect "reflect" sync "sync" ) @@ -81,7 +80,7 @@ func (RBAC_EnforcementType) EnumDescriptor() ([]byte, []int) { // // Header should not be used in rules/shadow_rules in RBAC network filter as // this information is only available in :ref:`RBAC http filter `. -// [#next-free-field: 9] +// [#next-free-field: 8] type RBAC struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -118,11 +117,6 @@ type RBAC struct { // every payload (e.g., Mongo, MySQL, Kafka) set the enforcement type to // CONTINUOUS to enforce RBAC policies on every message boundary. EnforcementType RBAC_EnforcementType `protobuf:"varint,4,opt,name=enforcement_type,json=enforcementType,proto3,enum=envoy.extensions.filters.network.rbac.v3.RBAC_EnforcementType" json:"enforcement_type,omitempty"` - // Delay the specified duration before closing the connection when the policy evaluation - // result is “DENY“. If this is not present, the connection will be closed immediately. - // This is useful to provide a better protection for Envoy against clients that retries - // aggressively when the connection is rejected by the RBAC filter. - DelayDeny *durationpb.Duration `protobuf:"bytes,8,opt,name=delay_deny,json=delayDeny,proto3" json:"delay_deny,omitempty"` } func (x *RBAC) Reset() { @@ -206,13 +200,6 @@ func (x *RBAC) GetEnforcementType() RBAC_EnforcementType { return RBAC_ONE_TIME_ON_FIRST_BYTE } -func (x *RBAC) GetDelayDeny() *durationpb.Duration { - if x != nil { - return x.DelayDeny - } - return nil -} - var File_envoy_extensions_filters_network_rbac_v3_rbac_proto protoreflect.FileDescriptor var file_envoy_extensions_filters_network_rbac_v3_rbac_proto_rawDesc = []byte{ @@ -224,8 +211,6 @@ var file_envoy_extensions_filters_network_rbac_v3_rbac_proto_rawDesc = []byte{ 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x33, 0x1a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x72, 0x62, 0x61, 0x63, 0x2f, 0x76, 0x33, 0x2f, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x78, 0x64, 0x73, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x76, 0x33, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x78, 0x64, 0x73, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x6d, 0x61, 0x74, 0x63, @@ -238,7 +223,7 @@ var file_envoy_extensions_filters_network_rbac_v3_rbac_proto_rawDesc = []byte{ 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xee, 0x05, 0x0a, 0x04, 0x52, 0x42, 0x41, 0x43, 0x12, 0x49, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, + 0xb4, 0x05, 0x0a, 0x04, 0x52, 0x42, 0x41, 0x43, 0x12, 0x49, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x33, 0x2e, 0x52, 0x42, 0x41, 0x43, 0x42, 0x17, 0xf2, 0x98, 0xfe, 0x8f, 0x05, 0x11, 0x12, 0x0f, 0x72, 0x75, 0x6c, @@ -274,28 +259,25 @@ var file_envoy_extensions_filters_network_rbac_v3_rbac_proto_rawDesc = []byte{ 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x33, 0x2e, 0x52, 0x42, 0x41, 0x43, 0x2e, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x52, 0x0f, 0x65, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x6d, 0x65, - 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x38, 0x0a, 0x0a, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, - 0x64, 0x65, 0x6e, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x09, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x44, 0x65, 0x6e, 0x79, - 0x22, 0x3d, 0x0a, 0x0f, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4f, 0x4e, 0x45, 0x5f, 0x54, 0x49, 0x4d, 0x45, 0x5f, - 0x4f, 0x4e, 0x5f, 0x46, 0x49, 0x52, 0x53, 0x54, 0x5f, 0x42, 0x59, 0x54, 0x45, 0x10, 0x00, 0x12, - 0x0e, 0x0a, 0x0a, 0x43, 0x4f, 0x4e, 0x54, 0x49, 0x4e, 0x55, 0x4f, 0x55, 0x53, 0x10, 0x01, 0x3a, - 0x2f, 0x9a, 0xc5, 0x88, 0x1e, 0x2a, 0x0a, 0x28, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x42, 0x41, 0x43, - 0x42, 0xa5, 0x01, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x02, 0x0a, 0x36, 0x69, 0x6f, 0x2e, - 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, - 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x66, 0x69, 0x6c, 0x74, - 0x65, 0x72, 0x73, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x2e, 0x72, 0x62, 0x61, 0x63, - 0x2e, 0x76, 0x33, 0x42, 0x09, 0x52, 0x62, 0x61, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x56, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, - 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, - 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x65, - 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, - 0x73, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x2f, 0x72, 0x62, 0x61, 0x63, 0x2f, 0x76, - 0x33, 0x3b, 0x72, 0x62, 0x61, 0x63, 0x76, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x22, 0x3d, 0x0a, 0x0f, 0x45, 0x6e, 0x66, 0x6f, 0x72, 0x63, + 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1a, 0x0a, 0x16, 0x4f, 0x4e, 0x45, + 0x5f, 0x54, 0x49, 0x4d, 0x45, 0x5f, 0x4f, 0x4e, 0x5f, 0x46, 0x49, 0x52, 0x53, 0x54, 0x5f, 0x42, + 0x59, 0x54, 0x45, 0x10, 0x00, 0x12, 0x0e, 0x0a, 0x0a, 0x43, 0x4f, 0x4e, 0x54, 0x49, 0x4e, 0x55, + 0x4f, 0x55, 0x53, 0x10, 0x01, 0x3a, 0x2f, 0x9a, 0xc5, 0x88, 0x1e, 0x2a, 0x0a, 0x28, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x66, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, + 0x32, 0x2e, 0x52, 0x42, 0x41, 0x43, 0x42, 0xa5, 0x01, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, + 0x02, 0x0a, 0x36, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, + 0x73, 0x2e, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x33, 0x42, 0x09, 0x52, 0x62, 0x61, 0x63, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x56, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, + 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, + 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x65, + 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, + 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x2f, + 0x72, 0x62, 0x61, 0x63, 0x2f, 0x76, 0x33, 0x3b, 0x72, 0x62, 0x61, 0x63, 0x76, 0x33, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -313,11 +295,10 @@ func file_envoy_extensions_filters_network_rbac_v3_rbac_proto_rawDescGZIP() []by var file_envoy_extensions_filters_network_rbac_v3_rbac_proto_enumTypes = make([]protoimpl.EnumInfo, 1) var file_envoy_extensions_filters_network_rbac_v3_rbac_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_envoy_extensions_filters_network_rbac_v3_rbac_proto_goTypes = []interface{}{ - (RBAC_EnforcementType)(0), // 0: envoy.extensions.filters.network.rbac.v3.RBAC.EnforcementType - (*RBAC)(nil), // 1: envoy.extensions.filters.network.rbac.v3.RBAC - (*v3.RBAC)(nil), // 2: envoy.config.rbac.v3.RBAC - (*v31.Matcher)(nil), // 3: xds.type.matcher.v3.Matcher - (*durationpb.Duration)(nil), // 4: google.protobuf.Duration + (RBAC_EnforcementType)(0), // 0: envoy.extensions.filters.network.rbac.v3.RBAC.EnforcementType + (*RBAC)(nil), // 1: envoy.extensions.filters.network.rbac.v3.RBAC + (*v3.RBAC)(nil), // 2: envoy.config.rbac.v3.RBAC + (*v31.Matcher)(nil), // 3: xds.type.matcher.v3.Matcher } var file_envoy_extensions_filters_network_rbac_v3_rbac_proto_depIdxs = []int32{ 2, // 0: envoy.extensions.filters.network.rbac.v3.RBAC.rules:type_name -> envoy.config.rbac.v3.RBAC @@ -325,12 +306,11 @@ var file_envoy_extensions_filters_network_rbac_v3_rbac_proto_depIdxs = []int32{ 2, // 2: envoy.extensions.filters.network.rbac.v3.RBAC.shadow_rules:type_name -> envoy.config.rbac.v3.RBAC 3, // 3: envoy.extensions.filters.network.rbac.v3.RBAC.shadow_matcher:type_name -> xds.type.matcher.v3.Matcher 0, // 4: envoy.extensions.filters.network.rbac.v3.RBAC.enforcement_type:type_name -> envoy.extensions.filters.network.rbac.v3.RBAC.EnforcementType - 4, // 5: envoy.extensions.filters.network.rbac.v3.RBAC.delay_deny:type_name -> google.protobuf.Duration - 6, // [6:6] is the sub-list for method output_type - 6, // [6:6] is the sub-list for method input_type - 6, // [6:6] is the sub-list for extension type_name - 6, // [6:6] is the sub-list for extension extendee - 0, // [0:6] is the sub-list for field type_name + 5, // [5:5] is the sub-list for method output_type + 5, // [5:5] is the sub-list for method input_type + 5, // [5:5] is the sub-list for extension type_name + 5, // [5:5] is the sub-list for extension extendee + 0, // [0:5] is the sub-list for field type_name } func init() { file_envoy_extensions_filters_network_rbac_v3_rbac_proto_init() } diff --git a/envoy/extensions/filters/network/rbac/v3/rbac.pb.validate.go b/envoy/extensions/filters/network/rbac/v3/rbac.pb.validate.go index bf759fd07..322a9bc32 100755 --- a/envoy/extensions/filters/network/rbac/v3/rbac.pb.validate.go +++ b/envoy/extensions/filters/network/rbac/v3/rbac.pb.validate.go @@ -188,35 +188,6 @@ func (m *RBAC) validate(all bool) error { // no validation rules for EnforcementType - if all { - switch v := interface{}(m.GetDelayDeny()).(type) { - case interface{ ValidateAll() error }: - if err := v.ValidateAll(); err != nil { - errors = append(errors, RBACValidationError{ - field: "DelayDeny", - reason: "embedded message failed validation", - cause: err, - }) - } - case interface{ Validate() error }: - if err := v.Validate(); err != nil { - errors = append(errors, RBACValidationError{ - field: "DelayDeny", - reason: "embedded message failed validation", - cause: err, - }) - } - } - } else if v, ok := interface{}(m.GetDelayDeny()).(interface{ Validate() error }); ok { - if err := v.Validate(); err != nil { - return RBACValidationError{ - field: "DelayDeny", - reason: "embedded message failed validation", - cause: err, - } - } - } - if len(errors) > 0 { return RBACMultiError(errors) } diff --git a/envoy/extensions/filters/network/rbac/v3/rbac_vtproto.pb.go b/envoy/extensions/filters/network/rbac/v3/rbac_vtproto.pb.go index edaa517ad..ec5ab8991 100755 --- a/envoy/extensions/filters/network/rbac/v3/rbac_vtproto.pb.go +++ b/envoy/extensions/filters/network/rbac/v3/rbac_vtproto.pb.go @@ -8,7 +8,6 @@ package rbacv3 import ( protohelpers "github.com/planetscale/vtprotobuf/protohelpers" - durationpb "github.com/planetscale/vtprotobuf/types/known/durationpb" proto "google.golang.org/protobuf/proto" protoimpl "google.golang.org/protobuf/runtime/protoimpl" ) @@ -50,16 +49,6 @@ func (m *RBAC) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { i -= len(m.unknownFields) copy(dAtA[i:], m.unknownFields) } - if m.DelayDeny != nil { - size, err := (*durationpb.Duration)(m.DelayDeny).MarshalToSizedBufferVTStrict(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) - i-- - dAtA[i] = 0x42 - } if m.ShadowMatcher != nil { if vtmsg, ok := interface{}(m.ShadowMatcher).(interface { MarshalToSizedBufferVTStrict([]byte) (int, error) @@ -227,10 +216,6 @@ func (m *RBAC) SizeVT() (n int) { } n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) } - if m.DelayDeny != nil { - l = (*durationpb.Duration)(m.DelayDeny).SizeVT() - n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) - } n += len(m.unknownFields) return n }