From 5b16199a610ebc2a4ea923ffe2177985da279a8a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 09:49:55 -0500 Subject: [PATCH 01/83] build(deps): bump github.com/cert-manager/cert-manager (#6158) Bumps [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) from 1.13.3 to 1.14.1. - [Release notes](https://github.com/cert-manager/cert-manager/releases) - [Commits](https://github.com/cert-manager/cert-manager/compare/v1.13.3...v1.14.1) --- updated-dependencies: - dependency-name: github.com/cert-manager/cert-manager dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 24 ++++++++++++------------ go.sum | 56 +++++++++++++++++++++++++++----------------------------- 2 files changed, 39 insertions(+), 41 deletions(-) diff --git a/go.mod b/go.mod index eef75cd5b4c..325523c784e 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/alecthomas/kingpin/v2 v2.4.0 github.com/bombsimon/logrusr/v4 v4.1.0 - github.com/cert-manager/cert-manager v1.13.3 + github.com/cert-manager/cert-manager v1.14.1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc github.com/distribution/reference v0.5.0 github.com/envoyproxy/go-control-plane v0.12.1-0.20240111020705-5401a878d8bb @@ -31,7 +31,7 @@ require ( go.uber.org/automaxprocs v1.5.3 golang.org/x/oauth2 v0.16.0 gonum.org/v1/plot v0.14.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 + google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 google.golang.org/grpc v1.61.0 google.golang.org/protobuf v1.32.0 gopkg.in/yaml.v3 v3.0.1 @@ -40,6 +40,7 @@ require ( k8s.io/apimachinery v0.29.1 k8s.io/client-go v0.29.1 k8s.io/klog/v2 v2.120.1 + k8s.io/utils v0.0.0-20240102154912-e7106e64919e sigs.k8s.io/controller-runtime v0.17.0 sigs.k8s.io/controller-tools v0.14.0 sigs.k8s.io/gateway-api v1.0.0 @@ -67,9 +68,9 @@ require ( github.com/go-errors/errors v1.4.2 // indirect github.com/go-fonts/liberation v0.3.1 // indirect github.com/go-latex/latex v0.0.0-20230307184459-12ec69307ad9 // indirect - github.com/go-openapi/jsonpointer v0.20.0 // indirect - github.com/go-openapi/jsonreference v0.20.2 // indirect - github.com/go-openapi/swag v0.22.4 // indirect + github.com/go-openapi/jsonpointer v0.20.2 // indirect + github.com/go-openapi/jsonreference v0.20.4 // indirect + github.com/go-openapi/swag v0.22.7 // indirect github.com/go-pdf/fpdf v0.8.0 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gobuffalo/flect v1.0.2 // indirect @@ -114,32 +115,31 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/viper v1.15.0 // indirect - github.com/stretchr/objx v0.5.0 // indirect + github.com/stretchr/objx v0.5.1 // indirect github.com/subosito/gotenv v1.4.2 // indirect github.com/tsaarni/x500dn v1.0.0 // indirect github.com/xhit/go-str2duration/v2 v2.1.0 // indirect golang.org/x/crypto v0.18.0 // indirect - golang.org/x/exp v0.0.0-20231006140011-7918f672742d // indirect + golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect golang.org/x/image v0.11.0 // indirect golang.org/x/mod v0.14.0 // indirect golang.org/x/net v0.20.0 // indirect golang.org/x/sys v0.16.0 // indirect golang.org/x/term v0.16.0 // indirect golang.org/x/text v0.14.0 // indirect - golang.org/x/time v0.3.0 // indirect + golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.16.1 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect + google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/component-base v0.29.1 // indirect k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect k8s.io/klog v1.0.0 // indirect - k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect - k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect + k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index b567c9bc7db..f0b7e04b19a 100644 --- a/go.sum +++ b/go.sum @@ -68,8 +68,8 @@ github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= -github.com/cert-manager/cert-manager v1.13.3 h1:3R4G0RI7K0OkTZhWlVOC5SGZMYa2NwqmQJoyKydrz/M= -github.com/cert-manager/cert-manager v1.13.3/go.mod h1:BM2+Pt/NmSv1Zr25/MHv6BgIEF9IUxA1xAjp80qkxgc= +github.com/cert-manager/cert-manager v1.14.1 h1:i5sJHfEucqpAfVjkCe3n4sO5S+6YBaN2Yu18+l/1ZMw= +github.com/cert-manager/cert-manager v1.14.1/go.mod h1:pik7K6jXfgh++lfVJ/i1HzEnDluSUtTVLXSHikj8Lho= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chigopher/pathlib v0.19.1 h1:RoLlUJc0CqBGwq239cilyhxPNLXTK+HXoASGyGznx5A= @@ -85,7 +85,6 @@ github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbi github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= -github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -137,14 +136,12 @@ github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= -github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ= -github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA= -github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= -github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= -github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= -github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q= +github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs= +github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU= +github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4= +github.com/go-openapi/swag v0.22.7 h1:JWrc1uc/P9cSomxfnsFSVWoE1FW6bNbrVPmpQYpCcR8= +github.com/go-openapi/swag v0.22.7/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0= github.com/go-pdf/fpdf v0.8.0 h1:IJKpdaagnWUeSkUFUjTcSzTppFxmv8ucGQyNPQWxYOQ= github.com/go-pdf/fpdf v0.8.0/go.mod h1:gfqhcNwXrsd3XYKte9a7vM3smvU/jB4ZRDrmWSxpfdc= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= @@ -270,7 +267,6 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= @@ -337,8 +333,8 @@ github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1B github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= +github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= +github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/rs/xid v1.4.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg= github.com/rs/zerolog v1.29.0 h1:Zes4hju04hjbvkVkOhdl2HpZa+0PmVwigmo8XoORE5w= github.com/rs/zerolog v1.29.0/go.mod h1:NILgTygv/Uej1ra5XxGf82ZFSLk58MFGAUS2o6usyD0= @@ -364,8 +360,9 @@ github.com/spf13/viper v1.15.0/go.mod h1:fFcTBJxvhhzSJiZy8n+PeW6t8l+KeT/uTARa0jH github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= +github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -375,6 +372,7 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= +github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= @@ -430,8 +428,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI= -golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo= +golang.org/x/exp v0.0.0-20231226003508-02704c960a9b h1:kLiC65FbiHWFAOu+lxwNPujcsl8VYyTYYEZnsOO1WK4= +golang.org/x/exp v0.0.0-20231226003508-02704c960a9b/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/image v0.11.0 h1:ds2RoQvBvYTiJkwpSFDwCcDFNX7DqjL2WsUgTNk0Ooo= @@ -587,8 +585,8 @@ golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -719,12 +717,12 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= -google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= +google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 h1:nz5NESFLZbJGPFxDT/HCn+V1mZ8JGNoY4nUpmW/Y2eg= +google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917/go.mod h1:pZqR+glSb11aJ+JQcczCvgf47+duRuzNSKqE8YAQnV0= +google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM= +google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -804,10 +802,10 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 h1:aVUu9fTY98ivBPKR9Y5w/AuzbMm96cd3YHRTU83I780= -k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00/go.mod h1:AsvuZPBlUDVuCdzJ87iajxtXuR9oktsTctW/R9wwouA= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI= -k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 h1:avRdiaB03v88Mfvum2S3BBwkNuTlmuar4LlfO9Hajko= +k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022/go.mod h1:sIV51WBTkZrlGOJMCDZDA1IaPBUDTulPpD4y7oe038k= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ= +k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1 h1:k1MczvYDUvJBe93bYd7wrZLLUEcLZAuF824/I4e5Xr4= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= From 9f248c22ab3b4cfc5d3a4094da6b3f8992cc30f6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 09:50:44 -0500 Subject: [PATCH 02/83] build(deps): bump github/codeql-action from 3.23.2 to 3.24.0 (#6156) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.23.2 to 3.24.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b7bf0a3ed3ecfa44160715d7c442788f65f0f923...e8893c57a1f3a2b659b6b55564fdfdbbd2982911) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/openssf-scorecard.yaml | 2 +- .github/workflows/trivy-scan.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index da8eda043d0..5c682d12a76 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,11 +41,11 @@ jobs: cache: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 with: languages: go # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - name: Autobuild - uses: github/codeql-action/autobuild@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + uses: github/codeql-action/autobuild@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 diff --git a/.github/workflows/openssf-scorecard.yaml b/.github/workflows/openssf-scorecard.yaml index fdd6348df0c..eadc61b9dd5 100644 --- a/.github/workflows/openssf-scorecard.yaml +++ b/.github/workflows/openssf-scorecard.yaml @@ -37,6 +37,6 @@ jobs: name: SARIF file path: results.sarif - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 with: sarif_file: results.sarif diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml index 3197dceeb34..6b7421caea3 100644 --- a/.github/workflows/trivy-scan.yaml +++ b/.github/workflows/trivy-scan.yaml @@ -35,6 +35,6 @@ jobs: output: 'trivy-results.sarif' ignore-unfixed: true severity: 'HIGH,CRITICAL' - - uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2 + - uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 with: sarif_file: 'trivy-results.sarif' From aeb04fc69da12b408c2b5f6f865adf621d0abe17 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 09:51:25 -0500 Subject: [PATCH 03/83] build(deps): bump necojackarc/auto-request-review from 0.12.0 to 0.13.0 (#6157) Bumps [necojackarc/auto-request-review](https://github.com/necojackarc/auto-request-review) from 0.12.0 to 0.13.0. - [Release notes](https://github.com/necojackarc/auto-request-review/releases) - [Commits](https://github.com/necojackarc/auto-request-review/compare/6a51cebffe2c084705d9a7b394abd802e0119633...e89da1a8cd7c8c16d9de9c6e763290b6b0e3d424) --- updated-dependencies: - dependency-name: necojackarc/auto-request-review dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/request-reviews.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/request-reviews.yaml b/.github/workflows/request-reviews.yaml index e1edc0c37ae..467d23c7d73 100644 --- a/.github/workflows/request-reviews.yaml +++ b/.github/workflows/request-reviews.yaml @@ -11,7 +11,7 @@ jobs: request-reviews: runs-on: ubuntu-latest steps: - - uses: necojackarc/auto-request-review@6a51cebffe2c084705d9a7b394abd802e0119633 # v0.12.0 + - uses: necojackarc/auto-request-review@e89da1a8cd7c8c16d9de9c6e763290b6b0e3d424 # v0.13.0 with: token: ${{ secrets.PAT_FOR_AUTO_REQUEST_REVIEW }} config: .github/reviewers.yaml From 3fee38490b04ec200b001938af05d6f43adffef9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Feb 2024 12:59:30 -0500 Subject: [PATCH 04/83] build(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 (#6155) * build(deps): bump codecov/codecov-action from 3.1.5 to 4.0.1 Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3.1.5 to 4.0.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0...e0b68c6749509c5f83f984dd99a76a1c1a231044) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] * codecov token is now required Signed-off-by: Sunjay Bhatia --------- Signed-off-by: dependabot[bot] Signed-off-by: Sunjay Bhatia Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sunjay Bhatia --- .github/workflows/prbuild.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 5033d735a62..623391e3add 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -289,8 +289,9 @@ jobs: make check-coverage - name: codeCoverage if: ${{ success() }} - uses: codecov/codecov-action@4fe8c5f003fae66aa5ebb77cfd3e7bfbbda0b6b0 # v3.1.5 + uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1 with: + token: ${{ secrets.CODECOV_TOKEN }} files: coverage.out - uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 with: From 621e897020fc3d2d58dc87b101faf59da627b91c Mon Sep 17 00:00:00 2001 From: Lubron Date: Mon, 5 Feb 2024 12:12:34 -0800 Subject: [PATCH 05/83] Add anti-affinity for envoy deployed by provisioner (#6148) Signed-off-by: lubronzhan Signed-off-by: Lubron Zhan --- .../unreleased/6148-lubronzhan-minor.md | 3 +++ examples/deployment/03-envoy-deployment.yaml | 13 +++++------ examples/render/contour-deployment.yaml | 13 +++++------ .../objects/dataplane/dataplane.go | 15 +++++++++++-- .../objects/dataplane/dataplane_test.go | 22 +++++++++++++++++++ site/content/resources/upgrading.md | 16 ++++++++++---- 6 files changed, 62 insertions(+), 20 deletions(-) create mode 100644 changelogs/unreleased/6148-lubronzhan-minor.md diff --git a/changelogs/unreleased/6148-lubronzhan-minor.md b/changelogs/unreleased/6148-lubronzhan-minor.md new file mode 100644 index 00000000000..3124fff004c --- /dev/null +++ b/changelogs/unreleased/6148-lubronzhan-minor.md @@ -0,0 +1,3 @@ +## Add anti-affinity rule for envoy deployed by provisioner + +The envoy deployment created by the gateway provisioner now includes a default anti-affinity rule. The anti-affinity rule in the [example envoy deployment manifest](https://github.com/projectcontour/contour/blob/main/examples/deployment/03-envoy-deployment.yaml) is also updated to `preferredDuringSchedulingIgnoredDuringExecution` to be consistent with the contour deployment and the gateway provisioner anti-affinity rule. diff --git a/examples/deployment/03-envoy-deployment.yaml b/examples/deployment/03-envoy-deployment.yaml index 5236e57fbb1..a05c9a4dace 100644 --- a/examples/deployment/03-envoy-deployment.yaml +++ b/examples/deployment/03-envoy-deployment.yaml @@ -28,14 +28,13 @@ spec: spec: affinity: podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - envoy + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: envoy topologyKey: "kubernetes.io/hostname" + weight: 100 containers: - command: - /bin/contour diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index 5085f15db8c..d79153ad41b 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -9149,14 +9149,13 @@ spec: spec: affinity: podAntiAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - - labelSelector: - matchExpressions: - - key: app - operator: In - values: - - envoy + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: envoy topologyKey: "kubernetes.io/hostname" + weight: 100 containers: - command: - /bin/contour diff --git a/internal/provisioner/objects/dataplane/dataplane.go b/internal/provisioner/objects/dataplane/dataplane.go index a34e02fcc30..792eacaffbf 100644 --- a/internal/provisioner/objects/dataplane/dataplane.go +++ b/internal/provisioner/objects/dataplane/dataplane.go @@ -431,8 +431,19 @@ func desiredDeployment(contour *model.Contour, contourImage, envoyImage string) Labels: envoyPodLabels(contour), }, Spec: corev1.PodSpec{ - // TODO anti-affinity - Affinity: nil, + Affinity: &corev1.Affinity{ + PodAntiAffinity: &corev1.PodAntiAffinity{ + PreferredDuringSchedulingIgnoredDuringExecution: []corev1.WeightedPodAffinityTerm{ + { + Weight: int32(100), + PodAffinityTerm: corev1.PodAffinityTerm{ + LabelSelector: EnvoyPodSelector(contour), + TopologyKey: "kubernetes.io/hostname", + }, + }, + }, + }, + }, Containers: containers, InitContainers: initContainers, Volumes: []corev1.Volume{ diff --git a/internal/provisioner/objects/dataplane/dataplane_test.go b/internal/provisioner/objects/dataplane/dataplane_test.go index 09d2579ad49..928a9b7e631 100644 --- a/internal/provisioner/objects/dataplane/dataplane_test.go +++ b/internal/provisioner/objects/dataplane/dataplane_test.go @@ -260,6 +260,27 @@ func checkDaemonSetHasMetricsPort(t *testing.T, ds *appsv1.DaemonSet, port int32 t.Errorf("container has unexpected metrics port %d", port) } +func checkEnvoyDeploymentHasAffinity(t *testing.T, d *appsv1.Deployment, contour *model.Contour) { + t.Helper() + if apiequality.Semantic.DeepEqual(*d.Spec.Template.Spec.Affinity, + corev1.Affinity{ + PodAntiAffinity: &corev1.PodAntiAffinity{ + PreferredDuringSchedulingIgnoredDuringExecution: []corev1.WeightedPodAffinityTerm{ + { + Weight: int32(100), + PodAffinityTerm: corev1.PodAffinityTerm{ + LabelSelector: EnvoyPodSelector(contour), + TopologyKey: "kubernetes.io/hostname", + }, + }, + }, + }, + }) { + return + } + t.Errorf("container has unexpected affinity %v", d.Spec.Template.Spec.Affinity) +} + func TestDesiredDaemonSet(t *testing.T) { name := "ds-test" cntr := model.Default(fmt.Sprintf("%s-ns", name), name) @@ -360,6 +381,7 @@ func TestDesiredDeployment(t *testing.T) { testEnvoyImage := "docker.io/envoyproxy/envoy:test" deploy := desiredDeployment(cntr, testContourImage, testEnvoyImage) checkDeploymentHasStrategy(t, deploy, cntr.Spec.EnvoyDeploymentStrategy) + checkEnvoyDeploymentHasAffinity(t, deploy, cntr) } func TestNodePlacementDaemonSet(t *testing.T) { diff --git a/site/content/resources/upgrading.md b/site/content/resources/upgrading.md index d6f5ebc6451..1841b7f3d85 100644 --- a/site/content/resources/upgrading.md +++ b/site/content/resources/upgrading.md @@ -15,6 +15,14 @@ Contour currently only tests sequential upgrades, i.e. without skipping any mino This approach is recommended for users in order to minimize downtime and avoid any potential issues. If you choose to skip versions while upgrading, please note that this may lead to additional downtime. +# Known issues + +1. Envoy pod stuck in pending state + + If Envoy is deployed with a Deployment and the number of envoy instances is not less than number of kubernetes nodes in the clusters, during rolling upgrade, new envoy pod will be stuck in pending stage because old envoy pod is occupying host port. + + Workaround: Delete the envoy instance of older version manually. This will cause a little bit of downtime but it's pretty short. + # The easy way to upgrade If the following are true for you: @@ -525,7 +533,7 @@ If your version of Contour is older than v1.22.0, please upgrade to v1.22.0 firs 1. Update the Contour RBAC resources: ```bash - $ kubectl apply -f examples/contour/02-rbac.yaml + $ kubectl apply -f examples/contour/02-rbac.yaml $ kubectl apply -f examples/contour/02-role-contour.yaml ``` @@ -591,7 +599,7 @@ If your version of Contour is older than v1.21.3, please upgrade to v1.21.3 firs 1. Update the Contour RBAC resources: ```bash - $ kubectl apply -f examples/contour/02-rbac.yaml + $ kubectl apply -f examples/contour/02-rbac.yaml $ kubectl apply -f examples/contour/02-role-contour.yaml ``` @@ -790,7 +798,7 @@ If your version of Contour is older than v1.21.0, please upgrade to v1.21.0 firs 1. Update the Contour RBAC resources: ```bash - $ kubectl apply -f examples/contour/02-rbac.yaml + $ kubectl apply -f examples/contour/02-rbac.yaml $ kubectl apply -f examples/contour/02-role-contour.yaml ``` @@ -856,7 +864,7 @@ If your version of Contour is older than v1.20.2, please upgrade to v1.20.2 firs 1. Update the Contour RBAC resources: ```bash - $ kubectl apply -f examples/contour/02-rbac.yaml + $ kubectl apply -f examples/contour/02-rbac.yaml $ kubectl apply -f examples/contour/02-role-contour.yaml ``` From 080940778e4995aa310e8d5e9caab5a0f2747c08 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Mon, 5 Feb 2024 16:03:29 -0500 Subject: [PATCH 06/83] Bump kind/kubectl and node images (#6160) Signed-off-by: Sunjay Bhatia --- .github/workflows/prbuild.yaml | 12 ++++++------ hack/actions/install-kubernetes-toolchain.sh | 4 ++-- test/scripts/make-kind-cluster.sh | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 623391e3add..05e72a9f3d9 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -140,11 +140,11 @@ jobs: # image to use) for each kubernetes_version value. include: - kubernetes_version: "kubernetes:latest" - node_image: "docker.io/kindest/node:v1.29.0@sha256:eaa1450915475849a73a9227b8f201df25e55e268e5d619312131292e324d570" + node_image: "docker.io/kindest/node:v1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144" - kubernetes_version: "kubernetes:n-1" - node_image: "docker.io/kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31" + node_image: "docker.io/kindest/node:v1.28.6@sha256:b7e1cf6b2b729f604133c667a6be8aab6f4dde5bb042c1891ae248d9154f665b" - kubernetes_version: "kubernetes:n-2" - node_image: "docker.io/kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72" + node_image: "docker.io/kindest/node:v1.27.10@sha256:3700c811144e24a6c6181065265f69b9bf0b437c45741017182d7c82b908918f" - config_type: "ConfigmapConfiguration" use_config_crd: "false" - config_type: "ContourConfiguration" @@ -205,11 +205,11 @@ jobs: # image to use) for each kubernetes_version value. include: - kubernetes_version: "kubernetes:latest" - node_image: "docker.io/kindest/node:v1.29.0@sha256:eaa1450915475849a73a9227b8f201df25e55e268e5d619312131292e324d570" + node_image: "docker.io/kindest/node:v1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144" - kubernetes_version: "kubernetes:n-1" - node_image: "docker.io/kindest/node:v1.28.0@sha256:b7a4cad12c197af3ba43202d3efe03246b3f0793f162afb40a33c923952d5b31" + node_image: "docker.io/kindest/node:v1.28.6@sha256:b7e1cf6b2b729f604133c667a6be8aab6f4dde5bb042c1891ae248d9154f665b" - kubernetes_version: "kubernetes:n-2" - node_image: "docker.io/kindest/node:v1.27.3@sha256:3966ac761ae0136263ffdb6cfd4db23ef8a83cba8a463690e98317add2c9ba72" + node_image: "docker.io/kindest/node:v1.27.10@sha256:3700c811144e24a6c6181065265f69b9bf0b437c45741017182d7c82b908918f" steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: diff --git a/hack/actions/install-kubernetes-toolchain.sh b/hack/actions/install-kubernetes-toolchain.sh index 78f4a78ca3e..d909a004286 100755 --- a/hack/actions/install-kubernetes-toolchain.sh +++ b/hack/actions/install-kubernetes-toolchain.sh @@ -4,8 +4,8 @@ set -o errexit set -o nounset set -o pipefail -readonly KUBECTL_VERS="v1.29.0" -readonly KIND_VERS="v0.20.0" +readonly KUBECTL_VERS="v1.29.1" +readonly KIND_VERS="v0.21.0" readonly PROGNAME=$(basename $0) readonly CURL=${CURL:-curl} diff --git a/test/scripts/make-kind-cluster.sh b/test/scripts/make-kind-cluster.sh index dc9fd75f8fc..d6fb9f9d80b 100755 --- a/test/scripts/make-kind-cluster.sh +++ b/test/scripts/make-kind-cluster.sh @@ -27,7 +27,7 @@ readonly KUBECTL=${KUBECTL:-kubectl} readonly MULTINODE_CLUSTER=${MULTINODE_CLUSTER:-"false"} readonly IPV6_CLUSTER=${IPV6_CLUSTER:-"false"} readonly SKIP_GATEWAY_API_INSTALL=${SKIP_GATEWAY_API_INSTALL:-"false"} -readonly NODEIMAGE=${NODEIMAGE:-"kindest/node:v1.29.0@sha256:eaa1450915475849a73a9227b8f201df25e55e268e5d619312131292e324d570"} +readonly NODEIMAGE=${NODEIMAGE:-"kindest/node:v1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144"} readonly CLUSTERNAME=${CLUSTERNAME:-contour-e2e} readonly WAITTIME=${WAITTIME:-5m} From 0160b09078cc68d9873877a4cecb40e17d73657b Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Fri, 9 Feb 2024 13:50:02 -0500 Subject: [PATCH 07/83] site: Add troubleshooting doc for common errors (#6161) This doc should contain steps to diagnose common errors, focused on mainly HTTP req/responses Signed-off-by: Sunjay Bhatia --- .../unreleased/6161-sunjayBhatia-docs.md | 1 + site/content/docs/main/troubleshooting.md | 30 +++--- .../troubleshooting/common-proxy-errors.md | 96 +++++++++++++++++++ site/data/docs/main-toc.yml | 2 + 4 files changed, 116 insertions(+), 13 deletions(-) create mode 100644 changelogs/unreleased/6161-sunjayBhatia-docs.md create mode 100644 site/content/docs/main/troubleshooting/common-proxy-errors.md diff --git a/changelogs/unreleased/6161-sunjayBhatia-docs.md b/changelogs/unreleased/6161-sunjayBhatia-docs.md new file mode 100644 index 00000000000..f2ce37e8298 --- /dev/null +++ b/changelogs/unreleased/6161-sunjayBhatia-docs.md @@ -0,0 +1 @@ +Add troubleshooting guide for general app traffic errors. diff --git a/site/content/docs/main/troubleshooting.md b/site/content/docs/main/troubleshooting.md index c2dfc570b2e..28461bd8641 100644 --- a/site/content/docs/main/troubleshooting.md +++ b/site/content/docs/main/troubleshooting.md @@ -2,22 +2,25 @@ If you encounter issues, follow the guides below for help. For topics not covered here, you can [file an issue][0], or talk to us on the [#contour channel][1] on Kubernetes Slack. -### [Envoy Administration Access][2] +### [Troubleshooting Common Proxy Errors][2] +A guide on how to investigate common errors with Contour and Envoy. + +### [Envoy Administration Access][3] Review the linked steps to learn how to access the administration interface for your Envoy instance. -### [Contour Debug Logging][3] +### [Contour Debug Logging][4] Learn how to enable debug logging to diagnose issues between Contour and the Kubernetes API. -### [Envoy Debug Logging][4] +### [Envoy Debug Logging][5] Learn how to enable debug logging to diagnose TLS connection issues. -### [Visualize the Contour Graph][5] +### [Visualize the Contour Graph][6] Learn how to visualize Contour's internal object graph in [DOT][9] format, or as a png file. -### [Show Contour xDS Resources][6] +### [Show Contour xDS Resources][7] Review the linked steps to view the [xDS][10] resource data exchanged by Contour and Envoy. -### [Profiling Contour][7] +### [Profiling Contour][8] Learn how to profile Contour by using [net/http/pprof][11] handlers. ### [Envoy container stuck in unready/draining state][12] @@ -25,13 +28,14 @@ Read the linked document if you have Envoy containers stuck in an unready/draini [0]: {{< param github_url >}}/issues [1]: {{< param slack_url >}} -[2]: /docs/{{< param latest_version >}}/troubleshooting/envoy-admin-interface/ -[3]: /docs/{{< param latest_version >}}/troubleshooting/contour-debug-log/ -[4]: /docs/{{< param latest_version >}}/troubleshooting/envoy-debug-log/ -[5]: /docs/{{< param latest_version >}}/troubleshooting/contour-graph/ -[6]: /docs/{{< param latest_version >}}/troubleshooting/contour-xds-resources/ -[7]: /docs/{{< param latest_version >}}/troubleshooting/profiling-contour/ +[2]: /docs/{{< param version >}}/troubleshooting/common-proxy-errors/ +[3]: /docs/{{< param version >}}/troubleshooting/envoy-admin-interface/ +[4]: /docs/{{< param version >}}/troubleshooting/contour-debug-log/ +[5]: /docs/{{< param version >}}/troubleshooting/envoy-debug-log/ +[6]: /docs/{{< param version >}}/troubleshooting/contour-graph/ +[7]: /docs/{{< param version >}}/troubleshooting/contour-xds-resources/ +[8]: /docs/{{< param version >}}/troubleshooting/profiling-contour/ [9]: https://en.wikipedia.org/wiki/Dot [10]: https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol [11]: https://golang.org/pkg/net/http/pprof/ -[12]: /docs/{{< param latest_version >}}/troubleshooting/envoy-container-draining/ \ No newline at end of file +[12]: /docs/{{< param version >}}/troubleshooting/envoy-container-draining/ diff --git a/site/content/docs/main/troubleshooting/common-proxy-errors.md b/site/content/docs/main/troubleshooting/common-proxy-errors.md new file mode 100644 index 00000000000..e05f153242d --- /dev/null +++ b/site/content/docs/main/troubleshooting/common-proxy-errors.md @@ -0,0 +1,96 @@ +# Troubleshooting Common Proxy Errors + +## Unexpected HTTP errors + +Here are some steps to take in investigating common HTTP errors that users may encounter. +We'll include example error cases to debug with these steps. + +1. Inspect the HTTP response in detail (possibly via `curl -v`). + + Here we're looking to validate if the error response is coming from the backend app, Envoy, or possibly another proxy in front of Envoy. + If the response has the `server: envoy` header set, the request at least made it to the Envoy proxy so we can likely rule out anything before it. + The error may originate from Envoy itself or the backend app. + Look for headers or a response body that may originate from the backend app to verify if the error is in fact just the intended app behavior. + In the example below, we can see the response looks like it originates from Envoy, based on the `server: envoy` header and response body string. + + ``` + curl -vvv example.projectcontour.io + ... + > GET / HTTP/1.1 + > Host: example.projectcontour.io + ... + > + < HTTP/1.1 503 Service Unavailable + < content-length: 91 + < content-type: text/plain + < vary: Accept-Encoding + < date: Tue, 06 Feb 2024 03:44:30 GMT + < server: envoy + < + * Connection #0 to host example.projectcontour.io left intact + upstream connect error or disconnect/reset before headers. reset reason: connection failure + ``` + +1. Look at the Envoy pod logs for the access logs corresponding to the erroring request/response. + + The exact fields/field ordering present in the access log may vary if you have [configured a custom access log string or JSON access logs][0]. + For example for a Contour installation using the [default Envoy access log format][1] we would want to inspect: + * `%REQ(:METHOD)%`, `%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%`, `%REQ(:AUTHORITY)%`, `%PROTOCOL%`: Ensure these are sensible values based on your configured route and HTTP request + * `%RESPONSE_FLAGS%`: See the [documentation on Envoy response flags][2] and below how to interpret a few of them in a Contour context: + * `UF`: Likely that Envoy could not connect to the upstream + * `UH`: Upstream Service has no health/ready pods + * `NR`: No configured route matching the request + * `%DURATION%`: Can correlate this with any configured timeouts + * `%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%`: Can correlate this with any configured timeouts. If `-` then this is a hint the request was never forwarded to the upstream. + * `%UPSTREAM_HOST%`: This is the IP of the upstream pod that was selected to proxy the request to and can be used to verify the exact upstream instance that might be erroring. + + For example in this access log: + + ``` + [2024-02-06T15:18:17.437Z] "GET / HTTP/1.1" 503 UF 0 91 1998 - "103.67.2.26" "curl/8.4.0" "d70640ec-2feb-46f8-9f63-24c44142c42e" "example.projectcontour.io" "10.244.8.27:8080" + ``` + + We can see the `UF` response flag as the cause of the `503` response code. + We also see the `-` for upstream request time. + It is likely in this case that Envoy was not able to establish a connection to the upstream. + That is further supported by the request duration of `1998` which is approximately the default upstream connection timeout of `2s`. + +1. Inspect Envoy metrics + + This method of debugging can be useful especially for deployments that service a large volume of traffic. + In this case, access logs are possibly not suitable to use, as the volume of logs may be too large to pinpoint an exact erroring request. + + Metrics from individual Envoy instances can be viewed manually or scraped using Envoy's prometheus endpoints and graphed using common visualization tools. + See the `/stats/prometheus` endpoint of the [Envoy admin interface][3]. + + Metrics that may be useful to inspect: + * [Listener metrics][4] + * `downstream_cx_total` + * `ssl.connection_error` + * [HTTP metrics][5] + * `downstream_cx_total` + * `downstream_cx_protocol_error` + * `downstream_rq_total` + * `downstream_rq_rx_reset` + * `downstream_rq_tx_reset` + * `downstream_rq_timeout` + * `downstream_rq_5xx` (and other status code groups) + * [Upstream metrics][6] + * `upstream_cx_total` + * `upstream_cx_connect_fail` + * `upstream_cx_connect_timeout` + * `upstream_rq_total` + * `upstream_rq_timeout` + +1. Send a direct request to the backend app to narrow down where the error may be originating. + + This can be done via a port-forward to send a request to the app directly, skipping over the Envoy proxy. + If this sort of request succeeds, we know the issue likely originates from Contour configuration or the Envoy proxy rather than the app itself. + +[0]: /docs/{{< param latest_version >}}/config/access-logging/ +[1]: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#default-format-string +[2]: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-response-flags +[3]: /docs/{{< param latest_version >}}/guides/prometheus/#envoy-metrics +[4]: https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/stats +[5]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/stats +[6]: https://www.envoyproxy.io/docs/envoy/latest/configuration/upstream/cluster_manager/cluster_stats diff --git a/site/data/docs/main-toc.yml b/site/data/docs/main-toc.yml index 920070276ce..151db52d41a 100644 --- a/site/data/docs/main-toc.yml +++ b/site/data/docs/main-toc.yml @@ -101,6 +101,8 @@ toc: url: /guides/resource-limits/ - title: Troubleshooting subfolderitems: + - page: Troubleshooting Common Proxy Errors + url: /troubleshooting/common-proxy-errors - page: Envoy Administration Access url: /troubleshooting/envoy-admin-interface - page: Contour Debug Logging From 39a7d2002389792660c4ee7ffb2806b53e0c334d Mon Sep 17 00:00:00 2001 From: Lubron Date: Fri, 9 Feb 2024 12:29:33 -0800 Subject: [PATCH 08/83] add disabled-features flag to ContourDeployment for provisioner (#6152) Fixes #5276. Signed-off-by: Lubron Zhan --- apis/projectcontour/v1/httpproxy.go | 3 + apis/projectcontour/v1/httpproxy_helpers.go | 22 --- .../v1alpha1/contourdeployment.go | 8 ++ .../unreleased/6152-lubronzhan-minor.md | 7 + examples/contour/01-crds.yaml | 14 ++ examples/render/contour-deployment.yaml | 14 ++ .../render/contour-gateway-provisioner.yaml | 14 ++ examples/render/contour-gateway.yaml | 14 ++ examples/render/contour.yaml | 14 ++ internal/provisioner/controller/gateway.go | 5 +- internal/provisioner/model/model.go | 23 ++- .../provisioner/model/model_test.go | 41 +++++- .../objects/deployment/deployment.go | 8 +- .../objects/deployment/deployment_test.go | 40 +++++- .../objects/rbac/clusterrole/cluster_role.go | 4 +- .../rbac/clusterrole/cluster_role_test.go | 134 +++++++++++++++++- internal/provisioner/objects/rbac/rbac.go | 7 +- .../provisioner/objects/rbac/role/role.go | 2 +- .../objects/rbac/role/role_test.go | 119 ++++++++++++++++ .../provisioner/objects/rbac/util/util.go | 45 +++++- .../objects/rbac/util/util_test.go | 71 ++++++++++ .../docs/main/config/api-reference.html | 24 ++++ test/e2e/gatewayapi_predicates.go | 25 ++++ test/e2e/provisioner/provisioner_test.go | 128 ++++++++++++++++- 24 files changed, 733 insertions(+), 53 deletions(-) delete mode 100644 apis/projectcontour/v1/httpproxy_helpers.go create mode 100644 changelogs/unreleased/6152-lubronzhan-minor.md rename apis/projectcontour/v1/httpproxy_helpers_test.go => internal/provisioner/model/model_test.go (52%) create mode 100644 internal/provisioner/objects/rbac/util/util_test.go diff --git a/apis/projectcontour/v1/httpproxy.go b/apis/projectcontour/v1/httpproxy.go index b0a999fd921..1de37a7248e 100644 --- a/apis/projectcontour/v1/httpproxy.go +++ b/apis/projectcontour/v1/httpproxy.go @@ -1514,3 +1514,6 @@ type SlowStartPolicy struct { // +kubebuilder:validation:Maximum=100 MinimumWeightPercent uint32 `json:"minWeightPercent"` } + +// +kubebuilder:validation:Enum=grpcroutes;tlsroutes;extensionservices;backendtlspolicies +type Feature string diff --git a/apis/projectcontour/v1/httpproxy_helpers.go b/apis/projectcontour/v1/httpproxy_helpers.go deleted file mode 100644 index 2716fa01738..00000000000 --- a/apis/projectcontour/v1/httpproxy_helpers.go +++ /dev/null @@ -1,22 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package v1 - -func NamespacesToStrings(ns []Namespace) []string { - res := make([]string, len(ns)) - for i, n := range ns { - res[i] = string(n) - } - return res -} diff --git a/apis/projectcontour/v1alpha1/contourdeployment.go b/apis/projectcontour/v1alpha1/contourdeployment.go index 049a098df42..da534f384fa 100644 --- a/apis/projectcontour/v1alpha1/contourdeployment.go +++ b/apis/projectcontour/v1alpha1/contourdeployment.go @@ -131,6 +131,14 @@ type ContourSettings struct { // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=42 WatchNamespaces []contour_api_v1.Namespace `json:"watchNamespaces,omitempty"` + + // DisabledFeatures defines an array of resources that will be ignored by + // contour reconciler. + // +optional + // +kubebuilder:validation:Type=array + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=42 + DisabledFeatures []contour_api_v1.Feature `json:"disabledFeatures,omitempty"` } // DeploymentSettings contains settings for Deployment resources. diff --git a/changelogs/unreleased/6152-lubronzhan-minor.md b/changelogs/unreleased/6152-lubronzhan-minor.md new file mode 100644 index 00000000000..116189f08cc --- /dev/null +++ b/changelogs/unreleased/6152-lubronzhan-minor.md @@ -0,0 +1,7 @@ +## Add DisabledFeatures to ContourDeployment for gateway provisioner + +A new flag DisabledFeatures is added to ContourDeployment so that user can configure contour which is deployed by the provisioner to skip reconciling CRDs which are specified inside the flag. + +Accepted values are `grpcroutes|tlsroutes|extensionservices|backendtlspolicies`. + + diff --git a/examples/contour/01-crds.yaml b/examples/contour/01-crds.yaml index 9de3a3bf2bb..6695ac9b884 100644 --- a/examples/contour/01-crds.yaml +++ b/examples/contour/01-crds.yaml @@ -1479,6 +1479,20 @@ spec: type: string type: object type: object + disabledFeatures: + description: |- + DisabledFeatures defines an array of resources that will be ignored by + contour reconciler. + items: + enum: + - grpcroutes + - tlsroutes + - extensionservices + - backendtlspolicies + type: string + maxItems: 42 + minItems: 1 + type: array kubernetesLogLevel: description: |- KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset, diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index d79153ad41b..f401e80ddeb 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -1698,6 +1698,20 @@ spec: type: string type: object type: object + disabledFeatures: + description: |- + DisabledFeatures defines an array of resources that will be ignored by + contour reconciler. + items: + enum: + - grpcroutes + - tlsroutes + - extensionservices + - backendtlspolicies + type: string + maxItems: 42 + minItems: 1 + type: array kubernetesLogLevel: description: |- KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset, diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml index 9d6a8e51877..79a2d1a5830 100644 --- a/examples/render/contour-gateway-provisioner.yaml +++ b/examples/render/contour-gateway-provisioner.yaml @@ -1490,6 +1490,20 @@ spec: type: string type: object type: object + disabledFeatures: + description: |- + DisabledFeatures defines an array of resources that will be ignored by + contour reconciler. + items: + enum: + - grpcroutes + - tlsroutes + - extensionservices + - backendtlspolicies + type: string + maxItems: 42 + minItems: 1 + type: array kubernetesLogLevel: description: |- KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset, diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index 9bc2b73bdcc..ab80e2eaf68 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -1701,6 +1701,20 @@ spec: type: string type: object type: object + disabledFeatures: + description: |- + DisabledFeatures defines an array of resources that will be ignored by + contour reconciler. + items: + enum: + - grpcroutes + - tlsroutes + - extensionservices + - backendtlspolicies + type: string + maxItems: 42 + minItems: 1 + type: array kubernetesLogLevel: description: |- KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset, diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml index 4b8212d47e4..73c2bf28dd4 100644 --- a/examples/render/contour.yaml +++ b/examples/render/contour.yaml @@ -1698,6 +1698,20 @@ spec: type: string type: object type: object + disabledFeatures: + description: |- + DisabledFeatures defines an array of resources that will be ignored by + contour reconciler. + items: + enum: + - grpcroutes + - tlsroutes + - extensionservices + - backendtlspolicies + type: string + maxItems: 42 + minItems: 1 + type: array kubernetesLogLevel: description: |- KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset, diff --git a/internal/provisioner/controller/gateway.go b/internal/provisioner/controller/gateway.go index f83c74f396f..c258fab9a44 100644 --- a/internal/provisioner/controller/gateway.go +++ b/internal/provisioner/controller/gateway.go @@ -17,7 +17,6 @@ import ( "context" "fmt" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/provisioner/model" @@ -262,7 +261,9 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct contourModel.Spec.KubernetesLogLevel = contourParams.KubernetesLogLevel - contourModel.Spec.WatchNamespaces = contour_api_v1.NamespacesToStrings(contourParams.WatchNamespaces) + contourModel.Spec.WatchNamespaces = contourParams.WatchNamespaces + + contourModel.Spec.DisabledFeatures = contourParams.DisabledFeatures if contourParams.Deployment != nil && contourParams.Deployment.Strategy != nil { diff --git a/internal/provisioner/model/model.go b/internal/provisioner/model/model.go index 35541eb57bc..d6258ceb93a 100644 --- a/internal/provisioner/model/model.go +++ b/internal/provisioner/model/model.go @@ -14,6 +14,7 @@ package model import ( + contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" contourv1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/ref" @@ -253,7 +254,27 @@ type ContourSpec struct { // WatchNamespaces is an array of namespaces. Setting it will instruct the contour instance // to only watch these set of namespaces // default is nil, contour will watch resource of all namespaces - WatchNamespaces []string + WatchNamespaces []contourv1.Namespace + + // DisabledFeatures defines an array of resources that will be ignored by + // contour reconciler. + DisabledFeatures []contourv1.Feature +} + +func NamespacesToStrings(ns []contourv1.Namespace) []string { + res := make([]string, len(ns)) + for i, n := range ns { + res[i] = string(n) + } + return res +} + +func FeaturesToStrings(fs []contourv1.Feature) []string { + res := make([]string, len(fs)) + for i := range fs { + res[i] = string(fs[i]) + } + return res } // WorkloadType is the type of Kubernetes workload to use for a component. diff --git a/apis/projectcontour/v1/httpproxy_helpers_test.go b/internal/provisioner/model/model_test.go similarity index 52% rename from apis/projectcontour/v1/httpproxy_helpers_test.go rename to internal/provisioner/model/model_test.go index bacfaa55d4f..61800672bd9 100644 --- a/apis/projectcontour/v1/httpproxy_helpers_test.go +++ b/internal/provisioner/model/model_test.go @@ -11,27 +11,29 @@ // See the License for the specific language governing permissions and // limitations under the License. -package v1 +package model import ( "reflect" "testing" + + contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) func TestNamespacesToStrings(t *testing.T) { testCases := []struct { description string - namespaces []Namespace + namespaces []contourv1.Namespace expectStrings []string }{ { - description: "namespace 1", - namespaces: []Namespace{}, + description: "no namespaces", + namespaces: []contourv1.Namespace{}, expectStrings: []string{}, }, { - description: "namespace 2", - namespaces: []Namespace{"ns1", "ns2"}, + description: "2 namespaces", + namespaces: []contourv1.Namespace{"ns1", "ns2"}, expectStrings: []string{"ns1", "ns2"}, }, } @@ -44,3 +46,30 @@ func TestNamespacesToStrings(t *testing.T) { }) } } + +func TestFeaturesToStrings(t *testing.T) { + testCases := []struct { + description string + features []contourv1.Feature + expectStrings []string + }{ + { + description: "no features", + features: []contourv1.Feature{}, + expectStrings: []string{}, + }, + { + description: "2 features", + features: []contourv1.Feature{"tlsroutes", "grpcroutes"}, + expectStrings: []string{"tlsroutes", "grpcroutes"}, + }, + } + + for _, tc := range testCases { + t.Run(tc.description, func(t *testing.T) { + if !reflect.DeepEqual(FeaturesToStrings(tc.features), tc.expectStrings) { + t.Errorf("expect converted strings %v is the same as %v", FeaturesToStrings(tc.features), tc.expectStrings) + } + }) + } +} diff --git a/internal/provisioner/objects/deployment/deployment.go b/internal/provisioner/objects/deployment/deployment.go index bfc56116bcb..ec1700c6eb5 100644 --- a/internal/provisioner/objects/deployment/deployment.go +++ b/internal/provisioner/objects/deployment/deployment.go @@ -103,13 +103,17 @@ func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment } if !contour.WatchAllNamespaces() { - ns := contour.Spec.WatchNamespaces - if !slices.Contains(contour.Spec.WatchNamespaces, contour.Namespace) { + ns := model.NamespacesToStrings(contour.Spec.WatchNamespaces) + if !slices.Contains(ns, contour.Namespace) { ns = append(ns, contour.Namespace) } args = append(args, fmt.Sprintf("--watch-namespaces=%s", strings.Join(ns, ","))) } + if contour.Spec.DisabledFeatures != nil && len(contour.Spec.DisabledFeatures) > 0 { + args = append(args, fmt.Sprintf("--disable-feature=%s", strings.Join(model.FeaturesToStrings(contour.Spec.DisabledFeatures), ","))) + } + // Pass the insecure/secure flags to Contour if using non-default ports. for _, port := range contour.Spec.NetworkPublishing.Envoy.Ports { switch { diff --git a/internal/provisioner/objects/deployment/deployment_test.go b/internal/provisioner/objects/deployment/deployment_test.go index 71d0c81be6f..9cf62aa29ed 100644 --- a/internal/provisioner/objects/deployment/deployment_test.go +++ b/internal/provisioner/objects/deployment/deployment_test.go @@ -18,6 +18,7 @@ import ( "strings" "testing" + contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/provisioner/model" @@ -216,15 +217,15 @@ func TestDesiredDeployment(t *testing.T) { func TestDesiredDeploymentWhenSettingWatchNamespaces(t *testing.T) { testCases := []struct { description string - namespaces []string + namespaces []contourv1.Namespace }{ { description: "several valid namespaces", - namespaces: []string{"ns1", "ns2"}, + namespaces: []contourv1.Namespace{"ns1", "ns2"}, }, { description: "single valid namespace", - namespaces: []string{"ns1"}, + namespaces: []contourv1.Namespace{"ns1"}, }, } @@ -238,7 +239,7 @@ func TestDesiredDeploymentWhenSettingWatchNamespaces(t *testing.T) { cntr.Spec.WatchNamespaces = tc.namespaces deploy := DesiredDeployment(cntr, "ghcr.io/projectcontour/contour:test") container := checkDeploymentHasContainer(t, deploy, contourContainerName, true) - arg := fmt.Sprintf("--watch-namespaces=%s", strings.Join(append(tc.namespaces, cntr.Namespace), ",")) + arg := fmt.Sprintf("--watch-namespaces=%s", strings.Join(append(model.NamespacesToStrings(tc.namespaces), cntr.Namespace), ",")) checkContainerHasArg(t, container, arg) }) } @@ -270,3 +271,34 @@ func TestNodePlacementDeployment(t *testing.T) { checkDeploymentHasNodeSelector(t, deploy, selectors) checkDeploymentHasTolerations(t, deploy, tolerations) } + +func TestDesiredDeploymentWhenSettingDisabledFeature(t *testing.T) { + testCases := []struct { + description string + disabledFeatures []contourv1.Feature + }{ + { + description: "disable 2 featuers", + disabledFeatures: []contourv1.Feature{"tlsroutes", "grpcroutes"}, + }, + { + description: "disable single feature", + disabledFeatures: []contourv1.Feature{"tlsroutes"}, + }, + } + + for _, tc := range testCases { + t.Run(tc.description, func(t *testing.T) { + name := "deploy-test" + cntr := model.Default(fmt.Sprintf("%s-ns", name), name) + icName := "test-ic" + cntr.Spec.IngressClassName = &icName + cntr.Spec.DisabledFeatures = tc.disabledFeatures + // Change the Contour watch namespaces flag + deploy := DesiredDeployment(cntr, "ghcr.io/projectcontour/contour:test") + container := checkDeploymentHasContainer(t, deploy, contourContainerName, true) + arg := fmt.Sprintf("--disable-feature=%s", strings.Join(model.FeaturesToStrings(tc.disabledFeatures), ",")) + checkContainerHasArg(t, container, arg) + }) + } +} diff --git a/internal/provisioner/objects/rbac/clusterrole/cluster_role.go b/internal/provisioner/objects/rbac/clusterrole/cluster_role.go index 6371a9202f2..700ca27c31f 100644 --- a/internal/provisioner/objects/rbac/clusterrole/cluster_role.go +++ b/internal/provisioner/objects/rbac/clusterrole/cluster_role.go @@ -58,8 +58,8 @@ func desiredClusterRole(name string, contour *model.Contour, clusterScopedResour return role } - // add basic rules to role - role.Rules = append(role.Rules, util.NamespacedResourcePolicyRules()...) + // add other rules for namespacedResources, so that we can associated them with ClusterRole later + role.Rules = append(role.Rules, util.NamespacedResourcePolicyRules(contour.Spec.DisabledFeatures)...) return role } diff --git a/internal/provisioner/objects/rbac/clusterrole/cluster_role_test.go b/internal/provisioner/objects/rbac/clusterrole/cluster_role_test.go index 2e48d3edd98..56fa4a8809f 100644 --- a/internal/provisioner/objects/rbac/clusterrole/cluster_role_test.go +++ b/internal/provisioner/objects/rbac/clusterrole/cluster_role_test.go @@ -19,9 +19,14 @@ import ( "testing" "github.com/projectcontour/contour/internal/provisioner/model" + "github.com/projectcontour/contour/internal/provisioner/objects/rbac/util" + "github.com/projectcontour/contour/internal/provisioner/slice" + contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" rbacv1 "k8s.io/api/rbac/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" + "k8s.io/utils/diff" + gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" ) func checkClusterRoleName(t *testing.T, cr *rbacv1.ClusterRole, expected string) { @@ -82,7 +87,6 @@ func TestDesiredClusterRole(t *testing.T) { model.GatewayAPIOwningGatewayNameLabel: cntr.Name, } checkClusterRoleLabels(t, cr, ownerLabels) - fmt.Println(cr.Rules) if tc.clusterScopeOnly != clusterRoleRulesContainOnlyClusterScopeRules(cr) { t.Errorf("expect clusterScopeOnly to be %v, but clusterRoleRulesContainOnlyClusterScopeRules shows %v", tc.clusterScopeOnly, clusterRoleRulesContainOnlyClusterScopeRules(cr)) @@ -90,3 +94,131 @@ func TestDesiredClusterRole(t *testing.T) { }) } } + +func TestDesiredClusterRoleFilterResources(t *testing.T) { + filterNamespacedGatewayResources := func(policyRules []rbacv1.PolicyRule) [][]string { + gatewayResources := [][]string{} + for _, rule := range policyRules { + for _, apigroup := range rule.APIGroups { + // gatewayclass is in isolate rule + if apigroup == gatewayv1alpha2.GroupName && rule.Resources[0] != "gatewayclasses" && rule.Resources[0] != "gatewayclasses/status" { + gatewayResources = append(gatewayResources, rule.Resources) + break + } + } + } + return gatewayResources + } + + filterContourResources := func(policyRules []rbacv1.PolicyRule) [][]string { + contourResources := [][]string{} + for _, rule := range policyRules { + for _, apigroup := range rule.APIGroups { + if apigroup == contourv1.GroupName { + contourResources = append(contourResources, rule.Resources) + break + } + } + } + return contourResources + } + + tests := []struct { + description string + disabledFeatures []contourv1.Feature + clusterScopedResourceOnly bool + expectedGateway [][]string + expectedContour [][]string + }{ + { + description: "empty disabled features", + disabledFeatures: nil, + clusterScopedResourceOnly: false, + expectedGateway: [][]string{util.GatewayGroupNamespacedResource, util.GatewayGroupNamespacedResourceStatus}, + expectedContour: [][]string{util.ContourGroupNamespacedResource, util.ContourGroupNamespacedResourceStatus}, + }, + { + description: "disable tlsroutes feature", + disabledFeatures: []contourv1.Feature{"tlsroutes"}, + clusterScopedResourceOnly: false, + expectedGateway: [][]string{ + removeFromStringArray(util.GatewayGroupNamespacedResource, "tlsroutes"), + removeFromStringArray(util.GatewayGroupNamespacedResourceStatus, "tlsroutes/status"), + }, + expectedContour: [][]string{util.ContourGroupNamespacedResource, util.ContourGroupNamespacedResourceStatus}, + }, + + { + description: "disable extensionservices feature", + disabledFeatures: []contourv1.Feature{"extensionservices"}, + clusterScopedResourceOnly: false, + expectedGateway: [][]string{util.GatewayGroupNamespacedResource, util.GatewayGroupNamespacedResourceStatus}, + expectedContour: [][]string{ + removeFromStringArray(util.ContourGroupNamespacedResource, "extensionservices"), + removeFromStringArray(util.ContourGroupNamespacedResourceStatus, "extensionservices/status"), + }, + }, + { + description: "disable non-existent features", + disabledFeatures: []contourv1.Feature{"abc", "efg"}, + clusterScopedResourceOnly: false, + expectedGateway: [][]string{util.GatewayGroupNamespacedResource, util.GatewayGroupNamespacedResourceStatus}, + expectedContour: [][]string{util.ContourGroupNamespacedResource, util.ContourGroupNamespacedResourceStatus}, + }, + { + description: "disable both gateway and contour features", + disabledFeatures: []contourv1.Feature{"grpcroutes", "tlsroutes", "extensionservices", "backendtlspolicies"}, + clusterScopedResourceOnly: false, + expectedGateway: [][]string{ + removeFromStringArray(util.GatewayGroupNamespacedResource, "tlsroutes", "grpcroutes", "backendtlspolicies"), + removeFromStringArray(util.GatewayGroupNamespacedResourceStatus, "tlsroutes/status", "grpcroutes/status", "backendtlspolicies/status"), + }, + expectedContour: [][]string{ + removeFromStringArray(util.ContourGroupNamespacedResource, "extensionservices"), + removeFromStringArray(util.ContourGroupNamespacedResourceStatus, "extensionservices/status"), + }, + }, + { + description: "empty disabled features but with clusterScoped only", + disabledFeatures: nil, + clusterScopedResourceOnly: true, + expectedGateway: [][]string{}, + expectedContour: [][]string{}, + }, + } + + cntrName := "test-filteredresources" + cntr := model.Default(fmt.Sprintf("%s-ns", cntrName), cntrName) + + for _, tt := range tests { + t.Run(tt.description, func(t *testing.T) { + cntrLocal := cntr + + // set the disableFeatures + cntrLocal.Spec.DisabledFeatures = tt.disabledFeatures + + cr := desiredClusterRole(cntrName, cntrLocal, tt.clusterScopedResourceOnly) + + // fetch gateway resources + gatewayResources := filterNamespacedGatewayResources(cr.Rules) + contourResources := filterContourResources(cr.Rules) + if !apiequality.Semantic.DeepEqual(gatewayResources, tt.expectedGateway) { + t.Errorf("filtered gateway resources didn't match: %v", diff.ObjectReflectDiff(gatewayResources, tt.expectedGateway)) + } + + if !apiequality.Semantic.DeepEqual(contourResources, tt.expectedContour) { + t.Errorf("filtered contour resources didn't match: %v", diff.ObjectReflectDiff(contourResources, tt.expectedContour)) + } + }) + } +} + +func removeFromStringArray(arr []string, s ...string) []string { + res := []string{} + for _, a := range arr { + if !slice.ContainsString(s, a) { + res = append(res, a) + } + } + return res +} diff --git a/internal/provisioner/objects/rbac/rbac.go b/internal/provisioner/objects/rbac/rbac.go index 30b731a7e1d..271698c90ff 100644 --- a/internal/provisioner/objects/rbac/rbac.go +++ b/internal/provisioner/objects/rbac/rbac.go @@ -17,6 +17,7 @@ import ( "context" "fmt" + contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" "github.com/projectcontour/contour/internal/provisioner/objects/rbac/clusterrole" @@ -81,7 +82,7 @@ func ensureContourRBAC(ctx context.Context, cli client.Client, contour *model.Co } // includes contour's namespace if it's not inside watchNamespaces - ns := contour.Spec.WatchNamespaces + ns := model.NamespacesToStrings(contour.Spec.WatchNamespaces) if !slice.ContainsString(ns, contour.Namespace) { ns = append(ns, contour.Namespace) } @@ -178,12 +179,12 @@ func EnsureRBACDeleted(ctx context.Context, cli client.Client, contour *model.Co return nil } -func validateNamespacesExist(ctx context.Context, cli client.Client, ns []string) error { +func validateNamespacesExist(ctx context.Context, cli client.Client, ns []contourv1.Namespace) error { errs := []error{} for _, n := range ns { namespace := &corev1.Namespace{} // Check if the namespace exists - err := cli.Get(ctx, types.NamespacedName{Name: n}, namespace) + err := cli.Get(ctx, types.NamespacedName{Name: string(n)}, namespace) if err != nil { if apierrors.IsNotFound(err) { errs = append(errs, fmt.Errorf("failed to find namespace %s in watchNamespace. Please make sure it exist", n)) diff --git a/internal/provisioner/objects/rbac/role/role.go b/internal/provisioner/objects/rbac/role/role.go index f4dbd6b0a8d..83ab82085ce 100644 --- a/internal/provisioner/objects/rbac/role/role.go +++ b/internal/provisioner/objects/rbac/role/role.go @@ -108,7 +108,7 @@ func desiredRoleForResourceInNamespace(name, namespace string, contour *model.Co Labels: contour.CommonLabels(), Annotations: contour.CommonAnnotations(), }, - Rules: util.NamespacedResourcePolicyRules(), + Rules: util.NamespacedResourcePolicyRules(contour.Spec.DisabledFeatures), } } diff --git a/internal/provisioner/objects/rbac/role/role_test.go b/internal/provisioner/objects/rbac/role/role_test.go index a42fa7b8712..8db45e5f41d 100644 --- a/internal/provisioner/objects/rbac/role/role_test.go +++ b/internal/provisioner/objects/rbac/role/role_test.go @@ -17,10 +17,15 @@ import ( "fmt" "testing" + contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/provisioner/model" + "github.com/projectcontour/contour/internal/provisioner/objects/rbac/util" + "github.com/projectcontour/contour/internal/provisioner/slice" + gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" rbacv1 "k8s.io/api/rbac/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" + "k8s.io/utils/diff" ) func checkRoleName(t *testing.T, role *rbacv1.Role, expected string) { @@ -95,3 +100,117 @@ func TestDesiredRoleForContourInNamespace(t *testing.T) { }) } } + +func TestDesiredRoleFilterResources(t *testing.T) { + filterNamespacedGatewayResources := func(policyRules []rbacv1.PolicyRule) [][]string { + gatewayResources := [][]string{} + for _, rule := range policyRules { + for _, apigroup := range rule.APIGroups { + if apigroup == gatewayv1alpha2.GroupName { + gatewayResources = append(gatewayResources, rule.Resources) + break + } + } + } + return gatewayResources + } + + filterContourResources := func(policyRules []rbacv1.PolicyRule) [][]string { + contourResources := [][]string{} + for _, rule := range policyRules { + for _, apigroup := range rule.APIGroups { + if apigroup == contourv1.GroupName { + contourResources = append(contourResources, rule.Resources) + break + } + } + } + return contourResources + } + + tests := []struct { + description string + disabledFeatures []contourv1.Feature + expectedGateway [][]string + expectedContour [][]string + }{ + { + description: "empty disabled features", + disabledFeatures: nil, + expectedGateway: [][]string{util.GatewayGroupNamespacedResource, util.GatewayGroupNamespacedResourceStatus}, + expectedContour: [][]string{util.ContourGroupNamespacedResource, util.ContourGroupNamespacedResourceStatus}, + }, + { + description: "disable tlsroutes feature", + disabledFeatures: []contourv1.Feature{"tlsroutes"}, + expectedGateway: [][]string{ + removeFromStringArray(util.GatewayGroupNamespacedResource, "tlsroutes"), + removeFromStringArray(util.GatewayGroupNamespacedResourceStatus, "tlsroutes/status"), + }, + expectedContour: [][]string{util.ContourGroupNamespacedResource, util.ContourGroupNamespacedResourceStatus}, + }, + + { + description: "disable extensionservices feature", + disabledFeatures: []contourv1.Feature{"extensionservices"}, + expectedGateway: [][]string{util.GatewayGroupNamespacedResource, util.GatewayGroupNamespacedResourceStatus}, + expectedContour: [][]string{ + removeFromStringArray(util.ContourGroupNamespacedResource, "extensionservices"), + removeFromStringArray(util.ContourGroupNamespacedResourceStatus, "extensionservices/status"), + }, + }, + { + description: "disable non-existent features", + disabledFeatures: []contourv1.Feature{"abc", "efg"}, + expectedGateway: [][]string{util.GatewayGroupNamespacedResource, util.GatewayGroupNamespacedResourceStatus}, + expectedContour: [][]string{util.ContourGroupNamespacedResource, util.ContourGroupNamespacedResourceStatus}, + }, + { + description: "disable both gateway and contour features", + disabledFeatures: []contourv1.Feature{"grpcroutes", "tlsroutes", "backendtlspolicies", "extensionservices"}, + expectedGateway: [][]string{ + removeFromStringArray(util.GatewayGroupNamespacedResource, "tlsroutes", "grpcroutes", "backendtlspolicies"), + removeFromStringArray(util.GatewayGroupNamespacedResourceStatus, "tlsroutes/status", "grpcroutes/status", "backendtlspolicies/status"), + }, + expectedContour: [][]string{ + removeFromStringArray(util.ContourGroupNamespacedResource, "extensionservices"), + removeFromStringArray(util.ContourGroupNamespacedResourceStatus, "extensionservices/status"), + }, + }, + } + + cntrName := "test-filteredresources" + cntr := model.Default(fmt.Sprintf("%s-ns", cntrName), cntrName) + + for _, tt := range tests { + t.Run(tt.description, func(t *testing.T) { + cntrLocal := cntr + + // set the disableFeatures + cntrLocal.Spec.DisabledFeatures = tt.disabledFeatures + + cr := desiredRoleForResourceInNamespace(cntrName, "test", cntrLocal) + + // fetch gateway resources + gatewayResources := filterNamespacedGatewayResources(cr.Rules) + contourResources := filterContourResources(cr.Rules) + if !apiequality.Semantic.DeepEqual(gatewayResources, tt.expectedGateway) { + t.Errorf("filtered gateway resources didn't match: %v", diff.ObjectReflectDiff(gatewayResources, tt.expectedGateway)) + } + + if !apiequality.Semantic.DeepEqual(contourResources, tt.expectedContour) { + t.Errorf("filtered contour resources didn't match: %v", diff.ObjectReflectDiff(contourResources, tt.expectedContour)) + } + }) + } +} + +func removeFromStringArray(arr []string, s ...string) []string { + res := []string{} + for _, a := range arr { + if !slice.ContainsString(s, a) { + res = append(res, a) + } + } + return res +} diff --git a/internal/provisioner/objects/rbac/util/util.go b/internal/provisioner/objects/rbac/util/util.go index 698cb828144..1fb781f0d6d 100644 --- a/internal/provisioner/objects/rbac/util/util.go +++ b/internal/provisioner/objects/rbac/util/util.go @@ -14,6 +14,11 @@ package util import ( + "strings" + + contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/provisioner/model" + "github.com/projectcontour/contour/internal/provisioner/slice" corev1 "k8s.io/api/core/v1" discoveryv1 "k8s.io/api/discovery/v1" networkingv1 "k8s.io/api/networking/v1" @@ -23,6 +28,13 @@ import ( const contourV1GroupName = "projectcontour.io" +var ( + GatewayGroupNamespacedResource = []string{"gateways", "httproutes", "tlsroutes", "grpcroutes", "tcproutes", "referencegrants", "backendtlspolicies"} + GatewayGroupNamespacedResourceStatus = []string{"gateways/status", "httproutes/status", "tlsroutes/status", "grpcroutes/status", "tcproutes/status", "backendtlspolicies/status"} + ContourGroupNamespacedResource = []string{"httpproxies", "tlscertificatedelegations", "extensionservices", "contourconfigurations"} + ContourGroupNamespacedResourceStatus = []string{"httpproxies/status", "extensionservices/status", "contourconfigurations/status"} +) + var ( createGetUpdate = []string{"create", "get", "update"} getListWatch = []string{"get", "list", "watch"} @@ -39,8 +51,9 @@ func PolicyRuleFor(apiGroup string, verbs []string, resources ...string) rbacv1. } // NamespacedResourcePolicyRules returns a set of policy rules for resources that are -// namespaced-scoped -func NamespacedResourcePolicyRules() []rbacv1.PolicyRule { +// namespaced-scoped. If resourcesToSkip is not empty, skip creating RBAC for those +// CRDs. +func NamespacedResourcePolicyRules(resourcesToSkip []contourv1.Feature) []rbacv1.PolicyRule { return []rbacv1.PolicyRule{ // Core Contour-watched resources. PolicyRuleFor(corev1.GroupName, getListWatch, "secrets", "endpoints", "services", "configmaps"), @@ -50,16 +63,16 @@ func NamespacedResourcePolicyRules() []rbacv1.PolicyRule { // Gateway API resources. // Note, ReferenceGrant does not currently have a .status field so it's omitted from the status rule. - PolicyRuleFor(gatewayv1alpha2.GroupName, getListWatch, "gateways", "httproutes", "tlsroutes", "grpcroutes", "tcproutes", "referencegrants", "backendtlspolicies"), - PolicyRuleFor(gatewayv1alpha2.GroupName, update, "gateways/status", "httproutes/status", "tlsroutes/status", "grpcroutes/status", "tcproutes/status", "backendtlspolicies/status"), + PolicyRuleFor(gatewayv1alpha2.GroupName, getListWatch, filterResources(resourcesToSkip, GatewayGroupNamespacedResource...)...), + PolicyRuleFor(gatewayv1alpha2.GroupName, update, filterResources(resourcesToSkip, GatewayGroupNamespacedResourceStatus...)...), // Ingress resources. PolicyRuleFor(networkingv1.GroupName, getListWatch, "ingresses"), PolicyRuleFor(networkingv1.GroupName, createGetUpdate, "ingresses/status"), // Contour CRDs. - PolicyRuleFor(contourV1GroupName, getListWatch, "httpproxies", "tlscertificatedelegations", "extensionservices", "contourconfigurations"), - PolicyRuleFor(contourV1GroupName, createGetUpdate, "httpproxies/status", "extensionservices/status", "contourconfigurations/status"), + PolicyRuleFor(contourV1GroupName, getListWatch, filterResources(resourcesToSkip, ContourGroupNamespacedResource...)...), + PolicyRuleFor(contourV1GroupName, createGetUpdate, filterResources(resourcesToSkip, ContourGroupNamespacedResourceStatus...)...), } } @@ -75,3 +88,23 @@ func ClusterScopedResourcePolicyRules() []rbacv1.PolicyRule { PolicyRuleFor(corev1.GroupName, getListWatch, "namespaces"), } } + +func filterResources(resourcesToSkip []contourv1.Feature, resources ...string) []string { + if len(resourcesToSkip) == 0 { + return resources + } + filteredResources := []string{} + rts := model.FeaturesToStrings(resourcesToSkip) + for _, resource := range resources { + resourceCopy := resource + // handle status resources by splitting and using the first part + if strings.Contains(resourceCopy, "/") { + parts := strings.Split(resourceCopy, "/") + resourceCopy = parts[0] + } + if !slice.ContainsString(rts, resourceCopy) { + filteredResources = append(filteredResources, resource) + } + } + return filteredResources +} diff --git a/internal/provisioner/objects/rbac/util/util_test.go b/internal/provisioner/objects/rbac/util/util_test.go new file mode 100644 index 00000000000..c6218761e07 --- /dev/null +++ b/internal/provisioner/objects/rbac/util/util_test.go @@ -0,0 +1,71 @@ +// Copyright Project Contour Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package util + +import ( + "reflect" + "testing" + + contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" +) + +func TestFilterResources(t *testing.T) { + testCases := []struct { + description string + disabledFeatures []contourv1.Feature + resourceList []string + expectedList []string + }{ + { + description: "empty disabled features", + resourceList: []string{"httpproxies", "tlscertificatedelegations", "extensionservices", "contourconfigurations"}, + disabledFeatures: nil, + expectedList: []string{"httpproxies", "tlscertificatedelegations", "extensionservices", "contourconfigurations"}, + }, + { + description: "disable extensionservices", + resourceList: []string{"httpproxies", "tlscertificatedelegations", "extensionservices", "contourconfigurations"}, + disabledFeatures: []contourv1.Feature{"extensionservices"}, + expectedList: []string{"httpproxies", "tlscertificatedelegations", "contourconfigurations"}, + }, + { + description: "disable extensionservices, filter status", + resourceList: []string{"httpproxies/status", "extensionservices/status", "contourconfigurations/status"}, + disabledFeatures: []contourv1.Feature{"extensionservices"}, + expectedList: []string{"httpproxies/status", "contourconfigurations/status"}, + }, + { + description: "disable tlsroutes", + resourceList: []string{"gateways", "httproutes", "tlsroutes", "grpcroutes", "tcproutes", "referencegrants"}, + disabledFeatures: []contourv1.Feature{"tlsroutes"}, + expectedList: []string{"gateways", "httproutes", "grpcroutes", "tcproutes", "referencegrants"}, + }, + { + description: "disable non-existence abc", + resourceList: []string{"gateways", "httproutes", "tlsroutes", "grpcroutes", "tcproutes", "referencegrants"}, + disabledFeatures: []contourv1.Feature{"abc"}, + expectedList: []string{"gateways", "httproutes", "tlsroutes", "grpcroutes", "tcproutes", "referencegrants"}, + }, + } + + for _, tc := range testCases { + t.Run(tc.description, func(t *testing.T) { + f := filterResources(tc.disabledFeatures, tc.resourceList...) + if !reflect.DeepEqual(tc.expectedList, f) { + t.Errorf("expect filtered list to be %v, but is %v", + tc.expectedList, f) + } + }) + } +} diff --git a/site/content/docs/main/config/api-reference.html b/site/content/docs/main/config/api-reference.html index dde8bb108e2..522e89d16a8 100644 --- a/site/content/docs/main/config/api-reference.html +++ b/site/content/docs/main/config/api-reference.html @@ -1176,6 +1176,14 @@

ExtensionServiceReferenc +

Feature +(string alias)

+

+(Appears on: +ContourSettings) +

+

+

GenericKeyDescriptor

@@ -6284,6 +6292,22 @@

ContourSettings to only watch this subset of namespaces.

+ + +disabledFeatures +
+ + +[]Feature + + + + +(Optional) +

DisabledFeatures defines an array of resources that will be ignored by +contour reconciler.

+ +

CustomTag diff --git a/test/e2e/gatewayapi_predicates.go b/test/e2e/gatewayapi_predicates.go index aa1946ad860..67556328ce0 100644 --- a/test/e2e/gatewayapi_predicates.go +++ b/test/e2e/gatewayapi_predicates.go @@ -145,6 +145,31 @@ func TCPRouteAccepted(route *gatewayapi_v1alpha2.TCPRoute) bool { return false } +// TLSRouteIgnoredByContour returns true if the route has an empty .status.parents.conditions list +func TLSRouteIgnoredByContour(route *gatewayapi_v1alpha2.TLSRoute) bool { + if route == nil { + return false + } + + return len(route.Status.Parents) == 0 +} + +// TLSRouteAccepted returns true if the route has a .status.conditions +// entry of "Accepted: true". +func TLSRouteAccepted(route *gatewayapi_v1alpha2.TLSRoute) bool { + if route == nil { + return false + } + + for _, gw := range route.Status.Parents { + if conditionExists(gw.Conditions, string(gatewayapi_v1alpha2.RouteConditionAccepted), metav1.ConditionTrue) { + return true + } + } + + return false +} + // BackendTLSPolicyAccepted returns true if the backend TLS policy has a .status.conditions // entry of "Accepted: true". func BackendTLSPolicyAccepted(btp *gatewayapi_v1alpha2.BackendTLSPolicy) bool { diff --git a/test/e2e/provisioner/provisioner_test.go b/test/e2e/provisioner/provisioner_test.go index f1c24740885..9390eb16bab 100644 --- a/test/e2e/provisioner/provisioner_test.go +++ b/test/e2e/provisioner/provisioner_test.go @@ -34,6 +34,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -540,7 +541,7 @@ var _ = Describe("Gateway provisioner", func() { params := &contour_api_v1alpha1.ContourDeployment{ ObjectMeta: metav1.ObjectMeta{ Namespace: namespace, - Name: "contour-params-with-watch-namespaces", + Name: objectTestName, }, Spec: contour_api_v1alpha1.ContourDeploymentSpec{ RuntimeSettings: contourDeploymentRuntimeSettings(), @@ -669,6 +670,7 @@ var _ = Describe("Gateway provisioner", func() { // Root proxy in non-watched namespace should fail By(fmt.Sprintf("Expect namespace %s not to be watched by contour", t.namespace)) hr, ok := f.CreateHTTPRouteAndWaitFor(route, e2e.HTTPRouteIgnoredByContour) + require.True(f.T(), ok, fmt.Sprintf("httproute's is %v", hr)) By(fmt.Sprintf("Expect httproute under namespace %s is not accepted for a period of time", t.namespace)) require.Never(f.T(), func() bool { @@ -677,12 +679,132 @@ var _ = Describe("Gateway provisioner", func() { return false } return e2e.HTTPRouteAccepted(hr) - }, 10*time.Second, time.Second, hr) - require.True(f.T(), ok, fmt.Sprintf("httproute's is %v", hr)) + }, 20*time.Second, time.Second, hr) } } }) }, "testns-1", "testns-2", "testns-3") + f.NamespacedTest("gateway-with-envoy-with-disabled-features", func(namespace string) { + objectTestName := "contour-params-with-disabled-features" + BeforeEach(func() { + By("create gatewayclass that reference contourDeployment with disabled-features value") + gatewayClass := &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: metav1.ObjectMeta{ + Name: objectTestName, + }, + Spec: gatewayapi_v1beta1.GatewayClassSpec{ + ControllerName: gatewayapi_v1beta1.GatewayController("projectcontour.io/gateway-controller"), + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + Group: "projectcontour.io", + Kind: "ContourDeployment", + Namespace: ref.To(gatewayapi_v1beta1.Namespace(namespace)), + Name: objectTestName, + }, + }, + } + _, ok := f.CreateGatewayClassAndWaitFor(gatewayClass, e2e.GatewayClassNotAccepted) + require.True(f.T(), ok) + + // Now create the ContourDeployment to match the parametersRef. + params := &contour_api_v1alpha1.ContourDeployment{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace, + Name: objectTestName, + }, + Spec: contour_api_v1alpha1.ContourDeploymentSpec{ + RuntimeSettings: contourDeploymentRuntimeSettings(), + Contour: &contour_api_v1alpha1.ContourSettings{ + DisabledFeatures: []contour_api_v1.Feature{"tlsroutes"}, + }, + }, + } + require.NoError(f.T(), f.Client.Create(context.Background(), params)) + + // Now the GatewayClass should be accepted. + require.Eventually(f.T(), func() bool { + gc := &gatewayapi_v1beta1.GatewayClass{} + if err := f.Client.Get(context.Background(), k8s.NamespacedNameOf(gatewayClass), gc); err != nil { + return false + } + + return e2e.GatewayClassAccepted(gc) + }, time.Minute, time.Second) + }) + AfterEach(func() { + require.NoError(f.T(), f.DeleteGatewayClass(&gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: metav1.ObjectMeta{ + Name: objectTestName, + }, + }, false)) + }) + Specify("A gateway can be provisioned that ignore CRDs in disabledFeatures", func() { + By("Deploy gateway that referencing above gatewayclass") + gateway := &gatewayapi_v1beta1.Gateway{ + ObjectMeta: metav1.ObjectMeta{ + Name: "tlsroute", + Namespace: namespace, + }, + Spec: gatewayapi_v1beta1.GatewaySpec{ + GatewayClassName: gatewayapi_v1beta1.ObjectName(objectTestName), + Listeners: []gatewayapi_v1beta1.Listener{ + { + Name: "https", + Protocol: gatewayapi_v1.TLSProtocolType, + Port: gatewayapi_v1beta1.PortNumber(443), + TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), + }, + AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ + Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + From: ref.To(gatewayapi_v1.NamespacesFromSame), + }, + }, + }, + }, + }, + } + + gateway, ok := f.CreateGatewayAndWaitFor(gateway, func(gw *gatewayapi_v1beta1.Gateway) bool { + return e2e.GatewayProgrammed(gw) && e2e.GatewayHasAddress(gw) + }) + require.True(f.T(), ok, fmt.Sprintf("gateway is %v", gateway)) + + By("Skip reconciling the TLSRoute if disabledFeatures includes it") + f.Fixtures.EchoSecure.Deploy(namespace, "echo-secure", nil) + route := &gatewayapi_v1alpha2.TLSRoute{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: namespace, + Name: "tlsroute-1", + }, + Spec: gatewayapi_v1alpha2.TLSRouteSpec{ + Hostnames: []gatewayapi_v1alpha2.Hostname{"provisioner.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1alpha2.ParentReference{ + { + Namespace: ref.To(gatewayapi_v1alpha2.Namespace(gateway.Namespace)), + Name: gatewayapi_v1alpha2.ObjectName(gateway.Name), + }, + }, + }, + Rules: []gatewayapi_v1alpha2.TLSRouteRule{ + { + BackendRefs: gatewayapi.TLSRouteBackendRef("echo-secure", 443, ref.To(int32(1))), + }, + }, + }, + } + tr, ok := f.CreateTLSRouteAndWaitFor(route, e2e.TLSRouteIgnoredByContour) + require.True(f.T(), ok, fmt.Sprintf("tlsroute's is %v", tr)) + By("Expect tlsroute not to be accepted") + require.Never(f.T(), func() bool { + tr = &gatewayapi_v1alpha2.TLSRoute{} + if err := f.Client.Get(context.Background(), k8s.NamespacedNameOf(tr), tr); err != nil { + return false + } + return e2e.TLSRouteAccepted(tr) + }, 20*time.Second, time.Second, tr) + }) + }) }) func contourDeploymentRuntimeSettings() *contour_api_v1alpha1.ContourConfigurationSpec { From 7d6831b911b2286488b2f1099d772e1d83787a8e Mon Sep 17 00:00:00 2001 From: Christian Ang Date: Mon, 12 Feb 2024 06:09:22 -0800 Subject: [PATCH 09/83] Add Accepted condition to BackendTLSPolicy (#6151) Signed-off-by: Christian Ang --- .../unreleased/6151-christianang-small.md | 1 + internal/dag/gatewayapi_processor.go | 192 +++--- internal/dag/status_test.go | 568 ++++++++++++++++++ internal/status/backendtlspolicyconditions.go | 151 +++++ .../status/backendtlspolicyconditions_test.go | 135 +++++ internal/status/cache.go | 61 +- test/e2e/gateway/backend_tls_policy_test.go | 3 +- test/e2e/gatewayapi_predicates.go | 14 +- 8 files changed, 1042 insertions(+), 83 deletions(-) create mode 100644 changelogs/unreleased/6151-christianang-small.md create mode 100644 internal/status/backendtlspolicyconditions.go create mode 100644 internal/status/backendtlspolicyconditions_test.go diff --git a/changelogs/unreleased/6151-christianang-small.md b/changelogs/unreleased/6151-christianang-small.md new file mode 100644 index 00000000000..8a7c85b38bf --- /dev/null +++ b/changelogs/unreleased/6151-christianang-small.md @@ -0,0 +1 @@ +For Gateway API, add "Accepted" condition to BackendTLSPolicy. If the condition is true the BackendTLSPolicy was accepted by the Gateway and if false a reason will be stated on the policy as to why it wasn't accepted. diff --git a/internal/dag/gatewayapi_processor.go b/internal/dag/gatewayapi_processor.go index 5c78b3993a3..0a2f8cd6957 100644 --- a/internal/dag/gatewayapi_processor.go +++ b/internal/dag/gatewayapi_processor.go @@ -262,7 +262,7 @@ func (p *GatewayAPIProcessor) processRoute( switch route := route.(type) { case *gatewayapi_v1beta1.HTTPRoute: - p.computeHTTPRouteForListener(route, routeParentStatus, listener, hosts) + p.computeHTTPRouteForListener(route, routeParentStatus, routeParentRef, listener, hosts) case *gatewayapi_v1alpha2.TLSRoute: p.computeTLSRouteForListener(route, routeParentStatus, listener, hosts) case *gatewayapi_v1alpha2.GRPCRoute: @@ -1147,6 +1147,7 @@ func parseHTTPRouteTimeouts(httpRouteTimeouts *gatewayapi_v1.HTTPRouteTimeouts) func (p *GatewayAPIProcessor) computeHTTPRouteForListener( route *gatewayapi_v1beta1.HTTPRoute, routeAccessor *status.RouteParentStatusUpdate, + routeParentRef gatewayapi_v1beta1.ParentReference, listener *listenerInfo, hosts sets.Set[string], ) { @@ -1407,7 +1408,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( ) } else { // Get clusters from rule backendRefs - clusters, totalWeight, ok := p.httpClusters(route.Namespace, rule.BackendRefs, routeAccessor) + clusters, totalWeight, ok := p.httpClusters(route.Namespace, rule.BackendRefs, routeAccessor, routeParentRef) if !ok { continue } @@ -1963,7 +1964,7 @@ func gatewayQueryParamMatchConditions(matches []gatewayapi_v1beta1.HTTPQueryPara } // httpClusters builds clusters from backendRef. -func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs []gatewayapi_v1beta1.HTTPBackendRef, routeAccessor *status.RouteParentStatusUpdate) ([]*Cluster, uint32, bool) { +func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs []gatewayapi_v1beta1.HTTPBackendRef, routeAccessor *status.RouteParentStatusUpdate, routeParentRef gatewayapi_v1beta1.ParentReference) ([]*Cluster, uint32, bool) { totalWeight := uint32(0) if len(backendRefs) == 0 { @@ -1981,73 +1982,9 @@ func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs [] continue } - var upstreamValidation *PeerValidationContext - var backendRefGroup gatewayapi_v1alpha2.Group - if backendRef.Group != nil { - backendRefGroup = *backendRef.Group - } - - var backendRefKind gatewayapi_v1alpha2.Kind - if backendRef.Kind != nil { - backendRefKind = *backendRef.Kind - } - - var backendNamespace *gatewayapi_v1.Namespace - if backendRef.Namespace != nil && *backendRef.Namespace != "" { - backendNamespace = backendRef.Namespace - } else { - backendNamespace = ptr.To(gatewayapi_v1.Namespace(routeNamespace)) - } - - policyTargetRef := gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ - PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ - Group: backendRefGroup, - Kind: backendRefKind, - Name: backendRef.Name, - Namespace: backendNamespace, - }, - SectionName: ptr.To(gatewayapi_v1alpha2.SectionName(service.Weighted.ServicePort.Name)), - } - - var upstreamTLS *UpstreamTLS - // Check to see if there is any BackendTLSPolicy matching this service and service port - backendTLSPolicy, found := p.source.LookupBackendTLSPolicyByTargetRef(policyTargetRef) - if found { - var caSecrets []*Secret - for _, certRef := range backendTLSPolicy.Spec.TLS.CACertRefs { - switch certRef.Kind { - case "Secret": - caSecret, err := p.source.LookupCASecret(types.NamespacedName{ - Name: string(certRef.Name), - Namespace: backendTLSPolicy.Namespace, - }, backendTLSPolicy.Namespace) - if err != nil { - continue - } - caSecrets = append(caSecrets, caSecret) - case "ConfigMap": - caSecret, err := p.source.LookupCAConfigMap(types.NamespacedName{ - Name: string(certRef.Name), - Namespace: backendTLSPolicy.Namespace, - }) - if err != nil { - continue - } - caSecrets = append(caSecrets, caSecret) - default: - continue - } - } - - if len(caSecrets) != 0 { - upstreamValidation = &PeerValidationContext{ - CACertificates: caSecrets, - SubjectNames: []string{string(backendTLSPolicy.Spec.TLS.Hostname)}, - } - - service.Protocol = "tls" - upstreamTLS = p.UpstreamTLS - } + upstreamValidation, upstreamTLS := p.computeBackendTLSPolicies(routeNamespace, backendRef, service, routeParentRef) + if upstreamValidation != nil { + service.Protocol = "tls" } var clusterRequestHeaderPolicy *HeadersPolicy @@ -2118,6 +2055,121 @@ func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs [] return clusters, totalWeight, true } +// computeBackendTLSPolicies returns the upstreamValidation and upstreamTLS +// fields for the cluster that is being calculated if there is an associated +// BackendTLSPolicy for the service being referenced. +// +// If no BackendTLSPolicy is found or the BackendTLSPolicy is invalid then nil +// is returned for both fields. +func (p *GatewayAPIProcessor) computeBackendTLSPolicies(routeNamespace string, backendRef gatewayapi_v1beta1.HTTPBackendRef, service *Service, routeParentRef gatewayapi_v1beta1.ParentReference) (*PeerValidationContext, *UpstreamTLS) { + var upstreamValidation *PeerValidationContext + var upstreamTLS *UpstreamTLS + + var backendRefGroup gatewayapi_v1alpha2.Group + if backendRef.Group != nil { + backendRefGroup = *backendRef.Group + } + + var backendRefKind gatewayapi_v1alpha2.Kind + if backendRef.Kind != nil { + backendRefKind = *backendRef.Kind + } + + var backendNamespace *gatewayapi_v1.Namespace + if backendRef.Namespace != nil && *backendRef.Namespace != "" { + backendNamespace = backendRef.Namespace + } else { + backendNamespace = ptr.To(gatewayapi_v1.Namespace(routeNamespace)) + } + + policyTargetRef := gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Group: backendRefGroup, + Kind: backendRefKind, + Name: backendRef.Name, + Namespace: backendNamespace, + }, + SectionName: ptr.To(gatewayapi_v1alpha2.SectionName(service.Weighted.ServicePort.Name)), + } + + // Check to see if there is any BackendTLSPolicy matching this service and service port + backendTLSPolicy, found := p.source.LookupBackendTLSPolicyByTargetRef(policyTargetRef) + if found { + backendTLSPolicyAccessor, commit := p.dag.StatusCache.BackendTLSPolicyConditionsAccessor( + k8s.NamespacedNameOf(backendTLSPolicy), + backendTLSPolicy.GetGeneration(), + backendTLSPolicy, + ) + defer commit() + backendTLSPolicyAncestorStatus := backendTLSPolicyAccessor.StatusUpdateFor(routeParentRef) + + if backendTLSPolicy.Spec.TLS.WellKnownCACerts != nil && *backendTLSPolicy.Spec.TLS.WellKnownCACerts != "" { + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, "BackendTLSPolicy.Spec.TLS.WellKnownCACerts is unsupported.") + return nil, nil + } + + if err := gatewayapi.IsValidHostname(string(backendTLSPolicy.Spec.TLS.Hostname)); err != nil { + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("BackendTLSPolicy.Spec.TLS.Hostname %q is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", backendTLSPolicy.Spec.TLS.Hostname)) + return nil, nil + } + + if strings.Contains(string(backendTLSPolicy.Spec.TLS.Hostname), "*") { + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("BackendTLSPolicy.Spec.TLS.Hostname %q is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", backendTLSPolicy.Spec.TLS.Hostname)) + return nil, nil + } + + var isInvalidCertChain bool + var caSecrets []*Secret + for _, certRef := range backendTLSPolicy.Spec.TLS.CACertRefs { + switch certRef.Kind { + case "Secret": + caSecret, err := p.source.LookupCASecret(types.NamespacedName{ + Name: string(certRef.Name), + Namespace: backendTLSPolicy.Namespace, + }, backendTLSPolicy.Namespace) + if err != nil { + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("Could not find CACertRef Secret: %s/%s", backendTLSPolicy.Namespace, certRef.Name)) + isInvalidCertChain = true + continue + } + caSecrets = append(caSecrets, caSecret) + case "ConfigMap": + caSecret, err := p.source.LookupCAConfigMap(types.NamespacedName{ + Name: string(certRef.Name), + Namespace: backendTLSPolicy.Namespace, + }) + if err != nil { + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("Could not find CACertRef ConfigMap: %s/%s", backendTLSPolicy.Namespace, certRef.Name)) + isInvalidCertChain = true + continue + } + caSecrets = append(caSecrets, caSecret) + default: + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("BackendTLSPolicy.Spec.TLS.CACertRef.Kind %q is unsupported. Only ConfigMap or Secret Kind is supported.", certRef.Kind)) + isInvalidCertChain = true + continue + } + } + + if isInvalidCertChain { + return nil, nil + } + + if len(caSecrets) != 0 { + upstreamValidation = &PeerValidationContext{ + CACertificates: caSecrets, + SubjectNames: []string{string(backendTLSPolicy.Spec.TLS.Hostname)}, + } + + upstreamTLS = p.UpstreamTLS + + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionTrue, gatewayapi_v1alpha2.PolicyReasonAccepted, "Accepted BackendTLSPolicy") + } + } + + return upstreamValidation, upstreamTLS +} + // grpcClusters builds clusters from backendRef. func (p *GatewayAPIProcessor) grpcClusters(routeNamespace string, backendRefs []gatewayapi_v1alpha2.GRPCBackendRef, routeAccessor *status.RouteParentStatusUpdate, protocolType gatewayapi_v1beta1.ProtocolType) ([]*Cluster, uint32, bool) { totalWeight := uint32(0) diff --git a/internal/dag/status_test.go b/internal/dag/status_test.go index 13d55b31540..29561c6a2dc 100644 --- a/internal/dag/status_test.go +++ b/internal/dag/status_test.go @@ -32,6 +32,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -11390,6 +11391,573 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { }) } +func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { + type testcase struct { + objs []any + gateway *gatewayapi_v1beta1.Gateway + wantBackendTLSPolicyConditions []*status.BackendTLSPolicyStatusUpdate + } + + run := func(t *testing.T, desc string, tc testcase) { + t.Helper() + t.Run(desc, func(t *testing.T) { + t.Helper() + builder := Builder{ + Source: KubernetesCache{ + RootNamespaces: []string{"roots", "marketing"}, + FieldLogger: fixture.NewTestLogger(t), + gatewayclass: &gatewayapi_v1beta1.GatewayClass{ + TypeMeta: metav1.TypeMeta{}, + ObjectMeta: metav1.ObjectMeta{ + Name: "test-gc", + }, + Spec: gatewayapi_v1beta1.GatewayClassSpec{ + ControllerName: "projectcontour.io/contour", + }, + Status: gatewayapi_v1beta1.GatewayClassStatus{ + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), + Status: metav1.ConditionTrue, + }, + }, + }, + }, + gateway: tc.gateway, + }, + Processors: []Processor{ + &ListenerProcessor{}, + &IngressProcessor{ + FieldLogger: fixture.NewTestLogger(t), + }, + &HTTPProxyProcessor{}, + &GatewayAPIProcessor{ + FieldLogger: fixture.NewTestLogger(t), + }, + }, + } + + // Set a default gateway if not defined by a test + if tc.gateway == nil { + builder.Source.gateway = &gatewayapi_v1beta1.Gateway{ + ObjectMeta: metav1.ObjectMeta{ + Name: "contour", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1beta1.GatewaySpec{ + Listeners: []gatewayapi_v1beta1.Listener{{ + Name: "http", + Port: 80, + Protocol: gatewayapi_v1.HTTPProtocolType, + AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ + Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + From: ref.To(gatewayapi_v1.NamespacesFromAll), + }, + }, + }}, + }, + } + } + + for _, o := range tc.objs { + builder.Source.Insert(o) + } + + dag := builder.Build() + gotBackendTLSPolicyUpdates := dag.StatusCache.GetBackendTLSPolicyUpdates() + + ops := []cmp.Option{ + cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime"), + cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "GatewayRef"), + cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "Generation"), + cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "TransitionTime"), + cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "Resource"), + cmpopts.SortSlices(func(i, j metav1.Condition) bool { + return i.Message < j.Message + }), + cmpopts.SortSlices(func(i, j *status.BackendTLSPolicyStatusUpdate) bool { + return i.FullName.String() < j.FullName.String() + }), + } + + // Since we're using a single static GatewayClass, + // set the expected controller string here for all + // test cases. + for _, u := range tc.wantBackendTLSPolicyConditions { + u.GatewayController = builder.Source.gatewayclass.Spec.ControllerName + + for _, pas := range u.PolicyAncestorStatuses { + pas.ControllerName = builder.Source.gatewayclass.Spec.ControllerName + } + } + + if diff := cmp.Diff(tc.wantBackendTLSPolicyConditions, gotBackendTLSPolicyUpdates, ops...); diff != "" { + t.Fatalf("expected backend tls policy status: %v, got %v", tc.wantBackendTLSPolicyConditions, diff) + } + }) + } + + tlsService := &v1.Service{ + ObjectMeta: metav1.ObjectMeta{ + Name: "tlssvc", + Namespace: "projectcontour", + }, + Spec: v1.ServiceSpec{ + Ports: []v1.ServicePort{makeServicePort("https", "TCP", 443, 8443)}, + }, + } + + configMapCert1 := &v1.ConfigMap{ + ObjectMeta: metav1.ObjectMeta{ + Name: "ca", + Namespace: "projectcontour", + }, + Data: map[string]string{ + CACertificateKey: fixture.CERTIFICATE, + }, + } + + run(t, "simple httproute with backendtlspolicy", testcase{ + objs: []any{ + tlsService, + configMapCert1, + makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), + &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "tlssvc", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{{ + Kind: "ConfigMap", + Name: gatewayapi_v1.ObjectName(configMapCert1.Name), + }}, + Hostname: "example.com", + }, + }, + }, + }, + wantBackendTLSPolicyConditions: []*status.BackendTLSPolicyStatusUpdate{{ + FullName: types.NamespacedName{Namespace: "projectcontour", Name: "basic"}, + PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionTrue, + Reason: string(gatewayapi_v1alpha2.PolicyReasonAccepted), + Message: "Accepted BackendTLSPolicy", + }, + }, + }, + }, + }}, + }) + + run(t, "backendtlspolicy with a targetref that cannot be found does not set any conditions", testcase{ + objs: []any{ + tlsService, + configMapCert1, + makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), + &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "nonexistent", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{{ + Kind: "ConfigMap", + Name: gatewayapi_v1.ObjectName(configMapCert1.Name), + }}, + Hostname: "example.com", + }, + }, + }, + }, + wantBackendTLSPolicyConditions: nil, + }) + + run(t, "backendtlspolicy with unsupported cacertref", testcase{ + objs: []any{ + tlsService, + configMapCert1, + makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), + &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "tlssvc", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{{ + Kind: "Invalid", + Name: gatewayapi_v1.ObjectName(configMapCert1.Name), + }}, + Hostname: "example.com", + }, + }, + }, + }, + wantBackendTLSPolicyConditions: []*status.BackendTLSPolicyStatusUpdate{{ + FullName: types.NamespacedName{Namespace: "projectcontour", Name: "basic"}, + PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionFalse, + Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), + Message: "BackendTLSPolicy.Spec.TLS.CACertRef.Kind \"Invalid\" is unsupported. Only ConfigMap or Secret Kind is supported.", + }, + }, + }, + }, + }}, + }) + + run(t, "backendtlspolicy with missing configmap certref", testcase{ + objs: []any{ + tlsService, + makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), + &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "tlssvc", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{{ + Kind: "ConfigMap", + Name: gatewayapi_v1.ObjectName("missing"), + }}, + Hostname: "example.com", + }, + }, + }, + }, + wantBackendTLSPolicyConditions: []*status.BackendTLSPolicyStatusUpdate{{ + FullName: types.NamespacedName{Namespace: "projectcontour", Name: "basic"}, + PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionFalse, + Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), + Message: "Could not find CACertRef ConfigMap: projectcontour/missing", + }, + }, + }, + }, + }}, + }) + + run(t, "backendtlspolicy with missing secret certref", testcase{ + objs: []any{ + tlsService, + makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), + &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "tlssvc", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{{ + Kind: "Secret", + Name: gatewayapi_v1.ObjectName("missing"), + }}, + Hostname: "example.com", + }, + }, + }, + }, + wantBackendTLSPolicyConditions: []*status.BackendTLSPolicyStatusUpdate{{ + FullName: types.NamespacedName{Namespace: "projectcontour", Name: "basic"}, + PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionFalse, + Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), + Message: "Could not find CACertRef Secret: projectcontour/missing", + }, + }, + }, + }, + }}, + }) + + run(t, "backendtlspolicy with multiple cacertref that are a mix of valid and invalid", testcase{ + objs: []any{ + tlsService, + configMapCert1, + makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), + &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "tlssvc", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{ + { + Kind: "Invalid", + Name: gatewayapi_v1.ObjectName(configMapCert1.Name), + }, + { + Kind: "ConfigMap", + Name: gatewayapi_v1.ObjectName("missing"), + }, + { + Kind: "ConfigMap", + Name: gatewayapi_v1.ObjectName(configMapCert1.Name), + }, + }, + Hostname: "example.com", + }, + }, + }, + }, + wantBackendTLSPolicyConditions: []*status.BackendTLSPolicyStatusUpdate{{ + FullName: types.NamespacedName{Namespace: "projectcontour", Name: "basic"}, + PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionFalse, + Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), + Message: "BackendTLSPolicy.Spec.TLS.CACertRef.Kind \"Invalid\" is unsupported. Only ConfigMap or Secret Kind is supported., Could not find CACertRef ConfigMap: projectcontour/missing", + }, + }, + }, + }, + }}, + }) + + run(t, "backendtlspolicy with wellknowncacerts set", testcase{ + objs: []any{ + tlsService, + configMapCert1, + makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), + &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "tlssvc", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + WellKnownCACerts: ptr.To(gatewayapi_v1alpha2.WellKnownCACertSystem), + Hostname: "example.com", + }, + }, + }, + }, + wantBackendTLSPolicyConditions: []*status.BackendTLSPolicyStatusUpdate{{ + FullName: types.NamespacedName{Namespace: "projectcontour", Name: "basic"}, + PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionFalse, + Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), + Message: "BackendTLSPolicy.Spec.TLS.WellKnownCACerts is unsupported.", + }, + }, + }, + }, + }}, + }) + + run(t, "backendtlspolicy with malformed hostname", testcase{ + objs: []any{ + tlsService, + configMapCert1, + makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), + &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "tlssvc", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{{ + Kind: "ConfigMap", + Name: gatewayapi_v1.ObjectName(configMapCert1.Name), + }}, + Hostname: "-bad-hostname.example.com", + }, + }, + }, + }, + wantBackendTLSPolicyConditions: []*status.BackendTLSPolicyStatusUpdate{{ + FullName: types.NamespacedName{Namespace: "projectcontour", Name: "basic"}, + PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionFalse, + Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), + Message: "BackendTLSPolicy.Spec.TLS.Hostname \"-bad-hostname.example.com\" is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", + }, + }, + }, + }, + }}, + }) + + run(t, "backendtlspolicy with unsupported wildcard hostname", testcase{ + objs: []any{ + tlsService, + configMapCert1, + makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), + &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "tlssvc", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{{ + Kind: "ConfigMap", + Name: gatewayapi_v1.ObjectName(configMapCert1.Name), + }}, + Hostname: "*.example.com", + }, + }, + }, + }, + wantBackendTLSPolicyConditions: []*status.BackendTLSPolicyStatusUpdate{{ + FullName: types.NamespacedName{Namespace: "projectcontour", Name: "basic"}, + PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionFalse, + Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), + Message: "BackendTLSPolicy.Spec.TLS.Hostname \"*.example.com\" is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", + }, + }, + }, + }, + }}, + }) + + run(t, "backendtlspolicy with unsupported numeric ip as hostname", testcase{ + objs: []any{ + tlsService, + configMapCert1, + makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), + &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "basic", + Namespace: "projectcontour", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "tlssvc", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{{ + Kind: "ConfigMap", + Name: gatewayapi_v1.ObjectName(configMapCert1.Name), + }}, + Hostname: "127.0.0.1", + }, + }, + }, + }, + wantBackendTLSPolicyConditions: []*status.BackendTLSPolicyStatusUpdate{{ + FullName: types.NamespacedName{Namespace: "projectcontour", Name: "basic"}, + PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionFalse, + Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), + Message: "BackendTLSPolicy.Spec.TLS.Hostname \"127.0.0.1\" is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", + }, + }, + }, + }, + }}, + }) +} + func gatewayAcceptedCondition() metav1.Condition { return metav1.Condition{ Type: string(gatewayapi_v1.GatewayConditionAccepted), diff --git a/internal/status/backendtlspolicyconditions.go b/internal/status/backendtlspolicyconditions.go new file mode 100644 index 00000000000..c4ae9ef8d14 --- /dev/null +++ b/internal/status/backendtlspolicyconditions.go @@ -0,0 +1,151 @@ +// Copyright Project Contour Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package status + +import ( + "fmt" + "time" + + "github.com/projectcontour/contour/internal/gatewayapi" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" +) + +// BackendTLSPolicyStatusUpdate represents an atomic update to a +// BackendTLSPolicy's status. +type BackendTLSPolicyStatusUpdate struct { + FullName types.NamespacedName + PolicyAncestorStatuses []*gatewayapi_v1alpha2.PolicyAncestorStatus + GatewayRef types.NamespacedName + GatewayController gatewayapi_v1beta1.GatewayController + Resource client.Object + Generation int64 + TransitionTime metav1.Time +} + +// BackendTLSPolicyAncestorStatusUpdate helps update a specific ancestor ref's +// PolicyAncestorStatus. +type BackendTLSPolicyAncestorStatusUpdate struct { + *BackendTLSPolicyStatusUpdate + ancestorRef gatewayapi_v1beta1.ParentReference +} + +// StatusUpdateFor returns a BackendTLSPolicyAncestorStatusUpdate for the given +// ancestor ref. +func (b *BackendTLSPolicyStatusUpdate) StatusUpdateFor(ancestorRef gatewayapi_v1beta1.ParentReference) *BackendTLSPolicyAncestorStatusUpdate { + return &BackendTLSPolicyAncestorStatusUpdate{ + BackendTLSPolicyStatusUpdate: b, + ancestorRef: ancestorRef, + } +} + +// AddCondition adds a condition with the given properties to the +// BackendTLSPolicyAncestorStatus. +func (b *BackendTLSPolicyAncestorStatusUpdate) AddCondition(conditionType gatewayapi_v1alpha2.PolicyConditionType, status metav1.ConditionStatus, reason gatewayapi_v1alpha2.PolicyConditionReason, message string) metav1.Condition { + var pas *gatewayapi_v1alpha2.PolicyAncestorStatus + + for _, v := range b.PolicyAncestorStatuses { + if v.AncestorRef == b.ancestorRef { + pas = v + break + } + } + + if pas == nil { + pas = &gatewayapi_v1alpha2.PolicyAncestorStatus{ + AncestorRef: b.ancestorRef, + ControllerName: b.GatewayController, + } + + b.PolicyAncestorStatuses = append(b.PolicyAncestorStatuses, pas) + } + + idx := -1 + for i, c := range pas.Conditions { + if c.Type == string(conditionType) { + idx = i + break + } + } + + if idx > -1 { + message = pas.Conditions[idx].Message + ", " + message + } + + cond := metav1.Condition{ + Reason: string(reason), + Status: status, + Type: string(conditionType), + Message: message, + LastTransitionTime: metav1.NewTime(time.Now()), + ObservedGeneration: b.Generation, + } + + if idx > -1 { + pas.Conditions[idx] = cond + } else { + pas.Conditions = append(pas.Conditions, cond) + } + + return cond +} + +// ConditionsForAncestorRef returns the list of conditions for a given ancestor +// if it exists. +func (b *BackendTLSPolicyStatusUpdate) ConditionsForAncestorRef(ancestorRef gatewayapi_v1beta1.ParentReference) []metav1.Condition { + for _, pas := range b.PolicyAncestorStatuses { + if pas.AncestorRef == ancestorRef { + return pas.Conditions + } + } + + return nil +} + +func (b *BackendTLSPolicyStatusUpdate) Mutate(obj client.Object) client.Object { + o, ok := obj.(*gatewayapi_v1alpha2.BackendTLSPolicy) + if !ok { + panic(fmt.Sprintf("Unsupported %T object %s/%s in status mutator", + obj, b.FullName.Namespace, b.FullName.Name, + )) + } + + var newPolicyAncestorStatuses []gatewayapi_v1alpha2.PolicyAncestorStatus + for _, pas := range b.PolicyAncestorStatuses { + for i := range pas.Conditions { + cond := &pas.Conditions[i] + + cond.ObservedGeneration = b.Generation + cond.LastTransitionTime = b.TransitionTime + } + + newPolicyAncestorStatuses = append(newPolicyAncestorStatuses, *pas) + } + + btp := o.DeepCopy() + + // Get all the PolicyAncestorStatuses that are for other Gateways. + for _, pas := range o.Status.Ancestors { + if !gatewayapi.IsRefToGateway(pas.AncestorRef, b.GatewayRef) { + newPolicyAncestorStatuses = append(newPolicyAncestorStatuses, pas) + } + } + + btp.Status.Ancestors = newPolicyAncestorStatuses + + return btp +} diff --git a/internal/status/backendtlspolicyconditions_test.go b/internal/status/backendtlspolicyconditions_test.go new file mode 100644 index 00000000000..b3e6d87487c --- /dev/null +++ b/internal/status/backendtlspolicyconditions_test.go @@ -0,0 +1,135 @@ +// Copyright Project Contour Authors +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package status + +import ( + "testing" + "time" + + contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/k8s" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" +) + +func TestBackendTLSPolicyAddCondition(t *testing.T) { + backendTLSPolicyUpdate := BackendTLSPolicyStatusUpdate{ + FullName: k8s.NamespacedNameFrom("test/test"), + Generation: 7, + } + + ancestorRef := gatewayapi.GatewayParentRef("projectcontour", "contour") + + basUpdate := backendTLSPolicyUpdate.StatusUpdateFor(ancestorRef) + + basUpdate.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionTrue, gatewayapi_v1alpha2.PolicyReasonAccepted, "Valid BackendTLSPolicy") + + require.Len(t, backendTLSPolicyUpdate.ConditionsForAncestorRef(ancestorRef), 1) + got := backendTLSPolicyUpdate.ConditionsForAncestorRef(ancestorRef)[0] + + assert.EqualValues(t, gatewayapi_v1alpha2.PolicyConditionAccepted, got.Type) + assert.EqualValues(t, metav1.ConditionTrue, got.Status) + assert.EqualValues(t, gatewayapi_v1alpha2.PolicyReasonAccepted, got.Reason) + assert.EqualValues(t, "Valid BackendTLSPolicy", got.Message) + assert.EqualValues(t, 7, got.ObservedGeneration) +} + +func TestBackendTLSPolicyMutate(t *testing.T) { + testTransitionTime := v1.NewTime(time.Now()) + var testGeneration int64 = 7 + + bsu := BackendTLSPolicyStatusUpdate{ + FullName: k8s.NamespacedNameFrom("test/test"), + Generation: testGeneration, + TransitionTime: testTransitionTime, + PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionTrue, + Reason: string(gatewayapi_v1alpha2.PolicyReasonAccepted), + Message: "Accepted BackendTLSPolicy", + }, + }, + }, + }, + } + + btp := &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "test", + }, + Status: gatewayapi_v1alpha2.PolicyStatus{ + Ancestors: []gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("externalgateway", "some-gateway"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionTrue, + Reason: string(gatewayapi_v1alpha2.PolicyReasonAccepted), + Message: "This was added by some other gateway and should not be removed.", + }, + }, + }, + }, + }, + } + + wantBackendTLSPolicy := &gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: "test", + }, + Status: gatewayapi_v1alpha2.PolicyStatus{ + Ancestors: []gatewayapi_v1alpha2.PolicyAncestorStatus{ + { + AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), + Conditions: []metav1.Condition{ + { + ObservedGeneration: testGeneration, + LastTransitionTime: testTransitionTime, + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionTrue, + Reason: string(gatewayapi_v1alpha2.PolicyReasonAccepted), + Message: "Accepted BackendTLSPolicy", + }, + }, + }, + { + AncestorRef: gatewayapi.GatewayParentRef("externalgateway", "some-gateway"), + Conditions: []metav1.Condition{ + { + Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), + Status: contour_api_v1.ConditionTrue, + Reason: string(gatewayapi_v1alpha2.PolicyReasonAccepted), + Message: "This was added by some other gateway and should not be removed.", + }, + }, + }, + }, + }, + } + + btp, ok := bsu.Mutate(btp).(*gatewayapi_v1alpha2.BackendTLSPolicy) + require.True(t, ok) + assert.Equal(t, wantBackendTLSPolicy, btp, 1) +} diff --git a/internal/status/cache.go b/internal/status/cache.go index 0274427eeb0..b0d86202fc7 100644 --- a/internal/status/cache.go +++ b/internal/status/cache.go @@ -37,12 +37,13 @@ const ValidCondition ConditionType = "Valid" // NewCache creates a new Cache for holding status updates. func NewCache(gateway types.NamespacedName, gatewayController gatewayapi_v1beta1.GatewayController) Cache { return Cache{ - gatewayRef: gateway, - gatewayController: gatewayController, - proxyUpdates: make(map[types.NamespacedName]*ProxyUpdate), - gatewayUpdates: make(map[types.NamespacedName]*GatewayStatusUpdate), - routeUpdates: make(map[types.NamespacedName]*RouteStatusUpdate), - entries: make(map[string]map[types.NamespacedName]CacheEntry), + gatewayRef: gateway, + gatewayController: gatewayController, + proxyUpdates: make(map[types.NamespacedName]*ProxyUpdate), + gatewayUpdates: make(map[types.NamespacedName]*GatewayStatusUpdate), + routeUpdates: make(map[types.NamespacedName]*RouteStatusUpdate), + backendTLSPolicyUpdates: make(map[types.NamespacedName]*BackendTLSPolicyStatusUpdate), + entries: make(map[string]map[types.NamespacedName]CacheEntry), } } @@ -58,9 +59,10 @@ type Cache struct { gatewayRef types.NamespacedName gatewayController gatewayapi_v1beta1.GatewayController - proxyUpdates map[types.NamespacedName]*ProxyUpdate - gatewayUpdates map[types.NamespacedName]*GatewayStatusUpdate - routeUpdates map[types.NamespacedName]*RouteStatusUpdate + proxyUpdates map[types.NamespacedName]*ProxyUpdate + gatewayUpdates map[types.NamespacedName]*GatewayStatusUpdate + routeUpdates map[types.NamespacedName]*RouteStatusUpdate + backendTLSPolicyUpdates map[types.NamespacedName]*BackendTLSPolicyStatusUpdate // Map of cache entry maps, keyed on Kind. entries map[string]map[types.NamespacedName]CacheEntry @@ -96,6 +98,16 @@ func (c *Cache) Put(obj metav1.Object, e CacheEntry) { func (c *Cache) GetStatusUpdates() []k8s.StatusUpdate { var flattened []k8s.StatusUpdate + for fullname, backendTLSPolicyUpdate := range c.backendTLSPolicyUpdates { + update := k8s.StatusUpdate{ + NamespacedName: fullname, + Resource: backendTLSPolicyUpdate.Resource, + Mutator: backendTLSPolicyUpdate, + } + + flattened = append(flattened, update) + } + for fullname, pu := range c.proxyUpdates { update := k8s.StatusUpdate{ NamespacedName: fullname, @@ -165,6 +177,15 @@ func (c *Cache) GetRouteUpdates() []*RouteStatusUpdate { return allUpdates } +// GetBackendTLSPolicyUpdates gets the underlying BackendTLSPolicyConditionsUpdate objects from the cache. +func (c *Cache) GetBackendTLSPolicyUpdates() []*BackendTLSPolicyStatusUpdate { + var allUpdates []*BackendTLSPolicyStatusUpdate + for _, conditionsUpdate := range c.backendTLSPolicyUpdates { + allUpdates = append(allUpdates, conditionsUpdate) + } + return allUpdates +} + // GatewayStatusAccessor returns a GatewayStatusUpdate that allows a client to build up a list of // status changes as well as a function to commit the change back to the cache when everything // is done. The commit function pattern is used so that the GatewayStatusUpdate does not need @@ -242,3 +263,25 @@ func (c *Cache) RouteConditionsAccessor(nsName types.NamespacedName, generation c.routeUpdates[pu.FullName] = pu } } + +// BackendTLSPolicyConditionsAccessor returns a BackendTLSPolicyStatusUpdate that allows a client +// to build up a list of metav1.Conditions as well as a function to commit the change back to the +// cache when everything is done. The commit function pattern is used so that the +// BackendTLSPolicyStatusUpdate does not need to know anything the cache internals. +func (c *Cache) BackendTLSPolicyConditionsAccessor(nsName types.NamespacedName, generation int64, resource client.Object) (*BackendTLSPolicyStatusUpdate, func()) { + pu := &BackendTLSPolicyStatusUpdate{ + FullName: nsName, + GatewayRef: c.gatewayRef, + GatewayController: c.gatewayController, + Generation: generation, + TransitionTime: metav1.NewTime(time.Now()), + Resource: resource, + } + + return pu, func() { + if len(pu.PolicyAncestorStatuses) == 0 { + return + } + c.backendTLSPolicyUpdates[pu.FullName] = pu + } +} diff --git a/test/e2e/gateway/backend_tls_policy_test.go b/test/e2e/gateway/backend_tls_policy_test.go index 207c8bc5892..7535792fb96 100644 --- a/test/e2e/gateway/backend_tls_policy_test.go +++ b/test/e2e/gateway/backend_tls_policy_test.go @@ -163,7 +163,8 @@ func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { }, } - f.CreateBackendTLSPolicyAndWaitFor(backendTLSPolicy, e2e.BackendTLSPolicyAccepted) + _, ok := f.CreateBackendTLSPolicyAndWaitFor(backendTLSPolicy, e2e.BackendTLSPolicyAccepted) + assert.Truef(t, ok, "expected policy condition accepted on backend tls policy") type responseTLSDetails struct { TLS struct { diff --git a/test/e2e/gatewayapi_predicates.go b/test/e2e/gatewayapi_predicates.go index 67556328ce0..5f307b15e61 100644 --- a/test/e2e/gatewayapi_predicates.go +++ b/test/e2e/gatewayapi_predicates.go @@ -173,9 +173,17 @@ func TLSRouteAccepted(route *gatewayapi_v1alpha2.TLSRoute) bool { // BackendTLSPolicyAccepted returns true if the backend TLS policy has a .status.conditions // entry of "Accepted: true". func BackendTLSPolicyAccepted(btp *gatewayapi_v1alpha2.BackendTLSPolicy) bool { - // TODO (christianang): Right now this always returns true if a backendtlspolicy is - // provided since status conditions are not implemented yet for BackendTLSPolicy - return btp != nil + if btp == nil { + return false + } + + for _, gw := range btp.Status.Ancestors { + if conditionExists(gw.Conditions, string(gatewayapi_v1alpha2.PolicyConditionAccepted), metav1.ConditionTrue) { + return true + } + } + + return false } func conditionExists(conditions []metav1.Condition, conditionType string, conditionStatus metav1.ConditionStatus) bool { From c35f7f0e7b3d0727b92ae6076799fd94f84ed2b5 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Mon, 12 Feb 2024 09:09:47 -0500 Subject: [PATCH 10/83] Bump Envoy to 1.29.1 (#6164) Signed-off-by: Sunjay Bhatia --- Makefile | 2 +- changelogs/unreleased/6123-skriss-small.md | 1 - changelogs/unreleased/6164-sunjayBhatia-small.md | 1 + cmd/contour/gatewayprovisioner.go | 2 +- examples/contour/03-envoy.yaml | 2 +- examples/deployment/03-envoy-deployment.yaml | 2 +- examples/render/contour-deployment.yaml | 2 +- examples/render/contour-gateway.yaml | 2 +- examples/render/contour.yaml | 2 +- site/content/resources/compatibility-matrix.md | 4 ++-- versions.yaml | 2 +- 11 files changed, 11 insertions(+), 11 deletions(-) delete mode 100644 changelogs/unreleased/6123-skriss-small.md create mode 100644 changelogs/unreleased/6164-sunjayBhatia-small.md diff --git a/Makefile b/Makefile index 4b933e29d58..a6c1a796440 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ IMAGE := $(REGISTRY)/$(PROJECT) SRCDIRS := ./cmd ./internal ./apis LOCAL_BOOTSTRAP_CONFIG = localenvoyconfig.yaml SECURE_LOCAL_BOOTSTRAP_CONFIG = securelocalenvoyconfig.yaml -ENVOY_IMAGE = docker.io/envoyproxy/envoy:v1.29.0 +ENVOY_IMAGE = docker.io/envoyproxy/envoy:v1.29.1 GATEWAY_API_VERSION ?= $(shell grep "sigs.k8s.io/gateway-api" go.mod | awk '{print $$2}') # Used to supply a local Envoy docker container an IP to connect to that is running diff --git a/changelogs/unreleased/6123-skriss-small.md b/changelogs/unreleased/6123-skriss-small.md deleted file mode 100644 index ce2dce41d0b..00000000000 --- a/changelogs/unreleased/6123-skriss-small.md +++ /dev/null @@ -1 +0,0 @@ -Updates Envoy to v1.29.0. See the release notes [here](https://www.envoyproxy.io/docs/envoy/v1.29.0/version_history/v1.29/v1.29.0). diff --git a/changelogs/unreleased/6164-sunjayBhatia-small.md b/changelogs/unreleased/6164-sunjayBhatia-small.md new file mode 100644 index 00000000000..3da383b22f4 --- /dev/null +++ b/changelogs/unreleased/6164-sunjayBhatia-small.md @@ -0,0 +1 @@ +Updates Envoy to v1.29.1. See the release notes [here](https://www.envoyproxy.io/docs/envoy/v1.29.1/version_history/v1.29/v1.29.1). diff --git a/cmd/contour/gatewayprovisioner.go b/cmd/contour/gatewayprovisioner.go index 3d9f03d95fb..ab3e2a5607e 100644 --- a/cmd/contour/gatewayprovisioner.go +++ b/cmd/contour/gatewayprovisioner.go @@ -36,7 +36,7 @@ func registerGatewayProvisioner(app *kingpin.Application) (*kingpin.CmdClause, * provisionerConfig := &gatewayProvisionerConfig{ contourImage: "ghcr.io/projectcontour/contour:main", - envoyImage: "docker.io/envoyproxy/envoy:v1.29.0", + envoyImage: "docker.io/envoyproxy/envoy:v1.29.1", metricsBindAddress: ":8080", leaderElection: false, leaderElectionID: "0d879e31.projectcontour.io", diff --git a/examples/contour/03-envoy.yaml b/examples/contour/03-envoy.yaml index 6bcd8fcbb69..cde50e56c24 100644 --- a/examples/contour/03-envoy.yaml +++ b/examples/contour/03-envoy.yaml @@ -50,7 +50,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.29.0 + image: docker.io/envoyproxy/envoy:v1.29.1 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/deployment/03-envoy-deployment.yaml b/examples/deployment/03-envoy-deployment.yaml index a05c9a4dace..c7861ec5244 100644 --- a/examples/deployment/03-envoy-deployment.yaml +++ b/examples/deployment/03-envoy-deployment.yaml @@ -62,7 +62,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.29.0 + image: docker.io/envoyproxy/envoy:v1.29.1 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index f401e80ddeb..790f7744634 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -9197,7 +9197,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.29.0 + image: docker.io/envoyproxy/envoy:v1.29.1 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index ab80e2eaf68..a4e9d4efd53 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -9188,7 +9188,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.29.0 + image: docker.io/envoyproxy/envoy:v1.29.1 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml index 73c2bf28dd4..e2ab3f43ff3 100644 --- a/examples/render/contour.yaml +++ b/examples/render/contour.yaml @@ -9185,7 +9185,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.29.0 + image: docker.io/envoyproxy/envoy:v1.29.1 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/site/content/resources/compatibility-matrix.md b/site/content/resources/compatibility-matrix.md index 5ab7304f7e9..b6d8f31d584 100644 --- a/site/content/resources/compatibility-matrix.md +++ b/site/content/resources/compatibility-matrix.md @@ -10,7 +10,7 @@ These combinations of versions are specifically tested in CI and supported by th | Contour Version | Envoy Version | Kubernetes Versions | Gateway API Version | | --------------- | :------------------- | ------------------- | --------------------| -| main | [1.29.0][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | +| main | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.27.0 | [1.28.0][45] | 1.28, 1.27, 1.26 | [0.8.1][109] | | 1.26.1 | [1.27.2][42] | 1.28, 1.27, 1.26 | [0.8.1][109] | | 1.26.0 | [1.27.0][41] | 1.28, 1.27, 1.26 | [0.8.0][108] | @@ -174,7 +174,7 @@ __Note:__ This list of extensions was last verified to be complete with Envoy v1 [43]: https://www.envoyproxy.io/docs/envoy/v1.26.6/version_history/v1.26/v1.26.6 [44]: https://www.envoyproxy.io/docs/envoy/v1.25.11/version_history/v1.25/v1.25.11 [45]: https://www.envoyproxy.io/docs/envoy/v1.28.0/version_history/v1.28/v1.28.0 -[46]: https://www.envoyproxy.io/docs/envoy/v1.29.0/version_history/v1.29/v1.29.0 +[46]: https://www.envoyproxy.io/docs/envoy/v1.29.1/version_history/v1.29/v1.29.1 [98]: https://github.com/kubernetes/client-go [99]: https://github.com/kubernetes/client-go#compatibility-matrix diff --git a/versions.yaml b/versions.yaml index 2ca386213ef..2ca19ee939f 100644 --- a/versions.yaml +++ b/versions.yaml @@ -7,7 +7,7 @@ versions: - version: main supported: "false" dependencies: - envoy: "1.29.0" + envoy: "1.29.1" kubernetes: - "1.29" - "1.28" From ca4108f0d49e32f1b899af411bc2213a0e844e9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 09:11:33 -0500 Subject: [PATCH 11/83] build(deps): bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.17.1 (#6173) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.0 to 0.17.1. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.0...v0.17.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 325523c784e..3301daffff2 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( k8s.io/client-go v0.29.1 k8s.io/klog/v2 v2.120.1 k8s.io/utils v0.0.0-20240102154912-e7106e64919e - sigs.k8s.io/controller-runtime v0.17.0 + sigs.k8s.io/controller-runtime v0.17.1 sigs.k8s.io/controller-tools v0.14.0 sigs.k8s.io/gateway-api v1.0.0 sigs.k8s.io/kustomize/kyaml v0.16.0 diff --git a/go.sum b/go.sum index f0b7e04b19a..8945ccc650a 100644 --- a/go.sum +++ b/go.sum @@ -811,8 +811,8 @@ rsc.io/pdf v0.1.1 h1:k1MczvYDUvJBe93bYd7wrZLLUEcLZAuF824/I4e5Xr4= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.17.0 h1:fjJQf8Ukya+VjogLO6/bNX9HE6Y2xpsO5+fyS26ur/s= -sigs.k8s.io/controller-runtime v0.17.0/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.17.1 h1:V1dQELMGVk46YVXXQUbTFujU7u4DQj6YUj9Rb6cuzz8= +sigs.k8s.io/controller-runtime v0.17.1/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= sigs.k8s.io/controller-tools v0.14.0 h1:rnNoCC5wSXlrNoBKKzL70LNJKIQKEzT6lloG6/LF73A= sigs.k8s.io/controller-tools v0.14.0/go.mod h1:TV7uOtNNnnR72SpzhStvPkoS/U5ir0nMudrkrC4M9Sc= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= From f188984a879b5947ca86012526351cbf874ed0ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 09:12:28 -0500 Subject: [PATCH 12/83] build(deps): bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#6170) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.16.1 to 0.17.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca...84384bd6e777ef152729993b8145ea352e9dd3ef) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/trivy-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml index 6b7421caea3..29478cbb0ad 100644 --- a/.github/workflows/trivy-scan.yaml +++ b/.github/workflows/trivy-scan.yaml @@ -27,7 +27,7 @@ jobs: with: persist-credentials: false ref: ${{ matrix.branch }} - - uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca # 0.16.1 + - uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef # 0.17.0 with: scanners: vuln scan-type: 'fs' From 09aaadf86374e9efab61e6a966ed42fb741f31a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 09:17:55 -0500 Subject: [PATCH 13/83] build(deps): bump the artifact-actions group with 2 updates (#6169) Bumps the artifact-actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/upload-artifact` from 4.3.0 to 4.3.1 - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/26f96dfa697d77e81fd5907df203aa23a56210a8...5d5d22a31266ced268874388b861e4b58bb5c2f3) Updates `actions/download-artifact` from 4.1.1 to 4.1.2 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/6b208ae046db98c579e8a3aa621ab581ff575935...eaceaf801fd36c7dee90939fad912460b18a1ffe) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: artifact-actions - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: artifact-actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build_tag.yaml | 2 +- .github/workflows/openssf-scorecard.yaml | 2 +- .github/workflows/prbuild.yaml | 8 ++++---- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build_tag.yaml b/.github/workflows/build_tag.yaml index 6c71ce27b37..f4e250ed0f1 100644 --- a/.github/workflows/build_tag.yaml +++ b/.github/workflows/build_tag.yaml @@ -84,7 +84,7 @@ jobs: export CONTOUR_E2E_IMAGE="ghcr.io/projectcontour/contour:$(git describe --tags)" make setup-kind-cluster run-gateway-conformance cleanup-kind - name: Upload gateway conformance report - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: gateway-conformance-report path: gateway-conformance-report/projectcontour-contour-*.yaml diff --git a/.github/workflows/openssf-scorecard.yaml b/.github/workflows/openssf-scorecard.yaml index eadc61b9dd5..d32a0a5dbc7 100644 --- a/.github/workflows/openssf-scorecard.yaml +++ b/.github/workflows/openssf-scorecard.yaml @@ -32,7 +32,7 @@ jobs: results_format: sarif publish_results: true - name: "Upload artifact" - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: SARIF file path: results.sarif diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 05e72a9f3d9..30e633e321c 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -114,7 +114,7 @@ jobs: run: | make multiarch-build - name: Upload image - uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 with: name: image path: image/contour-*.tar @@ -155,7 +155,7 @@ jobs: with: persist-credentials: false - name: Download image - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: image path: image @@ -218,7 +218,7 @@ jobs: # recent release tag. fetch-depth: 0 - name: Download image - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: image path: image @@ -345,7 +345,7 @@ jobs: with: persist-credentials: false - name: Download image - uses: actions/download-artifact@6b208ae046db98c579e8a3aa621ab581ff575935 # v4.1.1 + uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 with: name: image path: image From 28180caca07a3fbe78b6c4872928b7197950fa29 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 09:18:55 -0500 Subject: [PATCH 14/83] build(deps): bump github.com/cert-manager/cert-manager (#6175) Bumps [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) from 1.14.1 to 1.14.2. - [Release notes](https://github.com/cert-manager/cert-manager/releases) - [Commits](https://github.com/cert-manager/cert-manager/compare/v1.14.1...v1.14.2) --- updated-dependencies: - dependency-name: github.com/cert-manager/cert-manager dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3301daffff2..224b257c857 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/alecthomas/kingpin/v2 v2.4.0 github.com/bombsimon/logrusr/v4 v4.1.0 - github.com/cert-manager/cert-manager v1.14.1 + github.com/cert-manager/cert-manager v1.14.2 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc github.com/distribution/reference v0.5.0 github.com/envoyproxy/go-control-plane v0.12.1-0.20240111020705-5401a878d8bb diff --git a/go.sum b/go.sum index 8945ccc650a..edcdb2ad95b 100644 --- a/go.sum +++ b/go.sum @@ -68,8 +68,8 @@ github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= -github.com/cert-manager/cert-manager v1.14.1 h1:i5sJHfEucqpAfVjkCe3n4sO5S+6YBaN2Yu18+l/1ZMw= -github.com/cert-manager/cert-manager v1.14.1/go.mod h1:pik7K6jXfgh++lfVJ/i1HzEnDluSUtTVLXSHikj8Lho= +github.com/cert-manager/cert-manager v1.14.2 h1:C/uci6yxiCRO04PWomBbSX+T4JT58FIIpDj5SZ6Ks6I= +github.com/cert-manager/cert-manager v1.14.2/go.mod h1:pik7K6jXfgh++lfVJ/i1HzEnDluSUtTVLXSHikj8Lho= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chigopher/pathlib v0.19.1 h1:RoLlUJc0CqBGwq239cilyhxPNLXTK+HXoASGyGznx5A= From 1577e0796cff77475b173736d11a457e0ba510e4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 09:25:31 -0500 Subject: [PATCH 15/83] build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 (#6174) Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.16.0 to 0.17.0. - [Commits](https://github.com/golang/oauth2/compare/v0.16.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 224b257c857..9b1c6f780c5 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/tsaarni/certyaml v0.9.3 github.com/vektra/mockery/v2 v2.40.1 go.uber.org/automaxprocs v1.5.3 - golang.org/x/oauth2 v0.16.0 + golang.org/x/oauth2 v0.17.0 gonum.org/v1/plot v0.14.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 google.golang.org/grpc v1.61.0 @@ -119,13 +119,13 @@ require ( github.com/subosito/gotenv v1.4.2 // indirect github.com/tsaarni/x500dn v1.0.0 // indirect github.com/xhit/go-str2duration/v2 v2.1.0 // indirect - golang.org/x/crypto v0.18.0 // indirect + golang.org/x/crypto v0.19.0 // indirect golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect golang.org/x/image v0.11.0 // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.20.0 // indirect - golang.org/x/sys v0.16.0 // indirect - golang.org/x/term v0.16.0 // indirect + golang.org/x/net v0.21.0 // indirect + golang.org/x/sys v0.17.0 // indirect + golang.org/x/term v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.16.1 // indirect diff --git a/go.sum b/go.sum index edcdb2ad95b..4f404a8fbc5 100644 --- a/go.sum +++ b/go.sum @@ -416,8 +416,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.18.0 h1:PGVlW0xEltQnzFZ55hkuX5+KLyrMYhHld1YHO4AKcdc= -golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -492,8 +492,8 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.20.0 h1:aCL9BSgETF1k+blQaYUBx9hJ9LOGP3gAVemcZlf1Kpo= -golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -503,8 +503,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.16.0 h1:aDkGMBSYxElaoP81NpoUoz2oo2R2wHdZpGToUxfyQrQ= -golang.org/x/oauth2 v0.16.0/go.mod h1:hqZ+0LWXsiVoZpeld6jVt06P3adbS2Uu911W1SsJv2o= +golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= +golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -563,13 +563,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.16.0 h1:xWw16ngr6ZMtmxDyKyIgsE93KNKz5HKmMa3b8ALHidU= -golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.16.0 h1:m+B6fahuftsE9qjo0VWp2FW0mB3MTJvR0BaMQrq0pmE= -golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 1e37c8fb907bce5f45bf83c9e86f53cfa47e1c23 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 09:56:08 -0500 Subject: [PATCH 16/83] build(deps): bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#6171) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/3a919529898de77ec3da873e3063ca4b10e7f5cc...3cfe3a4abbb849e10058ce4af15d205b6da42804) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/prbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 30e633e321c..2e4d757838f 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -27,7 +27,7 @@ jobs: with: persist-credentials: false - name: golangci-lint - uses: golangci/golangci-lint-action@3a919529898de77ec3da873e3063ca4b10e7f5cc # v3.7.0 + uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 with: version: v1.55.2 # TODO: re-enable linting tools package once https://github.com/projectcontour/contour/issues/5077 From 6ea6bb90477f0f5e3443e1e1f5351ec75cc3825b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 14:56:41 +0000 Subject: [PATCH 17/83] build(deps): bump mheap/github-action-required-labels (#6172) Bumps [mheap/github-action-required-labels](https://github.com/mheap/github-action-required-labels) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/mheap/github-action-required-labels/releases) - [Commits](https://github.com/mheap/github-action-required-labels/compare/cc7a79fadbba6ed1d6f0efd70707e7b8bf7e6910...80a96a4863886addcbc9f681b5b295ba7f5424e1) --- updated-dependencies: - dependency-name: mheap/github-action-required-labels dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/label_check.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/label_check.yaml b/.github/workflows/label_check.yaml index 6f3c98d6738..43cb9dbb48d 100644 --- a/.github/workflows/label_check.yaml +++ b/.github/workflows/label_check.yaml @@ -24,17 +24,17 @@ jobs: name: Check release-note label set runs-on: ubuntu-latest steps: - - uses: mheap/github-action-required-labels@cc7a79fadbba6ed1d6f0efd70707e7b8bf7e6910 # v5.2.0 + - uses: mheap/github-action-required-labels@80a96a4863886addcbc9f681b5b295ba7f5424e1 # v5.3.0 with: mode: minimum count: 1 labels: "release-note/major, release-note/minor, release-note/small, release-note/docs, release-note/infra, release-note/deprecation, release-note/none-required" - - uses: mheap/github-action-required-labels@cc7a79fadbba6ed1d6f0efd70707e7b8bf7e6910 # v5.2.0 + - uses: mheap/github-action-required-labels@80a96a4863886addcbc9f681b5b295ba7f5424e1 # v5.3.0 with: mode: maximum count: 1 labels: "release-note/major, release-note/minor, release-note/small, release-note/docs, release-note/infra, release-note/none-required" - - uses: mheap/github-action-required-labels@cc7a79fadbba6ed1d6f0efd70707e7b8bf7e6910 # v5.2.0 + - uses: mheap/github-action-required-labels@80a96a4863886addcbc9f681b5b295ba7f5424e1 # v5.3.0 with: mode: maximum count: 1 From 84b111751d1ee5ae20dfb88b2c630c93588e98fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 12 Feb 2024 15:21:52 +0000 Subject: [PATCH 18/83] build(deps): bump github.com/vektra/mockery/v2 from 2.40.1 to 2.40.3 (#6176) Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.40.1 to 2.40.3. - [Release notes](https://github.com/vektra/mockery/releases) - [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md) - [Commits](https://github.com/vektra/mockery/compare/v2.40.1...v2.40.3) --- updated-dependencies: - dependency-name: github.com/vektra/mockery/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/go.mod b/go.mod index 9b1c6f780c5..22be05bb11c 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.8.4 github.com/tsaarni/certyaml v0.9.3 - github.com/vektra/mockery/v2 v2.40.1 + github.com/vektra/mockery/v2 v2.40.3 go.uber.org/automaxprocs v1.5.3 golang.org/x/oauth2 v0.17.0 gonum.org/v1/plot v0.14.0 @@ -128,7 +128,7 @@ require ( golang.org/x/term v0.17.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.16.1 // indirect + golang.org/x/tools v0.17.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect diff --git a/go.sum b/go.sum index 4f404a8fbc5..479bad3f806 100644 --- a/go.sum +++ b/go.sum @@ -381,8 +381,8 @@ github.com/tsaarni/certyaml v0.9.3 h1:m8HHbuUzWVUOmv8IQU9HgVZZ8r5ICExKm++54DJKCs github.com/tsaarni/certyaml v0.9.3/go.mod h1:hhuU1qYr5re488geArUP4gZWqMUMqGlj4HA2qUyGYLk= github.com/tsaarni/x500dn v1.0.0 h1:LvaWTkqRpse4VHBhB5uwf3wytokK4vF9IOyNAEyiA+U= github.com/tsaarni/x500dn v1.0.0/go.mod h1:QaHa3EcUKC4dfCAZmj8+ZRGLKukWgpGv9H3oOCsAbcE= -github.com/vektra/mockery/v2 v2.40.1 h1:8D01rBqloDLDHKZGXkyUD9Yj5Z+oDXBqDZ+tRXYM/oA= -github.com/vektra/mockery/v2 v2.40.1/go.mod h1:dPzGtjT0/Uu4hqpF6QNHwz+GLago7lq1bxdj9wHbGKo= +github.com/vektra/mockery/v2 v2.40.3 h1:IZ2lydSDFsY0khnEsbSu13VLcqSsa6UYSS/8F+uOJmo= +github.com/vektra/mockery/v2 v2.40.3/go.mod h1:KYBZF/7sqOa86BaOZPYsoCZWEWLS90a5oBLg2pVudxY= github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc= github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -517,8 +517,8 @@ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE= -golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ= +golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -640,8 +640,8 @@ golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= -golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= +golang.org/x/tools v0.17.0 h1:FvmRgNOcs3kOa+T20R1uhfP9F6HgG2mfxDv1vrx1Htc= +golang.org/x/tools v0.17.0/go.mod h1:xsh6VxdV005rRVaS6SSAf9oiAqljS7UZUacMZ8Bnsps= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= From 92d53429e7df957ca721fa4ef5a3b926149733b8 Mon Sep 17 00:00:00 2001 From: izturn <44051386+izturn@users.noreply.github.com> Date: Mon, 12 Feb 2024 23:44:34 +0800 Subject: [PATCH 19/83] update docs & examples to match gateway-api/v1 (#5925) Signed-off-by: gang.liu --- README.md | 2 +- .../gatewayapi/blue-green/blue-green.yaml | 2 +- .../example-workload/gatewayapi/kuard/kuard.yaml | 2 +- examples/gateway/03-gatewayclass.yaml | 2 +- examples/gateway/04-gateway.yaml | 2 +- examples/render/contour-gateway.yaml | 4 ++-- internal/sorter/sorter_test.go | 2 +- site/content/docs/main/config/gateway-api.md | 4 ++-- site/content/docs/main/guides/gateway-api.md | 8 ++++---- site/content/getting-started/_index.md | 6 +++--- site/content/guides/gateway-api.md | 12 ++++++------ test/scripts/run-gateway-conformance.sh | 2 +- 12 files changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index ac72100c733..3c72d2ad4da 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ Contour supports multiple configuration APIs in order to meet the needs of as ma - **[Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/)** - A stable upstream API that enables basic ingress use cases. - **[HTTPProxy](https://projectcontour.io/docs/main/config/fundamentals/)** - Contour's Custom Resource Definition (CRD) which expands upon the functionality of the Ingress API to allow for a richer user experience as well as solve shortcomings in the original design. -- **[Gateway API](https://gateway-api.sigs.k8s.io/)** (beta) - A new CRD-based API managed by the [Kubernetes SIG-Network community](https://github.com/kubernetes/community/tree/master/sig-network) that aims to evolve Kubernetes service networking APIs in a vendor-neutral way. +- **[Gateway API](https://gateway-api.sigs.k8s.io/)** - A new CRD-based API managed by the [Kubernetes SIG-Network community](https://github.com/kubernetes/community/tree/master/sig-network) that aims to evolve Kubernetes service networking APIs in a vendor-neutral way. ## Prerequisites diff --git a/examples/example-workload/gatewayapi/blue-green/blue-green.yaml b/examples/example-workload/gatewayapi/blue-green/blue-green.yaml index 3a5cbec2bf8..7aceaa46fca 100644 --- a/examples/example-workload/gatewayapi/blue-green/blue-green.yaml +++ b/examples/example-workload/gatewayapi/blue-green/blue-green.yaml @@ -96,7 +96,7 @@ spec: --- kind: HTTPRoute -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 metadata: name: deploy namespace: projectcontour diff --git a/examples/example-workload/gatewayapi/kuard/kuard.yaml b/examples/example-workload/gatewayapi/kuard/kuard.yaml index 6463a9a16b8..5b589e6cfd7 100644 --- a/examples/example-workload/gatewayapi/kuard/kuard.yaml +++ b/examples/example-workload/gatewayapi/kuard/kuard.yaml @@ -37,7 +37,7 @@ spec: type: ClusterIP --- kind: HTTPRoute -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 metadata: name: kuard namespace: default diff --git a/examples/gateway/03-gatewayclass.yaml b/examples/gateway/03-gatewayclass.yaml index 91f7896a737..3e1f52d5a94 100644 --- a/examples/gateway/03-gatewayclass.yaml +++ b/examples/gateway/03-gatewayclass.yaml @@ -1,6 +1,6 @@ --- kind: GatewayClass -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 metadata: name: example spec: diff --git a/examples/gateway/04-gateway.yaml b/examples/gateway/04-gateway.yaml index e130cefc0fc..4a1f76cddfc 100644 --- a/examples/gateway/04-gateway.yaml +++ b/examples/gateway/04-gateway.yaml @@ -1,6 +1,6 @@ --- kind: Gateway -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 metadata: name: contour namespace: projectcontour diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index a4e9d4efd53..48672da8e17 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -21043,7 +21043,7 @@ status: --- kind: GatewayClass -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 metadata: name: example spec: @@ -21051,7 +21051,7 @@ spec: --- kind: Gateway -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 metadata: name: contour namespace: projectcontour diff --git a/internal/sorter/sorter_test.go b/internal/sorter/sorter_test.go index a362a824c55..9e20a3f8941 100644 --- a/internal/sorter/sorter_test.go +++ b/internal/sorter/sorter_test.go @@ -203,7 +203,7 @@ func presentQueryParam(name string) dag.QueryParamMatchCondition { // others that have identical path matches, number of header matches, and // number of query matches. // This is mainly to support Gateway API route match preference. -// See: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.HTTPRouteRule +// See: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.HTTPRouteRule func TestSortRoutesPriority(t *testing.T) { want := []*dag.Route{ { diff --git a/site/content/docs/main/config/gateway-api.md b/site/content/docs/main/config/gateway-api.md index e6cba341b6a..af67fea4339 100644 --- a/site/content/docs/main/config/gateway-api.md +++ b/site/content/docs/main/config/gateway-api.md @@ -143,7 +143,7 @@ A simple example of a parameterized Contour GatewayClass that provisions Envoy a ```yaml kind: GatewayClass -apiVersion: gateway.networking.k8s.io/v1beta1 +apiVersion: gateway.networking.k8s.io/v1 metadata: name: contour-with-envoy-deployment spec: @@ -214,7 +214,7 @@ containers: [7]: https://projectcontour.io/docs/main/config/api/#projectcontour.io/v1alpha1.GatewayConfig [8]: https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass-controller-selection [9]: https://projectcontour.io/quickstart/contour-gateway-provisioner.yaml -[10]: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1beta1.GatewayClass +[10]: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.GatewayClass [11]: https://gateway-api.sigs.k8s.io/concepts/api-overview/#route-resources [12]: /docs/{{< param version >}}/guides/gateway-api [13]: https://github.com/projectcontour/contour/issues/5970 diff --git a/site/content/docs/main/guides/gateway-api.md b/site/content/docs/main/guides/gateway-api.md index 62599fc78cd..0759696d3f6 100644 --- a/site/content/docs/main/guides/gateway-api.md +++ b/site/content/docs/main/guides/gateway-api.md @@ -27,7 +27,7 @@ Create a GatewayClass: ```shell kubectl apply -f - < Date: Mon, 12 Feb 2024 11:49:40 -0500 Subject: [PATCH 20/83] Site/changelog/workflow updates for v1.28.0 release (#6180) Signed-off-by: Sunjay Bhatia --- .github/dependabot.yml | 12 +- .github/workflows/trivy-scan.yaml | 2 +- changelogs/CHANGELOG-v1.28.0.md | 198 + changelogs/unreleased/5828-KauzClay-major.md | 9 - changelogs/unreleased/5840-izturn-minor.md | 3 - .../unreleased/5849-KauzClay-deprecation.md | 6 - changelogs/unreleased/5849-KauzClay-minor.md | 5 - changelogs/unreleased/5898-skriss-major.md | 8 - changelogs/unreleased/5934-izturn-minor.md | 3 - changelogs/unreleased/5961-izturn-small.md | 1 - .../unreleased/5968-skriss-deprecation.md | 1 - changelogs/unreleased/5968-skriss-small.md | 1 - changelogs/unreleased/5969-skriss-small.md | 1 - changelogs/unreleased/5972-skriss-small.md | 1 - changelogs/unreleased/5997-izturn-minor.md | 3 - changelogs/unreleased/6013-davinci26-minor.md | 3 - changelogs/unreleased/6016-relu-small.md | 1 - changelogs/unreleased/6031-skriss-small.md | 1 - .../unreleased/6058-flawedmatrix-minor.md | 5 - .../unreleased/6063-lubronzhan-small.md | 1 - .../unreleased/6070-sunjayBhatia-small.md | 1 - .../unreleased/6073-lubronzhan-small.md | 1 - .../unreleased/6077-abbas-gheydi-small.md | 1 - changelogs/unreleased/6079-tsaarni-minor.md | 4 - .../unreleased/6099-sunjayBhatia-minor.md | 5 - .../unreleased/6119-flawedmatrix-major.md | 9 - changelogs/unreleased/6124-skriss-small.md | 1 - changelogs/unreleased/6143-skriss-docs.md | 1 - .../unreleased/6144-skriss-deprecation.md | 5 - .../unreleased/6147-sunjayBhatia-small.md | 1 - .../unreleased/6148-lubronzhan-minor.md | 3 - .../unreleased/6151-christianang-small.md | 1 - .../unreleased/6152-lubronzhan-minor.md | 7 - .../unreleased/6161-sunjayBhatia-docs.md | 1 - .../unreleased/6164-sunjayBhatia-small.md | 1 - netlify.toml | 6 +- site/config.yaml | 3 +- site/content/docs/1.28/_index.md | 48 + site/content/docs/1.28/architecture.md | 74 + .../docs/1.28/config/access-logging.md | 148 + site/content/docs/1.28/config/annotations.md | 98 + .../docs/1.28/config/api-reference.html | 9131 +++++++++++++++++ site/content/docs/1.28/config/api.md | 3 + .../docs/1.28/config/client-authorization.md | 123 + .../docs/1.28/config/cookie-rewriting.md | 109 + site/content/docs/1.28/config/cors.md | 82 + .../1.28/config/external-service-routing.md | 47 + site/content/docs/1.28/config/fundamentals.md | 197 + site/content/docs/1.28/config/gateway-api.md | 221 + .../content/docs/1.28/config/health-checks.md | 160 + .../docs/1.28/config/inclusion-delegation.md | 139 + site/content/docs/1.28/config/ingress.md | 94 + site/content/docs/1.28/config/ip-filtering.md | 80 + .../docs/1.28/config/jwt-verification.md | 182 + .../docs/1.28/config/overload-manager.md | 30 + .../content/docs/1.28/config/rate-limiting.md | 366 + .../docs/1.28/config/request-rewriting.md | 337 + .../docs/1.28/config/request-routing.md | 535 + site/content/docs/1.28/config/slow-start.md | 39 + .../docs/1.28/config/tls-delegation.md | 79 + .../docs/1.28/config/tls-termination.md | 353 + site/content/docs/1.28/config/tracing.md | 117 + site/content/docs/1.28/config/upstream-tls.md | 108 + .../content/docs/1.28/config/virtual-hosts.md | 138 + site/content/docs/1.28/config/websockets.md | 27 + site/content/docs/1.28/configuration.md | 541 + site/content/docs/1.28/deploy-options.md | 383 + site/content/docs/1.28/github.md | 80 + site/content/docs/1.28/grpc-tls-howto.md | 169 + site/content/docs/1.28/guides/_index.md | 9 + site/content/docs/1.28/guides/cert-manager.md | 670 ++ .../docs/1.28/guides/deploy-aws-nlb.md | 47 + .../docs/1.28/guides/deploy-aws-tls-nlb.md | 135 + .../1.28/guides/external-authorization.md | 538 + site/content/docs/1.28/guides/fips.md | 169 + site/content/docs/1.28/guides/gatekeeper.md | 456 + site/content/docs/1.28/guides/gateway-api.md | 210 + .../docs/1.28/guides/global-rate-limiting.md | 503 + site/content/docs/1.28/guides/grpc.md | 225 + .../docs/1.28/guides/health-checking.md | 11 + site/content/docs/1.28/guides/kind.md | 63 + .../content/docs/1.28/guides/metrics/table.md | 20 + site/content/docs/1.28/guides/prometheus.md | 94 + site/content/docs/1.28/guides/proxy-proto.md | 53 + .../docs/1.28/guides/resource-limits.md | 161 + site/content/docs/1.28/img/archoverview.png | Bin 0 -> 78807 bytes .../1.28/img/contour_deployment_in_k8s.png | Bin 0 -> 134492 bytes .../content/docs/1.28/img/shutdownmanager.png | Bin 0 -> 51051 bytes .../1.28/img/source/shutdownmanager.drawio | 1 + site/content/docs/1.28/redeploy-envoy.md | 72 + site/content/docs/1.28/start-contributing.md | 130 + site/content/docs/1.28/troubleshooting.md | 41 + .../troubleshooting/common-proxy-errors.md | 96 + .../1.28/troubleshooting/contour-debug-log.md | 6 + .../1.28/troubleshooting/contour-graph.md | 25 + .../troubleshooting/contour-xds-resources.md | 19 + .../troubleshooting/envoy-admin-interface.md | 32 + .../envoy-container-draining.md | 29 + .../1.28/troubleshooting/envoy-debug-log.md | 8 + .../1.28/troubleshooting/profiling-contour.md | 14 + .../content/resources/compatibility-matrix.md | 1 + site/data/docs/1-28-toc.yml | 151 + site/data/docs/toc-mapping.yml | 1 + versions.yaml | 12 +- 104 files changed, 18449 insertions(+), 107 deletions(-) create mode 100644 changelogs/CHANGELOG-v1.28.0.md delete mode 100644 changelogs/unreleased/5828-KauzClay-major.md delete mode 100644 changelogs/unreleased/5840-izturn-minor.md delete mode 100644 changelogs/unreleased/5849-KauzClay-deprecation.md delete mode 100644 changelogs/unreleased/5849-KauzClay-minor.md delete mode 100644 changelogs/unreleased/5898-skriss-major.md delete mode 100644 changelogs/unreleased/5934-izturn-minor.md delete mode 100644 changelogs/unreleased/5961-izturn-small.md delete mode 100644 changelogs/unreleased/5968-skriss-deprecation.md delete mode 100644 changelogs/unreleased/5968-skriss-small.md delete mode 100644 changelogs/unreleased/5969-skriss-small.md delete mode 100644 changelogs/unreleased/5972-skriss-small.md delete mode 100644 changelogs/unreleased/5997-izturn-minor.md delete mode 100644 changelogs/unreleased/6013-davinci26-minor.md delete mode 100644 changelogs/unreleased/6016-relu-small.md delete mode 100644 changelogs/unreleased/6031-skriss-small.md delete mode 100644 changelogs/unreleased/6058-flawedmatrix-minor.md delete mode 100644 changelogs/unreleased/6063-lubronzhan-small.md delete mode 100644 changelogs/unreleased/6070-sunjayBhatia-small.md delete mode 100644 changelogs/unreleased/6073-lubronzhan-small.md delete mode 100644 changelogs/unreleased/6077-abbas-gheydi-small.md delete mode 100644 changelogs/unreleased/6079-tsaarni-minor.md delete mode 100644 changelogs/unreleased/6099-sunjayBhatia-minor.md delete mode 100644 changelogs/unreleased/6119-flawedmatrix-major.md delete mode 100644 changelogs/unreleased/6124-skriss-small.md delete mode 100644 changelogs/unreleased/6143-skriss-docs.md delete mode 100644 changelogs/unreleased/6144-skriss-deprecation.md delete mode 100644 changelogs/unreleased/6147-sunjayBhatia-small.md delete mode 100644 changelogs/unreleased/6148-lubronzhan-minor.md delete mode 100644 changelogs/unreleased/6151-christianang-small.md delete mode 100644 changelogs/unreleased/6152-lubronzhan-minor.md delete mode 100644 changelogs/unreleased/6161-sunjayBhatia-docs.md delete mode 100644 changelogs/unreleased/6164-sunjayBhatia-small.md create mode 100644 site/content/docs/1.28/_index.md create mode 100644 site/content/docs/1.28/architecture.md create mode 100644 site/content/docs/1.28/config/access-logging.md create mode 100644 site/content/docs/1.28/config/annotations.md create mode 100644 site/content/docs/1.28/config/api-reference.html create mode 100644 site/content/docs/1.28/config/api.md create mode 100644 site/content/docs/1.28/config/client-authorization.md create mode 100644 site/content/docs/1.28/config/cookie-rewriting.md create mode 100644 site/content/docs/1.28/config/cors.md create mode 100644 site/content/docs/1.28/config/external-service-routing.md create mode 100644 site/content/docs/1.28/config/fundamentals.md create mode 100644 site/content/docs/1.28/config/gateway-api.md create mode 100644 site/content/docs/1.28/config/health-checks.md create mode 100644 site/content/docs/1.28/config/inclusion-delegation.md create mode 100644 site/content/docs/1.28/config/ingress.md create mode 100644 site/content/docs/1.28/config/ip-filtering.md create mode 100644 site/content/docs/1.28/config/jwt-verification.md create mode 100644 site/content/docs/1.28/config/overload-manager.md create mode 100644 site/content/docs/1.28/config/rate-limiting.md create mode 100644 site/content/docs/1.28/config/request-rewriting.md create mode 100644 site/content/docs/1.28/config/request-routing.md create mode 100644 site/content/docs/1.28/config/slow-start.md create mode 100644 site/content/docs/1.28/config/tls-delegation.md create mode 100644 site/content/docs/1.28/config/tls-termination.md create mode 100644 site/content/docs/1.28/config/tracing.md create mode 100644 site/content/docs/1.28/config/upstream-tls.md create mode 100644 site/content/docs/1.28/config/virtual-hosts.md create mode 100644 site/content/docs/1.28/config/websockets.md create mode 100644 site/content/docs/1.28/configuration.md create mode 100644 site/content/docs/1.28/deploy-options.md create mode 100644 site/content/docs/1.28/github.md create mode 100644 site/content/docs/1.28/grpc-tls-howto.md create mode 100644 site/content/docs/1.28/guides/_index.md create mode 100644 site/content/docs/1.28/guides/cert-manager.md create mode 100644 site/content/docs/1.28/guides/deploy-aws-nlb.md create mode 100644 site/content/docs/1.28/guides/deploy-aws-tls-nlb.md create mode 100644 site/content/docs/1.28/guides/external-authorization.md create mode 100644 site/content/docs/1.28/guides/fips.md create mode 100644 site/content/docs/1.28/guides/gatekeeper.md create mode 100644 site/content/docs/1.28/guides/gateway-api.md create mode 100644 site/content/docs/1.28/guides/global-rate-limiting.md create mode 100644 site/content/docs/1.28/guides/grpc.md create mode 100644 site/content/docs/1.28/guides/health-checking.md create mode 100644 site/content/docs/1.28/guides/kind.md create mode 100644 site/content/docs/1.28/guides/metrics/table.md create mode 100644 site/content/docs/1.28/guides/prometheus.md create mode 100644 site/content/docs/1.28/guides/proxy-proto.md create mode 100644 site/content/docs/1.28/guides/resource-limits.md create mode 100644 site/content/docs/1.28/img/archoverview.png create mode 100644 site/content/docs/1.28/img/contour_deployment_in_k8s.png create mode 100644 site/content/docs/1.28/img/shutdownmanager.png create mode 100644 site/content/docs/1.28/img/source/shutdownmanager.drawio create mode 100644 site/content/docs/1.28/redeploy-envoy.md create mode 100644 site/content/docs/1.28/start-contributing.md create mode 100644 site/content/docs/1.28/troubleshooting.md create mode 100644 site/content/docs/1.28/troubleshooting/common-proxy-errors.md create mode 100644 site/content/docs/1.28/troubleshooting/contour-debug-log.md create mode 100644 site/content/docs/1.28/troubleshooting/contour-graph.md create mode 100644 site/content/docs/1.28/troubleshooting/contour-xds-resources.md create mode 100644 site/content/docs/1.28/troubleshooting/envoy-admin-interface.md create mode 100644 site/content/docs/1.28/troubleshooting/envoy-container-draining.md create mode 100644 site/content/docs/1.28/troubleshooting/envoy-debug-log.md create mode 100644 site/content/docs/1.28/troubleshooting/profiling-contour.md create mode 100644 site/data/docs/1-28-toc.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index c4fd727abe7..0886364fb0b 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -37,7 +37,7 @@ updates: - "actions/download-artifact" # release branch N targets -- target-branch: release-1.27 +- target-branch: release-1.28 package-ecosystem: "gomod" directory: "/" schedule: @@ -57,7 +57,7 @@ updates: k8s-dependencies: patterns: - "k8s.io/*" -- target-branch: release-1.27 +- target-branch: release-1.28 package-ecosystem: "github-actions" directory: "/" schedule: @@ -80,7 +80,7 @@ updates: - "actions/download-artifact" # release branch N-1 targets -- target-branch: release-1.26 +- target-branch: release-1.27 package-ecosystem: "gomod" directory: "/" schedule: @@ -100,7 +100,7 @@ updates: k8s-dependencies: patterns: - "k8s.io/*" -- target-branch: release-1.26 +- target-branch: release-1.27 package-ecosystem: "github-actions" directory: "/" schedule: @@ -123,7 +123,7 @@ updates: - "actions/download-artifact" # release branch N-2 targets -- target-branch: release-1.25 +- target-branch: release-1.26 package-ecosystem: "gomod" directory: "/" schedule: @@ -143,7 +143,7 @@ updates: k8s-dependencies: patterns: - "k8s.io/*" -- target-branch: release-1.25 +- target-branch: release-1.26 package-ecosystem: "github-actions" directory: "/" schedule: diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml index 29478cbb0ad..6f907cb33b8 100644 --- a/.github/workflows/trivy-scan.yaml +++ b/.github/workflows/trivy-scan.yaml @@ -16,9 +16,9 @@ jobs: matrix: branch: - main + - release-1.28 - release-1.27 - release-1.26 - - release-1.25 runs-on: ubuntu-latest permissions: security-events: write diff --git a/changelogs/CHANGELOG-v1.28.0.md b/changelogs/CHANGELOG-v1.28.0.md new file mode 100644 index 00000000000..12517e6daf0 --- /dev/null +++ b/changelogs/CHANGELOG-v1.28.0.md @@ -0,0 +1,198 @@ +We are delighted to present version v1.28.0 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters. + +A big thank you to everyone who contributed to the release. + + +- [Major Changes](#major-changes) +- [Minor Changes](#minor-changes) +- [Other Changes](#other-changes) +- [Docs Changes](#docs-changes) +- [Deprecations/Removals](#deprecation-and-removal-notices) +- [Installing/Upgrading](#installing-and-upgrading) +- [Compatible Kubernetes Versions](#compatible-kubernetes-versions) +- [Community Thanks!](#community-thanks) + +# Major Changes + +## Upstream TLS now supports TLS 1.3 and TLS parameters can be configured + +The default maximum TLS version for upstream connections is now 1.3, instead of the Envoy default of 1.2. + +In a similar way to how Contour users can configure Min/Max TLS version and +Cipher Suites for Envoy's listeners, users can now specify the +same information for upstream connections. In the ContourConfiguration, this is +available under `spec.envoy.cluster.upstreamTLS`. The equivalent config file +parameter is `cluster.upstream-tls`. + +(#5828, @KauzClay) + +## Update to Gateway API 1.0 + +Contour now uses [Gateway API 1.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.0.0), which graduates the core resources GatewayClass, Gateway and HTTPRoute to the `v1` API version. + +For backwards compatibility, this version of Contour continues to watch for `v1beta1` versions of these resources, to ease the migration process for users. +However, future versions of Contour will move to watching for `v1` versions of these resources. +Note that if you are using Gateway API 1.0 and the `v1` API group, the resources you create will also be available from the API server as `v1beta1` resources so Contour will correctly reconcile them as well. + +(#5898, @skriss) + +## Support for Gateway API BackendTLSPolicy + +The BackendTLSPolicy CRD can now be used with HTTPRoute to configure a Contour gateway to connect to a backend Service with TLS. This will give users the ability to use Gateway API to configure their routes to securely connect to backends that use TLS with Contour. + +The BackendTLSPolicy spec requires you to specify a `targetRef`, which can currently only be a Kubernetes Service within the same namespace as the BackendTLSPolicy. The targetRef is what Service should be watched to apply the BackendTLSPolicy to. A `SectionName` can also be configured to the port name of a Service to reference a specific section of the Service. + +The spec also requires you to specify `caCertRefs`, which can either be a ConfigMap or Secret with a `ca.crt` key in the data map containing a PEM-encoded TLS certificate. The CA certificates referenced will be configured to be used by the gateway to perform TLS to the backend Service. You will also need to specify a `Hostname`, which will be used to configure the SNI the gateway will use for the connection. + +See Gateway API's [GEP-1897](https://gateway-api.sigs.k8s.io/geps/gep-1897) for the proposal for BackendTLSPolicy. + +(#6119, @flawedmatrix, @christianang) + + +# Minor Changes + +## JWT Authentication happens before External Authorization + +Fixes a bug where when the external authorization filter and JWT authentication filter were both configured, the external authorization filter was executed _before_ the JWT authentication filter. Now, JWT authentication happens before external authorization when they are both configured. + +(#5840, @izturn) + +## Allow Multiple SANs in Upstream Validation section of HTTPProxy + +This change introduces a max length of 250 characters to the field `subjectName` in the UpstreamValidation block. + +Allow multiple SANs in Upstream Validation by adding a new field `subjectNames` to the UpstreamValidtion block. This will exist side by side with the previous `subjectName` field. Using CEL validation, we can enforce that when both are present, the first entry in `subjectNames` must match the value of `subjectName`. + +(#5849, @KauzClay) + +## Gateway API Backend Protocol Selection + +For Gateway API, Contour now enables end-users to specify backend protocols by setting the backend Service's [ServicePort.AppProtocol](https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol) parameter. The accepted values are `kubernetes.io/h2c` and `kubernetes.io/ws`. Note that websocket upgrades are already enabled by default for Gateway API. If `AppProtocol` is set, any other configurations, such as the annotation: `projectcontour.io/upstream-protocol.{protocol}` will be disregarded. + +(#5934, @izturn) + +## Gateway API: support HTTPRoute request timeouts + +Contour now enables end-users to specify request timeouts by setting the [HTTPRouteRule.Timeouts.Request](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteTimeouts) parameter. Note that `BackendRequest` is not yet implemented because without Gateway API support for retries, it's functionally equivalent to `Request`. + +(#5997, @izturn) + +## Support for Global Circuit Breaker Policy + +The way [circuit-breaker-annotations](https://projectcontour.io/docs/1.27/config/annotations/) work currently is that when not present they are being defaulted to Envoy defaults. The Envoy defaults can be quite low for larger clusters with more traffic so if a user accidentally deletes them or unset them this cause an issue. With this change we are providing contour administrators the ability to provide global defaults that are good. In that case even if the user forgets to set them or deletes them they can have the safety net of good defaults. They can be configured via [cluster.circuit-breakers](https://projectcontour.io/docs/1.28/configuration/#circuit-breakers) or via `ContourConfiguration`` CRD in [spec.envoy.cluster.circuitBreakers](https://projectcontour.io/docs/1.28/config/api/#projectcontour.io/v1alpha1.GlobalCircuitBreakerDefaults) + +(#6013, @davinci26) + +## Allow setting connection limit per listener + +Adds a `listeners.max-connections-per-listener` config option to Contour config file and `spec.envoy.listener.maxConnectionsPerListener` to the ContourConfiguration CRD. + +Setting the max connection limit per listener field limits the number of active connections to a listener. The default, if unset, is unlimited. + +(#6058, @flawedmatrix, @christianang) + +## Upstream TLS validation and client certificate for TCPProxy + +TCPProxy now supports validating server certificate and using client certificate for upstream TLS connections. +Set `httpproxy.spec.tcpproxy.services.validation.caSecret` and `subjectName` to enable optional validation and `tls.envoy-client-certificate` configuration file field or `ContourConfiguration.spec.envoy.clientCertificate` to set the optional client certificate. + +(#6079, @tsaarni) + +## Remove Contour container readiness probe initial delay + +The Contour Deployment Contour server container previously had its readiness probe `initialDelaySeconds` field set to 15. +This has been removed from the example YAML manifests and Gateway Provisioner generated Contour Deployment since as of [PR #5672](https://github.com/projectcontour/contour/pull/5672) Contour's xDS server will not start or serve any configuration (and the readiness probe will not succeed) until the existing state of the cluster is synced. +In clusters with few resources this will improve the Contour Deployment's update/rollout time as initial startup time should be low. + +(#6099, @sunjayBhatia) + +## Add anti-affinity rule for envoy deployed by provisioner + +The envoy deployment created by the gateway provisioner now includes a default anti-affinity rule. The anti-affinity rule in the [example envoy deployment manifest](https://github.com/projectcontour/contour/blob/main/examples/deployment/03-envoy-deployment.yaml) is also updated to `preferredDuringSchedulingIgnoredDuringExecution` to be consistent with the contour deployment and the gateway provisioner anti-affinity rule. + +(#6148, @lubronzhan) + +## Add DisabledFeatures to ContourDeployment for gateway provisioner + +A new flag DisabledFeatures is added to ContourDeployment so that user can configure contour which is deployed by the provisioner to skip reconciling CRDs which are specified inside the flag. + +Accepted values are `grpcroutes|tlsroutes|extensionservices|backendtlspolicies`. + +(#6152, @lubronzhan) + + +# Other Changes +- For Gateway API v1.0, the successful attachment of a Route to a Listener is based solely on the combination of the AllowedRoutes field on the corresponding Listener and the Route's ParentRefs field. (#5961, @izturn) +- Gateway API: adds support for [Gateway infrastructure labels and annotations](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayInfrastructure)``. (#5968, @skriss) +- Gateway API: add the `gateway.networking.k8s.io/gateway-name` label to generated resources. (#5969, @skriss) +- Fixes a bug with the `envoy` xDS server where at startup, xDS configuration would not be generated and served until a subsequent configuration change. (#5972, @skriss) +- Envoy: Adds support for setting [per-host circuit breaker max-connections threshold](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/circuit_breaker.proto#envoy-v3-api-field-config-cluster-v3-circuitbreakers-per-host-thresholds) using a new service-level annotation: `projectcontour.io/per-host-max-connections`. (#6016, @relu) +- Updates to Kubernetes 1.29. Supported/tested Kubernetes versions are now 1.27, 1.28 and 1.29. (#6031, @skriss) +- Remove static base runtime layer from bootstrap (#6063, @lubronzhan) +- Updates to Go 1.21.6. See the [Go release notes](https://go.dev/doc/devel/release#go1.21.minor) for more information. (#6070, @sunjayBhatia) +- Allow gatewayProvisioner to create contour that only watch limited namespaces of resources (#6073, @lubronzhan) +- Access Log: Contour excludes empty fields in Envoy JSON based access logs by default. (#6077, @abbas-gheydi) +- Updates HTTP filter names to match between the HTTP connection manager and per-filter config on virtual hosts/routes, and to use canonical names. (#6124, @skriss) +- Gateway API provisioner now checks `gateway.networking.k8s.io/bundle-version` annotation on Gateway CRDs and sets SupportedVersion status condition on GatewayClass if annotation value matches supported Gateway API version. Best-effort support is provided if version does not match. (#6147, @sunjayBhatia) +- For Gateway API, add "Accepted" condition to BackendTLSPolicy. If the condition is true the BackendTLSPolicy was accepted by the Gateway and if false a reason will be stated on the policy as to why it wasn't accepted. (#6151, @christianang) +- Updates Envoy to v1.29.1. See the release notes [here](https://www.envoyproxy.io/docs/envoy/v1.29.1/version_history/v1.29/v1.29.1). (#6164, @sunjayBhatia) + + +# Docs Changes +- Document that Gateway names should be 63 characters or shorter to avoid issues with generating dependent resources when using the Gateway provisioner. (#6143, @skriss) +- Add troubleshooting guide for general app traffic errors. (#6161, @sunjayBhatia) + + +# Deprecation and Removal Notices + + +## Deprecate `subjectName` field on UpstreamValidation + +The `subjectName` field is being deprecated in favor of `subjectNames`, which is +an list of subjectNames. `subjectName` will continue to behave as it has. If +using `subjectNames`, the first entry in `subjectNames` must match the value of +`subjectName`. this will be enforced by CEL validation. + +(#5849, @KauzClay) + +## ContourDeployment.Spec.ResourceLabels is deprecated + +The `ContourDeployment.Spec.ResourceLabels` field is now deprecated. You should use `Gateway.Spec.Infrastructure.Labels` instead. The `ResourceLabels` field will be removed in a future release. + +(#5968, @skriss) + +## Configuring Contour with a GatewayClass controller name is deprecated + +Contour should no longer be configured with a GatewayClass controller name (`gateway.controllerName` in the config file or ContourConfiguration CRD). +Instead, either use a specific Gateway reference (`gateway.gatewayRef`), or use the Gateway provisioner. +`gateway.controllerName` will be removed in a future release. + +(#6144, @skriss) + + +# Installing and Upgrading + +For a fresh install of Contour, consult the [getting started documentation](https://projectcontour.io/getting-started/). + +To upgrade an existing Contour installation, please consult the [upgrade documentation](https://projectcontour.io/resources/upgrading/). + + +# Compatible Kubernetes Versions + +Contour v1.28.0 is tested against Kubernetes 1.27 through 1.29. + +# Community Thanks! +We’re immensely grateful for all the community contributions that help make Contour even better! For this release, special thanks go out to the following contributors: + +- @KauzClay +- @abbas-gheydi +- @christianang +- @davinci26 +- @flawedmatrix +- @izturn +- @lubronzhan +- @relu + + +# Are you a Contour user? We would love to know! +If you're using Contour and want to add your organization to our adopters list, please visit this [page](https://github.com/projectcontour/contour/blob/master/ADOPTERS.md). If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this [GitHub thread](https://github.com/projectcontour/contour/issues/1269). diff --git a/changelogs/unreleased/5828-KauzClay-major.md b/changelogs/unreleased/5828-KauzClay-major.md deleted file mode 100644 index 707f24a4cd0..00000000000 --- a/changelogs/unreleased/5828-KauzClay-major.md +++ /dev/null @@ -1,9 +0,0 @@ -## Upstream TLS now supports TLS 1.3 and TLS parameters can be configured - -The default maximum TLS version for upstream connections is now 1.3, instead of the Envoy default of 1.2. - -In a similar way to how Contour users can configure Min/Max TLS version and -Cipher Suites for Envoy's listeners, users can now specify the -same information for upstream connections. In the ContourConfiguration, this is -available under `spec.envoy.cluster.upstreamTLS`. The equivalent config file -parameter is `cluster.upstream-tls`. diff --git a/changelogs/unreleased/5840-izturn-minor.md b/changelogs/unreleased/5840-izturn-minor.md deleted file mode 100644 index e7ef76d5755..00000000000 --- a/changelogs/unreleased/5840-izturn-minor.md +++ /dev/null @@ -1,3 +0,0 @@ -## JWT Authentication happens before External Authorization - -Fixes a bug where when the external authorization filter and JWT authentication filter were both configured, the external authorization filter was executed _before_ the JWT authentication filter. Now, JWT authentication happens before external authorization when they are both configured. \ No newline at end of file diff --git a/changelogs/unreleased/5849-KauzClay-deprecation.md b/changelogs/unreleased/5849-KauzClay-deprecation.md deleted file mode 100644 index c4266be7d80..00000000000 --- a/changelogs/unreleased/5849-KauzClay-deprecation.md +++ /dev/null @@ -1,6 +0,0 @@ -## Deprecate `subjectName` field on UpstreamValidation - -The `subjectName` field is being deprecated in favor of `subjectNames`, which is -an list of subjectNames. `subjectName` will continue to behave as it has. If -using `subjectNames`, the first entry in `subjectNames` must match the value of -`subjectName`. this will be enforced by CEL validation. \ No newline at end of file diff --git a/changelogs/unreleased/5849-KauzClay-minor.md b/changelogs/unreleased/5849-KauzClay-minor.md deleted file mode 100644 index afa791c072b..00000000000 --- a/changelogs/unreleased/5849-KauzClay-minor.md +++ /dev/null @@ -1,5 +0,0 @@ -## Allow Multiple SANs in Upstream Validation section of HTTPProxy - -This change introduces a max length of 250 characters to the field `subjectName` in the UpstreamValidation block. - -Allow multiple SANs in Upstream Validation by adding a new field `subjectNames` to the UpstreamValidtion block. This will exist side by side with the previous `subjectName` field. Using CEL validation, we can enforce that when both are present, the first entry in `subjectNames` must match the value of `subjectName`. \ No newline at end of file diff --git a/changelogs/unreleased/5898-skriss-major.md b/changelogs/unreleased/5898-skriss-major.md deleted file mode 100644 index b4c8adc0c04..00000000000 --- a/changelogs/unreleased/5898-skriss-major.md +++ /dev/null @@ -1,8 +0,0 @@ -## Update to Gateway API 1.0 - -Contour now uses [Gateway API 1.0](https://github.com/kubernetes-sigs/gateway-api/releases/tag/v1.0.0), which graduates the core resources GatewayClass, Gateway and HTTPRoute to the `v1` API version. - -For backwards compatibility, this version of Contour continues to watch for `v1beta1` versions of these resources, to ease the migration process for users. -However, future versions of Contour will move to watching for `v1` versions of these resources. -Note that if you are using Gateway API 1.0 and the `v1` API group, the resources you create will also be available from the API server as `v1beta1` resources so Contour will correctly reconcile them as well. - diff --git a/changelogs/unreleased/5934-izturn-minor.md b/changelogs/unreleased/5934-izturn-minor.md deleted file mode 100644 index 3d8504126cf..00000000000 --- a/changelogs/unreleased/5934-izturn-minor.md +++ /dev/null @@ -1,3 +0,0 @@ -## Gateway API Backend Protocol Selection - -For Gateway API, Contour now enables end-users to specify backend protocols by setting the backend Service's [ServicePort.AppProtocol](https://kubernetes.io/docs/concepts/services-networking/service/#application-protocol) parameter. The accepted values are `kubernetes.io/h2c` and `kubernetes.io/ws`. Note that websocket upgrades are already enabled by default for Gateway API. If `AppProtocol` is set, any other configurations, such as the annotation: `projectcontour.io/upstream-protocol.{protocol}` will be disregarded. \ No newline at end of file diff --git a/changelogs/unreleased/5961-izturn-small.md b/changelogs/unreleased/5961-izturn-small.md deleted file mode 100644 index 130c664704c..00000000000 --- a/changelogs/unreleased/5961-izturn-small.md +++ /dev/null @@ -1 +0,0 @@ -For Gateway API v1.0, the successful attachment of a Route to a Listener is based solely on the combination of the AllowedRoutes field on the corresponding Listener and the Route's ParentRefs field. diff --git a/changelogs/unreleased/5968-skriss-deprecation.md b/changelogs/unreleased/5968-skriss-deprecation.md deleted file mode 100644 index 6146bec7461..00000000000 --- a/changelogs/unreleased/5968-skriss-deprecation.md +++ /dev/null @@ -1 +0,0 @@ -The `ContourDeployment.Spec.ResourceLabels` field is now deprecated. You should use `Gateway.Spec.Infrastructure.Labels` instead. The `ResourceLabels` field will be removed in a future release. \ No newline at end of file diff --git a/changelogs/unreleased/5968-skriss-small.md b/changelogs/unreleased/5968-skriss-small.md deleted file mode 100644 index a0e80d9f346..00000000000 --- a/changelogs/unreleased/5968-skriss-small.md +++ /dev/null @@ -1 +0,0 @@ -Gateway API: adds support for [Gateway infrastructure labels and annotations](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.GatewayInfrastructure)``. \ No newline at end of file diff --git a/changelogs/unreleased/5969-skriss-small.md b/changelogs/unreleased/5969-skriss-small.md deleted file mode 100644 index 064a7f3f4df..00000000000 --- a/changelogs/unreleased/5969-skriss-small.md +++ /dev/null @@ -1 +0,0 @@ -Gateway API: add the `gateway.networking.k8s.io/gateway-name` label to generated resources. \ No newline at end of file diff --git a/changelogs/unreleased/5972-skriss-small.md b/changelogs/unreleased/5972-skriss-small.md deleted file mode 100644 index 84322581ce0..00000000000 --- a/changelogs/unreleased/5972-skriss-small.md +++ /dev/null @@ -1 +0,0 @@ -Fixes a bug with the `envoy` xDS server where at startup, xDS configuration would not be generated and served until a subsequent configuration change. \ No newline at end of file diff --git a/changelogs/unreleased/5997-izturn-minor.md b/changelogs/unreleased/5997-izturn-minor.md deleted file mode 100644 index efd30f164c4..00000000000 --- a/changelogs/unreleased/5997-izturn-minor.md +++ /dev/null @@ -1,3 +0,0 @@ -## Gateway API: support HTTPRoute request timeouts - -Contour now enables end-users to specify request timeouts by setting the [HTTPRouteRule.Timeouts.Request](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1.HTTPRouteTimeouts) parameter. Note that `BackendRequest` is not yet implemented because without Gateway API support for retries, it's functionally equivalent to `Request`. \ No newline at end of file diff --git a/changelogs/unreleased/6013-davinci26-minor.md b/changelogs/unreleased/6013-davinci26-minor.md deleted file mode 100644 index df19a22dc78..00000000000 --- a/changelogs/unreleased/6013-davinci26-minor.md +++ /dev/null @@ -1,3 +0,0 @@ -## Support for Global Circuit Breaker Policy - -The way [circuit-breaker-annotations](https://projectcontour.io/docs/1.27/config/annotations/) work currently is that when not present they are being defaulted to Envoy defaults. The Envoy defaults can be quite low for larger clusters with more traffic so if a user accidentally deletes them or unset them this cause an issue. With this change we are providing contour administrators the ability to provide global defaults that are good. In that case even if the user forgets to set them or deletes them they can have the safety net of good defaults. They can be configured via [cluster.circuit-breakers](https://projectcontour.io/docs/1.28/configuration/#circuit-breakers) or via `ContourConfiguration`` CRD in [spec.envoy.cluster.circuitBreakers](https://projectcontour.io/docs/1.28/config/api/#projectcontour.io/v1alpha1.GlobalCircuitBreakerDefaults) diff --git a/changelogs/unreleased/6016-relu-small.md b/changelogs/unreleased/6016-relu-small.md deleted file mode 100644 index 54f7a59fc3c..00000000000 --- a/changelogs/unreleased/6016-relu-small.md +++ /dev/null @@ -1 +0,0 @@ -Envoy: Adds support for setting [per-host circuit breaker max-connections threshold](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/circuit_breaker.proto#envoy-v3-api-field-config-cluster-v3-circuitbreakers-per-host-thresholds) using a new service-level annotation: `projectcontour.io/per-host-max-connections`. diff --git a/changelogs/unreleased/6031-skriss-small.md b/changelogs/unreleased/6031-skriss-small.md deleted file mode 100644 index 71864af4250..00000000000 --- a/changelogs/unreleased/6031-skriss-small.md +++ /dev/null @@ -1 +0,0 @@ -Updates to Kubernetes 1.29. Supported/tested Kubernetes versions are now 1.27, 1.28 and 1.29. \ No newline at end of file diff --git a/changelogs/unreleased/6058-flawedmatrix-minor.md b/changelogs/unreleased/6058-flawedmatrix-minor.md deleted file mode 100644 index 5bd27dcdf75..00000000000 --- a/changelogs/unreleased/6058-flawedmatrix-minor.md +++ /dev/null @@ -1,5 +0,0 @@ -## Allow setting connection limit per listener - -Adds a `listeners.max-connections-per-listener` config option to Contour config file and `spec.envoy.listener.maxConnectionsPerListener` to the ContourConfiguration CRD. - -Setting the max connection limit per listener field limits the number of active connections to a listener. The default, if unset, is unlimited. diff --git a/changelogs/unreleased/6063-lubronzhan-small.md b/changelogs/unreleased/6063-lubronzhan-small.md deleted file mode 100644 index e9b526895fa..00000000000 --- a/changelogs/unreleased/6063-lubronzhan-small.md +++ /dev/null @@ -1 +0,0 @@ -Remove static base runtime layer from bootstrap diff --git a/changelogs/unreleased/6070-sunjayBhatia-small.md b/changelogs/unreleased/6070-sunjayBhatia-small.md deleted file mode 100644 index 5ee1d76652f..00000000000 --- a/changelogs/unreleased/6070-sunjayBhatia-small.md +++ /dev/null @@ -1 +0,0 @@ -Updates to Go 1.21.6. See the [Go release notes](https://go.dev/doc/devel/release#go1.21.minor) for more information. diff --git a/changelogs/unreleased/6073-lubronzhan-small.md b/changelogs/unreleased/6073-lubronzhan-small.md deleted file mode 100644 index f9e86422557..00000000000 --- a/changelogs/unreleased/6073-lubronzhan-small.md +++ /dev/null @@ -1 +0,0 @@ -Allow gatewayProvisioner to create contour that only watch limited namespaces of resources diff --git a/changelogs/unreleased/6077-abbas-gheydi-small.md b/changelogs/unreleased/6077-abbas-gheydi-small.md deleted file mode 100644 index bfa20f6d79f..00000000000 --- a/changelogs/unreleased/6077-abbas-gheydi-small.md +++ /dev/null @@ -1 +0,0 @@ -Access Log: Contour excludes empty fields in Envoy JSON based access logs by default. diff --git a/changelogs/unreleased/6079-tsaarni-minor.md b/changelogs/unreleased/6079-tsaarni-minor.md deleted file mode 100644 index a3e372871f8..00000000000 --- a/changelogs/unreleased/6079-tsaarni-minor.md +++ /dev/null @@ -1,4 +0,0 @@ -## Upstream TLS validation and client certificate for TCPProxy - -TCPProxy now supports validating server certificate and using client certificate for upstream TLS connections. -Set `httpproxy.spec.tcpproxy.services.validation.caSecret` and `subjectName` to enable optional validation and `tls.envoy-client-certificate` configuration file field or `ContourConfiguration.spec.envoy.clientCertificate` to set the optional client certificate. diff --git a/changelogs/unreleased/6099-sunjayBhatia-minor.md b/changelogs/unreleased/6099-sunjayBhatia-minor.md deleted file mode 100644 index a6c5fc0a3b6..00000000000 --- a/changelogs/unreleased/6099-sunjayBhatia-minor.md +++ /dev/null @@ -1,5 +0,0 @@ -## Remove Contour container readiness probe initial delay - -The Contour Deployment Contour server container previously had its readiness probe `initialDelaySeconds` field set to 15. -This has been removed from the example YAML manifests and Gateway Provisioner generated Contour Deployment since as of [PR #5672](https://github.com/projectcontour/contour/pull/5672) Contour's xDS server will not start or serve any configuration (and the readiness probe will not succeed) until the existing state of the cluster is synced. -In clusters with few resources this will improve the Contour Deployment's update/rollout time as initial startup time should be low. diff --git a/changelogs/unreleased/6119-flawedmatrix-major.md b/changelogs/unreleased/6119-flawedmatrix-major.md deleted file mode 100644 index 600f9b8f2a2..00000000000 --- a/changelogs/unreleased/6119-flawedmatrix-major.md +++ /dev/null @@ -1,9 +0,0 @@ -## Support for Gateway API BackendTLSPolicy - -The BackendTLSPolicy CRD can now be used with HTTPRoute to configure a Contour gateway to connect to a backend Service with TLS. This will give users the ability to use Gateway API to configure their routes to securely connect to backends that use TLS with Contour. - -The BackendTLSPolicy spec requires you to specify a `targetRef`, which can currently only be a Kubernetes Service within the same namespace as the BackendTLSPolicy. The targetRef is what Service should be watched to apply the BackendTLSPolicy to. A `SectionName` can also be configured to the port name of a Service to reference a specific section of the Service. - -The spec also requires you to specify `caCertRefs`, which can either be a ConfigMap or Secret with a `ca.crt` key in the data map containing a PEM-encoded TLS certificate. The CA certificates referenced will be configured to be used by the gateway to perform TLS to the backend Service. You will also need to specify a `Hostname`, which will be used to configure the SNI the gateway will use for the connection. - -See Gateway API's [GEP-1897](https://gateway-api.sigs.k8s.io/geps/gep-1897) for the proposal for BackendTLSPolicy. diff --git a/changelogs/unreleased/6124-skriss-small.md b/changelogs/unreleased/6124-skriss-small.md deleted file mode 100644 index c070f9cc4d4..00000000000 --- a/changelogs/unreleased/6124-skriss-small.md +++ /dev/null @@ -1 +0,0 @@ -Updates HTTP filter names to match between the HTTP connection manager and per-filter config on virtual hosts/routes, and to use canonical names. \ No newline at end of file diff --git a/changelogs/unreleased/6143-skriss-docs.md b/changelogs/unreleased/6143-skriss-docs.md deleted file mode 100644 index 2c702c3f738..00000000000 --- a/changelogs/unreleased/6143-skriss-docs.md +++ /dev/null @@ -1 +0,0 @@ -Document that Gateway names should be 63 characters or shorter to avoid issues with generating dependent resources when using the Gateway provisioner. \ No newline at end of file diff --git a/changelogs/unreleased/6144-skriss-deprecation.md b/changelogs/unreleased/6144-skriss-deprecation.md deleted file mode 100644 index d10319fdf6e..00000000000 --- a/changelogs/unreleased/6144-skriss-deprecation.md +++ /dev/null @@ -1,5 +0,0 @@ -## Configuring Contour with a GatewayClass controller name is deprecated - -Contour should no longer be configured with a GatewayClass controller name (`gateway.controllerName` in the config file or ContourConfiguration CRD). -Instead, either use a specific Gateway reference (`gateway.gatewayRef`), or use the Gateway provisioner. -`gateway.controllerName` will be removed in a future release. \ No newline at end of file diff --git a/changelogs/unreleased/6147-sunjayBhatia-small.md b/changelogs/unreleased/6147-sunjayBhatia-small.md deleted file mode 100644 index 3ab0d2cf58a..00000000000 --- a/changelogs/unreleased/6147-sunjayBhatia-small.md +++ /dev/null @@ -1 +0,0 @@ -Gateway API provisioner now checks `gateway.networking.k8s.io/bundle-version` annotation on Gateway CRDs and sets SupportedVersion status condition on GatewayClass if annotation value matches supported Gateway API version. Best-effort support is provided if version does not match. diff --git a/changelogs/unreleased/6148-lubronzhan-minor.md b/changelogs/unreleased/6148-lubronzhan-minor.md deleted file mode 100644 index 3124fff004c..00000000000 --- a/changelogs/unreleased/6148-lubronzhan-minor.md +++ /dev/null @@ -1,3 +0,0 @@ -## Add anti-affinity rule for envoy deployed by provisioner - -The envoy deployment created by the gateway provisioner now includes a default anti-affinity rule. The anti-affinity rule in the [example envoy deployment manifest](https://github.com/projectcontour/contour/blob/main/examples/deployment/03-envoy-deployment.yaml) is also updated to `preferredDuringSchedulingIgnoredDuringExecution` to be consistent with the contour deployment and the gateway provisioner anti-affinity rule. diff --git a/changelogs/unreleased/6151-christianang-small.md b/changelogs/unreleased/6151-christianang-small.md deleted file mode 100644 index 8a7c85b38bf..00000000000 --- a/changelogs/unreleased/6151-christianang-small.md +++ /dev/null @@ -1 +0,0 @@ -For Gateway API, add "Accepted" condition to BackendTLSPolicy. If the condition is true the BackendTLSPolicy was accepted by the Gateway and if false a reason will be stated on the policy as to why it wasn't accepted. diff --git a/changelogs/unreleased/6152-lubronzhan-minor.md b/changelogs/unreleased/6152-lubronzhan-minor.md deleted file mode 100644 index 116189f08cc..00000000000 --- a/changelogs/unreleased/6152-lubronzhan-minor.md +++ /dev/null @@ -1,7 +0,0 @@ -## Add DisabledFeatures to ContourDeployment for gateway provisioner - -A new flag DisabledFeatures is added to ContourDeployment so that user can configure contour which is deployed by the provisioner to skip reconciling CRDs which are specified inside the flag. - -Accepted values are `grpcroutes|tlsroutes|extensionservices|backendtlspolicies`. - - diff --git a/changelogs/unreleased/6161-sunjayBhatia-docs.md b/changelogs/unreleased/6161-sunjayBhatia-docs.md deleted file mode 100644 index f2ce37e8298..00000000000 --- a/changelogs/unreleased/6161-sunjayBhatia-docs.md +++ /dev/null @@ -1 +0,0 @@ -Add troubleshooting guide for general app traffic errors. diff --git a/changelogs/unreleased/6164-sunjayBhatia-small.md b/changelogs/unreleased/6164-sunjayBhatia-small.md deleted file mode 100644 index 3da383b22f4..00000000000 --- a/changelogs/unreleased/6164-sunjayBhatia-small.md +++ /dev/null @@ -1 +0,0 @@ -Updates Envoy to v1.29.1. See the release notes [here](https://www.envoyproxy.io/docs/envoy/v1.29.1/version_history/v1.29/v1.29.1). diff --git a/netlify.toml b/netlify.toml index d653471a366..331aadeb3f6 100644 --- a/netlify.toml +++ b/netlify.toml @@ -42,7 +42,7 @@ # kubectl apply https://projectcontour.io/quickstart/contour.yaml [[redirects]] from = "/quickstart/contour.yaml" - to = "https://raw.githubusercontent.com/projectcontour/contour/release-1.27/examples/render/contour.yaml" + to = "https://raw.githubusercontent.com/projectcontour/contour/release-1.28/examples/render/contour.yaml" status = 302 # Redirect versioned quickstarts so that they can easily be referenced by @@ -59,7 +59,7 @@ # kubectl apply https://projectcontour.io/quickstart/contour-gateway.yaml [[redirects]] from = "/quickstart/contour-gateway.yaml" - to = "https://raw.githubusercontent.com/projectcontour/contour/release-1.27/examples/render/contour-gateway.yaml" + to = "https://raw.githubusercontent.com/projectcontour/contour/release-1.28/examples/render/contour-gateway.yaml" status = 302 # Redirect versioned quickstarts so that they can easily be referenced by @@ -76,7 +76,7 @@ # kubectl apply https://projectcontour.io/quickstart/contour-gateway-provisioner.yaml [[redirects]] from = "/quickstart/contour-gateway-provisioner.yaml" - to = "https://raw.githubusercontent.com/projectcontour/contour/release-1.27/examples/render/contour-gateway-provisioner.yaml" + to = "https://raw.githubusercontent.com/projectcontour/contour/release-1.28/examples/render/contour-gateway-provisioner.yaml" status = 302 # Redirect versioned quickstarts so that they can easily be referenced by diff --git a/site/config.yaml b/site/config.yaml index 6ceb7044f00..53a7502e048 100644 --- a/site/config.yaml +++ b/site/config.yaml @@ -29,7 +29,7 @@ params: github_url: "https://github.com/projectcontour/contour" github_raw_url: "https://raw.githubusercontent.com/projectcontour/contour" slack_url: "https://kubernetes.slack.com/messages/contour" - latest_version: "1.27" + latest_version: "1.28" use_advanced_docs: true docs_right_sidebar: true docs_search: true @@ -39,6 +39,7 @@ params: docs_versioning: true docs_versions: - main + - "1.28" - "1.27" - "1.26" - "1.25" diff --git a/site/content/docs/1.28/_index.md b/site/content/docs/1.28/_index.md new file mode 100644 index 00000000000..c27017b94e1 --- /dev/null +++ b/site/content/docs/1.28/_index.md @@ -0,0 +1,48 @@ +--- +cascade: + layout: docs + version: "1.28" + branch: release-1.28 +--- + +## Overview +Contour is an Ingress controller for Kubernetes that works by deploying the [Envoy proxy][1] as a reverse proxy and load balancer. +Contour supports dynamic configuration updates out of the box while maintaining a lightweight profile. + +## Philosophy +- Follow an opinionated approach which allows us to better serve most users +- Design Contour to serve both the cluster administrator and the application developer +- Use our experience with ingress to define reasonable defaults for both cluster administrators and application developers. +- Meet users where they are by understanding and adapting Contour to their use cases + +See the full [Contour Philosophy][8] page. + +## Why Contour? +Contour bridges other solution gaps in several ways: +- Dynamically update the ingress configuration with minimal dropped connections +- Safely support multiple types of ingress config in multi-team Kubernetes clusters + - [Ingress/v1][10] + - [HTTPProxy (Contour custom resource)][2] + - [Gateway API][9] +- Cleanly integrate with the Kubernetes object model + +## Prerequisites +Contour is tested with Kubernetes clusters running version [1.21 and later][4]. + +## Get started +Getting started with Contour is as simple as one command. +See the [Getting Started][3] document. + +## Troubleshooting +If you encounter issues review the [troubleshooting][5] page, [file an issue][6], or talk to us on the [#contour channel][7] on Kubernetes slack. + +[1]: https://www.envoyproxy.io/ +[2]: config/fundamentals.md +[3]: /getting-started +[4]: /resources/compatibility-matrix.md +[5]: /docs/main/troubleshooting +[6]: https://github.com/projectcontour/contour/issues +[7]: https://kubernetes.slack.com/messages/contour +[8]: /resources/philosophy +[9]: guides/gateway-api +[10]: /docs/{{< param version >}}/config/ingress diff --git a/site/content/docs/1.28/architecture.md b/site/content/docs/1.28/architecture.md new file mode 100644 index 00000000000..b29cb409d39 --- /dev/null +++ b/site/content/docs/1.28/architecture.md @@ -0,0 +1,74 @@ +# Contour Architecture + +The Contour Ingress controller is a collaboration between: + +* Envoy, which provides the high performance reverse proxy. +* Contour, which acts as a management server for Envoy and provides it with configuration. + +These containers are deployed separately, Contour as a Deployment and Envoy as a Kubernetes Daemonset or Deployment, although other configurations are possible. + +In the Envoy Pods, Contour runs as an initcontainer in `bootstrap` mode and writes an Envoy bootstrap configuration to a temporary volume. +This volume is passed to the Envoy container and directs Envoy to treat Contour as its [management server][1]. + +After initialization is complete, the Envoy container starts, retrieves the bootstrap configuration written by Contour's `bootstrap` mode, and establishes a GRPC session with Contour to receive configuration. + +Envoy will gracefully retry if the management server is unavailable, which removes any container startup ordering issues. + +Contour is a client of the Kubernetes API. +Contour watches Ingress, HTTPProxy, Gateway API, Secret, Service, and Endpoint objects, and acts as the management server for its Envoy sibling by translating its cache of objects into the relevant JSON stanzas: Service objects for CDS, Ingress for RDS, Endpoint objects for EDS, and so on). + +The transfer of information from Kubernetes to Contour is by watching the Kubernetes API utilizing [controller-runtime][4] primitives. + +Kubernetes readiness probes are configured to check whether Envoy is ready to accept connections. +The Envoy readiness probe sends GET requests to `/ready` in Envoy's administration endpoint. + +For Contour, a liveness probe checks the `/healthz` running on the Pod's metrics port. +Readiness probe is a check that Contour can access the Kubernetes API. + +## Architectural Overview +Below are a couple of high level architectural diagrams of how Contour works inside a Kubernetes cluster as well as showing the data path of a request to a backend pod. + +A request to `projectcontour.io/blog` gets routed via a load balancer to an instance of an Envoy proxy which then sends the request to a pod. + +![architectural overview][2] + +Following is a diagram of how Contour and Envoy are deployed in a Kubernetes cluster. + +### Kubernetes API Server + +The following API objects are watched: +- Services +- Endpoints +- Secrets +- Ingress +- HTTPProxy +- Gateway API (Optional) + +### Contour Deployment + +Contour is deployed in the cluster using a Kubernetes Deployment. +It has built-in leader election which is responsible for updating httproxy/ingress/gateway api resources via Kube API server. +All instances are able to serve xDS configuration to any Envoy instance, but only the leader can write status back to the API server. + +The data being served from contour instances are eventually consistent in an HA based deployment. +However HA mode is operationally scalable when you have high request rate from envoy to contour as requests are loadbalanced among contour instances. +This also helps availability zone /data center degradation events as your service continue to function. + +### Envoy Deployment + +Envoy can be deployed in two different models, as a Kubernetes Daemonset or as a Kubernetes Deployment. + +Daemonset is the standard deployment model where a single instance of Envoy is deployed per Kubernetes Node. +This allows for simple Envoy pod distribution across the cluster as well as being able to expose Envoy using `hostPorts` to improve network performance. +One potential downside of this deployment model is when a node is removed from the cluster (e.g. on a cluster scale down, etc) then the configured `preStop` hooks are not available so connections can be dropped. +This is a limitation that applies to any Daemonset in Kubernetes. + +An alternative Envoy deployment model is utilizing a Kubernetes Deployment with a configured `podAntiAffinity` which attempts to mirror the Daemonset deployment model. +A benefit of this model compared to the Daemonset version is when a node is removed from the cluster, the proper shutdown events are available so connections can be cleanly drained from Envoy before terminating. + +![architectural overview 2][3] + +[1]: https://www.envoyproxy.io/docs/envoy/v1.13.0/api-docs/xds_protocol +[2]: ../img/archoverview.png +[3]: ../img/contour_deployment_in_k8s.png +[4]: https://github.com/kubernetes-sigs/controller-runtime diff --git a/site/content/docs/1.28/config/access-logging.md b/site/content/docs/1.28/config/access-logging.md new file mode 100644 index 00000000000..0c5b6e1583c --- /dev/null +++ b/site/content/docs/1.28/config/access-logging.md @@ -0,0 +1,148 @@ +# Access Logging + +## Overview + +Contour allows you to control Envoy's access logging. +By default, HTTP and HTTPS access logs are written to `/dev/stdout` by the Envoy containers and look like following: + +``` +[2021-04-14T16:36:00.361Z] "GET /foo HTTP/1.1" 200 - 0 463 6 3 "-" "HTTPie/1.0.3" "837aa8dc-344f-4faa-b7d5-c9cce1028519" "localhost:8080" "127.0.0.1:8081" +``` + +The detailed description of each field can be found in [Envoy access logging documentation][7]. + + +## Customizing Access Log Destination + +You can change the destination file where the access log is written by using Contour [command line parameters][1] `--envoy-http-access-log` and `--envoy-https-access-log`. + +## Customizing Access Log Format + +The access log can take two different formats, both can be customized + +* Text based access logs, like shown in the example above. +* Structured JSON logging. + +### Text Based Access Logging + +Ensure that you have selected `envoy` as the access log format. +Note that this is the default format if the parameters are not given. + +- Add `--accesslog-format=envoy` to your Contour startup line, or +- Add `accesslog-format: envoy` to your configuration file. + +Customize the access log format by defining `accesslog-format-string` in your configuration file. + +```yaml +accesslog-format-string: "[%START_TIME%] \"%REQ(:METHOD)% %REQ(X-ENVOY-ORIGINAL-PATH?:PATH)% %PROTOCOL%\" %RESPONSE_CODE% %RESPONSE_FLAGS% %BYTES_RECEIVED% %BYTES_SENT% %DURATION% %RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)% \"%REQ(X-FORWARDED-FOR)%\" \"%REQ(USER-AGENT)%\" \"%REQ(X-REQUEST-ID)%\" \"%REQ(:AUTHORITY)%\" \"%UPSTREAM_HOST%\"\n" +``` +After restarting Contour and successful validation of the configuration, the new format will take effect in a short while. + +Refer to [Envoy access logging documentation][7] for the description of the command operators, and note that the format string needs to end in a linefeed `\n`. + +### Structured JSON Logging + +Contour allows you to choose from a set of JSON fields that will be expanded into Envoy templates and sent to Envoy. +There is a default set of fields if you enable JSON logging, and you may customize which fields you log. + +The list of available fields are discoverable in the following objects: +- [jsonFields][2] are fields that have built in mappings to commonly used envoy operators. +- [envoySimpleOperators][3] are the names of simple envoy operators that don't require arguments, they are case-insensitive when configured. +- [envoyComplexOperators][4] are the names of complex envoy operators that require arguments. + +The default list of fields is available at [DefaultAccessLogJSONFields][5]. + +#### Enabling the Feature + +To enable the feature you have two options: + +- Add `--accesslog-format=json` to your Contour startup line. +- Add `accesslog-format: json` to your configuration file. + +Without any further customization, the [default fields][5] will be used. + +#### Customizing Logged Fields + +To customize the logged fields, add a `json-fields` list of strings to your configuration file. +If the `json-fields` key is not specified, the [default fields][5] will be configured. + +To use a value from [jsonFields][2] or [envoySimpleOperators][3], simply include the name of the value in the list of strings. +The jsonFields are case-sensitive, but envoySimpleOperators are not. + +To use [envoyComplexOperators][4] or to use alternative field names, specify strings as key/value pairs like `"fieldName=%OPERATOR(...)%"`. + +Unknown field names in non key/value fields will result in validation errors, as will unknown Envoy operators in key/value fields. +Note that the `DYNAMIC_METADATA` and `FILTER_STATE` Envoy logging operators are not supported at this time due to the complexity of their validation. + +See the [example config file][6] to see this used in context. + +#### Omitting Logs with Empty Values + +Contour automatically omits empty fields in Envoy JSON access logs, enhancing clarity and delivering more concise and relevant log outputs by default. + +#### Sample Configuration File + +Here is a sample config: + +```yaml +accesslog-format: json +json-fields: + - "@timestamp" + - "authority" + - "bytes_received" + - "bytes_sent" + - "customer_id=%REQ(X-CUSTOMER-ID)%" + - "downstream_local_address" + - "downstream_remote_address" + - "duration" + - "method" + - "path" + - "protocol" + - "request_id" + - "requested_server_name" + - "response_code" + - "response_flags" + - "uber_trace_id" + - "upstream_cluster" + - "upstream_host" + - "upstream_local_address" + - "upstream_service_time" + - "user_agent" + - "x_forwarded_for" +``` + +### Logging the route source + +Contour can log the kind, namespace and name of the Kubernetes resource that generated the route for a given access log entry. + +For text-based access logging, the following command operators can be used: +- `%METADATA(ROUTE:envoy.access_loggers.file:io.projectcontour.kind)%` +- `%METADATA(ROUTE:envoy.access_loggers.file:io.projectcontour.namespace)%` +- `%METADATA(ROUTE:envoy.access_loggers.file:io.projectcontour.name)%` + +For JSON access logging, the following fields can be added (these are Contour-specific aliases to the above command operators): +- `contour_config_kind` +- `contour_config_namespace` +- `contour_config_name` + +## Using Access Log Formatter Extensions + +Envoy allows implementing custom access log command operators as extensions. +Following extensions are supported by Contour: + +| Command operator | Description | +|------------------|-------------| +| [REQ_WITHOUT_QUERY][8] | Works the same way as REQ except that it will remove the query string. It is used to avoid logging any sensitive information into the access log. | +| [METADATA][9] | Prints all types of metadata. | + + + +[1]: ../configuration#serve-flags +[2]: https://github.com/search?q=%22var+jsonFields%22+repo%3Aprojectcontour%2Fcontour+path%3Aapis&type=code +[3]: https://github.com/search?q=%22var+envoySimpleOperators%22+repo%3Aprojectcontour%2Fcontour+path%3Aapis&type=code +[4]: https://github.com/search?q=%22var+envoyComplexOperators%22+repo%3Aprojectcontour%2Fcontour+path%3Aapis&type=code +[5]: https://github.com/search?q=%22var+DefaultAccessLogJSONFields%22+repo%3Aprojectcontour%2Fcontour+path%3Aapis&type=code +[6]: {{< param github_url >}}/tree/{{< param latest_version >}}/examples/contour/01-contour-config.yaml +[7]: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage +[8]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/formatter/req_without_query/v3/req_without_query.proto +[9]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/formatter/metadata/v3/metadata.proto \ No newline at end of file diff --git a/site/content/docs/1.28/config/annotations.md b/site/content/docs/1.28/config/annotations.md new file mode 100644 index 00000000000..4d805f8f0f1 --- /dev/null +++ b/site/content/docs/1.28/config/annotations.md @@ -0,0 +1,98 @@ +# Annotations Reference + + + +Annotations are used in Ingress Controllers to configure features that are not covered by the Kubernetes Ingress API. + +Some of the features that have been historically configured via annotations are supported as first-class features in Contour's [HTTPProxy API][15], which provides a more robust configuration interface over annotations. + +However, Contour still supports a number of annotations on the Ingress resources. + +## Standard Kubernetes Ingress annotations + +The following Kubernetes annotations are supported on `Ingress` objects: + +### Ingress Class + +The Ingress class annotation can be used to specify which Ingress controller should serve a particular Ingress object. +This annotation may be specified as the standard `kubernetes.io/ingress.class` or a Contour-specific `projectcontour.io/ingress.class`. +In both cases, they will behave as follows, by default: + +* If not set, then all Ingress controllers serve the Ingress. +* If specified as `kubernetes.io/ingress.class: contour`, then Contour serves the Ingress. +* If any other value, Contour ignores the Ingress definition. + +You can override the default class `contour` by providing the `--ingress-class-name` flag to Contour. +This can be useful while you are migrating from another controller, or if you need multiple instances of Contour. +If you do this, the behavior is as follows: +* If the annotation is not set, Contour will ignore the Ingress. +* If the annotation is set to any value other than the one passed to the `--ingress-class-name` flag, Contour will ignore the Ingress. +* If the annotation matches the value that you passed to `--ingress-class-name` flag, Contour will serve the Ingress. + +This same logic applies for these annotations on HTTPProxy objects. + +_Note: Both `Ingress` and `HTTPProxy` now have an `IngressClassName` field in their spec. Going forward this is the preferred way to specify an ingress class, rather than using an annotation. If both the annotation and the spec field are specified on an object, the annotation takes preference for backwards compatibility._ + +_Note: The `--ingress-class-name` value can be a comma-separated list of class names to match against. Contour will serve the Ingress or HTTPProxy if the annotation or IngressClassName matches any of the specified class name values. + +### Other annotations + + - `ingress.kubernetes.io/force-ssl-redirect`: Requires TLS/SSL for the Ingress to Envoy by setting the [Envoy virtual host option require_tls][16]. + - `kubernetes.io/ingress.allow-http`: Instructs Contour to not create an Envoy HTTP route for the virtual host. The Ingress exists only for HTTPS requests. Specify `"false"` for Envoy to mark the endpoint as HTTPS only. All other values are ignored. + +The `ingress.kubernetes.io/force-ssl-redirect` annotation takes precedence over `kubernetes.io/ingress.allow-http`. If they are set to `"true"` and `"false"` respectively, Contour *will* create an Envoy HTTP route for the Virtual host, and set the `require_tls` virtual host option. + +## Contour specific Ingress annotations + + - `projectcontour.io/ingress.class`: The Ingress class that should interpret and serve the Ingress. See the [main Ingress class annotation section](#ingress-class) for more details. + - `projectcontour.io/num-retries`: [The maximum number of retries][1] Envoy should make before abandoning and returning an error to the client. Applies only if `projectcontour.io/retry-on` is specified. Set to -1 to disable retries. + - `projectcontour.io/per-try-timeout`: [The timeout per retry attempt][2], if there should be one. Applies only if `projectcontour.io/retry-on` is specified. + - `projectcontour.io/response-timeout`: [The Envoy HTTP route timeout][3], specified as a [golang duration][4]. By default, Envoy has a 15 second timeout for a backend service to respond. Set this to `infinity` to specify that Envoy should never timeout the connection to the backend. Note that the value `0s` / zero has special semantics for Envoy. + - `projectcontour.io/retry-on`: [The conditions for Envoy to retry a request][5]. See also [possible values and their meanings for `retry-on`][6]. + - `projectcontour.io/tls-minimum-protocol-version`: [The minimum TLS protocol version][7] the TLS listener should support. Valid options are `1.3`, `1.2` (default). + - `projectcontour.io/tls-maximum-protocol-version`: [The maximum TLS protocol version][7] the TLS listener should support. Valid options are `1.2`, `1.3` (default). + - `projectcontour.io/websocket-routes`: [The routes supporting websocket protocol][8], the annotation value contains a list of route paths separated by a comma that must match with the ones defined in the `Ingress` definition. Defaults to Envoy's default behavior which is `use_websocket` to `false`. + - `projectcontour.io/tls-cert-namespace`: The namespace where all TLS secrets of this Ingress are searched. This is necessary to use [TLS Certificate Delegation][18] with Ingress v1 because the slash notation (ex: different-ns/app-cert) used by HTTPProxy and Ingress v1beta1 is not accepted. See [this issue][19] for details. + +## Contour specific Service annotations + +A [Kubernetes Service][9] maps to an [Envoy Cluster][10]. Envoy clusters have many settings to control specific behaviors. These annotations allow access to some of those settings. + +- `projectcontour.io/max-connections`: [The maximum number of connections][11] that a single Envoy instance allows to the Kubernetes Service; defaults to 1024. +- `projectcontour.io/max-pending-requests`: [The maximum number of pending requests][13] that a single Envoy instance allows to the Kubernetes Service; defaults to 1024. +- `projectcontour.io/max-requests`: [The maximum parallel requests][13] a single Envoy instance allows to the Kubernetes Service; defaults to 1024 +- `projectcontour.io/max-retries`: [The maximum number of parallel retries][14] a single Envoy instance allows to the Kubernetes Service; defaults to 3. This is independent of the per-Kubernetes Ingress number of retries (`projectcontour.io/num-retries`) and retry-on (`projectcontour.io/retry-on`), which control whether retries are attempted and how many times a single request can retry. +- `projectcontour.io/per-host-max-connections`: [The maximum number of connections][20] that a single Envoy instance allows to an individual Kubernetes Service endpoint; no default (unlimited). +- `projectcontour.io/upstream-protocol.{protocol}` : The protocol used to proxy requests to the upstream service. + The annotation value contains a comma-separated list of port names and/or numbers that must match with the ones defined in the `Service` definition. + This value can also be specified in the `spec.routes.services[].protocol` field on the HTTPProxy object, where it takes precedence over the Service annotation. + Supported protocol names are: `h2`, `h2c`, and `tls`: + - The `tls` protocol allows for requests which terminate at Envoy to proxy via TLS to the upstream. + This protocol should be used for HTTP/1.1 services over TLS. + _Note that validating the upstream TLS certificate requires additionally setting the [validation][17] field._ + - The `h2` protocol proxies requests to the upstream using HTTP/2 over TLS. + - The `h2c` protocol proxies requests to the upstream using cleartext HTTP/2. + +## Contour specific HTTPProxy annotations +- `projectcontour.io/ingress.class`: The Ingress class that should interpret and serve the HTTPProxy. See the [main Ingress class annotation section](#ingress-class) for more details. + +[1]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-max-retries +[2]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-retrypolicy-retry-on +[3]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-timeout +[4]: https://golang.org/pkg/time/#ParseDuration +[5]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-retrypolicy-retry-on +[6]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#config-http-filters-router-x-envoy-retry-on +[7]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#extensions-transport-sockets-tls-v3-tlsparameters +[8]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-upgrade-configs +[9]: https://kubernetes.io/docs/concepts/services-networking/service/ +[10]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/intro/terminology +[11]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/circuit_breaker.proto#envoy-v3-api-field-config-cluster-v3-circuitbreakers-thresholds-max-connections +[12]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/circuit_breaker.proto#envoy-v3-api-field-config-cluster-v3-circuitbreakers-thresholds-max-pending-requests +[13]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/circuit_breaker.proto#envoy-v3-api-field-config-cluster-v3-circuitbreakers-thresholds-max-requests +[14]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/circuit_breaker.proto#envoy-v3-api-field-config-cluster-v3-circuitbreakers-thresholds-max-retries +[15]: fundamentals.md +[16]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-virtualhost-require-tls +[17]: api/#projectcontour.io/v1.UpstreamValidation +[18]: ../config/tls-delegation/ +[19]: https://github.com/projectcontour/contour/issues/3544 +[20]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/circuit_breaker.proto#envoy-v3-api-field-config-cluster-v3-circuitbreakers-per-host-thresholds \ No newline at end of file diff --git a/site/content/docs/1.28/config/api-reference.html b/site/content/docs/1.28/config/api-reference.html new file mode 100644 index 00000000000..522e89d16a8 --- /dev/null +++ b/site/content/docs/1.28/config/api-reference.html @@ -0,0 +1,9131 @@ +

Packages:

+ +

projectcontour.io/v1

+

+

Package v1 holds the specification for the projectcontour.io Custom Resource Definitions (CRDs).

+

In building this CRD, we’ve inadvertently overloaded the word “Condition”, so we’ve tried to make +this spec clear as to which types of condition are which.

+

MatchConditions are used by Routes and Includes to specify rules to match requests against for either +routing or inclusion.

+

DetailedConditions are used in the Status of these objects to hold information about the relevant +state of the object and the world around it.

+

SubConditions are used underneath DetailedConditions to give more detail to errors or warnings.

+

+Resource Types: + +

HTTPProxy +

+

+

HTTPProxy is an Ingress CRD specification.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +projectcontour.io/v1 + +
+kind
+string +		HTTPProxy
+metadata +
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec +
+ + +HTTPProxySpec + + +		 +
+
+ + + + + + + + + + + + + + + + + + + + + +
+virtualhost +
+ + +VirtualHost + + +		 +(Optional) +

Virtualhost appears at most once. If it is present, the object is considered +to be a “root” HTTPProxy.

+
+routes +
+ + +[]Route + + +		 +(Optional) +

Routes are the ingress routes. If TCPProxy is present, Routes is ignored.

+
+tcpproxy +
+ + +TCPProxy + + +		 +(Optional) +

TCPProxy holds TCP proxy information.

+
+includes +
+ + +[]Include + + +		 +(Optional) +

Includes allow for specific routing configuration to be included from another HTTPProxy, +possibly in another namespace.

+
+ingressClassName +
+ +string + +		 +(Optional) +

IngressClassName optionally specifies the ingress class to use for this +HTTPProxy. This replaces the deprecated kubernetes.io/ingress.class +annotation. For backwards compatibility, when that annotation is set, it +is given precedence over this field.

+
+
+status +
+ + +HTTPProxyStatus + + +		 +(Optional) +

Status is a container for computed information about the HTTPProxy.

+
+

TLSCertificateDelegation +

+

+

TLSCertificateDelegation is an TLS Certificate Delegation CRD specification. +See design/tls-certificate-delegation.md for details.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +projectcontour.io/v1 + +
+kind
+string +		TLSCertificateDelegation
+metadata +
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec +
+ + +TLSCertificateDelegationSpec + + +		 +
+
+ + + + + +
+delegations +
+ + +[]CertificateDelegation + + +		 +
+
+status +
+ + +TLSCertificateDelegationStatus + + +		 +(Optional) +
+

AuthorizationPolicy +

+

+(Appears on: +AuthorizationServer, +Route) +

+

+

AuthorizationPolicy modifies how client requests are authenticated.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+disabled +
+ +bool + +		 +(Optional) +

When true, this field disables client request authentication +for the scope of the policy.

+
+context +
+ +map[string]string + +		 +(Optional) +

Context is a set of key/value pairs that are sent to the +authentication server in the check request. If a context +is provided at an enclosing scope, the entries are merged +such that the inner scope overrides matching keys from the +outer scope.

+
+

AuthorizationServer +

+

+(Appears on: +VirtualHost, +ContourConfigurationSpec) +

+

+

AuthorizationServer configures an external server to authenticate +client requests. The external server must implement the v3 Envoy +external authorization GRPC protocol (https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto).

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+extensionRef +
+ + +ExtensionServiceReference + + +		 +(Optional) +

ExtensionServiceRef specifies the extension resource that will authorize client requests.

+
+authPolicy +
+ + +AuthorizationPolicy + + +		 +(Optional) +

AuthPolicy sets a default authorization policy for client requests. +This policy will be used unless overridden by individual routes.

+
+responseTimeout +
+ +string + +		 +(Optional) +

ResponseTimeout configures maximum time to wait for a check response from the authorization server. +Timeout durations are expressed in the Go Duration format. +Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. +The string “infinity” is also a valid input and specifies no timeout.

+
+failOpen +
+ +bool + +		 +(Optional) +

If FailOpen is true, the client request is forwarded to the upstream service +even if the authorization server fails to respond. This field should not be +set in most cases. It is intended for use only while migrating applications +from internal authorization to Contour external authorization.

+
+withRequestBody +
+ + +AuthorizationServerBufferSettings + + +		 +(Optional) +

WithRequestBody specifies configuration for sending the client request’s body to authorization server.

+
+

AuthorizationServerBufferSettings +

+

+(Appears on: +AuthorizationServer) +

+

+

AuthorizationServerBufferSettings enables ExtAuthz filter to buffer client request data and send it as part of authorization request

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+maxRequestBytes +
+ +uint32 + +		 +(Optional) +

MaxRequestBytes sets the maximum size of message body ExtAuthz filter will hold in-memory.

+
+allowPartialMessage +
+ +bool + +		 +(Optional) +

If AllowPartialMessage is true, then Envoy will buffer the body until MaxRequestBytes are reached.

+
+packAsBytes +
+ +bool + +		 +(Optional) +

If PackAsBytes is true, the body sent to Authorization Server is in raw bytes.

+
+

CORSHeaderValue +(string alias)

+

+(Appears on: +CORSPolicy) +

+

+

CORSHeaderValue specifies the value of the string headers returned by a cross-domain request.

+

+

CORSPolicy +

+

+(Appears on: +VirtualHost) +

+

+

CORSPolicy allows setting the CORS policy

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+allowCredentials +
+ +bool + +		 +(Optional) +

Specifies whether the resource allows credentials.

+
+allowOrigin +
+ +[]string + +		 +

AllowOrigin specifies the origins that will be allowed to do CORS requests. +Allowed values include “*” which signifies any origin is allowed, an exact +origin of the form “scheme://host[:port]” (where port is optional), or a valid +regex pattern. +Note that regex patterns are validated and a simple “glob” pattern (e.g. *.foo.com) +will be rejected or produce unexpected matches when applied as a regex.

+
+allowMethods +
+ + +[]CORSHeaderValue + + +		 +

AllowMethods specifies the content for the access-control-allow-methods header.

+
+allowHeaders +
+ + +[]CORSHeaderValue + + +		 +(Optional) +

AllowHeaders specifies the content for the access-control-allow-headers header.

+
+exposeHeaders +
+ + +[]CORSHeaderValue + + +		 +(Optional) +

ExposeHeaders Specifies the content for the access-control-expose-headers header.

+
+maxAge +
+ +string + +		 +(Optional) +

MaxAge indicates for how long the results of a preflight request can be cached. +MaxAge durations are expressed in the Go Duration format. +Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. +Only positive values are allowed while 0 disables the cache requiring a preflight OPTIONS +check for all cross-origin requests.

+
+allowPrivateNetwork +
+ +bool + +		 +

AllowPrivateNetwork specifies whether to allow private network requests. +See https://developer.chrome.com/blog/private-network-access-preflight.

+
+

CertificateDelegation +

+

+(Appears on: +TLSCertificateDelegationSpec) +

+

+

CertificateDelegation maps the authority to reference a secret +in the current namespace to a set of namespaces.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+secretName +
+ +string + +		 +

required, the name of a secret in the current namespace.

+
+targetNamespaces +
+ +[]string + +		 +

required, the namespaces the authority to reference the +secret will be delegated to. +If TargetNamespaces is nil or empty, the CertificateDelegation’ +is ignored. If the TargetNamespace list contains the character, “*” +the secret will be delegated to all namespaces.

+
+

ClientCertificateDetails +

+

+(Appears on: +DownstreamValidation) +

+

+

ClientCertificateDetails defines which parts of the client certificate will be forwarded.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+subject +
+ +bool + +		 +(Optional) +

Subject of the client cert.

+
+cert +
+ +bool + +		 +(Optional) +

Client cert in URL encoded PEM format.

+
+chain +
+ +bool + +		 +(Optional) +

Client cert chain (including the leaf cert) in URL encoded PEM format.

+
+dns +
+ +bool + +		 +(Optional) +

DNS type Subject Alternative Names of the client cert.

+
+uri +
+ +bool + +		 +(Optional) +

URI type Subject Alternative Name of the client cert.

+
+

CookieDomainRewrite +

+

+(Appears on: +CookieRewritePolicy) +

+

+

+ + + + + + + + + + + + + +
FieldDescription
+value +
+ +string + +		 +

Value is the value to rewrite the Domain attribute to. +For now this is required.

+
+

CookiePathRewrite +

+

+(Appears on: +CookieRewritePolicy) +

+

+

+ + + + + + + + + + + + + +
FieldDescription
+value +
+ +string + +		 +

Value is the value to rewrite the Path attribute to. +For now this is required.

+
+

CookieRewritePolicy +

+

+(Appears on: +Route, +Service) +

+

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name +
+ +string + +		 +

Name is the name of the cookie for which attributes will be rewritten.

+
+pathRewrite +
+ + +CookiePathRewrite + + +		 +(Optional) +

PathRewrite enables rewriting the Set-Cookie Path element. +If not set, Path will not be rewritten.

+
+domainRewrite +
+ + +CookieDomainRewrite + + +		 +(Optional) +

DomainRewrite enables rewriting the Set-Cookie Domain element. +If not set, Domain will not be rewritten.

+
+secure +
+ +bool + +		 +(Optional) +

Secure enables rewriting the Set-Cookie Secure element. +If not set, Secure attribute will not be rewritten.

+
+sameSite +
+ +string + +		 +(Optional) +

SameSite enables rewriting the Set-Cookie SameSite element. +If not set, SameSite attribute will not be rewritten.

+
+

DetailedCondition +

+

+(Appears on: +HTTPProxyStatus, +TLSCertificateDelegationStatus, +ContourConfigurationStatus, +ExtensionServiceStatus) +

+

+

DetailedCondition is an extension of the normal Kubernetes conditions, with two extra +fields to hold sub-conditions, which provide more detailed reasons for the state (True or False) +of the condition.

+

errors holds information about sub-conditions which are fatal to that condition and render its state False.

+

warnings holds information about sub-conditions which are not fatal to that condition and do not force the state to be False.

+

Remember that Conditions have a type, a status, and a reason.

+

The type is the type of the condition, the most important one in this CRD set is Valid. +Valid is a positive-polarity condition: when it is status: true there are no problems.

+

In more detail, status: true means that the object is has been ingested into Contour with no errors. +warnings may still be present, and will be indicated in the Reason field. There must be zero entries in the errors +slice in this case.

+

Valid, status: false means that the object has had one or more fatal errors during processing into Contour. +The details of the errors will be present under the errors field. There must be at least one error in the errors +slice if status is false.

+

For DetailedConditions of types other than Valid, the Condition must be in the negative polarity. +When they have status true, there is an error. There must be at least one entry in the errors Subcondition slice. +When they have status false, there are no serious errors, and there must be zero entries in the errors slice. +In either case, there may be entries in the warnings slice.

+

Regardless of the polarity, the reason and message fields must be updated with either the detail of the reason +(if there is one and only one entry in total across both the errors and warnings slices), or +MultipleReasons if there is more than one entry.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+Condition +
+ + +Kubernetes meta/v1.Condition + + +		 +

+(Members of Condition are embedded into this type.) +

+
+errors +
+ + +[]SubCondition + + +		 +(Optional) +

Errors contains a slice of relevant error subconditions for this object.

+

Subconditions are expected to appear when relevant (when there is a error), and disappear when not relevant. +An empty slice here indicates no errors.

+
+warnings +
+ + +[]SubCondition + + +		 +(Optional) +

Warnings contains a slice of relevant warning subconditions for this object.

+

Subconditions are expected to appear when relevant (when there is a warning), and disappear when not relevant. +An empty slice here indicates no warnings.

+
+

DownstreamValidation +

+

+(Appears on: +TLS) +

+

+

DownstreamValidation defines how to verify the client certificate.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+caSecret +
+ +string + +		 +(Optional) +

Name of a Kubernetes secret that contains a CA certificate bundle. +The secret must contain key named ca.crt. +The client certificate must validate against the certificates in the bundle. +If specified and SkipClientCertValidation is true, client certificates will +be required on requests. +The name can be optionally prefixed with namespace “namespace/name”. +When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.

+
+skipClientCertValidation +
+ +bool + +		 +(Optional) +

SkipClientCertValidation disables downstream client certificate +validation. Defaults to false. This field is intended to be used in +conjunction with external authorization in order to enable the external +authorization server to validate client certificates. When this field +is set to true, client certificates are requested but not verified by +Envoy. If CACertificate is specified, client certificates are required on +requests, but not verified. If external authorization is in use, they are +presented to the external authorization server.

+
+forwardClientCertificate +
+ + +ClientCertificateDetails + + +		 +(Optional) +

ForwardClientCertificate adds the selected data from the passed client TLS certificate +to the x-forwarded-client-cert header.

+
+crlSecret +
+ +string + +		 +(Optional) +

Name of a Kubernetes opaque secret that contains a concatenated list of PEM encoded CRLs. +The secret must contain key named crl.pem. +This field will be used to verify that a client certificate has not been revoked. +CRLs must be available from all CAs, unless crlOnlyVerifyLeafCert is true. +Large CRL lists are not supported since individual secrets are limited to 1MiB in size. +The name can be optionally prefixed with namespace “namespace/name”. +When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.

+
+crlOnlyVerifyLeafCert +
+ +bool + +		 +(Optional) +

If this option is set to true, only the certificate at the end of the +certificate chain will be subject to validation by CRL.

+
+optionalClientCertificate +
+ +bool + +		 +(Optional) +

OptionalClientCertificate when set to true will request a client certificate +but allow the connection to continue if the client does not provide one. +If a client certificate is sent, it will be verified according to the +other properties, which includes disabling validation if +SkipClientCertValidation is set. Defaults to false.

+
+

ExtensionServiceReference +

+

+(Appears on: +AuthorizationServer) +

+

+

ExtensionServiceReference names an ExtensionService resource.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion +
+ +string + +		 +(Optional) +

API version of the referent. +If this field is not specified, the default “projectcontour.io/v1alpha1” will be used

+
+namespace +
+ +string + +		 +(Optional) +

Namespace of the referent. +If this field is not specifies, the namespace of the resource that targets the referent will be used.

+

More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

+
+name +
+ +string + +		 +

Name of the referent.

+

More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

+
+

Feature +(string alias)

+

+(Appears on: +ContourSettings) +

+

+

+

GenericKeyDescriptor +

+

+(Appears on: +RateLimitDescriptorEntry) +

+

+

GenericKeyDescriptor defines a descriptor entry with a static key and +value.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+key +
+ +string + +		 +(Optional) +

Key defines the key of the descriptor entry. If not set, the +key is set to “generic_key”.

+
+value +
+ +string + +		 +

Value defines the value of the descriptor entry.

+
+

GlobalRateLimitPolicy +

+

+(Appears on: +RateLimitPolicy, +RateLimitServiceConfig) +

+

+

GlobalRateLimitPolicy defines global rate limiting parameters.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+disabled +
+ +bool + +		 +(Optional) +

Disabled configures the HTTPProxy to not use +the default global rate limit policy defined by the Contour configuration.

+
+descriptors +
+ + +[]RateLimitDescriptor + + +		 +(Optional) +

Descriptors defines the list of descriptors that will +be generated and sent to the rate limit service. Each +descriptor contains 1+ key-value pair entries.

+
+

HTTPDirectResponsePolicy +

+

+(Appears on: +Route) +

+

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+statusCode +
+ +int + +		 +

StatusCode is the HTTP response status to be returned.

+
+body +
+ +string + +		 +(Optional) +

Body is the content of the response body. +If this setting is omitted, no body is included in the generated response.

+

Note: Body is not recommended to set too long +otherwise it can have significant resource usage impacts.

+
+

HTTPHealthCheckPolicy +

+

+(Appears on: +Route) +

+

+

HTTPHealthCheckPolicy defines health checks on the upstream service.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+path +
+ +string + +		 +

HTTP endpoint used to perform health checks on upstream service

+
+host +
+ +string + +		 +

The value of the host header in the HTTP health check request. +If left empty (default value), the name “contour-envoy-healthcheck” +will be used.

+
+intervalSeconds +
+ +int64 + +		 +(Optional) +

The interval (seconds) between health checks

+
+timeoutSeconds +
+ +int64 + +		 +(Optional) +

The time to wait (seconds) for a health check response

+
+unhealthyThresholdCount +
+ +int64 + +		 +(Optional) +

The number of unhealthy health checks required before a host is marked unhealthy

+
+healthyThresholdCount +
+ +int64 + +		 +(Optional) +

The number of healthy health checks required before a host is marked healthy

+
+expectedStatuses +
+ + +[]HTTPStatusRange + + +		 +(Optional) +

The ranges of HTTP response statuses considered healthy. Follow half-open +semantics, i.e. for each range the start is inclusive and the end is exclusive. +Must be within the range [100,600). If not specified, only a 200 response status +is considered healthy.

+
+

HTTPInternalRedirectPolicy +

+

+(Appears on: +Route) +

+

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+maxInternalRedirects +
+ +uint32 + +		 +(Optional) +

MaxInternalRedirects An internal redirect is not handled, unless the number of previous internal +redirects that a downstream request has encountered is lower than this value.

+
+redirectResponseCodes +
+ + +[]RedirectResponseCode + + +		 +(Optional) +

RedirectResponseCodes If unspecified, only 302 will be treated as internal redirect. +Only 301, 302, 303, 307 and 308 are valid values.

+
+allowCrossSchemeRedirect +
+ +string + +		 +(Optional) +

AllowCrossSchemeRedirect Allow internal redirect to follow a target URI with a different scheme +than the value of x-forwarded-proto. +SafeOnly allows same scheme redirect and safe cross scheme redirect, which means if the downstream +scheme is HTTPS, both HTTPS and HTTP redirect targets are allowed, but if the downstream scheme +is HTTP, only HTTP redirect targets are allowed.

+
+denyRepeatedRouteRedirect +
+ +bool + +		 +(Optional) +

If DenyRepeatedRouteRedirect is true, rejects redirect targets that are pointing to a route that has +been followed by a previous redirect from the current route.

+
+

HTTPProxySpec +

+

+(Appears on: +HTTPProxy) +

+

+

HTTPProxySpec defines the spec of the CRD.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+virtualhost +
+ + +VirtualHost + + +		 +(Optional) +

Virtualhost appears at most once. If it is present, the object is considered +to be a “root” HTTPProxy.

+
+routes +
+ + +[]Route + + +		 +(Optional) +

Routes are the ingress routes. If TCPProxy is present, Routes is ignored.

+
+tcpproxy +
+ + +TCPProxy + + +		 +(Optional) +

TCPProxy holds TCP proxy information.

+
+includes +
+ + +[]Include + + +		 +(Optional) +

Includes allow for specific routing configuration to be included from another HTTPProxy, +possibly in another namespace.

+
+ingressClassName +
+ +string + +		 +(Optional) +

IngressClassName optionally specifies the ingress class to use for this +HTTPProxy. This replaces the deprecated kubernetes.io/ingress.class +annotation. For backwards compatibility, when that annotation is set, it +is given precedence over this field.

+
+

HTTPProxyStatus +

+

+(Appears on: +HTTPProxy) +

+

+

HTTPProxyStatus reports the current state of the HTTPProxy.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+currentStatus +
+ +string + +		 +(Optional) +
+description +
+ +string + +		 +(Optional) +
+loadBalancer +
+ + +Kubernetes core/v1.LoadBalancerStatus + + +		 +(Optional) +

LoadBalancer contains the current status of the load balancer.

+
+conditions +
+ + +[]DetailedCondition + + +		 +(Optional) +

Conditions contains information about the current status of the HTTPProxy, +in an upstream-friendly container.

+

Contour will update a single condition, Valid, that is in normal-true polarity. +That is, when currentStatus is valid, the Valid condition will be status: true, +and vice versa.

+

Contour will leave untouched any other Conditions set in this block, +in case some other controller wants to add a Condition.

+

If you are another controller owner and wish to add a condition, you should +namespace your condition with a label, like controller.domain.com/ConditionName.

+
+

HTTPRequestRedirectPolicy +

+

+(Appears on: +Route) +

+

+

HTTPRequestRedirectPolicy defines configuration for redirecting a request.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+scheme +
+ +string + +		 +(Optional) +

Scheme is the scheme to be used in the value of the Location +header in the response. +When empty, the scheme of the request is used.

+
+hostname +
+ +string + +		 +(Optional) +

Hostname is the precise hostname to be used in the value of the Location +header in the response. +When empty, the hostname of the request is used. +No wildcards are allowed.

+
+port +
+ +int32 + +		 +(Optional) +

Port is the port to be used in the value of the Location +header in the response. +When empty, port (if specified) of the request is used.

+
+statusCode +
+ +int + +		 +(Optional) +

StatusCode is the HTTP status code to be used in response.

+
+path +
+ +string + +		 +(Optional) +

Path allows for redirection to a different path from the +original on the request. The path must start with a +leading slash.

+

Note: Only one of Path or Prefix can be defined.

+
+prefix +
+ +string + +		 +(Optional) +

Prefix defines the value to swap the matched prefix or path with. +The prefix must start with a leading slash.

+

Note: Only one of Path or Prefix can be defined.

+
+

HTTPStatusRange +

+

+(Appears on: +HTTPHealthCheckPolicy) +

+

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+start +
+ +int64 + +		 +

The start (inclusive) of a range of HTTP status codes.

+
+end +
+ +int64 + +		 +

The end (exclusive) of a range of HTTP status codes.

+
+

HeaderHashOptions +

+

+(Appears on: +RequestHashPolicy) +

+

+

HeaderHashOptions contains options to configure a HTTP request header hash +policy, used in request attribute hash based load balancing.

+

+ + + + + + + + + + + + + +
FieldDescription
+headerName +
+ +string + +		 +

HeaderName is the name of the HTTP request header that will be used to +calculate the hash key. If the header specified is not present on a +request, no hash will be produced.

+
+

HeaderMatchCondition +

+

+(Appears on: +MatchCondition, +RequestHeaderValueMatchDescriptor) +

+

+

HeaderMatchCondition specifies how to conditionally match against HTTP +headers. The Name field is required, only one of Present, NotPresent, +Contains, NotContains, Exact, NotExact and Regex can be set. +For negative matching rules only (e.g. NotContains or NotExact) you can set +TreatMissingAsEmpty. +IgnoreCase has no effect for Regex.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name +
+ +string + +		 +

Name is the name of the header to match against. Name is required. +Header names are case insensitive.

+
+present +
+ +bool + +		 +(Optional) +

Present specifies that condition is true when the named header +is present, regardless of its value. Note that setting Present +to false does not make the condition true if the named header +is absent.

+
+notpresent +
+ +bool + +		 +(Optional) +

NotPresent specifies that condition is true when the named header +is not present. Note that setting NotPresent to false does not +make the condition true if the named header is present.

+
+contains +
+ +string + +		 +(Optional) +

Contains specifies a substring that must be present in +the header value.

+
+notcontains +
+ +string + +		 +(Optional) +

NotContains specifies a substring that must not be present +in the header value.

+
+ignoreCase +
+ +bool + +		 +(Optional) +

IgnoreCase specifies that string matching should be case insensitive. +Note that this has no effect on the Regex parameter.

+
+exact +
+ +string + +		 +(Optional) +

Exact specifies a string that the header value must be equal to.

+
+notexact +
+ +string + +		 +(Optional) +

NoExact specifies a string that the header value must not be +equal to. The condition is true if the header has any other value.

+
+regex +
+ +string + +		 +(Optional) +

Regex specifies a regular expression pattern that must match the header +value.

+
+treatMissingAsEmpty +
+ +bool + +		 +(Optional) +

TreatMissingAsEmpty specifies if the header match rule specified header +does not exist, this header value will be treated as empty. Defaults to false. +Unlike the underlying Envoy implementation this is only supported for +negative matches (e.g. NotContains, NotExact).

+
+

HeaderValue +

+

+(Appears on: +HeadersPolicy, +LocalRateLimitPolicy) +

+

+

HeaderValue represents a header name/value pair

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+name +
+ +string + +		 +

Name represents a key of a header

+
+value +
+ +string + +		 +

Value represents the value of a header specified by a key

+
+

HeadersPolicy +

+

+(Appears on: +Route, +Service) +

+

+

HeadersPolicy defines how headers are managed during forwarding. +The Host header is treated specially and if set in a HTTP request +will be used as the SNI server name when forwarding over TLS. It is an +error to attempt to set the Host header in a HTTP response.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+set +
+ + +[]HeaderValue + + +		 +(Optional) +

Set specifies a list of HTTP header values that will be set in the HTTP header. +If the header does not exist it will be added, otherwise it will be overwritten with the new value.

+
+remove +
+ +[]string + +		 +(Optional) +

Remove specifies a list of HTTP header names to remove.

+
+

IPFilterPolicy +

+

+(Appears on: +Route, +VirtualHost) +

+

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+source +
+ + +IPFilterSource + + +		 +

Source indicates how to determine the ip address to filter on, and can be +one of two values: +- Remote filters on the ip address of the client, accounting for PROXY and +X-Forwarded-For as needed. +- Peer filters on the ip of the network request, ignoring PROXY and +X-Forwarded-For.

+
+cidr +
+ +string + +		 +

CIDR is a CIDR block of ipv4 or ipv6 addresses to filter on. This can also be +a bare IP address (without a mask) to filter on exactly one address.

+
+

IPFilterSource +(string alias)

+

+(Appears on: +IPFilterPolicy) +

+

+

IPFilterSource indicates which IP should be considered for filtering

+

+ + + + + + + + + + + + +
ValueDescription

"Peer"

"Remote"

+

Include +

+

+(Appears on: +HTTPProxySpec) +

+

+

Include describes a set of policies that can be applied to an HTTPProxy in a namespace.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name +
+ +string + +		 +

Name of the HTTPProxy

+
+namespace +
+ +string + +		 +(Optional) +

Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied.

+
+conditions +
+ + +[]MatchCondition + + +		 +(Optional) +

Conditions are a set of rules that are applied to included HTTPProxies. +In effect, they are added onto the Conditions of included HTTPProxy Route +structs. +When applied, they are merged using AND, with one exception: +There can be only one Prefix MatchCondition per Conditions slice. +More than one Prefix, or contradictory Conditions, will make the +include invalid. Exact and Regex match conditions are not allowed +on includes.

+
+

JWTProvider +

+

+(Appears on: +VirtualHost) +

+

+

JWTProvider defines how to verify JWTs on requests.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name +
+ +string + +		 +

Unique name for the provider.

+
+default +
+ +bool + +		 +(Optional) +

Whether the provider should apply to all +routes in the HTTPProxy/its includes by +default. At most one provider can be marked +as the default. If no provider is marked +as the default, individual routes must explicitly +identify the provider they require.

+
+issuer +
+ +string + +		 +(Optional) +

Issuer that JWTs are required to have in the “iss” field. +If not provided, JWT issuers are not checked.

+
+audiences +
+ +[]string + +		 +(Optional) +

Audiences that JWTs are allowed to have in the “aud” field. +If not provided, JWT audiences are not checked.

+
+remoteJWKS +
+ + +RemoteJWKS + + +		 +

Remote JWKS to use for verifying JWT signatures.

+
+forwardJWT +
+ +bool + +		 +(Optional) +

Whether the JWT should be forwarded to the backend +service after successful verification. By default, +the JWT is not forwarded.

+
+

JWTVerificationPolicy +

+

+(Appears on: +Route) +

+

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+require +
+ +string + +		 +(Optional) +

Require names a specific JWT provider (defined in the virtual host) +to require for the route. If specified, this field overrides the +default provider if one exists. If this field is not specified, +the default provider will be required if one exists. At most one of +this field or the “disabled” field can be specified.

+
+disabled +
+ +bool + +		 +(Optional) +

Disabled defines whether to disable all JWT verification for this +route. This can be used to opt specific routes out of the default +JWT provider for the HTTPProxy. At most one of this field or the +“require” field can be specified.

+
+

LoadBalancerPolicy +

+

+(Appears on: +Route, +TCPProxy, +ExtensionServiceSpec) +

+

+

LoadBalancerPolicy defines the load balancing policy.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+strategy +
+ +string + +		 +

Strategy specifies the policy used to balance requests +across the pool of backend pods. Valid policy names are +Random, RoundRobin, WeightedLeastRequest, Cookie, +and RequestHash. If an unknown strategy name is specified +or no policy is supplied, the default RoundRobin policy +is used.

+
+requestHashPolicies +
+ + +[]RequestHashPolicy + + +		 +

RequestHashPolicies contains a list of hash policies to apply when the +RequestHash load balancing strategy is chosen. If an element of the +supplied list of hash policies is invalid, it will be ignored. If the +list of hash policies is empty after validation, the load balancing +strategy will fall back to the default RoundRobin.

+
+

LocalRateLimitPolicy +

+

+(Appears on: +RateLimitPolicy) +

+

+

LocalRateLimitPolicy defines local rate limiting parameters.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+requests +
+ +uint32 + +		 +

Requests defines how many requests per unit of time should +be allowed before rate limiting occurs.

+
+unit +
+ +string + +		 +

Unit defines the period of time within which requests +over the limit will be rate limited. Valid values are +“second”, “minute” and “hour”.

+
+burst +
+ +uint32 + +		 +(Optional) +

Burst defines the number of requests above the requests per +unit that should be allowed within a short period of time.

+
+responseStatusCode +
+ +uint32 + +		 +(Optional) +

ResponseStatusCode is the HTTP status code to use for responses +to rate-limited requests. Codes must be in the 400-599 range +(inclusive). If not specified, the Envoy default of 429 (Too +Many Requests) is used.

+
+responseHeadersToAdd +
+ + +[]HeaderValue + + +		 +(Optional) +

ResponseHeadersToAdd is an optional list of response headers to +set when a request is rate-limited.

+
+

MatchCondition +

+

+(Appears on: +Include, +Route) +

+

+

MatchCondition are a general holder for matching rules for HTTPProxies. +One of Prefix, Exact, Regex, Header or QueryParameter must be provided.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+prefix +
+ +string + +		 +(Optional) +

Prefix defines a prefix match for a request.

+
+exact +
+ +string + +		 +(Optional) +

Exact defines a exact match for a request. +This field is not allowed in include match conditions.

+
+regex +
+ +string + +		 +(Optional) +

Regex defines a regex match for a request. +This field is not allowed in include match conditions.

+
+header +
+ + +HeaderMatchCondition + + +		 +(Optional) +

Header specifies the header condition to match.

+
+queryParameter +
+ + +QueryParameterMatchCondition + + +		 +(Optional) +

QueryParameter specifies the query parameter condition to match.

+
+

Namespace +(string alias)

+

+(Appears on: +ContourSettings) +

+

+

Namespace refers to a Kubernetes namespace. It must be a RFC 1123 label.

+

This validation is based off of the corresponding Kubernetes validation: +https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/util/validation/validation.go#L187

+

This is used for Namespace name validation here: +https://github.com/kubernetes/apimachinery/blob/02cfb53916346d085a6c6c7c66f882e3c6b0eca6/pkg/api/validation/generic.go#L63

+

Valid values include:

+
    +
  • “example”
    • +
+

Invalid values include:

+
    +
  • “example.com” - “.” is an invalid character
    • +
+

+

PathRewritePolicy +

+

+(Appears on: +Route) +

+

+

PathRewritePolicy specifies how a request URL path should be +rewritten. This rewriting takes place after a request is routed +and has no subsequent effects on the proxy’s routing decision. +No HTTP headers or body content is rewritten.

+

Exactly one field in this struct may be specified.

+

+ + + + + + + + + + + + + +
FieldDescription
+replacePrefix +
+ + +[]ReplacePrefix + + +		 +(Optional) +

ReplacePrefix describes how the path prefix should be replaced.

+
+

QueryParameterHashOptions +

+

+(Appears on: +RequestHashPolicy) +

+

+

QueryParameterHashOptions contains options to configure a query parameter based hash +policy, used in request attribute hash based load balancing.

+

+ + + + + + + + + + + + + +
FieldDescription
+parameterName +
+ +string + +		 +

ParameterName is the name of the HTTP request query parameter that will be used to +calculate the hash key. If the query parameter specified is not present on a +request, no hash will be produced.

+
+

QueryParameterMatchCondition +

+

+(Appears on: +MatchCondition) +

+

+

QueryParameterMatchCondition specifies how to conditionally match against HTTP +query parameters. The Name field is required, only one of Exact, Prefix, +Suffix, Regex, Contains and Present can be set. IgnoreCase has no effect +for Regex.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name +
+ +string + +		 +

Name is the name of the query parameter to match against. Name is required. +Query parameter names are case insensitive.

+
+exact +
+ +string + +		 +(Optional) +

Exact specifies a string that the query parameter value must be equal to.

+
+prefix +
+ +string + +		 +(Optional) +

Prefix defines a prefix match for the query parameter value.

+
+suffix +
+ +string + +		 +(Optional) +

Suffix defines a suffix match for a query parameter value.

+
+regex +
+ +string + +		 +(Optional) +

Regex specifies a regular expression pattern that must match the query +parameter value.

+
+contains +
+ +string + +		 +(Optional) +

Contains specifies a substring that must be present in +the query parameter value.

+
+ignoreCase +
+ +bool + +		 +(Optional) +

IgnoreCase specifies that string matching should be case insensitive. +Note that this has no effect on the Regex parameter.

+
+present +
+ +bool + +		 +(Optional) +

Present specifies that condition is true when the named query parameter +is present, regardless of its value. Note that setting Present +to false does not make the condition true if the named query parameter +is absent.

+
+

RateLimitDescriptor +

+

+(Appears on: +GlobalRateLimitPolicy) +

+

+

RateLimitDescriptor defines a list of key-value pair generators.

+

+ + + + + + + + + + + + + +
FieldDescription
+entries +
+ + +[]RateLimitDescriptorEntry + + +		 +

Entries is the list of key-value pair generators.

+
+

RateLimitDescriptorEntry +

+

+(Appears on: +RateLimitDescriptor) +

+

+

RateLimitDescriptorEntry is a key-value pair generator. Exactly +one field on this struct must be non-nil.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+genericKey +
+ + +GenericKeyDescriptor + + +		 +(Optional) +

GenericKey defines a descriptor entry with a static key and value.

+
+requestHeader +
+ + +RequestHeaderDescriptor + + +		 +(Optional) +

RequestHeader defines a descriptor entry that’s populated only if +a given header is present on the request. The descriptor key is static, +and the descriptor value is equal to the value of the header.

+
+requestHeaderValueMatch +
+ + +RequestHeaderValueMatchDescriptor + + +		 +(Optional) +

RequestHeaderValueMatch defines a descriptor entry that’s populated +if the request’s headers match a set of 1+ match criteria. The +descriptor key is “header_match”, and the descriptor value is static.

+
+remoteAddress +
+ + +RemoteAddressDescriptor + + +		 +(Optional) +

RemoteAddress defines a descriptor entry with a key of “remote_address” +and a value equal to the client’s IP address (from x-forwarded-for).

+
+

RateLimitPolicy +

+

+(Appears on: +Route, +VirtualHost) +

+

+

RateLimitPolicy defines rate limiting parameters.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+local +
+ + +LocalRateLimitPolicy + + +		 +(Optional) +

Local defines local rate limiting parameters, i.e. parameters +for rate limiting that occurs within each Envoy pod as requests +are handled.

+
+global +
+ + +GlobalRateLimitPolicy + + +		 +(Optional) +

Global defines global rate limiting parameters, i.e. parameters +defining descriptors that are sent to an external rate limit +service (RLS) for a rate limit decision on each request.

+
+

RedirectResponseCode +(uint32 alias)

+

+(Appears on: +HTTPInternalRedirectPolicy) +

+

+

RedirectResponseCode is a uint32 type alias with validation to ensure that the value is valid.

+

+

RemoteAddressDescriptor +

+

+(Appears on: +RateLimitDescriptorEntry) +

+

+

RemoteAddressDescriptor defines a descriptor entry with a key of +“remote_address” and a value equal to the client’s IP address +(from x-forwarded-for).

+

+

RemoteJWKS +

+

+(Appears on: +JWTProvider) +

+

+

RemoteJWKS defines how to fetch a JWKS from an HTTP endpoint.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+uri +
+ +string + +		 +

The URI for the JWKS.

+
+validation +
+ + +UpstreamValidation + + +		 +(Optional) +

UpstreamValidation defines how to verify the JWKS’s TLS certificate.

+
+timeout +
+ +string + +		 +(Optional) +

How long to wait for a response from the URI. +If not specified, a default of 1s applies.

+
+cacheDuration +
+ +string + +		 +(Optional) +

How long to cache the JWKS locally. If not specified, +Envoy’s default of 5m applies.

+
+dnsLookupFamily +
+ +string + +		 +(Optional) +

The DNS IP address resolution policy for the JWKS URI. +When configured as “v4”, the DNS resolver will only perform a lookup +for addresses in the IPv4 family. If “v6” is configured, the DNS resolver +will only perform a lookup for addresses in the IPv6 family. +If “all” is configured, the DNS resolver +will perform a lookup for addresses in both the IPv4 and IPv6 family. +If “auto” is configured, the DNS resolver will first perform a lookup +for addresses in the IPv6 family and fallback to a lookup for addresses +in the IPv4 family. If not specified, the Contour-wide setting defined +in the config file or ContourConfiguration applies (defaults to “auto”).

+

See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily +for more information.

+
+

ReplacePrefix +

+

+(Appears on: +PathRewritePolicy) +

+

+

ReplacePrefix describes a path prefix replacement.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+prefix +
+ +string + +		 +(Optional) +

Prefix specifies the URL path prefix to be replaced.

+

If Prefix is specified, it must exactly match the MatchCondition +prefix that is rendered by the chain of including HTTPProxies +and only that path prefix will be replaced by Replacement. +This allows HTTPProxies that are included through multiple +roots to only replace specific path prefixes, leaving others +unmodified.

+

If Prefix is not specified, all routing prefixes rendered +by the include chain will be replaced.

+
+replacement +
+ +string + +		 +

Replacement is the string that the routing path prefix +will be replaced with. This must not be empty.

+
+

RequestHashPolicy +

+

+(Appears on: +LoadBalancerPolicy) +

+

+

RequestHashPolicy contains configuration for an individual hash policy +on a request attribute.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+terminal +
+ +bool + +		 +

Terminal is a flag that allows for short-circuiting computing of a hash +for a given request. If set to true, and the request attribute specified +in the attribute hash options is present, no further hash policies will +be used to calculate a hash for the request.

+
+headerHashOptions +
+ + +HeaderHashOptions + + +		 +(Optional) +

HeaderHashOptions should be set when request header hash based load +balancing is desired. It must be the only hash option field set, +otherwise this request hash policy object will be ignored.

+
+queryParameterHashOptions +
+ + +QueryParameterHashOptions + + +		 +(Optional) +

QueryParameterHashOptions should be set when request query parameter hash based load +balancing is desired. It must be the only hash option field set, +otherwise this request hash policy object will be ignored.

+
+hashSourceIP +
+ +bool + +		 +(Optional) +

HashSourceIP should be set to true when request source IP hash based +load balancing is desired. It must be the only hash option field set, +otherwise this request hash policy object will be ignored.

+
+

RequestHeaderDescriptor +

+

+(Appears on: +RateLimitDescriptorEntry) +

+

+

RequestHeaderDescriptor defines a descriptor entry that’s populated only +if a given header is present on the request. The value of the descriptor +entry is equal to the value of the header (if present).

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+headerName +
+ +string + +		 +

HeaderName defines the name of the header to look for on the request.

+
+descriptorKey +
+ +string + +		 +

DescriptorKey defines the key to use on the descriptor entry.

+
+

RequestHeaderValueMatchDescriptor +

+

+(Appears on: +RateLimitDescriptorEntry) +

+

+

RequestHeaderValueMatchDescriptor defines a descriptor entry that’s populated +if the request’s headers match a set of 1+ match criteria. The descriptor key +is “header_match”, and the descriptor value is statically defined.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+headers +
+ + +[]HeaderMatchCondition + + +		 +

Headers is a list of 1+ match criteria to apply against the request +to determine whether to populate the descriptor entry or not.

+
+expectMatch +
+ +bool + +		 +

ExpectMatch defines whether the request must positively match the match +criteria in order to generate a descriptor entry (i.e. true), or not +match the match criteria in order to generate a descriptor entry (i.e. false). +The default is true.

+
+value +
+ +string + +		 +

Value defines the value of the descriptor entry.

+
+

RetryOn +(string alias)

+

+(Appears on: +RetryPolicy) +

+

+

RetryOn is a string type alias with validation to ensure that the value is valid.

+

+

RetryPolicy +

+

+(Appears on: +Route) +

+

+

RetryPolicy defines the attributes associated with retrying policy.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+count +
+ +int64 + +		 +(Optional) +

NumRetries is maximum allowed number of retries. +If set to -1, then retries are disabled. +If set to 0 or not supplied, the value is set +to the Envoy default of 1.

+
+perTryTimeout +
+ +string + +		 +(Optional) +

PerTryTimeout specifies the timeout per retry attempt. +Ignored if NumRetries is not supplied.

+
+retryOn +
+ + +[]RetryOn + + +		 +(Optional) +

RetryOn specifies the conditions on which to retry a request.

+

Supported HTTP conditions:

+
    +
  • 5xx
    • +
  • gateway-error
    • +
  • reset
    • +
  • connect-failure
    • +
  • retriable-4xx
    • +
  • refused-stream
    • +
  • retriable-status-codes
    • +
  • retriable-headers
    • +
+

Supported gRPC conditions:

+
    +
  • cancelled
    • +
  • deadline-exceeded
    • +
  • internal
    • +
  • resource-exhausted
    • +
  • unavailable
    • +
+
+retriableStatusCodes +
+ +[]uint32 + +		 +(Optional) +

RetriableStatusCodes specifies the HTTP status codes that should be retried.

+

This field is only respected when you include retriable-status-codes in the RetryOn field.

+
+

Route +

+

+(Appears on: +HTTPProxySpec) +

+

+

Route contains the set of routes for a virtual host.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+conditions +
+ + +[]MatchCondition + + +		 +(Optional) +

Conditions are a set of rules that are applied to a Route. +When applied, they are merged using AND, with one exception: +There can be only one Prefix, Exact or Regex MatchCondition +per Conditions slice. More than one of these condition types, +or contradictory Conditions, will make the route invalid.

+
+services +
+ + +[]Service + + +		 +(Optional) +

Services are the services to proxy traffic.

+
+enableWebsockets +
+ +bool + +		 +(Optional) +

Enables websocket support for the route.

+
+permitInsecure +
+ +bool + +		 +(Optional) +

Allow this path to respond to insecure requests over HTTP which are normally +not permitted when a virtualhost.tls block is present.

+
+authPolicy +
+ + +AuthorizationPolicy + + +		 +(Optional) +

AuthPolicy updates the authorization policy that was set +on the root HTTPProxy object for client requests that +match this route.

+
+timeoutPolicy +
+ + +TimeoutPolicy + + +		 +(Optional) +

The timeout policy for this route.

+
+retryPolicy +
+ + +RetryPolicy + + +		 +(Optional) +

The retry policy for this route.

+
+healthCheckPolicy +
+ + +HTTPHealthCheckPolicy + + +		 +(Optional) +

The health check policy for this route.

+
+loadBalancerPolicy +
+ + +LoadBalancerPolicy + + +		 +(Optional) +

The load balancing policy for this route.

+
+pathRewritePolicy +
+ + +PathRewritePolicy + + +		 +(Optional) +

The policy for rewriting the path of the request URL +after the request has been routed to a Service.

+
+requestHeadersPolicy +
+ + +HeadersPolicy + + +		 +(Optional) +

The policy for managing request headers during proxying.

+

You may dynamically rewrite the Host header to be forwarded +upstream to the content of a request header using +the below format “%REQ(X-Header-Name)%”. If the value of the header +is empty, it is ignored.

+

*NOTE: Pay attention to the potential security implications of using this option. +Provided header must come from trusted source.

+

**NOTE: The header rewrite is only done while forwarding and has no bearing +on the routing decision.

+
+responseHeadersPolicy +
+ + +HeadersPolicy + + +		 +(Optional) +

The policy for managing response headers during proxying. +Rewriting the ‘Host’ header is not supported.

+
+cookieRewritePolicies +
+ + +[]CookieRewritePolicy + + +		 +(Optional) +

The policies for rewriting Set-Cookie header attributes. Note that +rewritten cookie names must be unique in this list. Order rewrite +policies are specified in does not matter.

+
+rateLimitPolicy +
+ + +RateLimitPolicy + + +		 +(Optional) +

The policy for rate limiting on the route.

+
+requestRedirectPolicy +
+ + +HTTPRequestRedirectPolicy + + +		 +(Optional) +

RequestRedirectPolicy defines an HTTP redirection.

+
+directResponsePolicy +
+ + +HTTPDirectResponsePolicy + + +		 +(Optional) +

DirectResponsePolicy returns an arbitrary HTTP response directly.

+
+internalRedirectPolicy +
+ + +HTTPInternalRedirectPolicy + + +		 +(Optional) +

The policy to define when to handle redirects responses internally.

+
+jwtVerificationPolicy +
+ + +JWTVerificationPolicy + + +		 +(Optional) +

The policy for verifying JWTs for requests to this route.

+
+ipAllowPolicy +
+ + +[]IPFilterPolicy + + +		 +

IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching +requests should be allowed. All other requests will be denied. +Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. +The rules defined here override any rules set on the root HTTPProxy.

+
+ipDenyPolicy +
+ + +[]IPFilterPolicy + + +		 +

IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching +requests should be denied. All other requests will be allowed. +Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. +The rules defined here override any rules set on the root HTTPProxy.

+
+

Service +

+

+(Appears on: +Route, +TCPProxy) +

+

+

Service defines an Kubernetes Service to proxy traffic.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name +
+ +string + +		 +

Name is the name of Kubernetes service to proxy traffic. +Names defined here will be used to look up corresponding endpoints which contain the ips to route.

+
+port +
+ +int + +		 +

Port (defined as Integer) to proxy traffic to since a service can have multiple defined.

+
+healthPort +
+ +int + +		 +(Optional) +

HealthPort is the port for this service healthcheck. +If not specified, Port is used for service healthchecks.

+
+protocol +
+ +string + +		 +(Optional) +

Protocol may be used to specify (or override) the protocol used to reach this Service. +Values may be tls, h2, h2c. If omitted, protocol-selection falls back on Service annotations.

+
+weight +
+ +int64 + +		 +(Optional) +

Weight defines percentage of traffic to balance traffic

+
+validation +
+ + +UpstreamValidation + + +		 +(Optional) +

UpstreamValidation defines how to verify the backend service’s certificate

+
+mirror +
+ +bool + +		 +

If Mirror is true the Service will receive a read only mirror of the traffic for this route. +If Mirror is true, then fractional mirroring can be enabled by optionally setting the Weight +field. Legal values for Weight are 1-100. Omitting the Weight field will result in 100% mirroring. +NOTE: Setting Weight explicitly to 0 will unexpectedly result in 100% traffic mirroring. This +occurs since we cannot distinguish omitted fields from those explicitly set to their default +values

+
+requestHeadersPolicy +
+ + +HeadersPolicy + + +		 +(Optional) +

The policy for managing request headers during proxying.

+
+responseHeadersPolicy +
+ + +HeadersPolicy + + +		 +(Optional) +

The policy for managing response headers during proxying. +Rewriting the ‘Host’ header is not supported.

+
+cookieRewritePolicies +
+ + +[]CookieRewritePolicy + + +		 +(Optional) +

The policies for rewriting Set-Cookie header attributes.

+
+slowStartPolicy +
+ + +SlowStartPolicy + + +		 +(Optional) +

Slow start will gradually increase amount of traffic to a newly added endpoint.

+
+

SlowStartPolicy +

+

+(Appears on: +Service) +

+

+

SlowStartPolicy will gradually increase amount of traffic to a newly added endpoint. +It can be used only with RoundRobin and WeightedLeastRequest load balancing strategies.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+window +
+ +string + +		 +

The duration of slow start window. +Duration is expressed in the Go Duration format. +Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”.

+
+aggression +
+ +string + +		 +(Optional) +

The speed of traffic increase over the slow start window. +Defaults to 1.0, so that endpoint would get linearly increasing amount of traffic. +When increasing the value for this parameter, the speed of traffic ramp-up increases non-linearly. +The value of aggression parameter should be greater than 0.0.

+

More info: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start

+
+minWeightPercent +
+ +uint32 + +		 +(Optional) +

The minimum or starting percentage of traffic to send to new endpoints. +A non-zero value helps avoid a too small initial weight, which may cause endpoints in slow start mode to receive no traffic in the beginning of the slow start window. +If not specified, the default is 10%.

+
+

SubCondition +

+

+(Appears on: +DetailedCondition) +

+

+

SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition.

+

It contains a subset of the Condition fields.

+

It is intended for warnings and errors, so type names should use abnormal-true polarity, +that is, they should be of the form “ErrorPresent: true”.

+

The expected lifecycle for these errors is that they should only be present when the error or warning is, +and should be removed when they are not relevant.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+type +
+ +string + +		 +

Type of condition in CamelCase or in foo.example.com/CamelCase.

+

This must be in abnormal-true polarity, that is, ErrorFound or controller.io/ErrorFound.

+

The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)

+
+status +
+ + +Kubernetes meta/v1.ConditionStatus + + +		 +

Status of the condition, one of True, False, Unknown.

+
+reason +
+ +string + +		 +

Reason contains a programmatic identifier indicating the reason for the condition’s last transition. +Producers of specific condition types may define expected values and meanings for this field, +and whether the values are considered a guaranteed API.

+

The value should be a CamelCase string.

+

This field may not be empty.

+
+message +
+ +string + +		 +

Message is a human readable message indicating details about the transition.

+

This may be an empty string.

+
+

TCPHealthCheckPolicy +

+

+(Appears on: +TCPProxy) +

+

+

TCPHealthCheckPolicy defines health checks on the upstream service.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+intervalSeconds +
+ +int64 + +		 +(Optional) +

The interval (seconds) between health checks

+
+timeoutSeconds +
+ +int64 + +		 +(Optional) +

The time to wait (seconds) for a health check response

+
+unhealthyThresholdCount +
+ +uint32 + +		 +(Optional) +

The number of unhealthy health checks required before a host is marked unhealthy

+
+healthyThresholdCount +
+ +uint32 + +		 +(Optional) +

The number of healthy health checks required before a host is marked healthy

+
+

TCPProxy +

+

+(Appears on: +HTTPProxySpec) +

+

+

TCPProxy contains the set of services to proxy TCP connections.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+loadBalancerPolicy +
+ + +LoadBalancerPolicy + + +		 +(Optional) +

The load balancing policy for the backend services. Note that the +Cookie and RequestHash load balancing strategies cannot be used +here.

+
+services +
+ + +[]Service + + +		 +(Optional) +

Services are the services to proxy traffic

+
+include +
+ + +TCPProxyInclude + + +		 +(Optional) +

Include specifies that this tcpproxy should be delegated to another HTTPProxy.

+
+includes +
+ + +TCPProxyInclude + + +		 +(Optional) +

IncludesDeprecated allow for specific routing configuration to be appended to another HTTPProxy in another namespace.

+

Exists due to a mistake when developing HTTPProxy and the field was marked plural +when it should have been singular. This field should stay to not break backwards compatibility to v1 users.

+
+healthCheckPolicy +
+ + +TCPHealthCheckPolicy + + +		 +(Optional) +

The health check policy for this tcp proxy

+
+

TCPProxyInclude +

+

+(Appears on: +TCPProxy) +

+

+

TCPProxyInclude describes a target HTTPProxy document which contains the TCPProxy details.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+name +
+ +string + +		 +

Name of the child HTTPProxy

+
+namespace +
+ +string + +		 +(Optional) +

Namespace of the HTTPProxy to include. Defaults to the current namespace if not supplied.

+
+

TLS +

+

+(Appears on: +VirtualHost) +

+

+

TLS describes tls properties. The SNI names that will be matched on +are described in the HTTPProxy’s Spec.VirtualHost.Fqdn field.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+secretName +
+ +string + +		 +

SecretName is the name of a TLS secret. +Either SecretName or Passthrough must be specified, but not both. +If specified, the named secret must contain a matching certificate +for the virtual host’s FQDN. +The name can be optionally prefixed with namespace “namespace/name”. +When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret.

+
+minimumProtocolVersion +
+ +string + +		 +(Optional) +

MinimumProtocolVersion is the minimum TLS version this vhost should +negotiate. Valid options are 1.2 (default) and 1.3. Any other value +defaults to TLS 1.2.

+
+maximumProtocolVersion +
+ +string + +		 +(Optional) +

MaximumProtocolVersion is the maximum TLS version this vhost should +negotiate. Valid options are 1.2 and 1.3 (default). Any other value +defaults to TLS 1.3.

+
+passthrough +
+ +bool + +		 +(Optional) +

Passthrough defines whether the encrypted TLS handshake will be +passed through to the backing cluster. Either Passthrough or +SecretName must be specified, but not both.

+
+clientValidation +
+ + +DownstreamValidation + + +		 +(Optional) +

ClientValidation defines how to verify the client certificate +when an external client establishes a TLS connection to Envoy.

+

This setting:

+
    +
  1. Enables TLS client certificate validation.
    2. +
  2. Specifies how the client certificate will be validated (i.e. +validation required or skipped).
    3. +
+

Note: Setting client certificate validation to be skipped should +be only used in conjunction with an external authorization server that +performs client validation as Contour will ensure client certificates +are passed along.

+
+enableFallbackCertificate +
+ +bool + +		 +

EnableFallbackCertificate defines if the vhost should allow a default certificate to +be applied which handles all requests which don’t match the SNI defined in this vhost.

+
+

TLSCertificateDelegationSpec +

+

+(Appears on: +TLSCertificateDelegation) +

+

+

TLSCertificateDelegationSpec defines the spec of the CRD

+

+ + + + + + + + + + + + + +
FieldDescription
+delegations +
+ + +[]CertificateDelegation + + +		 +
+

TLSCertificateDelegationStatus +

+

+(Appears on: +TLSCertificateDelegation) +

+

+

TLSCertificateDelegationStatus allows for the status of the delegation +to be presented to the user.

+

+ + + + + + + + + + + + + +
FieldDescription
+conditions +
+ + +[]DetailedCondition + + +		 +(Optional) +

Conditions contains information about the current status of the HTTPProxy, +in an upstream-friendly container.

+

Contour will update a single condition, Valid, that is in normal-true polarity. +That is, when currentStatus is valid, the Valid condition will be status: true, +and vice versa.

+

Contour will leave untouched any other Conditions set in this block, +in case some other controller wants to add a Condition.

+

If you are another controller owner and wish to add a condition, you should +namespace your condition with a label, like controller.domain.com\ConditionName.

+
+

TimeoutPolicy +

+

+(Appears on: +Route, +ExtensionServiceSpec) +

+

+

TimeoutPolicy configures timeouts that are used for handling network requests.

+

TimeoutPolicy durations are expressed in the Go Duration format. +Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h”. +The string “infinity” is also a valid input and specifies no timeout. +A value of “0s” will be treated as if the field were not set, i.e. by using Envoy’s default behavior.

+

Example input values: “300ms”, “5s”, “1m”.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+response +
+ +string + +		 +(Optional) +

Timeout for receiving a response from the server after processing a request from client. +If not supplied, Envoy’s default value of 15s applies.

+
+idle +
+ +string + +		 +(Optional) +

Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2). +Timeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests. +If not specified, there is no per-route idle timeout, though a connection manager-wide +stream_idle_timeout default of 5m still applies.

+
+idleConnection +
+ +string + +		 +(Optional) +

Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests. +If not supplied, Envoy’s default value of 1h applies.

+
+

UpstreamValidation +

+

+(Appears on: +RemoteJWKS, +Service, +ExtensionServiceSpec) +

+

+

UpstreamValidation defines how to verify the backend service’s certificate

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+caSecret +
+ +string + +		 +

Name or namespaced name of the Kubernetes secret used to validate the certificate presented by the backend. +The secret must contain key named ca.crt. +The name can be optionally prefixed with namespace “namespace/name”. +When cross-namespace reference is used, TLSCertificateDelegation resource must exist in the namespace to grant access to the secret. +Max length should be the actual max possible length of a namespaced name (63 + 253 + 1 = 317)

+
+subjectName +
+ +string + +		 +

Key which is expected to be present in the ‘subjectAltName’ of the presented certificate. +Deprecated: migrate to using the plural field subjectNames.

+
+subjectNames +
+ +[]string + +		 +(Optional) +

List of keys, of which at least one is expected to be present in the ‘subjectAltName of the +presented certificate.

+
+

VirtualHost +

+

+(Appears on: +HTTPProxySpec) +

+

+

VirtualHost appears at most once. If it is present, the object is considered +to be a “root”.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+fqdn +
+ +string + +		 +

The fully qualified domain name of the root of the ingress tree +all leaves of the DAG rooted at this object relate to the fqdn.

+
+tls +
+ + +TLS + + +		 +(Optional) +

If present the fields describes TLS properties of the virtual +host. The SNI names that will be matched on are described in fqdn, +the tls.secretName secret must contain a certificate that itself +contains a name that matches the FQDN.

+
+authorization +
+ + +AuthorizationServer + + +		 +(Optional) +

This field configures an extension service to perform +authorization for this virtual host. Authorization can +only be configured on virtual hosts that have TLS enabled. +If the TLS configuration requires client certificate +validation, the client certificate is always included in the +authentication check request.

+
+corsPolicy +
+ + +CORSPolicy + + +		 +(Optional) +

Specifies the cross-origin policy to apply to the VirtualHost.

+
+rateLimitPolicy +
+ + +RateLimitPolicy + + +		 +(Optional) +

The policy for rate limiting on the virtual host.

+
+jwtProviders +
+ + +[]JWTProvider + + +		 +(Optional) +

Providers to use for verifying JSON Web Tokens (JWTs) on the virtual host.

+
+ipAllowPolicy +
+ + +[]IPFilterPolicy + + +		 +

IPAllowFilterPolicy is a list of ipv4/6 filter rules for which matching +requests should be allowed. All other requests will be denied. +Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. +The rules defined here may be overridden in a Route.

+
+ipDenyPolicy +
+ + +[]IPFilterPolicy + + +		 +

IPDenyFilterPolicy is a list of ipv4/6 filter rules for which matching +requests should be denied. All other requests will be allowed. +Only one of IPAllowFilterPolicy and IPDenyFilterPolicy can be defined. +The rules defined here may be overridden in a Route.

+
+
+

projectcontour.io/v1alpha1

+

+

Package v1alpha1 contains API Schema definitions for the projectcontour.io v1alpha1 API group

+

+Resource Types: + +

ContourConfiguration +

+

+

ContourConfiguration is the schema for a Contour instance.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +projectcontour.io/v1alpha1 + +
+kind
+string +		ContourConfiguration
+metadata +
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec +
+ + +ContourConfigurationSpec + + +		 +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+xdsServer +
+ + +XDSServerConfig + + +		 +(Optional) +

XDSServer contains parameters for the xDS server.

+
+ingress +
+ + +IngressConfig + + +		 +(Optional) +

Ingress contains parameters for ingress options.

+
+debug +
+ + +DebugConfig + + +		 +(Optional) +

Debug contains parameters to enable debug logging +and debug interfaces inside Contour.

+
+health +
+ + +HealthConfig + + +		 +(Optional) +

Health defines the endpoints Contour uses to serve health checks.

+

Contour’s default is { address: “0.0.0.0”, port: 8000 }.

+
+envoy +
+ + +EnvoyConfig + + +		 +(Optional) +

Envoy contains parameters for Envoy as well +as how to optionally configure a managed Envoy fleet.

+
+gateway +
+ + +GatewayConfig + + +		 +(Optional) +

Gateway contains parameters for the gateway-api Gateway that Contour +is configured to serve traffic.

+
+httpproxy +
+ + +HTTPProxyConfig + + +		 +(Optional) +

HTTPProxy defines parameters on HTTPProxy.

+
+enableExternalNameService +
+ +bool + +		 +(Optional) +

EnableExternalNameService allows processing of ExternalNameServices

+

Contour’s default is false for security reasons.

+
+globalExtAuth +
+ + +AuthorizationServer + + +		 +(Optional) +

GlobalExternalAuthorization allows envoys external authorization filter +to be enabled for all virtual hosts.

+
+rateLimitService +
+ + +RateLimitServiceConfig + + +		 +(Optional) +

RateLimitService optionally holds properties of the Rate Limit Service +to be used for global rate limiting.

+
+policy +
+ + +PolicyConfig + + +		 +(Optional) +

Policy specifies default policy applied if not overridden by the user

+
+metrics +
+ + +MetricsConfig + + +		 +(Optional) +

Metrics defines the endpoint Contour uses to serve metrics.

+

Contour’s default is { address: “0.0.0.0”, port: 8000 }.

+
+tracing +
+ + +TracingConfig + + +		 +

Tracing defines properties for exporting trace data to OpenTelemetry.

+
+featureFlags +
+ + +FeatureFlags + + +		 +

FeatureFlags defines toggle to enable new contour features. +Available toggles are: +useEndpointSlices - configures contour to fetch endpoint data +from k8s endpoint slices. defaults to false and reading endpoint +data from the k8s endpoints.

+
+
+status +
+ + +ContourConfigurationStatus + + +		 +(Optional) +
+

ContourDeployment +

+

+

ContourDeployment is the schema for a Contour Deployment.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +projectcontour.io/v1alpha1 + +
+kind
+string +		ContourDeployment
+metadata +
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec +
+ + +ContourDeploymentSpec + + +		 +
+
+ + + + + + + + + + + + + + + + + +
+contour +
+ + +ContourSettings + + +		 +(Optional) +

Contour specifies deployment-time settings for the Contour +part of the installation, i.e. the xDS server/control plane +and associated resources, including things like replica count +for the Deployment, and node placement constraints for the pods.

+
+envoy +
+ + +EnvoySettings + + +		 +(Optional) +

Envoy specifies deployment-time settings for the Envoy +part of the installation, i.e. the xDS client/data plane +and associated resources, including things like the workload +type to use (DaemonSet or Deployment), node placement constraints +for the pods, and various options for the Envoy service.

+
+runtimeSettings +
+ + +ContourConfigurationSpec + + +		 +(Optional) +

RuntimeSettings is a ContourConfiguration spec to be used when +provisioning a Contour instance that will influence aspects of +the Contour instance’s runtime behavior.

+
+resourceLabels +
+ +map[string]string + +		 +(Optional) +

ResourceLabels is a set of labels to add to the provisioned Contour resources.

+

Deprecated: use Gateway.Spec.Infrastructure.Labels instead. This field will be +removed in a future release.

+
+
+status +
+ + +ContourDeploymentStatus + + +		 +
+

ExtensionService +

+

+

ExtensionService is the schema for the Contour extension services API. +An ExtensionService resource binds a network service to the Contour +API so that Contour API features can be implemented by collaborating +components.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiVersion
+string		 + +projectcontour.io/v1alpha1 + +
+kind
+string +		ExtensionService
+metadata +
+ + +Kubernetes meta/v1.ObjectMeta + + +		 +Refer to the Kubernetes API documentation for the fields of the +metadata field. +
+spec +
+ + +ExtensionServiceSpec + + +		 +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
+services +
+ + +[]ExtensionServiceTarget + + +		 +

Services specifies the set of Kubernetes Service resources that +receive GRPC extension API requests. +If no weights are specified for any of the entries in +this array, traffic will be spread evenly across all the +services. +Otherwise, traffic is balanced proportionally to the +Weight field in each entry.

+
+validation +
+ + +UpstreamValidation + + +		 +(Optional) +

UpstreamValidation defines how to verify the backend service’s certificate

+
+protocol +
+ +string + +		 +(Optional) +

Protocol may be used to specify (or override) the protocol used to reach this Service. +Values may be h2 or h2c. If omitted, protocol-selection falls back on Service annotations.

+
+loadBalancerPolicy +
+ + +LoadBalancerPolicy + + +		 +(Optional) +

The policy for load balancing GRPC service requests. Note that the +Cookie and RequestHash load balancing strategies cannot be used +here.

+
+timeoutPolicy +
+ + +TimeoutPolicy + + +		 +(Optional) +

The timeout policy for requests to the services.

+
+protocolVersion +
+ + +ExtensionProtocolVersion + + +		 +(Optional) +

This field sets the version of the GRPC protocol that Envoy uses to +send requests to the extension service. Since Contour always uses the +v3 Envoy API, this is currently fixed at “v3”. However, other +protocol options will be available in future.

+
+
+status +
+ + +ExtensionServiceStatus + + +		 +
+

AccessLogFormatString +(string alias)

+

+

+

AccessLogJSONFields +([]string alias)

+

+(Appears on: +EnvoyLogging) +

+

+

+

AccessLogLevel +(string alias)

+

+(Appears on: +EnvoyLogging) +

+

+

+ + + + + + + + + + + + + + + + +
ValueDescription

"critical"

Log only requests that result in an server error (i.e. 500+) response code.

+

"disabled"

Disable the access log.

+

"error"

Log only requests that result in a non-success (i.e. 300+) response code

+

"info"

Log all requests. This is the default.

+
+

AccessLogType +(string alias)

+

+(Appears on: +EnvoyLogging) +

+

+

AccessLogType is the name of a supported access logging mechanism.

+

+ + + + + + + + + + + + + + +
ValueDescription

"envoy"

DefaultAccessLogType is the default access log format.

+

"envoy"

Set the Envoy access logging to Envoy’s standard format. +Can be customized using accessLogFormatString.

+

"json"

Set the Envoy access logging to a JSON format. +Can be customized using jsonFields.

+
+

ClusterDNSFamilyType +(string alias)

+

+(Appears on: +ClusterParameters) +

+

+

ClusterDNSFamilyType is the Ip family to use for resolving DNS +names in an Envoy cluster config.

+

+ + + + + + + + + + + + + + + + +
ValueDescription

"all"

DNS lookups will attempt both v4 and v6 queries.

+

"auto"

DNS lookups will do a v6 lookup first, followed by a v4 if that fails.

+

"v4"

DNS lookups will only attempt v4 queries.

+

"v6"

DNS lookups will only attempt v6 queries.

+
+

ClusterParameters +

+

+(Appears on: +EnvoyConfig) +

+

+

ClusterParameters holds various configurable cluster values.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+dnsLookupFamily +
+ + +ClusterDNSFamilyType + + +		 +(Optional) +

DNSLookupFamily defines how external names are looked up +When configured as V4, the DNS resolver will only perform a lookup +for addresses in the IPv4 family. If V6 is configured, the DNS resolver +will only perform a lookup for addresses in the IPv6 family. +If AUTO is configured, the DNS resolver will first perform a lookup +for addresses in the IPv6 family and fallback to a lookup for addresses +in the IPv4 family. If ALL is specified, the DNS resolver will perform a lookup for +both IPv4 and IPv6 families, and return all resolved addresses. +When this is used, Happy Eyeballs will be enabled for upstream connections. +Refer to Happy Eyeballs Support for more information. +Note: This only applies to externalName clusters.

+

See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto.html#envoy-v3-api-enum-config-cluster-v3-cluster-dnslookupfamily +for more information.

+

Values: auto (default), v4, v6, all.

+

Other values will produce an error.

+
+maxRequestsPerConnection +
+ +uint32 + +		 +(Optional) +

Defines the maximum requests for upstream connections. If not specified, there is no limit. +see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions +for more information.

+
+per-connection-buffer-limit-bytes +
+ +uint32 + +		 +(Optional) +

Defines the soft limit on size of the cluster’s new connection read and write buffers in bytes. +If unspecified, an implementation defined default is applied (1MiB). +see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-per-connection-buffer-limit-bytes +for more information.

+
+circuitBreakers +
+ + +GlobalCircuitBreakerDefaults + + +		 +(Optional) +

GlobalCircuitBreakerDefaults specifies default circuit breaker budget across all services. +If defined, this will be used as the default for all services.

+
+upstreamTLS +
+ + +EnvoyTLS + + +		 +(Optional) +

UpstreamTLS contains the TLS policy parameters for upstream connections

+
+

ContourConfigurationSpec +

+

+(Appears on: +ContourConfiguration, +ContourDeploymentSpec) +

+

+

ContourConfigurationSpec represents a configuration of a Contour controller. +It contains most of all the options that can be customized, the +other remaining options being command line flags.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+xdsServer +
+ + +XDSServerConfig + + +		 +(Optional) +

XDSServer contains parameters for the xDS server.

+
+ingress +
+ + +IngressConfig + + +		 +(Optional) +

Ingress contains parameters for ingress options.

+
+debug +
+ + +DebugConfig + + +		 +(Optional) +

Debug contains parameters to enable debug logging +and debug interfaces inside Contour.

+
+health +
+ + +HealthConfig + + +		 +(Optional) +

Health defines the endpoints Contour uses to serve health checks.

+

Contour’s default is { address: “0.0.0.0”, port: 8000 }.

+
+envoy +
+ + +EnvoyConfig + + +		 +(Optional) +

Envoy contains parameters for Envoy as well +as how to optionally configure a managed Envoy fleet.

+
+gateway +
+ + +GatewayConfig + + +		 +(Optional) +

Gateway contains parameters for the gateway-api Gateway that Contour +is configured to serve traffic.

+
+httpproxy +
+ + +HTTPProxyConfig + + +		 +(Optional) +

HTTPProxy defines parameters on HTTPProxy.

+
+enableExternalNameService +
+ +bool + +		 +(Optional) +

EnableExternalNameService allows processing of ExternalNameServices

+

Contour’s default is false for security reasons.

+
+globalExtAuth +
+ + +AuthorizationServer + + +		 +(Optional) +

GlobalExternalAuthorization allows envoys external authorization filter +to be enabled for all virtual hosts.

+
+rateLimitService +
+ + +RateLimitServiceConfig + + +		 +(Optional) +

RateLimitService optionally holds properties of the Rate Limit Service +to be used for global rate limiting.

+
+policy +
+ + +PolicyConfig + + +		 +(Optional) +

Policy specifies default policy applied if not overridden by the user

+
+metrics +
+ + +MetricsConfig + + +		 +(Optional) +

Metrics defines the endpoint Contour uses to serve metrics.

+

Contour’s default is { address: “0.0.0.0”, port: 8000 }.

+
+tracing +
+ + +TracingConfig + + +		 +

Tracing defines properties for exporting trace data to OpenTelemetry.

+
+featureFlags +
+ + +FeatureFlags + + +		 +

FeatureFlags defines toggle to enable new contour features. +Available toggles are: +useEndpointSlices - configures contour to fetch endpoint data +from k8s endpoint slices. defaults to false and reading endpoint +data from the k8s endpoints.

+
+

ContourConfigurationStatus +

+

+(Appears on: +ContourConfiguration) +

+

+

ContourConfigurationStatus defines the observed state of a ContourConfiguration resource.

+

+ + + + + + + + + + + + + +
FieldDescription
+conditions +
+ + +[]DetailedCondition + + +		 +(Optional) +

Conditions contains the current status of the Contour resource.

+

Contour will update a single condition, Valid, that is in normal-true polarity.

+

Contour will not modify any other Conditions set in this block, +in case some other controller wants to add a Condition.

+
+

ContourDeploymentSpec +

+

+(Appears on: +ContourDeployment) +

+

+

ContourDeploymentSpec specifies options for how a Contour +instance should be provisioned.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+contour +
+ + +ContourSettings + + +		 +(Optional) +

Contour specifies deployment-time settings for the Contour +part of the installation, i.e. the xDS server/control plane +and associated resources, including things like replica count +for the Deployment, and node placement constraints for the pods.

+
+envoy +
+ + +EnvoySettings + + +		 +(Optional) +

Envoy specifies deployment-time settings for the Envoy +part of the installation, i.e. the xDS client/data plane +and associated resources, including things like the workload +type to use (DaemonSet or Deployment), node placement constraints +for the pods, and various options for the Envoy service.

+
+runtimeSettings +
+ + +ContourConfigurationSpec + + +		 +(Optional) +

RuntimeSettings is a ContourConfiguration spec to be used when +provisioning a Contour instance that will influence aspects of +the Contour instance’s runtime behavior.

+
+resourceLabels +
+ +map[string]string + +		 +(Optional) +

ResourceLabels is a set of labels to add to the provisioned Contour resources.

+

Deprecated: use Gateway.Spec.Infrastructure.Labels instead. This field will be +removed in a future release.

+
+

ContourDeploymentStatus +

+

+(Appears on: +ContourDeployment) +

+

+

ContourDeploymentStatus defines the observed state of a ContourDeployment resource.

+

+ + + + + + + + + + + + + +
FieldDescription
+conditions +
+ + +[]Kubernetes meta/v1.Condition + + +		 +(Optional) +

Conditions describe the current conditions of the ContourDeployment resource.

+
+

ContourSettings +

+

+(Appears on: +ContourDeploymentSpec) +

+

+

ContourSettings contains settings for the Contour part of the installation, +i.e. the xDS server/control plane and associated resources.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+replicas +
+ +int32 + +		 +(Optional) +

Deprecated: Use DeploymentSettings.Replicas instead.

+

Replicas is the desired number of Contour replicas. If if unset, +defaults to 2.

+

if both DeploymentSettings.Replicas and this one is set, use DeploymentSettings.Replicas.

+
+nodePlacement +
+ + +NodePlacement + + +		 +(Optional) +

NodePlacement describes node scheduling configuration of Contour pods.

+
+kubernetesLogLevel +
+ +byte + +		 +(Optional) +

KubernetesLogLevel Enable Kubernetes client debug logging with log level. If unset, +defaults to 0.

+
+logLevel +
+ + +LogLevel + + +		 +(Optional) +

LogLevel sets the log level for Contour +Allowed values are “info”, “debug”.

+
+resources +
+ + +Kubernetes core/v1.ResourceRequirements + + +		 +(Optional) +

Compute Resources required by contour container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

+
+deployment +
+ + +DeploymentSettings + + +		 +(Optional) +

Deployment describes the settings for running contour as a Deployment.

+
+podAnnotations +
+ +map[string]string + +		 +(Optional) +

PodAnnotations defines annotations to add to the Contour pods. +the annotations for Prometheus will be appended or overwritten with predefined value.

+
+watchNamespaces +
+ + +[]Namespace + + +		 +(Optional) +

WatchNamespaces is an array of namespaces. Setting it will instruct the contour instance +to only watch this subset of namespaces.

+
+disabledFeatures +
+ + +[]Feature + + +		 +(Optional) +

DisabledFeatures defines an array of resources that will be ignored by +contour reconciler.

+
+

CustomTag +

+

+

CustomTag defines custom tags with unique tag name +to create tags for the active span.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+tagName +
+ +string + +		 +

TagName is the unique name of the custom tag.

+
+literal +
+ +string + +		 +(Optional) +

Literal is a static custom tag value. +Precisely one of Literal, RequestHeaderName must be set.

+
+requestHeaderName +
+ +string + +		 +(Optional) +

RequestHeaderName indicates which request header +the label value is obtained from. +Precisely one of Literal, RequestHeaderName must be set.

+
+

DaemonSetSettings +

+

+(Appears on: +EnvoySettings) +

+

+

DaemonSetSettings contains settings for DaemonSet resources.

+

+ + + + + + + + + + + + + +
FieldDescription
+updateStrategy +
+ + +Kubernetes apps/v1.DaemonSetUpdateStrategy + + +		 +(Optional) +

Strategy describes the deployment strategy to use to replace existing DaemonSet pods with new pods.

+
+

DebugConfig +

+

+(Appears on: +ContourConfigurationSpec) +

+

+

DebugConfig contains Contour specific troubleshooting options.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+address +
+ +string + +		 +(Optional) +

Defines the Contour debug address interface.

+

Contour’s default is “127.0.0.1”.

+
+port +
+ +int + +		 +(Optional) +

Defines the Contour debug address port.

+

Contour’s default is 6060.

+
+

DeploymentSettings +

+

+(Appears on: +ContourSettings, +EnvoySettings) +

+

+

DeploymentSettings contains settings for Deployment resources.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+replicas +
+ +int32 + +		 +

Replicas is the desired number of replicas.

+
+strategy +
+ + +Kubernetes apps/v1.DeploymentStrategy + + +		 +(Optional) +

Strategy describes the deployment strategy to use to replace existing pods with new pods.

+
+

EnvoyConfig +

+

+(Appears on: +ContourConfigurationSpec) +

+

+

EnvoyConfig defines how Envoy is to be Configured from Contour.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+listener +
+ + +EnvoyListenerConfig + + +		 +(Optional) +

Listener hold various configurable Envoy listener values.

+
+service +
+ + +NamespacedName + + +		 +(Optional) +

Service holds Envoy service parameters for setting Ingress status.

+

Contour’s default is { namespace: “projectcontour”, name: “envoy” }.

+
+http +
+ + +EnvoyListener + + +		 +(Optional) +

Defines the HTTP Listener for Envoy.

+

Contour’s default is { address: “0.0.0.0”, port: 8080, accessLog: “/dev/stdout” }.

+
+https +
+ + +EnvoyListener + + +		 +(Optional) +

Defines the HTTPS Listener for Envoy.

+

Contour’s default is { address: “0.0.0.0”, port: 8443, accessLog: “/dev/stdout” }.

+
+health +
+ + +HealthConfig + + +		 +(Optional) +

Health defines the endpoint Envoy uses to serve health checks.

+

Contour’s default is { address: “0.0.0.0”, port: 8002 }.

+
+metrics +
+ + +MetricsConfig + + +		 +(Optional) +

Metrics defines the endpoint Envoy uses to serve metrics.

+

Contour’s default is { address: “0.0.0.0”, port: 8002 }.

+
+clientCertificate +
+ + +NamespacedName + + +		 +(Optional) +

ClientCertificate defines the namespace/name of the Kubernetes +secret containing the client certificate and private key +to be used when establishing TLS connection to upstream +cluster.

+
+logging +
+ + +EnvoyLogging + + +		 +(Optional) +

Logging defines how Envoy’s logs can be configured.

+
+defaultHTTPVersions +
+ + +[]HTTPVersionType + + +		 +(Optional) +

DefaultHTTPVersions defines the default set of HTTPS +versions the proxy should accept. HTTP versions are +strings of the form “HTTP/xx”. Supported versions are +“HTTP/1.1” and “HTTP/2”.

+

Values: HTTP/1.1, HTTP/2 (default: both).

+

Other values will produce an error.

+
+timeouts +
+ + +TimeoutParameters + + +		 +(Optional) +

Timeouts holds various configurable timeouts that can +be set in the config file.

+
+cluster +
+ + +ClusterParameters + + +		 +(Optional) +

Cluster holds various configurable Envoy cluster values that can +be set in the config file.

+
+network +
+ + +NetworkParameters + + +		 +(Optional) +

Network holds various configurable Envoy network values.

+
+

EnvoyListener +

+

+(Appears on: +EnvoyConfig) +

+

+

EnvoyListener defines parameters for an Envoy Listener.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+address +
+ +string + +		 +(Optional) +

Defines an Envoy Listener Address.

+
+port +
+ +int + +		 +(Optional) +

Defines an Envoy listener Port.

+
+accessLog +
+ +string + +		 +(Optional) +

AccessLog defines where Envoy logs are outputted for this listener.

+
+

EnvoyListenerConfig +

+

+(Appears on: +EnvoyConfig) +

+

+

EnvoyListenerConfig hold various configurable Envoy listener values.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+useProxyProtocol +
+ +bool + +		 +(Optional) +

Use PROXY protocol for all listeners.

+

Contour’s default is false.

+
+disableAllowChunkedLength +
+ +bool + +		 +(Optional) +

DisableAllowChunkedLength disables the RFC-compliant Envoy behavior to +strip the “Content-Length” header if “Transfer-Encoding: chunked” is +also set. This is an emergency off-switch to revert back to Envoy’s +default behavior in case of failures. Please file an issue if failures +are encountered. +See: https://github.com/projectcontour/contour/issues/3221

+

Contour’s default is false.

+
+disableMergeSlashes +
+ +bool + +		 +(Optional) +

DisableMergeSlashes disables Envoy’s non-standard merge_slashes path transformation option +which strips duplicate slashes from request URL paths.

+

Contour’s default is false.

+
+serverHeaderTransformation +
+ + +ServerHeaderTransformationType + + +		 +(Optional) +

Defines the action to be applied to the Server header on the response path. +When configured as overwrite, overwrites any Server header with “envoy”. +When configured as append_if_absent, if a Server header is present, pass it through, otherwise set it to “envoy”. +When configured as pass_through, pass through the value of the Server header, and do not append a header if none is present.

+

Values: overwrite (default), append_if_absent, pass_through

+

Other values will produce an error. +Contour’s default is overwrite.

+
+connectionBalancer +
+ +string + +		 +(Optional) +

ConnectionBalancer. If the value is exact, the listener will use the exact connection balancer +See https://www.envoyproxy.io/docs/envoy/latest/api-v2/api/v2/listener.proto#envoy-api-msg-listener-connectionbalanceconfig +for more information.

+

Values: (empty string): use the default ConnectionBalancer, exact: use the Exact ConnectionBalancer.

+

Other values will produce an error.

+
+maxRequestsPerConnection +
+ +uint32 + +		 +(Optional) +

Defines the maximum requests for downstream connections. If not specified, there is no limit. +see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-msg-config-core-v3-httpprotocoloptions +for more information.

+
+per-connection-buffer-limit-bytes +
+ +uint32 + +		 +(Optional) +

Defines the soft limit on size of the listener’s new connection read and write buffers in bytes. +If unspecified, an implementation defined default is applied (1MiB). +see https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#envoy-v3-api-field-config-listener-v3-listener-per-connection-buffer-limit-bytes +for more information.

+
+tls +
+ + +EnvoyTLS + + +		 +(Optional) +

TLS holds various configurable Envoy TLS listener values.

+
+socketOptions +
+ + +SocketOptions + + +		 +(Optional) +

SocketOptions defines configurable socket options for the listeners. +Single set of options are applied to all listeners.

+
+maxRequestsPerIOCycle +
+ +uint32 + +		 +(Optional) +

Defines the limit on number of HTTP requests that Envoy will process from a single +connection in a single I/O cycle. Requests over this limit are processed in subsequent +I/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is +detected. Configures the http.max_requests_per_io_cycle Envoy runtime setting. The default +value when this is not set is no limit.

+
+httpMaxConcurrentStreams +
+ +uint32 + +		 +(Optional) +

Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the +SETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed +for a peer on a single HTTP/2 connection. It is recommended to not set this lower +than 100 but this field can be used to bound resource usage by HTTP/2 connections +and mitigate attacks like CVE-2023-44487. The default value when this is not set is +unlimited.

+
+maxConnectionsPerListener +
+ +uint32 + +		 +(Optional) +

Defines the limit on number of active connections to a listener. The limit is applied +per listener. The default value when this is not set is unlimited.

+
+

EnvoyLogging +

+

+(Appears on: +EnvoyConfig) +

+

+

EnvoyLogging defines how Envoy’s logs can be configured.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+accessLogFormat +
+ + +AccessLogType + + +		 +(Optional) +

AccessLogFormat sets the global access log format.

+

Values: envoy (default), json.

+

Other values will produce an error.

+
+accessLogFormatString +
+ +string + +		 +(Optional) +

AccessLogFormatString sets the access log format when format is set to envoy. +When empty, Envoy’s default format is used.

+
+accessLogJSONFields +
+ + +AccessLogJSONFields + + +		 +(Optional) +

AccessLogJSONFields sets the fields that JSON logging will +output when AccessLogFormat is json.

+
+accessLogLevel +
+ + +AccessLogLevel + + +		 +(Optional) +

AccessLogLevel sets the verbosity level of the access log.

+

Values: info (default, all requests are logged), error (all non-success requests, i.e. 300+ response code, are logged), critical (all 5xx requests are logged) and disabled.

+

Other values will produce an error.

+
+

EnvoySettings +

+

+(Appears on: +ContourDeploymentSpec) +

+

+

EnvoySettings contains settings for the Envoy part of the installation, +i.e. the xDS client/data plane and associated resources.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+workloadType +
+ + +WorkloadType + + +		 +(Optional) +

WorkloadType is the type of workload to install Envoy +as. Choices are DaemonSet and Deployment. If unset, defaults +to DaemonSet.

+
+replicas +
+ +int32 + +		 +(Optional) +

Deprecated: Use DeploymentSettings.Replicas instead.

+

Replicas is the desired number of Envoy replicas. If WorkloadType +is not “Deployment”, this field is ignored. Otherwise, if unset, +defaults to 2.

+

if both DeploymentSettings.Replicas and this one is set, use DeploymentSettings.Replicas.

+
+networkPublishing +
+ + +NetworkPublishing + + +		 +

NetworkPublishing defines how to expose Envoy to a network.

+
+nodePlacement +
+ + +NodePlacement + + +		 +(Optional) +

NodePlacement describes node scheduling configuration of Envoy pods.

+
+extraVolumes +
+ + +[]Kubernetes core/v1.Volume + + +		 +(Optional) +

ExtraVolumes holds the extra volumes to add.

+
+extraVolumeMounts +
+ + +[]Kubernetes core/v1.VolumeMount + + +		 +(Optional) +

ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes).

+
+podAnnotations +
+ +map[string]string + +		 +(Optional) +

PodAnnotations defines annotations to add to the Envoy pods. +the annotations for Prometheus will be appended or overwritten with predefined value.

+
+resources +
+ + +Kubernetes core/v1.ResourceRequirements + + +		 +(Optional) +

Compute Resources required by envoy container. +Cannot be updated. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/

+
+logLevel +
+ + +LogLevel + + +		 +(Optional) +

LogLevel sets the log level for Envoy. +Allowed values are “trace”, “debug”, “info”, “warn”, “error”, “critical”, “off”.

+
+daemonSet +
+ + +DaemonSetSettings + + +		 +(Optional) +

DaemonSet describes the settings for running envoy as a DaemonSet. +if WorkloadType is Deployment,it’s must be nil

+
+deployment +
+ + +DeploymentSettings + + +		 +(Optional) +

Deployment describes the settings for running envoy as a Deployment. +if WorkloadType is DaemonSet,it’s must be nil

+
+baseID +
+ +int32 + +		 +(Optional) +

The base ID to use when allocating shared memory regions. +if Envoy needs to be run multiple times on the same machine, each running Envoy will need a unique base ID +so that the shared memory regions do not conflict. +defaults to 0.

+
+overloadMaxHeapSize +
+ +uint64 + +		 +(Optional) +

OverloadMaxHeapSize defines the maximum heap memory of the envoy controlled by the overload manager. +When the value is greater than 0, the overload manager is enabled, +and when envoy reaches 95% of the maximum heap size, it performs a shrink heap operation, +When it reaches 98% of the maximum heap size, Envoy Will stop accepting requests. +More info: https://projectcontour.io/docs/main/config/overload-manager/

+
+

EnvoyTLS +

+

+(Appears on: +ClusterParameters, +EnvoyListenerConfig) +

+

+

EnvoyTLS describes tls parameters for Envoy listneners.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+minimumProtocolVersion +
+ +string + +		 +(Optional) +

MinimumProtocolVersion is the minimum TLS version this vhost should +negotiate.

+

Values: 1.2 (default), 1.3.

+

Other values will produce an error.

+
+maximumProtocolVersion +
+ +string + +		 +(Optional) +

MaximumProtocolVersion is the maximum TLS version this vhost should +negotiate.

+

Values: 1.2, 1.3(default).

+

Other values will produce an error.

+
+cipherSuites +
+ +[]string + +		 +(Optional) +

CipherSuites defines the TLS ciphers to be supported by Envoy TLS +listeners when negotiating TLS 1.2. Ciphers are validated against the +set that Envoy supports by default. This parameter should only be used +by advanced users. Note that these will be ignored when TLS 1.3 is in +use.

+

This field is optional; when it is undefined, a Contour-managed ciphersuite list +will be used, which may be updated to keep it secure.

+

Contour’s default list is: +- “[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]” +- “[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]” +- “ECDHE-ECDSA-AES256-GCM-SHA384” +- “ECDHE-RSA-AES256-GCM-SHA384”

+

Ciphers provided are validated against the following list: +- “[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]” +- “[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]” +- “ECDHE-ECDSA-AES128-GCM-SHA256” +- “ECDHE-RSA-AES128-GCM-SHA256” +- “ECDHE-ECDSA-AES128-SHA” +- “ECDHE-RSA-AES128-SHA” +- “AES128-GCM-SHA256” +- “AES128-SHA” +- “ECDHE-ECDSA-AES256-GCM-SHA384” +- “ECDHE-RSA-AES256-GCM-SHA384” +- “ECDHE-ECDSA-AES256-SHA” +- “ECDHE-RSA-AES256-SHA” +- “AES256-GCM-SHA384” +- “AES256-SHA”

+

Contour recommends leaving this undefined unless you are sure you must.

+

See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters +Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS.

+
+

ExtensionProtocolVersion +(string alias)

+

+(Appears on: +ExtensionServiceSpec) +

+

+

ExtensionProtocolVersion is the version of the GRPC protocol used +to access extension services. The only version currently supported +is “v3”.

+

+ + + + + + + + + + + + +
ValueDescription

"v2"

SupportProtocolVersion2 requests the “v2” support protocol version.

+

Deprecated: this protocol version is no longer supported and the +constant is retained for backwards compatibility only.

+

"v3"

SupportProtocolVersion3 requests the “v3” support protocol version.

+
+

ExtensionServiceSpec +

+

+(Appears on: +ExtensionService) +

+

+

ExtensionServiceSpec defines the desired state of an ExtensionService resource.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+services +
+ + +[]ExtensionServiceTarget + + +		 +

Services specifies the set of Kubernetes Service resources that +receive GRPC extension API requests. +If no weights are specified for any of the entries in +this array, traffic will be spread evenly across all the +services. +Otherwise, traffic is balanced proportionally to the +Weight field in each entry.

+
+validation +
+ + +UpstreamValidation + + +		 +(Optional) +

UpstreamValidation defines how to verify the backend service’s certificate

+
+protocol +
+ +string + +		 +(Optional) +

Protocol may be used to specify (or override) the protocol used to reach this Service. +Values may be h2 or h2c. If omitted, protocol-selection falls back on Service annotations.

+
+loadBalancerPolicy +
+ + +LoadBalancerPolicy + + +		 +(Optional) +

The policy for load balancing GRPC service requests. Note that the +Cookie and RequestHash load balancing strategies cannot be used +here.

+
+timeoutPolicy +
+ + +TimeoutPolicy + + +		 +(Optional) +

The timeout policy for requests to the services.

+
+protocolVersion +
+ + +ExtensionProtocolVersion + + +		 +(Optional) +

This field sets the version of the GRPC protocol that Envoy uses to +send requests to the extension service. Since Contour always uses the +v3 Envoy API, this is currently fixed at “v3”. However, other +protocol options will be available in future.

+
+

ExtensionServiceStatus +

+

+(Appears on: +ExtensionService) +

+

+

ExtensionServiceStatus defines the observed state of an +ExtensionService resource.

+

+ + + + + + + + + + + + + +
FieldDescription
+conditions +
+ + +[]DetailedCondition + + +		 +(Optional) +

Conditions contains the current status of the ExtensionService resource.

+

Contour will update a single condition, Valid, that is in normal-true polarity.

+

Contour will not modify any other Conditions set in this block, +in case some other controller wants to add a Condition.

+
+

ExtensionServiceTarget +

+

+(Appears on: +ExtensionServiceSpec) +

+

+

ExtensionServiceTarget defines an Kubernetes Service to target with +extension service traffic.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+name +
+ +string + +		 +

Name is the name of Kubernetes service that will accept service +traffic.

+
+port +
+ +int + +		 +

Port (defined as Integer) to proxy traffic to since a service can have multiple defined.

+
+weight +
+ +uint32 + +		 +(Optional) +

Weight defines proportion of traffic to balance to the Kubernetes Service.

+
+

FeatureFlags +([]string alias)

+

+(Appears on: +ContourConfigurationSpec) +

+

+

FeatureFlags defines the set of feature flags +to toggle new contour features.

+

+

GatewayConfig +

+

+(Appears on: +ContourConfigurationSpec) +

+

+

GatewayConfig holds the config for Gateway API controllers.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+controllerName +
+ +string + +		 +(Optional) +

ControllerName is used to determine whether Contour should reconcile a +GatewayClass. The string takes the form of “projectcontour.io//contour”. +If unset, the gatewayclass controller will not be started. +Exactly one of ControllerName or GatewayRef must be set.

+

Deprecated: users should use GatewayRef, or the Gateway provisioner, +in place of this field. This field will be removed in a future release.

+
+gatewayRef +
+ + +NamespacedName + + +		 +(Optional) +

GatewayRef defines a specific Gateway that this Contour +instance corresponds to. If set, Contour will reconcile +only this gateway, and will not reconcile any gateway +classes. +Exactly one of ControllerName or GatewayRef must be set.

+
+

GlobalCircuitBreakerDefaults +

+

+(Appears on: +ClusterParameters) +

+

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+maxConnections +
+ +uint32 + +		 +(Optional) +

The maximum number of connections that a single Envoy instance allows to the Kubernetes Service; defaults to 1024.

+
+maxPendingRequests +
+ +uint32 + +		 +(Optional) +

The maximum number of pending requests that a single Envoy instance allows to the Kubernetes Service; defaults to 1024.

+
+maxRequests +
+ +uint32 + +		 +(Optional) +

The maximum parallel requests a single Envoy instance allows to the Kubernetes Service; defaults to 1024

+
+maxRetries +
+ +uint32 + +		 +(Optional) +

The maximum number of parallel retries a single Envoy instance allows to the Kubernetes Service; defaults to 3.

+
+

HTTPProxyConfig +

+

+(Appears on: +ContourConfigurationSpec) +

+

+

HTTPProxyConfig defines parameters on HTTPProxy.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+disablePermitInsecure +
+ +bool + +		 +(Optional) +

DisablePermitInsecure disables the use of the +permitInsecure field in HTTPProxy.

+

Contour’s default is false.

+
+rootNamespaces +
+ +[]string + +		 +(Optional) +

Restrict Contour to searching these namespaces for root ingress routes.

+
+fallbackCertificate +
+ + +NamespacedName + + +		 +(Optional) +

FallbackCertificate defines the namespace/name of the Kubernetes secret to +use as fallback when a non-SNI request is received.

+
+

HTTPVersionType +(string alias)

+

+(Appears on: +EnvoyConfig) +

+

+

HTTPVersionType is the name of a supported HTTP version.

+

+ + + + + + + + + + + + +
ValueDescription

"HTTP/1.1"

HTTPVersion1 is the name of the HTTP/1.1 version.

+

"HTTP/2"

HTTPVersion2 is the name of the HTTP/2 version.

+
+

HeadersPolicy +

+

+(Appears on: +PolicyConfig) +

+

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+set +
+ +map[string]string + +		 +(Optional) +
+remove +
+ +[]string + +		 +(Optional) +
+

HealthConfig +

+

+(Appears on: +ContourConfigurationSpec, +EnvoyConfig) +

+

+

HealthConfig defines the endpoints to enable health checks.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+address +
+ +string + +		 +(Optional) +

Defines the health address interface.

+
+port +
+ +int + +		 +(Optional) +

Defines the health port.

+
+

IngressConfig +

+

+(Appears on: +ContourConfigurationSpec) +

+

+

IngressConfig defines ingress specific config items.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+classNames +
+ +[]string + +		 +(Optional) +

Ingress Class Names Contour should use.

+
+statusAddress +
+ +string + +		 +(Optional) +

Address to set in Ingress object status.

+
+

LogLevel +(string alias)

+

+(Appears on: +ContourSettings, +EnvoySettings) +

+

+

LogLevel is the logging levels available.

+

+ + + + + + + + + + + + + + + + + + + + + + +
ValueDescription

"critical"

CriticalLog sets the log level for Envoy to critical.

+

"debug"

DebugLog sets the log level for Contour/Envoy to debug.

+

"error"

ErrorLog sets the log level for Envoy to error.

+

"info"

InfoLog sets the log level for Contour/Envoy to info.

+

"off"

OffLog disable logging for Envoy.

+

"trace"

TraceLog sets the log level for Envoy to trace.

+

"warn"

WarnLog sets the log level for Envoy to warn.

+
+

MetricsConfig +

+

+(Appears on: +ContourConfigurationSpec, +EnvoyConfig) +

+

+

MetricsConfig defines the metrics endpoint.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+address +
+ +string + +		 +(Optional) +

Defines the metrics address interface.

+
+port +
+ +int + +		 +(Optional) +

Defines the metrics port.

+
+tls +
+ + +MetricsTLS + + +		 +(Optional) +

TLS holds TLS file config details. +Metrics and health endpoints cannot have same port number when metrics is served over HTTPS.

+
+

MetricsTLS +

+

+(Appears on: +MetricsConfig) +

+

+

TLS holds TLS file config details.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+caFile +
+ +string + +		 +(Optional) +

CA filename.

+
+certFile +
+ +string + +		 +(Optional) +

Client certificate filename.

+
+keyFile +
+ +string + +		 +(Optional) +

Client key filename.

+
+

NamespacedName +

+

+(Appears on: +EnvoyConfig, +GatewayConfig, +HTTPProxyConfig, +RateLimitServiceConfig, +TracingConfig) +

+

+

NamespacedName defines the namespace/name of the Kubernetes resource referred from the config file. +Used for Contour config YAML file parsing, otherwise we could use K8s types.NamespacedName.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+name +
+ +string + +		 +
+namespace +
+ +string + +		 +
+

NetworkParameters +

+

+(Appears on: +EnvoyConfig) +

+

+

NetworkParameters hold various configurable network values.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+numTrustedHops +
+ +uint32 + +		 +(Optional) +

XffNumTrustedHops defines the number of additional ingress proxy hops from the +right side of the x-forwarded-for HTTP header to trust when determining the origin +client’s IP address.

+

See https://www.envoyproxy.io/docs/envoy/v1.17.0/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto?highlight=xff_num_trusted_hops +for more information.

+

Contour’s default is 0.

+
+adminPort +
+ +int + +		 +(Optional) +

Configure the port used to access the Envoy Admin interface. +If configured to port “0” then the admin interface is disabled.

+

Contour’s default is 9001.

+
+

NetworkPublishing +

+

+(Appears on: +EnvoySettings) +

+

+

NetworkPublishing defines the schema for publishing to a network.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+type +
+ + +NetworkPublishingType + + +		 +(Optional) +

NetworkPublishingType is the type of publishing strategy to use. Valid values are:

+
    +
  • LoadBalancerService
    • +
+

In this configuration, network endpoints for Envoy use container networking. +A Kubernetes LoadBalancer Service is created to publish Envoy network +endpoints.

+

See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer

+
    +
  • NodePortService
    • +
+

Publishes Envoy network endpoints using a Kubernetes NodePort Service.

+

In this configuration, Envoy network endpoints use container networking. A Kubernetes +NodePort Service is created to publish the network endpoints.

+

See: https://kubernetes.io/docs/concepts/services-networking/service/#nodeport

+

NOTE: +When provisioning an Envoy NodePortService, use Gateway Listeners’ port numbers to populate +the Service’s node port values, there’s no way to auto-allocate them.

+

See: https://github.com/projectcontour/contour/issues/4499

+
    +
  • ClusterIPService
    • +
+

Publishes Envoy network endpoints using a Kubernetes ClusterIP Service.

+

In this configuration, Envoy network endpoints use container networking. A Kubernetes +ClusterIP Service is created to publish the network endpoints.

+

See: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types

+

If unset, defaults to LoadBalancerService.

+
+externalTrafficPolicy +
+ + +Kubernetes core/v1.ServiceExternalTrafficPolicy + + +		 +(Optional) +

ExternalTrafficPolicy describes how nodes distribute service traffic they +receive on one of the Service’s “externally-facing” addresses (NodePorts, ExternalIPs, +and LoadBalancer IPs).

+

If unset, defaults to “Local”.

+
+ipFamilyPolicy +
+ + +Kubernetes core/v1.IPFamilyPolicy + + +		 +(Optional) +

IPFamilyPolicy represents the dual-stack-ness requested or required by +this Service. If there is no value provided, then this field will be set +to SingleStack. Services can be “SingleStack” (a single IP family), +“PreferDualStack” (two IP families on dual-stack configured clusters or +a single IP family on single-stack clusters), or “RequireDualStack” +(two IP families on dual-stack configured clusters, otherwise fail).

+
+serviceAnnotations +
+ +map[string]string + +		 +(Optional) +

ServiceAnnotations is the annotations to add to +the provisioned Envoy service.

+
+

NetworkPublishingType +(string alias)

+

+(Appears on: +NetworkPublishing) +

+

+

NetworkPublishingType is a way to publish network endpoints.

+

+ + + + + + + + + + + + + + +
ValueDescription

"ClusterIPService"

ClusterIPServicePublishingType publishes a network endpoint using a Kubernetes +ClusterIP Service.

+

"LoadBalancerService"

LoadBalancerServicePublishingType publishes a network endpoint using a Kubernetes +LoadBalancer Service.

+

"NodePortService"

NodePortServicePublishingType publishes a network endpoint using a Kubernetes +NodePort Service.

+
+

NodePlacement +

+

+(Appears on: +ContourSettings, +EnvoySettings) +

+

+

NodePlacement describes node scheduling configuration for pods. +If nodeSelector and tolerations are specified, the scheduler will use both to +determine where to place the pod(s).

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+nodeSelector +
+ +map[string]string + +		 +(Optional) +

NodeSelector is the simplest recommended form of node selection constraint +and specifies a map of key-value pairs. For the pod to be eligible +to run on a node, the node must have each of the indicated key-value pairs +as labels (it can have additional labels as well).

+

If unset, the pod(s) will be scheduled to any available node.

+
+tolerations +
+ + +[]Kubernetes core/v1.Toleration + + +		 +(Optional) +

Tolerations work with taints to ensure that pods are not scheduled +onto inappropriate nodes. One or more taints are applied to a node; this +marks that the node should not accept any pods that do not tolerate the +taints.

+

The default is an empty list.

+

See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +for additional details.

+
+

PolicyConfig +

+

+(Appears on: +ContourConfigurationSpec) +

+

+

PolicyConfig holds default policy used if not explicitly set by the user

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+requestHeaders +
+ + +HeadersPolicy + + +		 +(Optional) +

RequestHeadersPolicy defines the request headers set/removed on all routes

+
+responseHeaders +
+ + +HeadersPolicy + + +		 +(Optional) +

ResponseHeadersPolicy defines the response headers set/removed on all routes

+
+applyToIngress +
+ +bool + +		 +(Optional) +

ApplyToIngress determines if the Policies will apply to ingress objects

+

Contour’s default is false.

+
+

RateLimitServiceConfig +

+

+(Appears on: +ContourConfigurationSpec) +

+

+

RateLimitServiceConfig defines properties of a global Rate Limit Service.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+extensionService +
+ + +NamespacedName + + +		 +

ExtensionService identifies the extension service defining the RLS.

+
+domain +
+ +string + +		 +(Optional) +

Domain is passed to the Rate Limit Service.

+
+failOpen +
+ +bool + +		 +(Optional) +

FailOpen defines whether to allow requests to proceed when the +Rate Limit Service fails to respond with a valid rate limit +decision within the timeout defined on the extension service.

+
+enableXRateLimitHeaders +
+ +bool + +		 +(Optional) +

EnableXRateLimitHeaders defines whether to include the X-RateLimit +headers X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset +(as defined by the IETF Internet-Draft linked below), on responses +to clients when the Rate Limit Service is consulted for a request.

+

ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html

+
+enableResourceExhaustedCode +
+ +bool + +		 +(Optional) +

EnableResourceExhaustedCode enables translating error code 429 to +grpc code RESOURCE_EXHAUSTED. When disabled it’s translated to UNAVAILABLE

+
+defaultGlobalRateLimitPolicy +
+ + +GlobalRateLimitPolicy + + +		 +(Optional) +

DefaultGlobalRateLimitPolicy allows setting a default global rate limit policy for every HTTPProxy. +HTTPProxy can overwrite this configuration.

+
+

ServerHeaderTransformationType +(string alias)

+

+(Appears on: +EnvoyListenerConfig) +

+

+

ServerHeaderTransformation defines the action to be applied to the Server header on the response path

+

+ + + + + + + + + + + + + + +
ValueDescription

"append_if_absent"

If no Server header is present, set it to “envoy”. +If a Server header is present, pass it through.

+

"overwrite"

Overwrite any Server header with “envoy”. +This is the default value.

+

"pass_through"

Pass through the value of the Server header, and do not append a header +if none is present.

+
+

SocketOptions +

+

+(Appears on: +EnvoyListenerConfig) +

+

+

SocketOptions defines configurable socket options for Envoy listeners.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+tos +
+ +int32 + +		 +(Optional) +

Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners. +Single value is applied to all listeners. +If listeners are bound to IPv6-only addresses, setting this option will cause an error.

+
+trafficClass +
+ +int32 + +		 +(Optional) +

Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners. +Single value is applied to all listeners. +If listeners are bound to IPv4-only addresses, setting this option will cause an error.

+
+

TLS +

+

+(Appears on: +XDSServerConfig) +

+

+

TLS holds TLS file config details.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+caFile +
+ +string + +		 +(Optional) +

CA filename.

+
+certFile +
+ +string + +		 +(Optional) +

Client certificate filename.

+
+keyFile +
+ +string + +		 +(Optional) +

Client key filename.

+
+insecure +
+ +bool + +		 +(Optional) +

Allow serving the xDS gRPC API without TLS.

+
+

TimeoutParameters +

+

+(Appears on: +EnvoyConfig) +

+

+

TimeoutParameters holds various configurable proxy timeout values.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+requestTimeout +
+ +string + +		 +(Optional) +

RequestTimeout sets the client request timeout globally for Contour. Note that +this is a timeout for the entire request, not an idle timeout. Omit or set to +“infinity” to disable the timeout entirely.

+

See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout +for more information.

+
+connectionIdleTimeout +
+ +string + +		 +(Optional) +

ConnectionIdleTimeout defines how long the proxy should wait while there are +no active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating +an HTTP connection. Set to “infinity” to disable the timeout entirely.

+

See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout +for more information.

+
+streamIdleTimeout +
+ +string + +		 +(Optional) +

StreamIdleTimeout defines how long the proxy should wait while there is no +request activity (for HTTP/1.1) or stream activity (for HTTP/2) before +terminating the HTTP request or stream. Set to “infinity” to disable the +timeout entirely.

+

See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout +for more information.

+
+maxConnectionDuration +
+ +string + +		 +(Optional) +

MaxConnectionDuration defines the maximum period of time after an HTTP connection +has been established from the client to the proxy before it is closed by the proxy, +regardless of whether there has been activity or not. Omit or set to “infinity” for +no max duration.

+

See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration +for more information.

+
+delayedCloseTimeout +
+ +string + +		 +(Optional) +

DelayedCloseTimeout defines how long envoy will wait, once connection +close processing has been initiated, for the downstream peer to close +the connection before Envoy closes the socket associated with the connection.

+

Setting this timeout to ‘infinity’ will disable it, equivalent to setting it to ‘0’ +in Envoy. Leaving it unset will result in the Envoy default value being used.

+

See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout +for more information.

+
+connectionShutdownGracePeriod +
+ +string + +		 +(Optional) +

ConnectionShutdownGracePeriod defines how long the proxy will wait between sending an +initial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection. +During this grace period, the proxy will continue to respond to new streams. After the final +GOAWAY frame has been sent, the proxy will refuse new streams.

+

See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout +for more information.

+
+connectTimeout +
+ +string + +		 +(Optional) +

ConnectTimeout defines how long the proxy should wait when establishing connection to upstream service. +If not set, a default value of 2 seconds will be used.

+

See https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/cluster/v3/cluster.proto#envoy-v3-api-field-config-cluster-v3-cluster-connect-timeout +for more information.

+
+

TracingConfig +

+

+(Appears on: +ContourConfigurationSpec) +

+

+

TracingConfig defines properties for exporting trace data to OpenTelemetry.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+includePodDetail +
+ +bool + +		 +(Optional) +

IncludePodDetail defines a flag. +If it is true, contour will add the pod name and namespace to the span of the trace. +the default is true. +Note: The Envoy pods MUST have the HOSTNAME and CONTOUR_NAMESPACE environment variables set for this to work properly.

+
+serviceName +
+ +string + +		 +

ServiceName defines the name for the service. +contour’s default is contour.

+
+overallSampling +
+ +string + +		 +(Optional) +

OverallSampling defines the sampling rate of trace data. +contour’s default is 100.

+
+maxPathTagLength +
+ +uint32 + +		 +(Optional) +

MaxPathTagLength defines maximum length of the request path +to extract and include in the HttpUrl tag. +contour’s default is 256.

+
+customTags +
+ + +[]*github.com/projectcontour/contour/apis/projectcontour/v1alpha1.CustomTag + + +		 +(Optional) +

CustomTags defines a list of custom tags with unique tag name.

+
+extensionService +
+ + +NamespacedName + + +		 +

ExtensionService identifies the extension service defining the otel-collector.

+
+

WorkloadType +(string alias)

+

+(Appears on: +EnvoySettings) +

+

+

WorkloadType is the type of Kubernetes workload to use for a component.

+

+

XDSServerConfig +

+

+(Appears on: +ContourConfigurationSpec) +

+

+

XDSServerConfig holds the config for the Contour xDS server.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+type +
+ + +XDSServerType + + +		 +(Optional) +

Defines the XDSServer to use for contour serve.

+

Values: contour (default), envoy.

+

Other values will produce an error.

+
+address +
+ +string + +		 +(Optional) +

Defines the xDS gRPC API address which Contour will serve.

+

Contour’s default is “0.0.0.0”.

+
+port +
+ +int + +		 +(Optional) +

Defines the xDS gRPC API port which Contour will serve.

+

Contour’s default is 8001.

+
+tls +
+ + +TLS + + +		 +(Optional) +

TLS holds TLS file config details.

+

Contour’s default is { caFile: “/certs/ca.crt”, certFile: “/certs/tls.cert”, keyFile: “/certs/tls.key”, insecure: false }.

+
+

XDSServerType +(string alias)

+

+(Appears on: +XDSServerConfig) +

+

+

XDSServerType is the type of xDS server implementation.

+

+ + + + + + + + + + + + +
ValueDescription

"contour"

Use Contour’s xDS server.

+

"envoy"

Use the upstream go-control-plane-based xDS server.

+
+
+

+Generated with gen-crd-api-reference-docs. +

diff --git a/site/content/docs/1.28/config/api.md b/site/content/docs/1.28/config/api.md new file mode 100644 index 00000000000..99809537d11 --- /dev/null +++ b/site/content/docs/1.28/config/api.md @@ -0,0 +1,3 @@ +# Contour API Reference + +{{% include-html api-reference.html %}} diff --git a/site/content/docs/1.28/config/client-authorization.md b/site/content/docs/1.28/config/client-authorization.md new file mode 100644 index 00000000000..4db2b932eff --- /dev/null +++ b/site/content/docs/1.28/config/client-authorization.md @@ -0,0 +1,123 @@ +# Client Authorization + +Contour supports integrating external servers to authorize client requests. + +Envoy implements external authorization in the [ext_authz][1] filter. +This filter intercepts client requests and holds them while it sends a check +request to an external server. +The filter uses the check result to either allow the request to proceed, or to +deny or redirect the request. + +The diagram below shows the sequence of requests involved in the successful +authorization of a HTTP request: + +

+client authorization sequence diagram +

+ +The [external authorization][7] guides demonstrates how to deploy HTTP basic +authentication using Contour and [contour-authserver](https://github.com/projectcontour/contour-authserver). + +## Extension Services + +The starting point for external authorization in Contour is the +[ExtensionService][2] API. +This API creates a cluster which Envoy can use to send requests to an external server. +In principle, the Envoy cluster can be used for any purpose, but in this +document we are concerned only with how to use it as an authorization service. + +An authorization service is a gRPC service that implements the Envoy [CheckRequest][3] protocol. +Note that Contour requires the extension to implement the "v3" version of the protocol. +Contour is compatible with any authorization server that implements this protocol. + +The primary field of interest in the `ExtensionService` CRD is the +`.spec.services` field. +This field lists the Kubernetes Services that will receive the check requests. +The `.spec.services[].name` field contains the name of the Service, which must +exist in the same namespace as the `ExtensionService` object. +The `ExtensionService` object must exist in the same namespace as the +Services they target to ensure that both objects are under the same +administrative control. + +### Load Balancing for Extension Services + +An `ExtensionService` can be configured to send traffic to multiple Kubernetes Services. +In this case, requests are divided proportionally across the Services according +to the weight in the `.spec.services[].weight` field. +The service weight can be used to flexibly shift traffic between Services for +reasons like implementing blue-green deployments. +The `.spec.loadBalancerPolicy` field configures how Envoy will load balance +requests to the endpoints within each Service. + +### TLS Validation for Extension Services + +Since authorizing a client request may involve passing sensitive credentials +from a HTTP request to the authorization service, the connection to the +authorization server should be as secure as possible. +Contour defaults the `.spec.protocol` field to "h2", which configures +Envoy to use HTTP/2 over TLS for the authorization service connection. + +The [.spec.validation][4] field configures how Envoy should verify the TLS +identity of the authorization server. +This is a critical protection against accidentally sending credentials to an +imposter service and should be enabled for all production deployments. +The `.spec.validation` field should specify the expected server name +from the authorization server's TLS certificate, and the trusted CA bundle +that can be used to validate the TLS chain of trust. + +## Authorizing Virtual Hosts + +The [.spec.virtualhost.authorization][5] field in the Contour `HTTPProxy` +API connects a virtual host to an authorization server that is bound by an +`ExtensionService` object. +Each virtual host can use a different `ExtensionService`, but only one +`ExtensionService` can be used by a single virtual host. +Authorization servers can only be attached to `HTTPProxy` objects that have TLS +termination enabled. + +### Migrating from Application Authorization + +When applications perform their own authorization, migrating to centralized +authorization may need some planning. +The `.spec.virtualhost.authorization.failOpen` field controls how client +requests should be handled when the authorization server fails. +During a migration process, this can be set to `true`, so that if the +authorization server becomes unavailable, clients can gracefully fall back to +the existing application authorization mechanism. + +### Scoping Authorization Policy Settings + +It is common for services to contain some HTTP request paths that require +authorization and some that do not. +The HTTPProxy [authorization policy][6] allows authorization to be +disabled for both an entire virtual host and for specific routes. + +The initial authorization policy is set on the HTTPProxy virtual host +in the `.spec.virtualhost.authorization.authPolicy` field. +This configures whether authorization is enabled, and the default authorization policy context. +If authorization is disabled on the virtual host, it is also disabled by +default on all the routes for that virtual host that do not specify an authorization policy. +However, a route can configure its own authorization policy (in the +`.spec.routes[].authPolicy` field) that can configure whether authorization +is enabled, irrespective of the virtual host setting. + +The authorization policy context is a way to configure a set of key/value +pairs that will be sent to the authorization server with each request check +request. +The keys and values that should be specified here depend on which authorization +server has been configured. +This facility is intended for configuring authorization-specific information, such as +the basic authentication realm, or OIDC parameters. + +The initial context map can be set on the virtual host. +This sets the context keys that will be sent on every check request. +A route can overwrite the value for a context key by setting it in the +context field of authorization policy for the route. + +[1]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/ext_authz_filter +[2]: api/#projectcontour.io/v1alpha1.ExtensionService +[3]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/auth/v3/external_auth.proto +[4]: api/#projectcontour.io/v1.UpstreamValidation +[5]: api/#projectcontour.io/v1.AuthorizationServer +[6]: api/#projectcontour.io/v1.AuthorizationPolicy +[7]: guides/external-authorization.md diff --git a/site/content/docs/1.28/config/cookie-rewriting.md b/site/content/docs/1.28/config/cookie-rewriting.md new file mode 100644 index 00000000000..480fc34125c --- /dev/null +++ b/site/content/docs/1.28/config/cookie-rewriting.md @@ -0,0 +1,109 @@ +# Cookie Rewriting + +Contour now enables users to customize attributes on HTTP `Set-Cookie` response headers. +Application specific cookies and cookies generated by Contour's ["cookie" load balancing strategy](https://projectcontour.io/docs/v1.19.0/config/request-routing/#session-affinity) can be rewritten either per HTTPProxy `Route` or `Service`. +Users can choose to rewrite the `Path`, `Domain`, `Secure`, and `SameSite` attributes of the `Set-Cookie` header currently. +These attributes may be things an application may not be able to accurately set, without prior knowledge of how the application is deployed. +For example, if Contour is in use to rewrite the path or hostname of a request before it reaches an application backend, the application may not be able to accurately set the `Path` and `Domain` attributes in a `Set-Cookie` response header. +This feature can be used to apply security settings to ensure browsers treat generated cookies appropriately. +The `SameSite` and `Secure` attributes are currently not set by Envoy when it generates the `X-Contour-Session-Affinity`, but with this feature, users can customize this cookie further. + +## Per-Route Cookie Rewriting + +In order to implement separate cookie rewriting policies per-route, we can configure an HTTPProxy as below: + +```yaml +# cookie-rewrite-route.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: cookie-rewrite-route +spec: + virtualhost: + fqdn: cookie-rewrite-route.com + routes: + - conditions: + - prefix: /admin + services: + - name: admin-app + port: 80 + cookieRewritePolicies: + - name: X-Admin-Session + pathRewrite: + value: /admin + - conditions: + - prefix: /payments + services: + - name: payment-app + port: 80 + cookieRewritePolicies: + - name: X-User-Session + pathRewrite: + value: /payments + sameSite: Lax + - name: X-User-Data + sameSite: Lax +``` + +This HTTPProxy allows us to rewrite the `Path` attribute of the `X-Admin-Session` cookie on the `/admin` route. +In addition on the `/payments` route we rewrite the `Path` and `SameSite` attributes of the `X-User-Session` cookie and the `SameSite` attribute of the additional `X-User-Data` cookie. +If the backing services `payment-app` and `admin-app` return the specified cookies in `Set-Cookie` response headers, they will be rewritten with the values specified above. + +## Per-Service Cookie Rewriting + +Similar to the above, if we have more than one `Service` configured per `Route` but want to customize cookies separately between them we can: + +```yaml +# cookie-rewrite-service.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: cookie-rewrite-service +spec: + virtualhost: + fqdn: cookie-rewrite-service.com + routes: + - conditions: + - prefix: / + services: + - name: backend-1 + port: 80 + cookieRewritePolicies: + - name: X-User-Data-1 + domainRewrite: + value: cookie-rewrite-service.com + - name: backend-2 + port: 80 + cookieRewritePolicies: + - name: X-User-Data-2 + domainRewrite: + value: cookie-rewrite-service.com +``` + +## Rewriting Contour Session Affinity Cookie + +As mentioned above, users can use Contour's cookie load balancing strategy to enable session affinity. +Envoy generates a pretty bare-bones cookie but Contour's cookie rewriting feature can be used to customize this cookie to add security attributes: + +```yaml +# cookie-rewrite-session-affinity.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: cookie-rewrite-session-affinity +spec: + virtualhost: + fqdn: cookie-rewrite-session-affinity.com + routes: + - conditions: + - prefix: / + services: + - name: backend + port: 80 + loadBalancerPolicy: + strategy: Cookie + cookieRewritePolicies: + - name: X-Contour-Session-Affinity + sameSite: Strict + secure: true +``` diff --git a/site/content/docs/1.28/config/cors.md b/site/content/docs/1.28/config/cors.md new file mode 100644 index 00000000000..8f468aeaec7 --- /dev/null +++ b/site/content/docs/1.28/config/cors.md @@ -0,0 +1,82 @@ +# CORS + +A CORS (Cross-origin resource sharing) policy can be set for a HTTPProxy in order to allow cross-domain requests for trusted sources. +If a policy is set, it will be applied to all the routes of the virtual host. + +Contour allows configuring the headers involved in responses to cross-domain requests. +These include the `Access-Control-Allow-Origin`, `Access-Control-Allow-Methods`, `Access-Control-Allow-Headers`, `Access-Control-Expose-Headers`, `Access-Control-Max-Age`, `Access-Control-Allow-Private-Network` and `Access-Control-Allow-Credentials` headers in responses. + +In this example, cross-domain requests will be allowed for any domain (note the `*` value), with the methods `GET`, `POST`, or `OPTIONS`. +Headers `Authorization` and `Cache-Control` will be passed to the upstream server and headers `Content-Length` and `Content-Range` will be made available to the cross-origin request client. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: cors-example +spec: + virtualhost: + fqdn: www.example.com + corsPolicy: + allowCredentials: true + allowPrivateNetwork: true + allowOrigin: + - "*" # allows any origin + allowMethods: + - GET + - POST + - OPTIONS + allowHeaders: + - authorization + - cache-control + exposeHeaders: + - Content-Length + - Content-Range + maxAge: "10m" # preflight requests can be cached for 10 minutes. + routes: + - conditions: + - prefix: / + services: + - name: cors-example + port: 80 +``` + +The `allowOrigin` list may also be configured with exact origin matches or regex patterns. +In the following example, cross-domain requests must originate from the domain `https://client.example.com` or domains that match the regex `http[s]?:\/\/some-site-[a-z0-9]+\.example\.com` (e.g. request with `Origin` header `https://some-site-abc456.example.com`) + +*Note:* Patterns for matching `Origin` headers must be valid regex, simple "globbing" patterns (e.g. `*.foo.com`) will not be accepted or may produce incorrect matches. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: cors-example +spec: + virtualhost: + fqdn: www.example.com + corsPolicy: + allowCredentials: true + allowOrigin: + - https://client.example.com + - http[s]?:\/\/some-site-[a-z0-9]+\.example\.com + allowMethods: + - GET + - POST + - OPTIONS + allowHeaders: + - authorization + - cache-control + exposeHeaders: + - Content-Length + - Content-Range + maxAge: "10m" + routes: + - conditions: + - prefix: / + services: + - name: cors-example + port: 80 +``` + +`MaxAge` durations are expressed in the Go [duration format](https://godoc.org/time#ParseDuration). +Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Only positive values are allowed and 0 disables the cache requiring a preflight `OPTIONS` check for all cross-origin requests. diff --git a/site/content/docs/1.28/config/external-service-routing.md b/site/content/docs/1.28/config/external-service-routing.md new file mode 100644 index 00000000000..7da431dd06b --- /dev/null +++ b/site/content/docs/1.28/config/external-service-routing.md @@ -0,0 +1,47 @@ +# External Service Routing + +HTTPProxy supports routing traffic to `ExternalName` service types, but this is disabled by default, as it can lead +to inadvertent exposure of the Envoy Admin UI, allowing remote shutdown and restart of Envoy. +Please see [this security advisory](https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc) for all the details. +It can also be used to expose services in namespaces a user does not have access to, using an ExternalName of `service.namespace.svc.cluster.local`. +Please see [this Kubernetes security advisory](https://github.com/kubernetes/kubernetes/issues/103675) for more details. + +We do *not* recommend enabling ExternalName Services without a strong use case, and understanding of the security implications. + +However, To enable ExternalName processing, you must set the `enableExternalNameService` configuration file setting to `true`. +This will allow the following configuration to be valid. + +## ExternalName Support + +Contour looks at the `spec.externalName` field of the service and configures the route to use that DNS name instead of utilizing EDS. + +Note that hostnames of `localhost` or some other synonyms will be rejected (because of the aforementioned security issues). + +There's nothing specific in the HTTPProxy object that needs to be configured other than referencing a service of type `ExternalName`. +HTTPProxy supports the `requestHeadersPolicy` field to rewrite the `Host` header after first handling a request and before proxying to an upstream service. +This field can be used to ensure that the forwarded HTTP request contains the hostname that the external resource is expecting. + +_**Note:** The ports are required to be specified._ + +```yaml +# httpproxy-externalname.yaml +apiVersion: v1 +kind: Service +metadata: + labels: + run: externaldns + name: externaldns + namespace: default +spec: + externalName: foo-basic.bar.com + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + type: ExternalName +``` + +To proxy to another resource outside the cluster (e.g. A hosted object store bucket for example), configure that external resource in a service type `externalName`. +Then define a `requestHeadersPolicy` which replaces the `Host` header with the value of the external name service defined previously. +Finally, if the upstream service is served over TLS, set the `protocol` field on the service to `tls` or annotate the external name service with: `projectcontour.io/upstream-protocol.tls: 443,https`, assuming your service had a port 443 and name `https`. diff --git a/site/content/docs/1.28/config/fundamentals.md b/site/content/docs/1.28/config/fundamentals.md new file mode 100644 index 00000000000..0bdac65f77f --- /dev/null +++ b/site/content/docs/1.28/config/fundamentals.md @@ -0,0 +1,197 @@ +# HTTPProxy Fundamentals + +The [Ingress][1] object was added to Kubernetes in version 1.1 to describe properties of a cluster-wide reverse HTTP proxy. +Since that time, the Ingress API has remained relatively unchanged, and the need to express implementation-specific capabilities has inspired an [explosion of annotations][2]. + +The goal of the HTTPProxy Custom Resource Definition (CRD) is to expand upon the functionality of the Ingress API to allow for a richer user experience as well addressing the limitations of the latter's use in multi tenant environments. + +## Key HTTPProxy Benefits + +- Safely supports multi-team Kubernetes clusters, with the ability to limit which Namespaces may configure virtual hosts and TLS credentials. +- Enables including of routing configuration for a path or domain from another HTTPProxy, possibly in another Namespace. +- Accepts multiple services within a single route and load balances traffic across them. +- Natively allows defining service weighting and load balancing strategy without annotations. +- Validation of HTTPProxy objects at creation time and status reporting for post-creation validity. + +## Ingress to HTTPProxy + +A minimal Ingress object might look like: + +```yaml +# ingress.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: basic +spec: + rules: + - host: foo-basic.bar.com + http: + paths: + - backend: + service: + name: s1 + port: + number: 80 + pathType: Prefix +``` + +This Ingress object, named `basic`, will route incoming HTTP traffic with a `Host:` header for `foo-basic.bar.com` to a Service named `s1` on port `80`. +Implementing similar behavior using an HTTPProxy looks like this: + +```yaml +# httpproxy.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: basic +spec: + virtualhost: + fqdn: foo-basic.bar.com + routes: + - conditions: + - prefix: / + services: + - name: s1 + port: 80 +``` + +**Lines 1-5**: As with all other Kubernetes objects, an HTTPProxy needs apiVersion, kind, and metadata fields. + +**Lines 7-8**: The presence of the `virtualhost` field indicates that this is a root HTTPProxy that is the top level entry point for this domain. + + +## Interacting with HTTPProxies + +As with all Kubernetes objects, you can use `kubectl` to create, list, describe, edit, and delete HTTPProxy CRDs. + +Creating an HTTPProxy: + +```bash +$ kubectl create -f basic.httpproxy.yaml +httpproxy "basic" created +``` + +Listing HTTPProxies: + +```bash +$ kubectl get httpproxy +NAME AGE +basic 24s +``` + +Describing HTTPProxy: + +```bash +$ kubectl describe httpproxy basic +Name: basic +Namespace: default +Labels: +API Version: projectcontour.io/v1 +Kind: HTTPProxy +Metadata: + Cluster Name: + Creation Timestamp: 2019-07-05T19:26:54Z + Resource Version: 19373717 + Self Link: /apis/projectcontour.io/v1/namespaces/default/httpproxy/basic + UID: 6036a9d7-8089-11e8-ab00-f80f4182762e +Spec: + Routes: + Conditions: + Prefix: / + Services: + Name: s1 + Port: 80 + Virtualhost: + Fqdn: foo-basic.bar.com +Events: +``` + +Deleting HTTPProxies: + +```bash +$ kubectl delete httpproxy basic +httpproxy "basic" deleted +``` + +## Status Reporting + +There are many misconfigurations that could cause an HTTPProxy or delegation to be invalid. +Contour will make its best effort to process even partially valid configuration and allow traffic to be served for the valid parts. +To aid users in resolving any issues, Contour updates a `status` field in all HTTPProxy objects. + +If an HTTPProxy object is valid, it will have a status property that looks like this: + +```yaml +status: + currentStatus: valid + description: valid HTTPProxy +``` + +If the HTTPProxy is invalid, the `currentStatus` field will be `invalid` and the `description` field will provide a description of the issue. + +As an example, if an HTTPProxy object has specified a negative value for weighting, the HTTPProxy status will be: + +```yaml +status: + currentStatus: invalid + description: "route '/foo': service 'home': weight must be greater than or equal to zero" +``` + +Some examples of invalid configurations that Contour provides statuses for: + +- Negative weight provided in the route definition. +- Invalid port number provided for service. +- Prefix in parent does not match route in delegated route. +- Root HTTPProxy created in a namespace other than the allowed root namespaces. +- A given Route of an HTTPProxy both delegates to another HTTPProxy and has a list of services. +- Orphaned route. +- Delegation chain produces a cycle. +- Root HTTPProxy does not specify fqdn. +- Multiple prefixes cannot be specified on the same set of route conditions. +- Multiple header conditions of type "exact match" with the same header key. +- Contradictory header conditions on a route, e.g. a "contains" and "notcontains" condition for the same header and value. + +Invalid configuration is ignored and will be not used in the ingress routing configuration. +Envoy will respond with an error when HTTP request is received on route with invalid configuration on following cases: + +* `502 Bad Gateway` response is sent when HTTPProxy has an include that refers to an HTTPProxy that does not exist. +* `503 Service Unavailable` response is sent when HTTPProxy refers to a service that does not exist. + +### Example + +Following example has two routes: the first one is valid, the second one refers to a service that does not exist. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: multiple-routes-with-a-missing-service +spec: + virtualhost: + fqdn: www.example.com + routes: + - conditions: + - prefix: / + services: + - name: valid-service + port: 80 + - conditions: + - prefix: /subpage + services: + - name: service-that-does-not-exist + port: 80 +``` + +The `HTTPProxy` will have condition `Valid=false` with detailed error message: `Spec.Routes unresolved service reference: service "default/service-that-does-not-exist" not found`. +Requests received for `http://www.example.com/` will be forwarded to `valid-service` but requests received for `http://www.example.com/subpage` will result in error `503 Service Unavailable` response from Envoy. + +## HTTPProxy API Specification + +The full HTTPProxy specification is described in detail in the [API documentation][4]. +There are a number of working examples of HTTPProxy objects in the [`examples/example-workload`][3] directory of the Contour Github repository. + + [1]: https://kubernetes.io/docs/concepts/services-networking/ingress/ + [2]: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md + [3]: {{< param github_url>}}/tree/{{< param branch >}}/examples/example-workload/httpproxy + [4]: api.md diff --git a/site/content/docs/1.28/config/gateway-api.md b/site/content/docs/1.28/config/gateway-api.md new file mode 100644 index 00000000000..af67fea4339 --- /dev/null +++ b/site/content/docs/1.28/config/gateway-api.md @@ -0,0 +1,221 @@ +# Gateway API + +## Introduction + +[Gateway API][1] is an open source project managed by the SIG Network community. +It is a collection of resources that model service networking in Kubernetes. +These resources - GatewayClass, Gateway, HTTPRoute, TCPRoute, Service, etc - aim to evolve Kubernetes service networking through expressive, extensible, and role-oriented interfaces that are implemented by many vendors and have broad industry support. + +Contour implements Gateway API in addition to supporting HTTPProxy and Ingress. +In particular, Contour aims to support all [core and extended features][2] in Gateway API. + +Gateway API has a comprehensive [website and docs][1], so this document focuses primarily on unique aspects of Contour's Gateway API implementation, rather than attempting to reproduce all of the content available on the Gateway API website. +The reader is suggested to familiarize themselves with the basics of Gateway API before continuing with this doc. + +In Contour's Gateway API implementation, a Gateway corresponds 1:1 with a single deployment of Contour + Envoy. +In other words, each Gateway has its own control plane (Contour) and data plane (Envoy). + +The remainder of this document delves into more detail regarding configuration options when using Contour with Gateway API. +If you are looking for a way to get started with Gateway API and Contour, see the [Gateway API guide][12], a step-by-step tutorial on getting Contour installed with Gateway API and using it to route traffic to a service. + +## Enabling Gateway API in Contour + +There are two ways to deploy Contour with Gateway API support: **static** provisioning and **dynamic** provisioning. + +In **static** provisioning, the platform operator defines a `Gateway` resource, and then manually deploys a Contour instance corresponding to that `Gateway` resource. +It is up to the platform operator to ensure that all configuration matches between the `Gateway` and the Contour/Envoy resources. +With static provisioning, Contour can be configured with either a [controller name][8], or a specific gateway (see the [API documentation][7].) +If configured with a controller name, Contour will process the oldest `GatewayClass`, its oldest `Gateway`, and that `Gateway's` routes, for the given controller name. +If configured with a specific gateway, Contour will process that `Gateway` and its routes. + +**Note:** configuring Contour with a controller name is deprecated and will be removed in a future release. Use a specific gateway reference or dynamic provisioning instead. + +In **dynamic** provisioning, the platform operator first deploys Contour's Gateway provisioner. Then, the platform operator defines a `Gateway` resource, and the provisioner automatically deploys a Contour instance that corresponds to the `Gateway's` configuration and will process that `Gateway` and its routes. + +Static provisioning makes sense for users who: +- prefer the traditional model of deploying Contour +- have only a single Gateway +- want to use just the standard listener ports (80/443) +- have highly customized YAML for deploying Contour. + +Dynamic provisioning makes sense for users who: +- have many Gateways +- want to use additional listener ports +- prefer a simple declarative API for provisioning Contour instances +- want a fully conformant Gateway API implementation + +### Static Provisioning + +To statically provision Contour with Gateway API enabled: + +1. Install the [Gateway API experimental channel][3]. +1. Create a GatewayClass, with a controller name of `projectcontour.io/gateway-controller`. +1. Create a Gateway using the above GatewayClass. +1. In the Contour config file, add a reference to the above Gateway via `gateway.gatewayRef` (see https://projectcontour.io/docs/1.25/configuration/#gateway-configuration) +1. Install Contour using the above config file. + +Contour provides an example manifest for this at https://projectcontour.io/quickstart/contour-gateway.yaml. + +### Dynamic Provisioning + +To dynamically provision Contour with Gateway API enabled: + +1. Install the [Contour Gateway Provisioner][9], which includes the Gateway API experimental channel. +1. Create a GatewayClass, with a controller name of `projectcontour.io/gateway-controller`. +1. Create a Gateway using the above GatewayClass. + +The Contour Gateway Provisioner will deploy an instance of Contour in the Gateway's namespace implementing the Gateway spec. + +**Note:** Gateway names must be 63 characters or shorter, to avoid issues when generating dependent resources. See [projectcontour/contour#5970][13] and [kubernetes-sigs/gateway-api#2592][14] for more information. + +## Gateway Listeners + +Each unique Gateway Listener port requires the Envoy service to expose that port, and to map it to an underlying port in the Envoy daemonset/deployment that Envoy is configured to listen on. +For example, the following Gateway Listener configuration (abridged) requires service ports of 80 and 443, mapped to underlying container ports 8080 and 8443: + +```yaml +listeners: +- name: http + protocol: HTTP + port: 80 +- name: https + protocol: HTTPS + port: 443 +``` + +In dynamic provisioning, the Contour Gateway Provisioner will continuously ensure that the Envoy service and daemonset/deployment are kept in sync with the Gateway Listener configuration. +In static provisioning, it is up to the platform operator to keep the Envoy resources in sync with the Gateway Listeners. + +To get from the Gateway Listener port to the port that Envoy will be configured to listen on, i.e. the container port: +- add 8000 to the Listener port number +- if the result is greater than 65535, subtract 65535 +- if the result is less than or equal to 1023, add 1023. + +Note that, in rare corner cases, it's possible to have port conflicts. +Check the Gateway status to ensure that Listeners have been properly provisioned. + +## Routing + +Gateway API defines multiple route types. +Each route type is appropriate for a different type of traffic being proxied to a backend service. +Contour implements `HTTPRoute`, `TLSRoute`, `GRPCRoute` and `TCPRoute`. +The details of each of these route types are covered in extensive detail on the Gateway API website; the [route resources overview][11] is a good place to start learning about them. + +### Routing with HTTPProxy or Ingress + +When Gateway API is enabled in Contour, it's still possible to use HTTPProxy or Ingress to define routes, with some limitations. +This is useful for users who: +- are in the process of migrating to Gateway API +- want to use the Contour Gateway Provisioner for dynamic provisioning, but need the advanced features of HTTPProxy + +To use HTTPProxy or Ingress with Gateway API, define a Gateway with the following Listeners: + +```yaml +listeners: +- name: http + protocol: HTTP + port: 80 + allowedRoutes: + namespaces: + from: All +- name: https + protocol: projectcontour.io/https + port: 443 + allowedRoutes: + namespaces: + from: All +``` + +Note that for the second Listener, a Contour-specific protocol is used, and no TLS details are specified. +Instead, TLS details continue to be configured on the HTTPProxy or Ingress resource. + +This is an area of active development and further work will be done in upcoming releases to better support migrations and mixed modes of operation. + +## Contour Gateway Provisioner + +### Customizing a GatewayClass + +Gateway API [supports attaching parameters to a GatewayClass][5], which can customize the Gateways that are provisioned for that GatewayClass. + +Contour defines a CRD called `ContourDeployment`, which can be used as `GatewayClass` parameters. + +A simple example of a parameterized Contour GatewayClass that provisions Envoy as a Deployment instead of the default DaemonSet looks like: + +```yaml +kind: GatewayClass +apiVersion: gateway.networking.k8s.io/v1 +metadata: + name: contour-with-envoy-deployment +spec: + controllerName: projectcontour.io/gateway-controller + parametersRef: + kind: ContourDeployment + group: projectcontour.io + name: contour-with-envoy-deployment-params + namespace: projectcontour +--- +kind: ContourDeployment +apiVersion: projectcontour.io/v1alpha1 +metadata: + namespace: projectcontour + name: contour-with-envoy-deployment-params +spec: + envoy: + workloadType: Deployment +``` + +All Gateways provisioned using the `contour-with-envoy-deployment` GatewayClass would get an Envoy Deployment. + +See [the API documentation][6] for all `ContourDeployment` options. + +It's important to note that, per the [GatewayClass spec][10]: + +> It is recommended that [GatewayClass] be used as a template for Gateways. +> This means that a Gateway is based on the state of the GatewayClass at the time it was created and changes to the GatewayClass or associated parameters are not propagated down to existing Gateways. +> This recommendation is intended to limit the blast radius of changes to GatewayClass or associated parameters. +> If implementations choose to propagate GatewayClass changes to existing Gateways, that MUST be clearly documented by the implementation. + +Contour follows the recommended behavior, meaning changes to a GatewayClass and its parameters are not propagated down to existing Gateways. + +### Upgrades + +When the Contour Gateway Provisioner is upgraded to a new version, it will upgrade all Gateways it controls (both the control plane and the data plane). + +## Disabling Experimental Resources + +Some users may want to use Contour with the [Gateway API standard channel][4] instead of the experimental channel, to avoid installing alpha resources into their clusters. +To do this, Contour must be told to disable informers for the experimental resources. +In the Contour (control plane) deployment, use the `--disable-feature` flag for `contour serve` to disable informers for the experimental resources: + +```yaml +containers: +- name: contour + image: ghcr.io/projectcontour/contour: + command: ["contour"] + args: + - serve + - --incluster + - --xds-address=0.0.0.0 + - --xds-port=8001 + - --contour-cafile=/certs/ca.crt + - --contour-cert-file=/certs/tls.crt + - --contour-key-file=/certs/tls.key + - --config-path=/config/contour.yaml + - --disable-feature=tlsroutes + - --disable-feature=grpcroutes +``` + +[1]: https://gateway-api.sigs.k8s.io/ +[2]: https://gateway-api.sigs.k8s.io/concepts/conformance/#2-support-levels +[3]: https://gateway-api.sigs.k8s.io/guides/#install-experimental-channel +[4]: https://gateway-api.sigs.k8s.io/guides/#install-standard-channel +[5]: https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass-parameters +[6]: https://projectcontour.io/docs/main/config/api/#projectcontour.io/v1alpha1.ContourDeployment +[7]: https://projectcontour.io/docs/main/config/api/#projectcontour.io/v1alpha1.GatewayConfig +[8]: https://gateway-api.sigs.k8s.io/api-types/gatewayclass/#gatewayclass-controller-selection +[9]: https://projectcontour.io/quickstart/contour-gateway-provisioner.yaml +[10]: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1.GatewayClass +[11]: https://gateway-api.sigs.k8s.io/concepts/api-overview/#route-resources +[12]: /docs/{{< param version >}}/guides/gateway-api +[13]: https://github.com/projectcontour/contour/issues/5970 +[14]: https://github.com/kubernetes-sigs/gateway-api/issues/2592 \ No newline at end of file diff --git a/site/content/docs/1.28/config/health-checks.md b/site/content/docs/1.28/config/health-checks.md new file mode 100644 index 00000000000..6dd1aac619d --- /dev/null +++ b/site/content/docs/1.28/config/health-checks.md @@ -0,0 +1,160 @@ +# Upstream Health Checks + +## HTTP Proxy Health Checking + +Active health checking can be configured on a per route basis. +Contour supports HTTP health checking and can be configured with various settings to tune the behavior. + +During HTTP health checking Envoy will send an HTTP request to the upstream Endpoints. +It expects a 200 response by default if the host is healthy (see `expectedStatuses` below for configuring the "healthy" status codes). +The upstream host can return 503 if it wants to immediately notify Envoy to no longer forward traffic to it. +It is important to note that these are health checks which Envoy implements and are separate from any other system such as those that exist in Kubernetes. + +```yaml +# httpproxy-health-checks.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: health-check + namespace: default +spec: + virtualhost: + fqdn: health.bar.com + routes: + - conditions: + - prefix: / + healthCheckPolicy: + path: /healthy + intervalSeconds: 5 + timeoutSeconds: 2 + unhealthyThresholdCount: 3 + healthyThresholdCount: 5 + services: + - name: s1-health + port: 80 + - name: s2-health + port: 80 +``` + +Health check configuration parameters: + +- `path`: HTTP endpoint used to perform health checks on upstream service (e.g. `/healthz`). It expects a 200 response if the host is healthy. The upstream host can return 503 if it wants to immediately notify downstream hosts to no longer forward traffic to it. +- `host`: The value of the host header in the HTTP health check request. If left empty (default value), the name "contour-envoy-healthcheck" will be used. +- `intervalSeconds`: The interval (seconds) between health checks. Defaults to 5 seconds if not set. +- `timeoutSeconds`: The time to wait (seconds) for a health check response. If the timeout is reached the health check attempt will be considered a failure. Defaults to 2 seconds if not set. +- `unhealthyThresholdCount`: The number of unhealthy health checks required before a host is marked unhealthy. Note that for http health checking if a host responds with 503 this threshold is ignored and the host is considered unhealthy immediately. Defaults to 3 if not defined. +- `healthyThresholdCount`: The number of healthy health checks required before a host is marked healthy. Note that during startup, only a single successful health check is required to mark a host healthy. +- `expectedStatuses`: An optional list of HTTP status ranges that are considered healthy. Ranges follow half-open semantics, meaning the start is inclusive and the end is exclusive. Statuses must be between 100 (inclusive) and 600 (exclusive). + +### Non-default expected statuses + +By default, only responses with a 200 status code will be considered healthy. +The set of response codes considered healthy can be customized by specifying ranges in `expectedStatuses`. +Ranges follow half-open semantics, meaning the start is inclusive and the end is exclusive. +Statuses must be between 100 (inclusive) and 600 (exclusive). +For example: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: health-check + namespace: default +spec: + virtualhost: + fqdn: health.bar.com + routes: + - conditions: + - prefix: / + healthCheckPolicy: + path: /healthy + intervalSeconds: 5 + timeoutSeconds: 2 + unhealthyThresholdCount: 3 + healthyThresholdCount: 5 + # Status codes 200 and 250-299 will be considered healthy. + expectedStatuses: + - start: 200 + end: 201 + - start: 250 + end: 300 + services: + - name: s1-health + port: 80 + - name: s2-health + port: 80 +``` + +Note that if `expectedStatuses` is specified, `200` must be explicitly included in one of the specified ranges if it is desired as a healthy status code. + +## TCP Proxy Health Checking + +Contour also supports TCP health checking and can be configured with various settings to tune the behavior. + +During TCP health checking Envoy will send a connect-only health check to the upstream Endpoints. +It is important to note that these are health checks which Envoy implements and are separate from any +other system such as those that exist in Kubernetes. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: tcp-health-check + namespace: default +spec: + virtualhost: + fqdn: health.bar.com + tcpproxy: + healthCheckPolicy: + intervalSeconds: 5 + timeoutSeconds: 2 + unhealthyThresholdCount: 3 + healthyThresholdCount: 5 + services: + - name: s1-health + port: 80 + - name: s2-health + port: 80 +``` + +TCP Health check policy configuration parameters: + +- `intervalSeconds`: The interval (seconds) between health checks. Defaults to 5 seconds if not set. +- `timeoutSeconds`: The time to wait (seconds) for a health check response. If the timeout is reached the health check attempt will be considered a failure. Defaults to 2 seconds if not set. +- `unhealthyThresholdCount`: The number of unhealthy health checks required before a host is marked unhealthy. Note that for http health checking if a host responds with 503 this threshold is ignored and the host is considered unhealthy immediately. Defaults to 3 if not defined. +- `healthyThresholdCount`: The number of healthy health checks required before a host is marked healthy. Note that during startup, only a single successful health check is required to mark a host healthy. + +## Specify the service health check port + +contour supports configuring an optional health check port for services. + +By default, the service's health check port is the same as the service's routing port. +If the service's health check port and routing port are different, you can configure the health check port separately. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: health-check + namespace: default +spec: + virtualhost: + fqdn: health.bar.com + routes: + - conditions: + - prefix: / + healthCheckPolicy: + path: /healthy + intervalSeconds: 5 + timeoutSeconds: 2 + unhealthyThresholdCount: 3 + healthyThresholdCount: 5 + services: + - name: s1-health + port: 80 + healthPort: 8998 + - name: s2-health + port: 80 +``` + +In this example, envoy will send a health check request to port `8998` of the `s1-health` service and port `80` of the `s2-health` service respectively . If the host is healthy, envoy will forward traffic to the `s1-health` service on port `80` and to the `s2-health` service on port `80`. diff --git a/site/content/docs/1.28/config/inclusion-delegation.md b/site/content/docs/1.28/config/inclusion-delegation.md new file mode 100644 index 00000000000..b9364ff1fcd --- /dev/null +++ b/site/content/docs/1.28/config/inclusion-delegation.md @@ -0,0 +1,139 @@ +# HTTPProxy Inclusion + +HTTPProxy permits the splitting of a system's configuration into separate HTTPProxy instances using **inclusion**. + +Inclusion, as the name implies, allows for one HTTPProxy object to be included in another, optionally with some conditions inherited from the parent. +Contour reads the inclusion tree and merges the included routes into one big object internally before rendering Envoy config. +Importantly, the included HTTPProxy objects do not have to be in the same namespace. + +Each tree of HTTPProxy starts with a root, the top level object of the configuration for a particular virtual host. +Each root HTTPProxy defines a `virtualhost` key, which describes properties such as the fully qualified name of the virtual host, TLS configuration, etc. + +HTTPProxies included from the root must not contain a virtualhost key. +Root objects cannot include other roots either transitively or directly. +This permits the owner of an HTTPProxy root to allow the inclusion of a portion of the route space inside a virtual host, and to allow that route space to be further subdivided with inclusions. +Because the path is not necessarily used as the only key, the route space can be multi-dimensional. + +## Conditions and Inclusion + +Like Routes, Inclusion may specify a set of [conditions][1]. +These conditions are added to any conditions on the routes included. +This process is recursive. + +Conditions are sets of individual condition statements, for example `prefix: /blog` is the condition that the matching request's path must start with `/blog`. +When conditions are combined through inclusion Contour merges the conditions inherited via inclusion with any conditions specified on the route. +This may result in duplicates, for example two `prefix:` conditions, mix of both `prefix:` and `exact` or `prefix` and `regex` conditions, or two header match conditions with the same name and value. +To resolve this Contour applies the following logic. + +- `prefix:` conditions are concatenated together in the order they were applied from the root object. For example the conditions, `prefix: /api`, `prefix: /v1` becomes a single `prefix: /api/v1` conditions. Note: Multiple prefixes cannot be supplied on a single set of Route conditions. +- `exact:` conditions are also concatenated just like `prefix:` conditions, but `exact:` conditions are not allowed in include match conditions. If the child httpproxy has `exact:` condition then after concatenation, it becomes a single `exact:` condition. For example, `prefix: /static` and `exact: /main.js` become a single `exact: /static/main.js` condition. +- `regex:` conditions are also concatenated just like `prefix:` conditions, but `regex:` conditions are not allowed in include match conditions. If the child httpproxy has `regex:` condition then after concatenation, it becomes a single `regex:` condition. For example, `prefix: /static` and `regex: /.*/main.js` become a single `regex: /static/.*/main.js` condition. +- Proxies with repeated identical `header:` conditions of type "exact match" (the same header keys exactly) are marked as "Invalid" since they create an un-routable configuration. + +## Configuring Inclusion + +Inclusion is a top-level field in the HTTPProxy [spec][2] element. +It requires one field, `name`, and has two optional fields: + +- `namespace`. This will assume the included HTTPProxy is in the same namespace if it's not specified. +- a `conditions` block. + +## Inclusion Within the Same Namespace + +HTTPProxies can include other HTTPProxy objects in the namespace by specifying the name of the object and its namespace in the top-level `includes` block. +Note that `includes` is a list, and so it must use the YAML list construct. + +In this example, the HTTPProxy `include-root` has included the configuration for paths matching `/service2` from the HTTPProxy named `service2` in the same namespace as `include-root` (the `default` namespace). +It's important to note that `service2` HTTPProxy has not defined a `virtualhost` property as it is NOT a root HTTPProxy. + +```yaml +# httpproxy-inclusion-samenamespace.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: include-root + namespace: default +spec: + virtualhost: + fqdn: root.bar.com + includes: + # Includes the /service2 path from service2 in the same namespace + - name: service2 + namespace: default + conditions: + - prefix: /service2 + routes: + - conditions: + - prefix: / + services: + - name: s1 + port: 80 +--- +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: service2 + namespace: default +spec: + routes: + - services: # matches /service2 + - name: s2 + port: 80 + - conditions: + - prefix: /blog # matches /service2/blog + services: + - name: blog + port: 80 +``` + +## Inclusion Across Namespaces + +Inclusion can also happen across Namespaces by specifying a `namespace` in the `inclusion`. +This is a particularly powerful paradigm for enabling multi-team Ingress management. + +If the `--watch-namespaces` configuration flag is used, it must define all namespaces that will be referenced by the inclusion. + +In this example, the root HTTPProxy has included configuration for paths matching `/blog` to the `blog` HTTPProxy object in the `marketing` namespace. + +```yaml +# httpproxy-inclusion-across-namespaces.yaml +--- +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: namespace-include-root + namespace: default +spec: + virtualhost: + fqdn: ns-root.bar.com + includes: + # delegate the subpath, `/blog` to the HTTPProxy object in the marketing namespace with the name `blog` + - name: blog + namespace: marketing + conditions: + - prefix: /blog + routes: + - services: + - name: s1 + port: 80 + +--- +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: blog + namespace: marketing +spec: + routes: + - services: + - name: s2 + port: 80 +``` + +## Orphaned HTTPProxy children + +It is possible for HTTPProxy objects to exist that have not been delegated to by another HTTPProxy. +These objects are considered "orphaned" and will be ignored by Contour in determining ingress configuration. + +[1]: request-routing#conditions +[2]: api/#projectcontour.io/v1.HTTPProxySpec diff --git a/site/content/docs/1.28/config/ingress.md b/site/content/docs/1.28/config/ingress.md new file mode 100644 index 00000000000..22e65bb0255 --- /dev/null +++ b/site/content/docs/1.28/config/ingress.md @@ -0,0 +1,94 @@ +# k8s Ingress Resource Support in Contour + + + + + +This document describes Contour's implementation of specific Ingress resource fields and features. +As the Ingress specification has evolved between v1beta1 and v1, any differences between versions are highlighted to ensure clarity for Contour users. + +**Note: As of Contour version 1.16.0, Contour is not compatible with Kubernetes versions that predate Ingress v1. This means Contour 1.16.0 and above require Kubernetes 1.19 and above. The Ingress v1beta1 resource is still available in Kubernetes 1.19 (but will be removed in 1.22) and the API server will convert such resources to Ingress v1 for Contour to subscribe to.** + +## Kubernetes Versions + +Contour is [validated against Kubernetes release versions N through N-2][1] (with N being the latest release). +For Kubernetes version 1.19+, the API server translates any Ingress v1beta1 resources to Ingress v1 and Contour watches Ingress v1 resources. + +## IngressClass and IngressClass Name + +In order to support differentiating between Ingress controllers or multiple instances of a single Ingress controller, users can create an [IngressClass resource][2] and specify an IngressClass name on a Ingress to reference it. +The IngressClass resource can be used to provide configuration to an Ingress controller watching resources it governs. +Contour supports watching an IngressClass resource specified with the `--ingress-class-name` flag to the `contour serve` command. +Contour does not require an IngressClass resource with the name passed in the aforementioned flag to exist, the name can just be used as an identifier for filtering which Ingress resources Contour reconciles into actual route configuration. + +Ingresses may specify an IngressClass name via the original annotation method or via the `ingressClassName` spec field. +As the `ingressClassName` field has been introduced on Ingress v1beta1, there should be no differences in IngressClass name filtering between the two available versions of the resource. +Contour uses its configured IngressClass name to filter Ingresses. +If the `--ingress-class-name` flag is provided, Contour will only accept Ingress resources that exactly match the specified IngressClass name via annotation or spec field, with the value in the annotation taking precedence. (The `--ingress-class-name` value can be a comma-separated list of class names to match against.) +If the flag is not passed to `contour serve` Contour will accept any Ingress resource that specifies the IngressClass name `contour` in annotation or spec fields or does not specify one at all. + +## Default Backend + +Contour supports the `defaultBackend` Ingress v1 spec field and equivalent `backend` v1beta1 version of the field. +See upstream [documentation][3] on this field. +Any requests that do not match an Ingress rule will be forwarded to this backend. +As TLS secrets on Ingresses are scoped to specific hosts, this default backend cannot serve TLS as it could match an unbounded set of hosts and configuring a matching set of TLS secrets would not be possible. +As is the case on Ingress rules, Contour only supports configuring a Service as a backend and does not support any other Kubernetes resource. + +## Ingress Rules + +See upstream [documentation][4] on Ingress rules. + +As with default backends, Contour only supports configuring a Service as a backend and does not support any other Kubernetes resource. + +Contour supports [wildcard hostnames][5] as documented by the upstream API as well as precise hostnames. +Wildcard hostnames are limited to the whole first DNS label of the hostname, e.g. `*.foo.com` is valid but `*foo.com`, `foo*.com`, `foo.*.com` are not. +`*` is also not a valid hostname. +Precise hostnames in Ingress or HTTPProxy configuration take higher precedence over wildcards. +For example, given an Ingress rule with the hostname `*.foo.com` routing to `service-a` and another Ingress rule or HTTPProxy route containing a subdomain (say `bar.foo.com`) routing to `service-b`, requests to `bar.foo.com` will be routed to `service-b`. +The Ingress admission controller validation ensures valid hostnames are present when creating an Ingress resource. + +Contour supports all of the various [path matching][6] types described by the Ingress spec. +Prior to Contour 1.14.0, path match types were ignored and path matching was performed with a Contour specific implementation. +Paths specified with any regex meta-characters (any of `^+*[]%`) were implemented as regex matches. +Any other paths were programmed in Envoy as "string prefix" matches. +This behavior is preserved in the `ImplementationSpecific` match type in Contour 1.14.0+ to ensure backwards compatibility. +`Exact` path matches will now result in matching requests to the given path exactly. +The `Prefix` patch match type will now result in matching requests with a "segment prefix" rather than a "string prefix" according to the spec (e.g. the prefix `/foo/bar` will match requests with paths `/foo/bar`, `/foo/bar/`, and `/foo/bar/baz`, but not `/foo/barbaz`). + +## TLS + +See upstream [documentation][7] on TLS configuration. + +A secret specified in an Ingress TLS element will only be applied to Ingress rules with `Host` configuration that exactly matches an element of the TLS `Hosts` field. +Any secrets that do not match an Ingress rule `Host` will be ignored. + +In Ingress v1beta1, the `secretName` field could contain a string with a full `namespace/name` identifier. +When used with Contour's [TLS certificate delegation][8], this allowed Ingresses to use a TLS certificate from a different namespace. +However, Ingress v1 does not allow the `secretName` field to contain a string with a full `namespace/name` identifier, because the field validation disallows the `/` character. +Instead, Ingress v1 resources can now use the `projectcontour.io/tls-cert-namespace` annotation, to define the namespace that contains the TLS certificate (if different than the Ingress's namespace). +This enables the TLS certificate delegation functionality to continue working for Ingress v1. +For more information and an example, see the [TLS certificate delegation documentation][8]. + +## Status + +In order to inform users of the address the Services their Ingress resources can be accessed at, Contour sets status on Ingress resources. +If `contour serve` is run with the `--ingress-status-address` flag, Contour will use the provided value to set the Ingress status address accordingly. +If not provided, Contour will use the address of the Envoy service using the passed in `--envoy-service-name` and `--envoy-service-namespace` flags. + +## Header Manipulation + +The Ingress resource does not allow adding or removing HTTP headers on requests or responses. +However, Contour does allow users to set a global HTTP header [policy configuration][9] which can be optionally applied to configuration generated from Ingress resources. +Contour enables this behavior with the `applyToIngress` boolean field (set to `true` to enable). + +[0]: https://github.com/kubernetes-sigs/ingress-controller-conformance +[1]: /resources/compatibility-matrix/ +[2]: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class +[3]: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-backend +[4]: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules +[5]: https://kubernetes.io/docs/concepts/services-networking/ingress/#hostname-wildcards +[6]: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types +[7]: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls +[8]: /docs/{{< param version >}}/config/tls-delegation/ +[9]: /docs/{{< param version >}}/configuration/#policy-configuration diff --git a/site/content/docs/1.28/config/ip-filtering.md b/site/content/docs/1.28/config/ip-filtering.md new file mode 100644 index 00000000000..161d39bc228 --- /dev/null +++ b/site/content/docs/1.28/config/ip-filtering.md @@ -0,0 +1,80 @@ +# IP Filtering + +Contour supports filtering requests based on the incoming ip address using Envoy's [RBAC Filter][1]. + +Requests can be either allowed or denied based on a CIDR range specified on the virtual host and/or individual routes. + +If the request's IP address is allowed, the request will be proxied to the appropriate upstream. +If the request's IP address is denied, an HTTP 403 (Forbidden) will be returned to the client. + +## Specifying Rules + +Rules are specified with the `ipAllowPolicy` and `ipDenyPolicy` fields on `virtualhost` and `route`: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: basic +spec: + virtualhost: + fqdn: foo-basic.bar.com + ipAllowPolicy: + # traffic is allowed if it came from localhost (i.e. co-located reverse proxy) + - cidr: 127.0.0.1/32 + source: Peer + routes: + - conditions: + - prefix: / + services: + - name: s1 + port: 80 + # route-level ip filters override the virtualhost-level filters + ipAllowPolicy: + # traffic is allowed if it came from localhost (i.e. co-located reverse proxy) + - cidr: 127.0.0.1/32 + source: Peer + # and the request originated from an IP in this range + - cidr: 99.99.0.0/16 + source: Remote +``` + +### Specifying CIDR Ranges + +CIDR ranges may be ipv4 or ipv6. Bare IP addresses are interpreted as the CIDR range containing that one ip address only. + +Examples: +- `1.1.1.1/24` +- `127.0.0.1` +- `2001:db8::68/24` +- `2001:db8::68` + +### Allow vs Deny + +Filters are specified as either allow or deny: + +- `ipAllowPolicy` only allows requests that match the ip filters. +- `ipDenyPolicy` denies all requests unless they match the ip filters. + +Allow and deny policies cannot both be specified at the same time for a virtual host or route. + +### IP Source + +The `source` field controls how the ip address is selected from the request for filtering. + +- `source: Peer` filter rules will filter using Envoy's [direct_remote_ip][2], which is always the physical peer. +- `source: Remote` filter rules will filter using Envoy's [remote_ip][3], which may be inferred from the X-Forwarded-For header or proxy protocol. + +If using `source: Remote` with `X-Forwarded-For`, it may be necessary to configure Contour's `numTrustedHops` in [Network Parameters][4]. + +### Virtual Host and Route Filter Precedence + +IP filters on the virtual host apply to all routes included in the virtual host, unless the route specifies its own rules. + +Rules specified on a route override any rules defined on the virtual host, they are not additive. + +[1]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/rbac_filter.html +[2]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.proto#envoy-v3-api-field-config-rbac-v3-principal-direct-remote-ip +[3]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/rbac/v3/rbac.proto#envoy-v3-api-field-config-rbac-v3-principal-remote-ip +[4]: api/#projectcontour.io/v1.NetworkParameters + diff --git a/site/content/docs/1.28/config/jwt-verification.md b/site/content/docs/1.28/config/jwt-verification.md new file mode 100644 index 00000000000..3f884ad2aef --- /dev/null +++ b/site/content/docs/1.28/config/jwt-verification.md @@ -0,0 +1,182 @@ +# JWT Verification + +Contour supports verifying JSON Web Tokens (JWTs) on incoming requests, using Envoy's [jwt_authn HTTP filter][1]. +Specifically, the following properties can be checked: +- issuer field +- audiences field +- signature, using a configured JSON Web Key Store (JWKS) +- time restrictions (e.g. expiration, not before time) + +If verification succeeds, the request will be proxied to the appropriate upstream. +If verification fails, an HTTP 401 (Unauthorized) will be returned to the client. + +JWT verification is only supported on TLS-terminating virtual hosts. + +## Configuring providers and rules + +A JWT provider is configured for an HTTPProxy's virtual host, and defines how to verify JWTs: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: jwt-verification + namespace: default +spec: + virtualhost: + fqdn: example.com + tls: + secretName: example-com-tls-cert + jwtProviders: + - name: provider-1 + issuer: example.com + audiences: + - audience-1 + - audience-2 + remoteJWKS: + uri: https://example.com/jwks.json + timeout: 1s + cacheDuration: 5m + forwardJWT: true + routes: + ... +``` + +The provider above requires JWTs to have an issuer of example.com, an audience of either audience-1 or audience-2, and a signature that can be verified using the configured JWKS. +It also forwards the JWT to the backend via the `Authorization` header after successful verification. + +To apply a JWT provider as a requirement to a given route, specify a `jwtVerificationPolicy` for the route: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: jwt-verification + namespace: default +spec: + virtualhost: + fqdn: example.com + tls: + secretName: example-com-tls-cert + jwtProviders: + - name: provider-1 + ... + routes: + - conditions: + - prefix: / + jwtVerificationPolicy: + require: provider-1 + services: + - name: s1 + port: 80 + - conditions: + - prefix: /css + services: + - name: s1 + port: 80 +``` + +In the above example, the default route requires requests to carry JWTs that can be verified using provider-1. +The second route _excludes_ requests to paths starting with `/css` from JWT verification, because it does not have a JWT verification policy. + +### Configuring TLS validation for the JWKS server + +By default, the JWKS server's TLS certificate will not be validated, but validation can be requested by setting the `spec.virtualhost.jwtProviders[].remoteJWKS.validation` field. +This field has mandatory `caSecret` and `subjectName` fields, which specify the trusted root certificates with which to validate the server certificate and the expected server name. +The `caSecret` can be a namespaced name of the form `/`. +If the CA secret's namespace is not the same namespace as the `HTTPProxy` resource, [TLS Certificate Delegation][5] must be used to allow the owner of the CA certificate secret to delegate, for the purposes of referencing the CA certificate in a different namespace, permission to Contour to read the Secret object from another namespace. + +**Note:** If `spec.virtualhost.jwtProviders[].remoteJWKS.validation` is present, `spec.virtualhost.jwtProviders[].remoteJWKS.uri` must have a scheme of `https`. + +## Setting a default provider + +The previous section showed how to explicitly require JWT providers for specific routes. +An alternate approach is to define a JWT provider as the default by specifying `default: true` for it, in which case it is automatically applied to all routes unless they disable JWT verification. +The example from the previous section could alternately be configured as follows: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: jwt-verification + namespace: default +spec: + virtualhost: + fqdn: example.com + tls: + secretName: example-com-tls-cert + jwtProviders: + - name: provider-1 + default: true + ... + routes: + - conditions: + - prefix: / + services: + - name: s1 + port: 80 + - conditions: + - prefix: /css + jwtVerificationPolicy: + disabled: true + services: + - name: s1 + port: 80 +``` + +In this case, the default route automatically has provider-1 applied, while the `/css` route explicitly disables JWT verification. + +One scenario where setting a default provider can be particularly useful is when using [HTTPProxy inclusion][2]. +Setting a default provider in the root HTTPProxy allows all routes in the child HTTPProxies to automatically have JWT verification applied. +For example: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: jwt-verification-root + namespace: default +spec: + virtualhost: + fqdn: example.com + tls: + secretName: example-com-tls-cert + jwtProviders: + - name: provider-1 + default: true + ... + includes: + - name: jwt-verification-child + namespace: default + conditions: + - prefix: /blog +--- +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: jwt-verification-child + namespace: default +spec: + routes: + - conditions: + - prefix: / + services: + - name: s1 + port: 80 +``` + +In this case, all routes in the child HTTPProxy will automatically have JWT verification applied, without the owner of this HTTPProxy needing to configure it explicitly. + +## API documentation + +For more information on the HTTPProxy API for JWT verification, see: + +- [JWTProvider][3] +- [JWTVerificationPolicy][4] + + +[1]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/jwt_authn_filter +[2]: /docs/{{< param version >}}/config/inclusion-delegation/ +[3]: /docs/{{< param version >}}/config/api/#projectcontour.io/v1.JWTProvider +[4]: /docs/{{< param version >}}/config/api/#projectcontour.io/v1.JWTVerificationPolicy +[5]: tls-delegation.md diff --git a/site/content/docs/1.28/config/overload-manager.md b/site/content/docs/1.28/config/overload-manager.md new file mode 100644 index 00000000000..33c96532eba --- /dev/null +++ b/site/content/docs/1.28/config/overload-manager.md @@ -0,0 +1,30 @@ +# Overload Manager + +Envoy uses heap memory when processing requests. +When the system runs out of memory or memory resource limit for the container is reached, Envoy process is terminated abruptly. +To avoid this, Envoy [overload manager][1] can be enabled. +Overload manager controls how much memory Envoy will allocate at maximum and what actions it takes when the limit is reached. + +Overload manager is disabled by default. +It can be enabled at deployment time by using `--overload-max-heap=[MAX_BYTES]` command line flag in [`contour bootstrap`][2] command. +The bootstrap command is executed in [init container of Envoy pod][3] to generate initial configuration for Envoy. +To enable overload manager, modify the deployment manifest and add for example `--overload-max-heap=2147483648` to set maximum heap size to 2 GiB. +The appropriate number of bytes can be different from system to system. + +After the feature is enabled, following two overload actions are configured to Envoy: + +* Shrink heap action is executed when 95% of the maximum heap size is reached. +* Envoy will stop accepting requests when 98% of the maximum heap size is reached. + +When requests are denied due to high memory pressure, `503 Service Unavailable` will be returned with a response body containing text `envoy overloaded`. +Shrink heap action will try to free unused heap memory, eventually allowing requests to be processed again. + +**NOTE:** +The side effect of overload is that Envoy will deny also requests `/ready` and `/stats` endpoints. +This is due to the way how Contour secures Envoy's admin API and exposes only selected admin API endpoints by proxying itself. +When readiness probe fails, the overloaded Envoy will be removed from the list of service endpoints. +If the maximum heap size is set too low, Envoy may be unable to free enough memory and never become ready again. + +[1]: https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/overload_manager/overload_manager +[2]: ../configuration#bootstrap-flags +[3]: https://github.com/projectcontour/contour/blob/cbec8eca9e8b639318588c5aa7ec0b5b751938c5/examples/render/contour.yaml#L5204-L5216 diff --git a/site/content/docs/1.28/config/rate-limiting.md b/site/content/docs/1.28/config/rate-limiting.md new file mode 100644 index 00000000000..7a69c22c079 --- /dev/null +++ b/site/content/docs/1.28/config/rate-limiting.md @@ -0,0 +1,366 @@ +# Rate Limiting + +- [Overview](#overview) +- [Local Rate Limiting](#local-rate-limiting) +- [Global Rate Limiting](#global-rate-limiting) + +## Overview + +Rate limiting is a means of protecting backend services against unwanted traffic. +This can be useful for a variety of different scenarios: + +- Protecting against denial-of-service (DoS) attacks by malicious actors +- Protecting against DoS incidents due to bugs in client applications/services +- Enforcing usage quotas for different classes of clients, e.g. free vs. paid tiers +- Controlling resource consumption/cost + +Envoy supports two forms of HTTP rate limiting: **local** and **global**. + +In local rate limiting, rate limits are enforced by each Envoy instance, without any communication with other Envoys or any external service. + +In global rate limiting, an external rate limit service (RLS) is queried by each Envoy via gRPC for rate limit decisions. + +Contour supports both forms of Envoy's rate limiting. + +## Local Rate Limiting + +The `HTTPProxy` API supports defining local rate limit policies that can be applied to either individual routes or entire virtual hosts. +Local rate limit policies define a maximum number of requests per unit of time that an Envoy should proxy to the upstream service. +Requests beyond the defined limit will receive a `429 (Too Many Requests)` response by default. +Local rate limit policies program Envoy's [HTTP local rate limit filter][1]. + +It's important to note that local rate limit policies apply *per Envoy pod*. +For example, a local rate limit policy of 100 requests per second for a given route will result in *each Envoy pod* allowing up to 100 requests per second for that route. + +### Defining a local rate limit + +Local rate limit policies can be defined for either routes or virtual hosts. A local rate limit policy requires a `requests` and a `units` field, defining the *number of requests per unit of time* that are allowed. `Requests` must be a positive integer, and `units` can be `second`, `minute`, or `hour`. Optionally, a `burst` parameter can also be provided, defining the number of requests above the baseline rate that are allowed in a short period of time. This would allow occasional larger bursts of traffic not to be rate limited. + +Local rate limiting for the virtual host: +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + namespace: default + name: ratelimited-vhost +spec: + virtualhost: + fqdn: local.projectcontour.io + rateLimitPolicy: + local: + requests: 100 + unit: hour + burst: 20 + routes: + - conditions: + - prefix: /s1 + services: + - name: s1 + port: 80 + - conditions: + - prefix: /s2 + services: + - name: s2 + port: 80 +``` + +Local rate limiting for the route: +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + namespace: default + name: ratelimited-route +spec: + virtualhost: + fqdn: local.projectcontour.io + routes: + - conditions: + - prefix: /s1 + services: + - name: s1 + port: 80 + rateLimitPolicy: + local: + requests: 20 + unit: minute + - conditions: + - prefix: /s2 + services: + - name: s2 + port: 80 +``` + +### Customizing the response + +#### Response code + +By default, Envoy returns a `429 (Too Many Requests)` when a request is rate limited. +A non-default response code can optionally be configured as part of the local rate limit policy, in the `responseStatusCode` field. +The value must be in the 400-599 range. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + namespace: default + name: custom-ratelimit-response +spec: + virtualhost: + fqdn: local.projectcontour.io + routes: + - conditions: + - prefix: /s1 + services: + - name: s1 + port: 80 + rateLimitPolicy: + local: + requests: 20 + unit: minute + responseStatusCode: 503 # Service Unavailable +``` + +#### Headers + +Headers can optionally be added to rate limited responses, by configuring the `responseHeadersToAdd` field. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + namespace: default + name: custom-ratelimit-response +spec: + virtualhost: + fqdn: local.projectcontour.io + routes: + - conditions: + - prefix: /s1 + services: + - name: s1 + port: 80 + rateLimitPolicy: + local: + requests: 20 + unit: minute + responseHeadersToAdd: + - name: x-contour-ratelimited + value: "true" +``` + +## Global Rate Limiting + +The `HTTPProxy` API also supports defining global rate limit policies on routes and virtual hosts. + +In order to use global rate limiting, you must first select and deploy an external rate limit service (RLS). +There is an [Envoy rate limit service implementation][2], but any service that implements the [RateLimitService gRPC interface][3] is supported. + +### Configuring an external RLS with Contour + +Once you have deployed your RLS, you must configure it with Contour. + +Define an extension service for it (substituting values as appropriate): +```yaml +apiVersion: projectcontour.io/v1alpha1 +kind: ExtensionService +metadata: + namespace: projectcontour + name: ratelimit +spec: + protocol: h2 + services: + - name: ratelimit + port: 8081 +``` + +Now add a reference to it in the Contour config file: +```yaml +rateLimitService: + # The namespace/name of the extension service. + extensionService: projectcontour/ratelimit + # The domain value to pass to the RLS for all rate limit + # requests. Acts as a container for a set of rate limit + # definitions within the RLS. + domain: contour + # Whether to allow requests to proceed when the rate limit + # service fails to respond with a valid rate limit decision + # within the timeout defined on the extension service. + failOpen: true +``` + +### Defining a global rate limit policy + +Global rate limit policies can be defined for either routes or virtual hosts. Unlike local rate limit policies, global rate limit policies do not directly define a rate limit. Instead, they define a set of request descriptors that will be generated and sent to the external RLS for each request. The external RLS then makes the rate limit decision based on the descriptors and returns a response to Envoy. + +A global rate limit policy for the virtual host: +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + namespace: default + name: ratelimited-vhost +spec: + virtualhost: + fqdn: local.projectcontour.io + rateLimitPolicy: + global: + descriptors: + # the first descriptor has a single key-value pair: + # [ remote_address= ]. + - entries: + - remoteAddress: {} + # the second descriptor has two key-value pairs: + # [ remote_address=, vhost=local.projectcontour.io ]. + - entries: + - remoteAddress: {} + - genericKey: + key: vhost + value: local.projectcontour.io + routes: + - conditions: + - prefix: /s1 + services: + - name: s1 + port: 80 + - conditions: + - prefix: /s2 + services: + - name: s2 + port: 80 +``` + +A global rate limit policy for the route: +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + namespace: default + name: ratelimited-route +spec: + virtualhost: + fqdn: local.projectcontour.io + routes: + - conditions: + - prefix: /s1 + services: + - name: s1 + port: 80 + rateLimitPolicy: + global: + descriptors: + # the first descriptor has a single key-value pair: + # [ remote_address= ]. + - entries: + - remoteAddress: {} + # the second descriptor has two key-value pairs: + # [ remote_address=, prefix=/s1 ]. + - entries: + - remoteAddress: {} + - genericKey: + key: prefix + value: /s1 + - conditions: + - prefix: /s2 + services: + - name: s2 + port: 80 +``` + +#### Descriptors & descriptor entries + +A descriptor is a list of key-value pairs, i.e. entries, that are generated for a request. The entries can be generated based on different criteria. If any entry in a descriptor cannot generate a key-value pair for a given request, then the entire descriptor is not generated (see the [Envoy documentation][8] for more information). When a global rate limit policy defines multiple descriptors, then *all* descriptors that can be generated will be generated and sent to the rate limit service for consideration. + +Below are the supported types of descriptor entries. + +##### GenericKey + +A `GenericKey` descriptor entry defines a static key-value pair. For example: + +```yaml +rateLimitPolicy: + global: + descriptors: + - entries: + - genericKey: + key: virtual-host-name + value: foo.bar.com +``` + +Produces a descriptor entry of `virtual-host-name=foo.bar.com`. + +The `key` field is optional and defaults to a value of `generic_key` if not specified. + +See the [Envoy documentation][4] for more information and examples. + +##### RemoteAddress + +A `RemoteAddress` descriptor entry has a key of `remote_address` and a value of the client IP address (using the trusted address from `x-forwarded-for`). For example: + +```yaml +rateLimitPolicy: + global: + descriptors: + - entries: + - remoteAddress: {} +``` + +Produces a descriptor entry of `remote_address=`. + +See the [Envoy documentation][5] for more information and examples. + +##### RequestHeader + +A `RequestHeader` descriptor entry has a static key and a value equal to the value of a specified header on the client request. If the header is not present, the descriptor entry is not generated. For example: + +```yaml +rateLimitPolicy: + global: + descriptors: + - entries: + - requestHeader: + headerName: My-Header + descriptorKey: my-header-value +``` + +Produces a descriptor entry of `my-header-value=`, for a client request that has the `My-Header` header. + +See the [Envoy documentation][6] for more information and examples. + +##### RequestHeaderValueMatch + +A `RequestHeaderValueMatch` descriptor entry has a key of `header_match` and a static value. The entry is only generated if the client request's headers match a specified set of criteria. For example: + +```yaml +rateLimitPolicy: + global: + descriptors: + - entries: + - requestHeaderValueMatch: + headers: + - name: My-Header + notpresent: true + - name: My-Other-Header + contains: contour + expectMatch: true + value: foo +``` + +Produces a descriptor entry of `header_match=foo`, for a client request that does not have the `My-Header` header, and does have the `My-Other-Header` header, with a value containing the substring "contour". + +Contour supports `present`, `notpresent`, `contains`, `notcontains`, `exact`, and `notexact` header match operators. + +The `expectMatch` field defaults to true if not specified. If true, the client request's headers must positively match the specified criteria in order for the descriptor entry to be generated. If false, the client request's header must *not* match the specified criteria in order for the descriptor entry to be generated. + +See the [Envoy documentation][7] for more information and examples. + + + +[1]: https://www.envoyproxy.io/docs/envoy/v1.17.0/configuration/http/http_filters/local_rate_limit_filter#config-http-filters-local-rate-limit +[2]: https://github.com/envoyproxy/ratelimit +[3]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/ratelimit/v3/rls.proto +[4]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-msg-config-route-v3-ratelimit-action-generickey +[5]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#config-route-v3-ratelimit-action-remoteaddress +[6]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#config-route-v3-ratelimit-action-requestheaders +[7]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#config-route-v3-ratelimit-action-headervaluematch +[8]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/rate_limit_filter#composing-actions diff --git a/site/content/docs/1.28/config/request-rewriting.md b/site/content/docs/1.28/config/request-rewriting.md new file mode 100644 index 00000000000..88fa3cc2508 --- /dev/null +++ b/site/content/docs/1.28/config/request-rewriting.md @@ -0,0 +1,337 @@ +# Request Rewriting + +## Path Rewriting + +HTTPProxy supports rewriting the HTTP request URL path prior to delivering the request to the backend service. +Rewriting is performed after a routing decision has been made, and never changes the request destination. + +The `pathRewritePolicy` field specifies how the path prefix should be rewritten. +The `replacePrefix` rewrite policy specifies a replacement string for a HTTP request path prefix match. +When this field is present, the path prefix that the request matched is replaced by the text specified in the `replacement` field. +If the HTTP request path is longer than the matched prefix, the remainder of the path is unchanged. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: rewrite-example + namespace: default +spec: + virtualhost: + fqdn: rewrite.bar.com + routes: + - services: + - name: s1 + port: 80 + pathRewritePolicy: + replacePrefix: + - replacement: /new/prefix +``` + +The `replacePrefix` field accepts an array of possible replacements. +When more than one `replacePrefix` array element is present, the `prefix` field can be used to disambiguate which replacement to apply. + +If no `prefix` field is present, the replacement is applied to all prefix matches made against the route. +If a `prefix` field is present, the replacement is applied only to routes that have an exactly matching prefix condition. +Specifying more than one `replacePrefix` entry is mainly useful when a HTTPProxy document is included into multiple parent documents. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: rewrite-example + namespace: default +spec: + virtualhost: + fqdn: rewrite.bar.com + routes: + - services: + - name: s1 + port: 80 + conditions: + - prefix: /v1/api + pathRewritePolicy: + replacePrefix: + - prefix: /v1/api + replacement: /app/api/v1 + - prefix: / + replacement: /app +``` + +## Header Rewriting + +HTTPProxy supports rewriting HTTP request and response headers. +The `Set` operation sets a HTTP header value, creating it if it doesn't already exist or overwriting it if it does. +The `Remove` operation removes a HTTP header. +The `requestHeadersPolicy` field is used to rewrite headers on a HTTP request, and the `responseHeadersPolicy` is used to rewrite headers on a HTTP response. +These fields can be specified on a route or on a specific service, depending on the rewrite granularity you need. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: header-rewrite-example +spec: + virtualhost: + fqdn: header.bar.com + routes: + - services: + - name: s1 + port: 80 + requestHeadersPolicy: + set: + - name: Host + value: external.dev + remove: + - Some-Header + - Some-Other-Header +``` + +Manipulating headers is also supported per-Service or per-Route. Headers can be set or +removed from the request or response as follows: + +per-Service: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: header-manipulation + namespace: default +spec: + virtualhost: + fqdn: headers.bar.com + routes: + - services: + - name: s1 + port: 80 + requestHeadersPolicy: + set: + - name: X-Foo + value: bar + remove: + - X-Baz + responseHeadersPolicy: + set: + - name: X-Service-Name + value: s1 + remove: + - X-Internal-Secret +``` + +per-Route: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: header-manipulation + namespace: default +spec: + virtualhost: + fqdn: headers.bar.com + routes: + - services: + - name: s1 + port: 80 + requestHeadersPolicy: + set: + - name: X-Foo + value: bar + remove: + - X-Baz + responseHeadersPolicy: + set: + - name: X-Service-Name + value: s1 + remove: + - X-Internal-Secret +``` + +In these examples we are setting the header `X-Foo` with value `baz` on requests +and stripping `X-Baz`. We are then setting `X-Service-Name` on the response with +value `s1`, and removing `X-Internal-Secret`. + +### Dynamic Header Values + +It is sometimes useful to set a header value using a dynamic value such as the +hostname where the Envoy Pod is running (`%HOSTNAME%`) or the subject of the +TLS client certificate (`%DOWNSTREAM_PEER_SUBJECT%`) or based on another header +(`%REQ(header)%`). + +Examples: +``` + requestHeadersPolicy: + set: + - name: X-Envoy-Hostname + value: "%HOSTNAME%" + - name: X-Host-Protocol + value: "%REQ(Host)% - %PROTOCOL%" + responseHeadersPolicy: + set: + - name: X-Envoy-Response-Flags + value: "%RESPONSE_FLAGS%" +``` + +Contour supports most of the custom request/response header variables offered +by Envoy - see the Envoy +documentation for details of what each of these resolve to: + +* `%DOWNSTREAM_REMOTE_ADDRESS%` +* `%DOWNSTREAM_REMOTE_ADDRESS_WITHOUT_PORT%` +* `%DOWNSTREAM_LOCAL_ADDRESS%` +* `%DOWNSTREAM_LOCAL_ADDRESS_WITHOUT_PORT%` +* `%DOWNSTREAM_LOCAL_PORT%` +* `%DOWNSTREAM_LOCAL_URI_SAN%` +* `%DOWNSTREAM_PEER_URI_SAN%` +* `%DOWNSTREAM_LOCAL_SUBJECT%` +* `%DOWNSTREAM_PEER_SUBJECT%` +* `%DOWNSTREAM_PEER_ISSUER%` +* `%DOWNSTREAM_TLS_SESSION_ID%` +* `%DOWNSTREAM_TLS_CIPHER%` +* `%DOWNSTREAM_TLS_VERSION%` +* `%DOWNSTREAM_PEER_FINGERPRINT_256%` +* `%DOWNSTREAM_PEER_FINGERPRINT_1%` +* `%DOWNSTREAM_PEER_SERIAL%` +* `%DOWNSTREAM_PEER_CERT%` +* `%DOWNSTREAM_PEER_CERT_V_START%` +* `%DOWNSTREAM_PEER_CERT_V_END%` +* `%HOSTNAME%` +* `%REQ(header-name)%` +* `%PROTOCOL%` +* `%RESPONSE_FLAGS%` +* `%RESPONSE_CODE_DETAILS%` +* `%UPSTREAM_REMOTE_ADDRESS%` + +Note that Envoy passes variables that can't be expanded through unchanged or +skips them entirely - for example: +* `%UPSTREAM_REMOTE_ADDRESS%` as a request header remains as + `%UPSTREAM_REMOTE_ADDRESS%` because as noted in the Envoy docs: "The upstream + remote address cannot be added to request headers as the upstream host has not + been selected when custom request headers are generated." +* `%DOWNSTREAM_TLS_VERSION%` is skipped if TLS is not in use +* Envoy ignores REQ headers that refer to an non-existent header - for example + `%REQ(Host)%` works as expected but `%REQ(Missing-Header)%` is skipped + +Contour already sets the `X-Request-Start` request header to +`t=%START_TIME(%s.%3f)%` which is the Unix epoch time when the request +started. + +To enable setting header values based on the destination service Contour also supports: + +* `%CONTOUR_NAMESPACE%` +* `%CONTOUR_SERVICE_NAME%` +* `%CONTOUR_SERVICE_PORT%` + +For example, with the following HTTPProxy object that has a per-Service requestHeadersPolicy using these variables: +``` +# httpproxy.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: basic + namespace: myns +spec: + virtualhost: + fqdn: foo-basic.bar.com + routes: + - conditions: + - prefix: / + services: + - name: s1 + port: 80 + requestHeadersPolicy: + set: + - name: l5d-dst-override + value: "%CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT%" +``` +the values would be: +* `CONTOUR_NAMESPACE: "myns"` +* `CONTOUR_SERVICE_NAME: "s1"` +* `CONTOUR_SERVICE_PORT: "80"` + +and the `l5-dst-override` header would be set to `s1.myns.svc.cluster.local:80`. + +For per-Route requestHeadersPolicy only `%CONTOUR_NAMESPACE%` is set and using +`%CONTOUR_SERVICE_NAME%` and `%CONTOUR_SERVICE_PORT%` will end up as the +literal values `%%CONTOUR_SERVICE_NAME%%` and `%%CONTOUR_SERVICE_PORT%%`, +respectively. + +### Manipulating the Host header + +Contour allows users to manipulate the host header in two ways, using the `requestHeadersPolicy`. + +#### Static rewrite + +You can set the host to a static value. This can be done on the route and service level. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: static-host-header-rewrite-route +spec: + fqdn: local.projectcontour.io + routes: + - conditions: + - prefix: / + services: + - name: s1 + port: 80 + - requestHeaderPolicy: + set: + - name: host + value: foo.com +``` + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: static-host-header-rewrite-service +spec: + fqdn: local.projectcontour.io + routes: + - conditions: + - prefix: / + services: + - name: s1 + port: 80 + - requestHeaderPolicy: + set: + - name: host + value: "foo.com" +``` + +#### Dynamic rewrite + +You can also set the host header dynamically with the content of an existing header. +The format has to be `"%REQ()%"`. If the header is empty, it is ignored. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: dynamic-host-header-rewrite-route +spec: + fqdn: local.projectcontour.io + routes: + - conditions: + - prefix: / + services: + - name: s1 + port: 80 + - requestHeaderPolicy: + set: + - name: host + value: "%REQ(x-rewrite-header)%" +``` + +Note: Only one of static or dynamic host rewrite can be specified. + +Note: Dynamic rewrite is only available at the route level and not possible on the service level. + +Note: Pay attention to the potential security implications of using this option, the provided header must come from a trusted source. + +Note: The header rewrite is only done while forwarding and has no bearing on the routing decision. diff --git a/site/content/docs/1.28/config/request-routing.md b/site/content/docs/1.28/config/request-routing.md new file mode 100644 index 00000000000..19ef5386e86 --- /dev/null +++ b/site/content/docs/1.28/config/request-routing.md @@ -0,0 +1,535 @@ +# Request Routing + +A HTTPProxy object must have at least one route or include defined. +In this example, any requests to `multi-path.bar.com/blog` or `multi-path.bar.com/blog/*` will be routed to the Service `s2` using the prefix conditions. Requests to `multi-path.bar.com/feed` will be routed to Service `s2` using exact match condition. +All other requests to the host `multi-path.bar.com` will be routed to the Service `s1`. + +```yaml +# httpproxy-multiple-paths.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: multiple-paths + namespace: default +spec: + virtualhost: + fqdn: multi-path.bar.com + routes: + - conditions: + - prefix: / # matches everything else + services: + - name: s1 + port: 80 + - conditions: + - prefix: /blog # matches `multi-path.bar.com/blog` or `multi-path.bar.com/blog/*` + services: + - name: s2 + port: 80 + - conditions: + - exact: /feed # matches `multi-path.bar.com/feed` only + services: + - name: s2 + port: 80 +``` + +In the following example, we match on headers and query parameters and send to different services, with a default route if those do not match. + +```yaml +# httpproxy-multiple-headers.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: multiple-paths + namespace: default +spec: + virtualhost: + fqdn: multi-path.bar.com + routes: + - conditions: + - header: + name: x-os + contains: ios + services: + - name: s1 + port: 80 + - conditions: + - header: + name: x-os + contains: android + services: + - name: s2 + port: 80 + - conditions: + - queryParameter: + name: os + exact: other + ignoreCase: true + services: + - name: s3 + port: 80 + - services: + - name: s4 + port: 80 +``` + +## Conditions + +Each Route entry in a HTTPProxy **may** contain one or more conditions. +These conditions are combined with an AND operator on the route passed to Envoy. +Conditions can be either a `prefix`, `exact`, `regex`, `header` or a `queryParameter` condition. At most one of `prefix`, `exact` or `regex` can be used in one condition block. + +#### Prefix conditions + +Paths defined are matched using prefix conditions. +Up to one prefix condition may be present in any condition block. + +Prefix conditions **must** start with a `/` if they are present. + +#### Exact conditions + +Paths defined are matched using exact conditions. +Up to one exact condition may be present in any condition block. Any condition block can +either have a regex condition, exact condition or prefix condition, but not multiple together. Exact conditions are +only allowed in route match conditions and not in include match conditions. + +Exact conditions **must** start with a `/` if they are present. + +#### Regex conditions + +Paths defined are matched using regex expressions. +Up to one regex condition may be present in any condition block. Any condition block can +either have a regex condition, exact condition or prefix condition, but not multiple together. Regex conditions are +only allowed in route match conditions and not in include match conditions. + +Regex conditions **must** start with a `/` if they are present. + +#### Header conditions + +For `header` conditions there is the following structure: + +1. one required field, `name` +2. six operator fields: `present`, `notpresent`, `contains`, `notcontains`, `exact`, and `notexact` +3. two optional modifiers: `ignoreCase` and `treatMissingAsEmpty` + +Operators: +- `present` is a boolean and checks that the header is present. The value will not be checked. + +- `notpresent` similarly checks that the header is *not* present. + +- `contains` is a string, and checks that the header contains the string. `notcontains` similarly checks that the header does *not* contain the string. + +- `exact` is a string, and checks that the header exactly matches the whole string. `notexact` checks that the header does *not* exactly match the whole string. + +- `regex` is a string representing a regular expression, and checks that the header value matches against the given regular expression. + +Modifiers: +- `ignoreCase`: IgnoreCase specifies that string matching should be case insensitive. It has no effect on the `Regex` parameter. +- `treatMissingAsEmpty`: specifies if the header match rule specified header does not exist, this header value will be treated as empty. Defaults to false. Unlike the underlying Envoy implementation this is **only** supported for negative matches (e.g. NotContains, NotExact). + +#### Query parameter conditions + +Similar to the `header` conditions, `queryParameter` conditions also require the +`name` field to be specified, which represents the name of the query parameter +e.g. `search` when the query string looks like `/?search=term` and `term` +representing the value. + +There are six operator fields: `exact`, `prefix`, `suffix`, `regex`, `contains` +and `present` and a modifier `ignoreCase` which can be used together with all of +the operator fields except `regex` and `present`. + +- `exact` is a string, and checks that the query parameter value exactly matches + the whole string. + +- `prefix` is a string, and checks that the query parameter value is prefixed by + the given value. + +- `suffix` is a string, and checks that the query parameter value is suffixed by + the given value. + +- `regex` is a string representing a regular expression, and checks that the + query parameter value matches against the given regular expression. + +- `contains` is a string, and checks that the query parameter value contains + the given string. + +- `present` is a boolean, and checks that the query parameter is present. The + value will not be checked. + +- `ignoreCase` is a boolean, and if set to `true` it will enable case + insensitive matching for any of the string operator matching methods. + +## Request Redirection + +HTTP redirects can be implemented in HTTPProxy using `requestRedirectPolicy` on a route. +In the following basic example, requests to `example.com` are redirected to `www.example.com`. +We configure a root HTTPProxy for `example.com` that contains redirect configuration. +We also configure a root HTTPProxy for `www.example.com` that represents the destination of the redirect. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: example-com +spec: + virtualhost: + fqdn: example.com + routes: + - conditions: + - prefix: / + requestRedirectPolicy: + hostname: www.example.com +``` + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: www-example-com +spec: + virtualhost: + fqdn: www.example.com + routes: + - conditions: + - prefix: / + services: + - name: s1 + port: 80 +``` + +In addition to specifying the hostname to set in the `location` header, the scheme, port, and returned status code of the redirect response can be configured. +Configuration of the path or a path prefix replacement to modify the path of the returned `location` can be included as well. +See [the API specification][3] for more detail. + +## Multiple Upstreams + +One of the key HTTPProxy features is the ability to support multiple services for a given path: + +```yaml +# httpproxy-multiple-upstreams.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: multiple-upstreams + namespace: default +spec: + virtualhost: + fqdn: multi.bar.com + routes: + - services: + - name: s1 + port: 80 + - name: s2 + port: 80 +``` + +In this example, requests for `multi.bar.com/` will be load balanced across two Kubernetes Services, `s1`, and `s2`. +This is helpful when you need to split traffic for a given URL across two different versions of an application. + +### Upstream Weighting + +Building on multiple upstreams is the ability to define relative weights for upstream Services. +This is commonly used for canary testing of new versions of an application when you want to send a small fraction of traffic to a specific Service. + +```yaml +# httpproxy-weight-shifting.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: weight-shifting + namespace: default +spec: + virtualhost: + fqdn: weights.bar.com + routes: + - services: + - name: s1 + port: 80 + weight: 10 + - name: s2 + port: 80 + weight: 90 +``` + +In this example, we are sending 10% of the traffic to Service `s1`, while Service `s2` receives the remaining 90% of traffic. + +HTTPProxy weighting follows some specific rules: + +- If no weights are specified for a given route, it's assumed even distribution across the Services. +- Weights are relative and do not need to add up to 100. If all weights for a route are specified, then the "total" weight is the sum of those specified. As an example, if weights are 20, 30, 20 for three upstreams, the total weight would be 70. In this example, a weight of 30 would receive approximately 42.9% of traffic (30/70 = .4285). +- If some weights are specified but others are not, then it's assumed that upstreams without weights have an implicit weight of zero, and thus will not receive traffic. + +### Traffic mirroring + +Per route, a service can be nominated as a mirror. +The mirror service will receive a copy of the read traffic sent to any non mirror service. +The mirror traffic is considered _read only_, any response by the mirror will be discarded. + +This service can be useful for recording traffic for later replay or for smoke testing new deployments. + +`weight` can be optionally set (in the space of integers 1-100) to mirror the corresponding percent of traffic (ie. `weight: 5` mirrors 5% of traffic). Omitting the `weight` field results in 100% traffic mirroring. There is unexpected behavior if `weight` is explicitly set to 0, 100% traffic will be mirrored. This occurs because we cannot distinguish undefined variables from explicitly setting them to default values, and omission of a `weight` must mirror full traffic. +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: traffic-mirror + namespace: default +spec: + virtualhost: + fqdn: www.example.com + routes: + - conditions: + - prefix: / + services: + - name: www + port: 80 + - name: www-mirror + port: 80 + mirror: true +``` + +## Response Timeouts + +Each Route can be configured to have a timeout policy and a retry policy as shown: + +```yaml +# httpproxy-response-timeout.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: response-timeout + namespace: default +spec: + virtualhost: + fqdn: timeout.bar.com + routes: + - timeoutPolicy: + response: 1s + idle: 10s + idleConnection: 60s + retryPolicy: + count: 3 + perTryTimeout: 150ms + services: + - name: s1 + port: 80 +``` + +In this example, requests to `timeout.bar.com/` will have a response timeout policy of 1s. +This refers to the time that spans between the point at which complete client request has been processed by the proxy, and when the response from the server has been completely processed. + +- `timeoutPolicy.response` Timeout for receiving a response from the server after processing a request from client. +If not supplied, Envoy's default value of 15s applies. +More information can be found in [Envoy's documentation][4]. +- `timeoutPolicy.idle` Timeout for how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2). +Timeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests. +If not specified, there is no per-route idle timeout, though a connection manager-wide stream idle timeout default of 5m still applies. +More information can be found in [Envoy's documentation][6]. +- `timeoutPolicy.idleConnection` Timeout for how long connection from the proxy to the upstream service is kept when there are no active requests. +If not supplied, Envoy’s default value of 1h applies. +More information can be found in [Envoy's documentation][8]. + +TimeoutPolicy durations are expressed in the Go [Duration format][5]. +Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". +The string "infinity" is also a valid input and specifies no timeout. +A value of "0s" will be treated as if the field were not set, i.e. by using Envoy's default behavior. +Example input values: "300ms", "5s", "1m". + +- `retryPolicy`: A retry will be attempted if the server returns an error code in the 5xx range, or if the server takes more than `retryPolicy.perTryTimeout` to process a request. + +- `retryPolicy.count` specifies the maximum number of retries allowed. This parameter is optional and defaults to 1. Set to -1 to disable. If set to 0, the Envoy default of 1 is used. + +- `retryPolicy.perTryTimeout` specifies the timeout per retry. If this field is greater than the request timeout, it is ignored. This parameter is optional. + If left unspecified, `timeoutPolicy.request` will be used. + +## Load Balancing Strategy + +Each route can have a load balancing strategy applied to determine which of its Endpoints is selected for the request. +The following list are the options available to choose from: + +- `RoundRobin`: Each healthy upstream Endpoint is selected in round-robin order (Default strategy if none selected). +- `WeightedLeastRequest`: The least request load balancer uses different algorithms depending on whether hosts have the same or different weights in an attempt to route traffic based upon the number of active requests or the load at the time of selection. +- `Random`: The random strategy selects a random healthy Endpoints. +- `RequestHash`: The request hashing strategy allows for load balancing based on request attributes. An upstream Endpoint is selected based on the hash of an element of a request. For example, requests that contain a consistent value in an HTTP request header will be routed to the same upstream Endpoint. Currently, only hashing of HTTP request headers, query parameters and the source IP of a request is supported. +- `Cookie`: The cookie load balancing strategy is similar to the request hash strategy and is a convenience feature to implement session affinity, as described below. + +More information on the load balancing strategy can be found in [Envoy's documentation][7]. + +The following example defines the strategy for the route `/` as `WeightedLeastRequest`. + +```yaml +# httpproxy-lb-strategy.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: lb-strategy + namespace: default +spec: + virtualhost: + fqdn: strategy.bar.com + routes: + - conditions: + - prefix: / + services: + - name: s1-strategy + port: 80 + - name: s2-strategy + port: 80 + loadBalancerPolicy: + strategy: WeightedLeastRequest +``` + +The below example demonstrates how request hash load balancing policies can be configured: + +Request hash headers +```yaml +# httpproxy-lb-request-hash.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: lb-request-hash + namespace: default +spec: + virtualhost: + fqdn: request-hash.bar.com + routes: + - conditions: + - prefix: / + services: + - name: httpbin + port: 8080 + loadBalancerPolicy: + strategy: RequestHash + requestHashPolicies: + - headerHashOptions: + headerName: X-Some-Header + terminal: true + - headerHashOptions: + headerName: User-Agent + - hashSourceIP: true +``` +In this example, if a client request contains the `X-Some-Header` header, the value of the header will be hashed and used to route to an upstream Endpoint. This could be used to implement a similar workflow to cookie-based session affinity by passing a consistent value for this header. If it is present, because it is set as a `terminal` hash option, Envoy will not continue on to process to `User-Agent` header or source IP to calculate a hash. If `X-Some-Header` is not present, Envoy will use the `User-Agent` header value to make a routing decision along with the source IP of the client making the request. These policies can be used alone or as shown for an advanced routing decision. + + +Request hash source ip +```yaml +# httpproxy-lb-request-hash-ip.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: lb-request-hash + namespace: default +spec: + virtualhost: + fqdn: request-hash.bar.com + routes: + - conditions: + - prefix: / + services: + - name: httpbin + port: 8080 + loadBalancerPolicy: + strategy: RequestHash + requestHashPolicies: + - hashSourceIP: true +``` + +Request hash query parameters +```yaml +# httpproxy-lb-request-hash.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: lb-request-hash + namespace: default +spec: + virtualhost: + fqdn: request-hash.bar.com + routes: + - conditions: + - prefix: / + services: + - name: httpbin + port: 8080 + loadBalancerPolicy: + strategy: RequestHash + requestHashPolicies: + - queryParameterHashOptions: + prameterName: param1 + terminal: true + - queryParameterHashOptions: + parameterName: param2 +``` + +## Session Affinity + +Session affinity, also known as _sticky sessions_, is a load balancing strategy whereby a sequence of requests from a single client are consistently routed to the same application backend. +Contour supports session affinity on a per-route basis with `loadBalancerPolicy` `strategy: Cookie`. + +```yaml +# httpproxy-sticky-sessions.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: httpbin + namespace: default +spec: + virtualhost: + fqdn: httpbin.davecheney.com + routes: + - services: + - name: httpbin + port: 8080 + loadBalancerPolicy: + strategy: Cookie +``` + +Session affinity is based on the premise that the backend servers are robust, do not change ordering, or grow and shrink according to load. +None of these properties are guaranteed by a Kubernetes cluster and will be visible to applications that rely heavily on session affinity. + +Any perturbation in the set of pods backing a service risks redistributing backends around the hash ring. + +## Internal Redirects + +HTTPProxy supports handling 3xx redirects internally, that is capturing a configurable 3xx redirect response, synthesizing a new request, sending it to the upstream specified by the new route match, and returning the redirected response as the response to the original request. + +Internal redirects can be enabled in HTTPProxy by defining an `internalRedirectPolicy` on a route. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: myservice + namespace: prod +spec: + virtualhost: + fqdn: foo.com + routes: + - conditions: + - prefix: /download + services: + - name: foo + port: 8080 + internalRedirectPolicy: + maxInternalRedirects: 5 + redirectResponseCodes: [ 302 ] + allowCrossSchemeRedirect: SafeOnly + denyRepeatedRouteRedirect: true +``` + +In this example, a sample redirect flow might look like this: + +1. Client sends a `GET` request for http://foo.com/download. +2. Upstream `foo` returns a `302` response with `location: http://foo.com/myfile`. +3. Envoy lookups a route for http://foo.com/myfile and sends a new `GET` request to the corresponding upstream with the additional request header `x-envoy-original-url: http://foo.com/download`. +4. Envoy proxies the response data for http://foo.com/myfile to the client as the response to the original request. + +See [the API specification][9] and [Envoy's documentation][10] for more detail. + +[3]: /docs/{{< param version >}}/config/api/#projectcontour.io/v1.HTTPRequestRedirectPolicy +[4]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-timeout +[5]: https://godoc.org/time#ParseDuration +[6]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-routeaction-idle-timeout +[7]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/overview +[8]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout +[9] /docs/{{< param version >}}/config/api/#projectcontour.io/v1.HTTPInternalRedirectPolicy +[10] https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management.html#internal-redirects diff --git a/site/content/docs/1.28/config/slow-start.md b/site/content/docs/1.28/config/slow-start.md new file mode 100644 index 00000000000..b44cc18fdc3 --- /dev/null +++ b/site/content/docs/1.28/config/slow-start.md @@ -0,0 +1,39 @@ +# Slow Start Mode + +Slow start mode is a configuration setting that is used to gradually increase the amount of traffic targeted to a newly added upstream endpoint. +By default, the amount of traffic will increase linearly for the duration of time window set by `window` field, starting from 10% of the target load balancing weight and increasing to 100% gradually. +The easing function for the traffic increase can be adjusted by setting optional field `aggression`. +A value above 1.0 results in a more aggressive increase initially, slowing down when nearing the end of the time window. +Value below 1.0 results in slow initial increase, picking up speed when nearing the end of the time window. +Optional field `minWeightPercent` can be set to change the minimum percent of target weight. +It is used to avoid too small new weight, which may cause endpoint to receive no traffic in beginning of the slow start window. + +Slow start mode can be useful for example with JVM based applications, that might otherwise get overwhelmed during JIT warm-up period. +Such applications may respond to requests slowly or return errors immediately after pod start or after container restarts. +User impact of this behavior can be mitigated by using slow start configuration to gradually increase traffic to recently started service endpoints. + +The following example configures slow start mode for a service: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: slow-start +spec: + virtualhost: + fqdn: www.example.com + routes: + - services: + - name: java-app + port: 80 + slowStartPolicy: + window: 3s + aggression: "1.0" + minWeightPercent: 10 +``` + +Slow start mode works only with `RoundRobin` and `WeightedLeastRequest` [load balancing strategies][2]. +For more details see [Envoy documentation][1]. + +[1]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start +[2]: api/#projectcontour.io/v1.LoadBalancerPolicy diff --git a/site/content/docs/1.28/config/tls-delegation.md b/site/content/docs/1.28/config/tls-delegation.md new file mode 100644 index 00000000000..155796fe7eb --- /dev/null +++ b/site/content/docs/1.28/config/tls-delegation.md @@ -0,0 +1,79 @@ +# TLS Certificate Delegation + +In order to support wildcard certificates, TLS certificates for a `*.somedomain.com`, which are stored in a namespace controlled by the cluster administrator, Contour supports a facility known as TLS Certificate Delegation. +This facility allows the owner of a TLS certificate to delegate, for the purposes of referencing the TLS certificate, permission to Contour to read the Secret object from another namespace. +Delegation works for both HTTPProxy and Ingress resources, however it needs an annotation to work with Ingress v1. + +If the `--watch-namespaces` configuration flag is used, it must define all namespaces that will be referenced by the delegation. + +The [`TLSCertificateDelegation`][1] resource defines a set of `delegations` in the `spec`. +Each delegation references a `secretName` from the namespace where the `TLSCertificateDelegation` is created as well as describing a set of `targetNamespaces` in which the certificate can be referenced. +If all namespaces should be able to reference the secret, then set `"*"` as the value of `targetNamespaces` (see example below). + +```yaml +apiVersion: projectcontour.io/v1 +kind: TLSCertificateDelegation +metadata: + name: example-com-wildcard + namespace: www-admin +spec: + delegations: + - secretName: example-com-wildcard + targetNamespaces: + - example-com + - secretName: another-com-wildcard + targetNamespaces: + - "*" +``` + +In this example, the permission for Contour to reference the Secret `example-com-wildcard` in the `www-admin` namespace has been delegated to HTTPProxy and Ingress objects in the `example-com` namespace. +Also, the permission for Contour to reference the Secret `another-com-wildcard` from all namespaces has been delegated to all HTTPProxy and Ingress objects in the cluster. + +To reference the secret from an HTTPProxy or Ingress v1beta1 you must use the slash syntax in the `secretName`: +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: www + namespace: example-com +spec: + virtualhost: + fqdn: foo2.bar.com + tls: + secretName: www-admin/example-com-wildcard + routes: + - services: + - name: s1 + port: 80 +``` + +To reference the secret from an Ingress v1 you must use the `projectcontour.io/tls-cert-namespace` annotation: +```yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + projectcontour.io/tls-cert-namespace: www-admin + name: www + namespace: example-com +spec: + rules: + - host: foo2.bar.com + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: s1 + port: + number: 80 + tls: + - hosts: + - foo2.bar.com + secretName: example-com-wildcard +``` + + +[0]: https://github.com/projectcontour/contour/issues/3544 +[1]: /docs/{{< param version >}}/config/api/#projectcontour.io/v1.TLSCertificateDelegation diff --git a/site/content/docs/1.28/config/tls-termination.md b/site/content/docs/1.28/config/tls-termination.md new file mode 100644 index 00000000000..d1b26dc2f4e --- /dev/null +++ b/site/content/docs/1.28/config/tls-termination.md @@ -0,0 +1,353 @@ +# TLS Termination + +HTTPProxy follows a similar pattern to Ingress for configuring TLS credentials. + +You can secure a HTTPProxy by specifying a Secret that contains TLS private key and certificate information. +If multiple HTTPProxies utilize the same Secret, the certificate must include the necessary Subject Authority Name (SAN) for each fqdn. + +Contour (via Envoy) requires that clients send the Server Name Indication (SNI) TLS extension so that requests can be routed to the correct virtual host. +Virtual hosts are strongly bound to SNI names. +This means that the Host header in HTTP requests must match the SNI name that was sent at the start of the TLS session. + +Contour also follows a "secure first" approach. +When TLS is enabled for a virtual host, any request to the insecure port is redirected to the secure interface with a 301 redirect. +Specific routes can be configured to override this behavior and handle insecure requests by enabling the `spec.routes.permitInsecure` parameter on a Route. + +The TLS secret must: +- be a Secret of type `kubernetes.io/tls`. This means that it must contain keys named `tls.crt` and `tls.key` that contain the certificate and private key to use for TLS, in PEM format. + +The TLS secret may also: +- add any chain CA certificates required for validation into the `tls.crt` PEM bundle. If this is the case, the serving certificate must be the first certificate in the bundle and the intermediate CA certificates must be appended in issuing order. + +```yaml +# ingress-tls.secret.yaml +apiVersion: v1 +data: + tls.crt: base64 encoded cert + tls.key: base64 encoded key +kind: Secret +metadata: + name: testsecret + namespace: default +type: kubernetes.io/tls +``` + +The HTTPProxy can be configured to use this secret using `tls.secretName` property: + +```yaml +# httpproxy-tls.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: tls-example + namespace: default +spec: + virtualhost: + fqdn: foo2.bar.com + tls: + secretName: testsecret + routes: + - services: + - name: s1 + port: 80 +``` + +If the `tls.secretName` property contains a slash, eg. `somenamespace/somesecret` then, subject to TLS Certificate Delegation, the TLS certificate will be read from `somesecret` in `somenamespace`. +See TLS Certificate Delegation below for more information. + +The TLS **Minimum Protocol Version** a virtual host should negotiate can be specified by setting the `spec.virtualhost.tls.minimumProtocolVersion`: + +- 1.3 +- 1.2 (Default) + +## Fallback Certificate + +Contour provides virtual host based routing, so that any TLS request is routed to the appropriate service based on both the server name requested by the TLS client and the HOST header in the HTTP request. + +Since the HOST Header is encrypted during TLS handshake, it can’t be used for virtual host based routing unless the client sends HTTPS requests specifying hostname using the TLS server name, or the request is first decrypted using a default TLS certificate. + +Some legacy TLS clients do not send the server name, so Envoy does not know how to select the right certificate. A fallback certificate is needed for these clients. + +_**Note:** +The minimum TLS protocol version for any fallback request is defined by the `minimum TLS protocol version` set in the Contour configuration file. +Enabling the fallback certificate is not compatible with TLS client authentication._ + +### Fallback Certificate Configuration + +First define the `namespace/name` in the [Contour configuration file][1] of a Kubernetes secret which will be used as the fallback certificate. +Any HTTPProxy which enables fallback certificate delegation must have the fallback certificate delegated to the namespace in which the HTTPProxy object resides. + +To do that, configure `TLSCertificateDelegation` to delegate the fallback certificate to specific or all namespaces (e.g. `*`) which should be allowed to enable the fallback certificate. +Finally, for each root HTTPProxy, set the `Spec.TLS.enableFallbackCertificate` parameter to allow that HTTPProxy to opt-in to the fallback certificate routing. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: fallback-tls-example + namespace: defaultub +spec: + virtualhost: + fqdn: fallback.bar.com + tls: + secretName: testsecret + enableFallbackCertificate: true + routes: + - services: + - name: s1 + port: 80 +--- +apiVersion: projectcontour.io/v1 +kind: TLSCertificateDelegation +metadata: + name: fallback-delegation + namespace: www-admin +spec: + delegations: + - secretName: fallback-secret-name + targetNamespaces: + - "*" +``` + +## Permitting Insecure Requests + +A HTTPProxy can be configured to permit insecure requests to specific Routes. +In this example, any request to `foo2.bar.com/blog` will not receive a 301 redirect to HTTPS, but the `/` route will: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: tls-example-insecure + namespace: default +spec: + virtualhost: + fqdn: foo2.bar.com + tls: + secretName: testsecret + routes: + - services: + - name: s1 + port: 80 + - conditions: + - prefix: /blog + permitInsecure: true + services: + - name: s2 + port: 80 +``` + +## Client Certificate Validation + +It is possible to protect the backend service from unauthorized external clients by requiring the client to present a valid TLS certificate. +Envoy will validate the client certificate by verifying that it is not expired and that a chain of trust can be established to the configured trusted root CA certificate. +Only those requests with a valid client certificate will be accepted and forwarded to the backend service. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: with-client-auth +spec: + virtualhost: + fqdn: www.example.com + tls: + secretName: secret + clientValidation: + caSecret: client-root-ca + routes: + - services: + - name: s1 + port: 80 +``` + +The preceding example enables validation by setting the optional `clientValidation` attribute. +Its mandatory attribute `caSecret` contains a name of an existing Kubernetes Secret that must be of type "Opaque" and have only a data key named `ca.crt`. +The data value of the key `ca.crt` must be a PEM-encoded certificate bundle and it must contain all the trusted CA certificates that are to be used for validating the client certificate. +If the Opaque Secret also contains one of either `tls.crt` or `tls.key` keys, it will be ignored. + +By default, client certificates are required but some applications might support different authentication schemes. In that case you can set the `optionalClientCertificate` field to `true`. A client certificate will be requested, but the connection is allowed to continue if the client does not provide one. If a client certificate is sent, it will be verified according to the other properties, which includes disabling validations if `skipClientCertValidation` is set. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: with-optional-client-auth +spec: + virtualhost: + fqdn: www.example.com + tls: + secretName: secret + clientValidation: + caSecret: client-root-ca + optionalClientCertificate: true + routes: + - services: + - name: s1 + port: 80 +``` + +When using external authorization, it may be desirable to use an external authorization server to validate client certificates on requests, rather than the Envoy proxy. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: with-client-auth-and-ext-authz +spec: + virtualhost: + fqdn: www.example.com + authorization: + # external authorization server configuration + tls: + secretName: secret + clientValidation: + caSecret: client-root-ca + skipClientCertValidation: true + routes: + - services: + - name: s1 + port: 80 +``` + +In the above example, setting the `skipClientCertValidation` field to `true` will configure Envoy to require client certificates on requests and pass them along to a configured authorization server. +Failed validation of client certificates by Envoy will be ignored and the `fail_verify_error` [Listener statistic][2] incremented. +If the `caSecret` field is omitted, Envoy will request but not require client certificates to be present on requests. + +Optionally, you can enable certificate revocation check by providing one or more Certificate Revocation Lists (CRLs). +Attribute `crlSecret` contains a name of an existing Kubernetes Secret that must be of type "Opaque" and have a data key named `crl.pem`. +The data value of the key `crl.pem` must be one or more PEM-encoded CRLs concatenated together. +Large CRL lists are not supported since individual Secrets are limited to 1MiB in size. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: with-client-auth-and-crl-check +spec: + virtualhost: + fqdn: www.example.com + tls: + secretName: secret + clientValidation: + caSecret: client-root-ca + crlSecret: client-crl + routes: + - services: + - name: s1 + port: 80 +``` + +CRLs must be available from all relevant CAs, including intermediate CAs. +Otherwise clients will be denied access, since the revocation status cannot be checked for the full certificate chain. +This behavior can be controlled by `crlOnlyVerifyLeafCert` field. +If the option is set to `true`, only the certificate at the end of the certificate chain will be subject to validation by CRL. + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: with-client-auth-and-crl-check-only-leaf +spec: + virtualhost: + fqdn: www.example.com + tls: + secretName: secret + clientValidation: + caSecret: client-root-ca + crlSecret: client-crl + crlOnlyVerifyLeafCert: true + routes: + - services: + - name: s1 + port: 80 +``` + +## Client Certificate Details Forwarding + +HTTPProxy supports passing certificate data through the `x-forwarded-client-cert` header to let applications use details from client certificates (e.g. Subject, SAN...). Since the certificate (or the certificate chain) could exceed the web server header size limit, you have the ability to select what specific part of the certificate to expose in the header through the `forwardClientCertificate` field. Read more about the supported values in the [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/headers#x-forwarded-client-cert). + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: with-client-auth +spec: + virtualhost: + fqdn: www.example.com + tls: + secretName: secret + clientValidation: + caSecret: client-root-ca + forwardClientCertificate: + subject: true + cert: true + chain: true + dns: true + uri: true + routes: + - services: + - name: s1 + port: 80 +``` + +## TLS Session Proxying + +HTTPProxy supports proxying of TLS encapsulated TCP sessions. + +_Note_: The TCP session must be encrypted with TLS. +This is necessary so that Envoy can use SNI to route the incoming request to the correct service. + +If `spec.virtualhost.tls.secretName` is present then that secret will be used to decrypt the TCP traffic at the edge. + +```yaml +# httpproxy-tls-termination.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: example + namespace: default +spec: + virtualhost: + fqdn: tcp.example.com + tls: + secretName: secret + tcpproxy: + services: + - name: tcpservice + port: 8080 + - name: otherservice + port: 9999 + weight: 20 +``` + +The `spec.tcpproxy` key indicates that this _root_ HTTPProxy will forward the de-encrypted TCP traffic to the backend service. + +### TLS Session Passthrough + +If you wish to handle the TLS handshake at the backend service set `spec.virtualhost.tls.passthrough: true` indicates that once SNI demuxing is performed, the encrypted connection will be forwarded to the backend service. +The backend service is expected to have a key which matches the SNI header received at the edge, and be capable of completing the TLS handshake. This is called SSL/TLS Passthrough. + +```yaml +# httpproxy-tls-passthrough.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: example + namespace: default +spec: + virtualhost: + fqdn: tcp.example.com + tls: + passthrough: true + tcpproxy: + services: + - name: tcpservice + port: 8080 + - name: otherservice + port: 9999 + weight: 20 +``` + +[1]: ../configuration#fallback-certificate +[2]: https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/stats#tls-statistics diff --git a/site/content/docs/1.28/config/tracing.md b/site/content/docs/1.28/config/tracing.md new file mode 100644 index 00000000000..5500c26d547 --- /dev/null +++ b/site/content/docs/1.28/config/tracing.md @@ -0,0 +1,117 @@ +# Tracing Support + +- [Overview](#overview) +- [Tracing-config](#tracing-config) + +## Overview + +Envoy has rich support for [distributed tracing][1],and supports exporting data to third-party providers (Zipkin, Jaeger, Datadog, etc.) + +[OpenTelemetry][2] is a CNCF project which is working to become a standard in the space. It was formed as a merger of the OpenTracing and OpenCensus projects. + +Contour supports configuring envoy to export data to OpenTelemetry, and allows users to customize some configurations. + +- Custom service name, the default is `contour`. +- Custom sampling rate, the default is `100`. +- Custom the maximum length of the request path, the default is `256`. +- Customize span tags from literal or request headers. +- Customize whether to include the pod's hostname and namespace. + +## Tracing-config + +In order to use this feature, you must first select and deploy an opentelemetry-collector to receive the tracing data exported by envoy. + +First we should deploy an opentelemetry-collector to receive the tracing data exported by envoy +```bash +# install operator +kubectl apply -f https://github.com/open-telemetry/opentelemetry-operator/releases/latest/download/opentelemetry-operator.yaml +``` + +Install an otel collector instance, with verbose logging exporter enabled: +```shell +kubectl apply -f - </`. If the CA secret's namespace is not the same namespace as the `HTTPProxy` resource, [TLS Certificate Delegation][4] must be used to allow the owner of the CA certificate secret to delegate, for the purposes of referencing the CA certificate in a different namespace, permission to Contour to read the Secret object from another namespace. + +_**Note:** +If `spec.routes.services[].validation` is present, `spec.routes.services[].{name,port}` must point to a Service with a matching `projectcontour.io/upstream-protocol.tls` Service annotation._ + +In the example below, the upstream service is named `secure-backend` and uses port `8443`: + +```yaml +# httpproxy-example.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: example +spec: + virtualhost: + fqdn: www.example.com + routes: + - services: + - name: secure-backend + port: 8443 + validation: + caSecret: my-certificate-authority + subjectName: backend.example.com +``` + +```yaml +# service-secure-backend.yaml +apiVersion: v1 +kind: Service +metadata: + name: secure-backend + annotations: + projectcontour.io/upstream-protocol.tls: "8443" +spec: + ports: + - name: https + port: 8443 + selector: + app: secure-backend + +``` + +If the `validation` spec is defined on a service, but the secret which it references does not exist, Contour will reject the update and set the status of the HTTPProxy object accordingly. +This helps prevent the case of proxying to an upstream where validation is requested, but not yet available. + +```yaml +Status: + Current Status: invalid + Description: route "/": service "tls-nginx": upstreamValidation requested but secret not found or misconfigured +``` + +## Upstream Validation + +When defining upstream services on a route, it's possible to configure the connection from Envoy to the backend endpoint to communicate over TLS. + +A CA certificate and a Subject Name must be provided, which are both used to verify the backend endpoint's identity. + +If specifying multiple Subject Names, `SubjectNames` and `SubjectName` must be configured such that `SubjectNames[0] == SubjectName`. + +The CA certificate bundle for the backend service should be supplied in a Kubernetes Secret. +The referenced Secret must be of type "Opaque" and have a data key named `ca.crt`. +This data value must be a PEM-encoded certificate bundle. + +In addition to the CA certificate and the subject name, the Kubernetes service must also be annotated with a Contour specific annotation: `projectcontour.io/upstream-protocol.tls: ` ([see annotations section][1]). + +_**Note:** This annotation is applied to the Service not the Ingress or HTTPProxy object._ + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: blog + namespace: marketing +spec: + routes: + - services: + - name: s2 + port: 80 + validation: + caSecret: foo-ca-cert + subjectName: foo.marketing + subjectNames: + - foo.marketing + - bar.marketing +``` + +## Envoy Client Certificate + +Contour can be configured with a `namespace/name` in the [Contour configuration file][3] of a Kubernetes secret which Envoy uses as a client certificate when upstream TLS is configured for the backend. +Envoy will send the certificate during TLS handshake when the backend applications request the client to present its certificate. +Backend applications can validate the certificate to ensure that the connection is coming from Envoy. + +[1]: annotations.md +[2]: api/#projectcontour.io/v1.Service +[3]: ../configuration#fallback-certificate +[4]: tls-delegation.md diff --git a/site/content/docs/1.28/config/virtual-hosts.md b/site/content/docs/1.28/config/virtual-hosts.md new file mode 100644 index 00000000000..b7a138dde6b --- /dev/null +++ b/site/content/docs/1.28/config/virtual-hosts.md @@ -0,0 +1,138 @@ +# Virtual Hosts + + +Similar to Ingress, HTTPProxy support name-based virtual hosting. +Name-based virtual hosts use multiple host names with the same IP address. + +``` +foo.bar.com --| |-> foo.bar.com s1:80 + | 178.91.123.132 | +bar.foo.com --| |-> bar.foo.com s2:80 +``` + +Unlike Ingress however, HTTPProxy only support a single root domain per HTTPProxy object. +As an example, this Ingress object: + +```yaml +# ingress-name.yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: name-example +spec: + rules: + - host: foo1.bar.com + http: + paths: + - backend: + service: + name: s1 + port: + number: 80 + pathType: Prefix + - host: bar1.bar.com + http: + paths: + - backend: + service: + name: s2 + port: + number: 80 + pathType: Prefix +``` + +must be represented by two different HTTPProxy objects: + +```yaml +# httpproxy-name.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: name-example-foo + namespace: default +spec: + virtualhost: + fqdn: foo1.bar.com + routes: + - services: + - name: s1 + port: 80 +--- +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: name-example-bar + namespace: default +spec: + virtualhost: + fqdn: bar1.bar.com + routes: + - services: + - name: s2 + port: 80 +``` + +A HTTPProxy object that contains a [`virtualhost`][2] field is known as a "root proxy". + +## Virtualhost aliases + +To present the same set of routes under multiple DNS entries (e.g. `www.example.com` and `example.com`), including a service with a `prefix` condition of `/` can be used. + +```yaml +# httpproxy-inclusion-multipleroots.yaml +--- +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: multiple-root + namespace: default +spec: + virtualhost: + fqdn: bar.com + includes: + - name: main + namespace: default +--- +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: multiple-root-www + namespace: default +spec: + virtualhost: + fqdn: www.bar.com + includes: + - name: main + namespace: default +--- +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: main + namespace: default +spec: + routes: + - services: + - name: s2 + port: 80 +``` + +## Restricted root namespaces + +HTTPProxy inclusion allows Administrators to limit which users/namespaces may configure routes for a given domain, but it does not restrict where root HTTPProxies may be created. +Contour has an enforcing mode which accepts a list of namespaces where root HTTPProxy are valid. +Only users permitted to operate in those namespaces can therefore create HTTPProxy with the [`virtualhost`] field ([see API docs][2]). + +This restricted mode is enabled in Contour by specifying a command line flag, `--root-namespaces`, which will restrict Contour to only searching the defined namespaces for root HTTPProxy. This CLI flag accepts a comma separated list of namespaces where HTTPProxy are valid (e.g. `--root-namespaces=default,kube-system,my-admin-namespace`). + +HTTPProxy with a defined [virtualhost][2] field that are not in one of the allowed root namespaces will be flagged as `invalid` and will be ignored by Contour. + +Additionally, when defined, Contour will only watch for Kubernetes secrets in these namespaces ignoring changes in all other namespaces. +Proper RBAC rules should also be created to restrict what namespaces Contour has access matching the namespaces passed to the command line flag. +An example of this is included in the [examples directory][1] and shows how you might create a namespace called `root-httproxy`. + +_**Note:** The restricted root namespace feature is only supported for HTTPProxy CRDs. +`--root-namespaces` does not affect the operation of Ingress objects. In order to limit other resources, see the `--watch-namespaces` configuration flag._ + +[1]: {{< param github_url>}}/tree/{{< param branch >}}/examples/root-rbac +[2]: api/#projectcontour.io/v1.VirtualHost diff --git a/site/content/docs/1.28/config/websockets.md b/site/content/docs/1.28/config/websockets.md new file mode 100644 index 00000000000..136c0468378 --- /dev/null +++ b/site/content/docs/1.28/config/websockets.md @@ -0,0 +1,27 @@ +# Websockets + +WebSocket support can be enabled on specific routes using the `enableWebsockets` field: + +```yaml +# httpproxy-websockets.yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: chat + namespace: default +spec: + virtualhost: + fqdn: chat.example.com + routes: + - services: + - name: chat-app + port: 80 + - conditions: + - prefix: /websocket + enableWebsockets: true # Setting this to true enables websocket for all paths that match /websocket + services: + - name: chat-app + port: 80 +``` + +If you are using Gateway API, websockets are enabled by default at the Listener level. diff --git a/site/content/docs/1.28/configuration.md b/site/content/docs/1.28/configuration.md new file mode 100644 index 00000000000..f145d67f09c --- /dev/null +++ b/site/content/docs/1.28/configuration.md @@ -0,0 +1,541 @@ +# Contour Configuration Reference + +- [Serve Flags](#serve-flags) +- [Configuration File](#configuration-file) +- [Environment Variables](#environment-variables) +- [Bootstrap Config File](#bootstrap-config-file) + +## Overview + +There are various ways to configure Contour, flags, the configuration file, as well as environment variables. +Contour has a precedence of configuration for contour serve, meaning anything configured in the config file is overridden by environment vars which are overridden by cli flags. + +## Serve Flags + +The `contour serve` command is the main command which is used to watch for Kubernetes resource and process them into Envoy configuration which is then streamed to any Envoy via its xDS gRPC connection. +There are a number of flags that can be passed to this command which further configures how Contour operates. +Many of these flags are mirrored in the [Contour Configuration File](#configuration-file). + +| Flag Name | Description | +| --------------------------------------------------------------- | --------------------------------------------------------------------------------------- | +| `--config-path` | Path to base configuration | +| `--contour-config-name` | Name of the ContourConfiguration resource to use | +| `--incluster` | Use in cluster configuration | +| `--kubeconfig=` | Path to kubeconfig (if not in running inside a cluster) | +| `--xds-address=` | xDS gRPC API address | +| `--xds-port=` | xDS gRPC API port | +| `--stats-address=` | Envoy /stats interface address | +| `--stats-port=` | Envoy /stats interface port | +| `--debug-http-address=
` | Address the debug http endpoint will bind to. | +| `--debug-http-port=` | Port the debug http endpoint will bind to | +| `--http-address=` | Address the metrics HTTP endpoint will bind to | +| `--http-port=` | Port the metrics HTTP endpoint will bind to. | +| `--health-address=` | Address the health HTTP endpoint will bind to | +| `--health-port=` | Port the health HTTP endpoint will bind to | +| `--contour-cafile=` | CA bundle file name for serving gRPC with TLS | +| `--contour-cert-file=` | Contour certificate file name for serving gRPC over TLS | +| `--contour-key-file=` | Contour key file name for serving gRPC over TLS | +| `--insecure` | Allow serving without TLS secured gRPC | +| `--root-namespaces=` | Restrict contour to searching these namespaces for root ingress routes | +| `--watch-namespaces=` | Restrict contour to searching these namespaces for all resources | +| `--ingress-class-name=` | Contour IngressClass name (comma-separated list allowed) | +| `--ingress-status-address=
` | Address to set in Ingress object status | +| `--envoy-http-access-log=` | Envoy HTTP access log | +| `--envoy-https-access-log=` | Envoy HTTPS access log | +| `--envoy-service-http-address=` | Kubernetes Service address for HTTP requests | +| `--envoy-service-https-address=` | Kubernetes Service address for HTTPS requests | +| `--envoy-service-http-port=` | Kubernetes Service port for HTTP requests | +| `--envoy-service-https-port=` | Kubernetes Service port for HTTPS requests | +| `--envoy-service-name=` | Name of the Envoy service to inspect for Ingress status details. | +| `--envoy-service-namespace=` | Envoy Service Namespace | +| `--use-proxy-protocol` | Use PROXY protocol for all listeners | +| `--accesslog-format=` | Format for Envoy access logs | +| `--disable-leader-election` | Disable leader election mechanism | +| `--disable-feature=` | Do not start an informer for the specified resources. Flag can be given multiple times. | +| `--leader-election-lease-duration` | The duration of the leadership lease. | +| `--leader-election-renew-deadline` | The duration leader will retry refreshing leadership before giving up. | +| `--leader-election-retry-period` | The interval which Contour will attempt to acquire leadership lease. | +| `--leader-election-resource-name` | The name of the resource (Lease) leader election will lease. | +| `--leader-election-resource-namespace` | The namespace of the resource (Lease) leader election will lease. | +| `-d, --debug` | Enable debug logging | +| `--kubernetes-debug=` | Enable Kubernetes client debug logging | +| `--log-format=` | Log output format for Contour. Either text (default) or json. | +| `--kubernetes-client-qps=` | QPS allowed for the Kubernetes client. | +| `--kubernetes-client-burst=` | Burst allowed for the Kubernetes client. | + +## Configuration File + +A configuration file can be passed to the `--config-path` argument of the `contour serve` command to specify additional configuration to Contour. +In most deployments, this file is passed to Contour via a ConfigMap which is mounted as a volume to the Contour pod. + +The Contour configuration file is optional. +In its absence, Contour will operate with reasonable defaults. +Where Contour settings can also be specified with command-line flags, the command-line value takes precedence over the configuration file. + +| Field Name | Type | Default | Description | +|---------------------------| ---------------------- |------------------------------------------------------------------------------------------------------| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| accesslog-format | string | `envoy` | This key sets the global [access log format][2] for Envoy. Valid options are `envoy` or `json`. | +| accesslog-format-string | string | None | If present, this specifies custom access log format for Envoy. See [Envoy documentation](https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage) for more information about the syntax. This field only has effect if `accesslog-format` is `envoy` | +| accesslog-level | string | `info` | This field specifies the verbosity level of the access log. Valid options are `info` (default, all requests are logged), `error` (all non-success, i.e. 300+ response code, requests are logged), `critical` (all server error, i.e. 500+ response code, requests are logged) and `disabled`. | +| debug | boolean | `false` | Enables debug logging. | +| default-http-versions | string array | HTTP/1.1
HTTP/2 | This array specifies the HTTP versions that Contour should program Envoy to serve. HTTP versions are specified as strings of the form "HTTP/x", where "x" represents the version number. | +| disableAllowChunkedLength | boolean | `false` | If this field is true, Contour will disable the RFC-compliant Envoy behavior to strip the `Content-Length` header if `Transfer-Encoding: chunked` is also set. This is an emergency off-switch to revert back to Envoy's default behavior in case of failures. +| disableMergeSlashes | boolean | `false` | This field disables Envoy's non-standard merge_slashes path transformation behavior that strips duplicate slashes from request URL paths. +| serverHeaderTransformation | string | `overwrite` | This field defines the action to be applied to the Server header on the response path. Values: `overwrite` (default), `append_if_absent`, `pass_through` +| disablePermitInsecure | boolean | `false` | If this field is true, Contour will ignore `PermitInsecure` field in HTTPProxy documents. | +| envoy-service-name | string | `envoy` | This sets the service name that will be inspected for address details to be applied to Ingress objects. | +| envoy-service-namespace | string | `projectcontour` | This sets the namespace of the service that will be inspected for address details to be applied to Ingress objects. If the `CONTOUR_NAMESPACE` environment variable is present, Contour will populate this field with its value. | +| ingress-status-address | string | None | If present, this specifies the address that will be copied into the Ingress status for each Ingress that Contour manages. It is exclusive with `envoy-service-name` and `envoy-service-namespace`. | +| incluster | boolean | `false` | This field specifies that Contour is running in a Kubernetes cluster and should use the in-cluster client access configuration. | +| json-fields | string array | [fields][5] | This is the list the field names to include in the JSON [access log format][2]. This field only has effect if `accesslog-format` is `json`. | +| kubeconfig | string | `$HOME/.kube/config` | Path to a Kubernetes [kubeconfig file][3] for when Contour is executed outside a cluster. | +| kubernetesClientQPS | float32 | | QPS allowed for the Kubernetes client. | +| kubernetesClientBurst | int | | Burst allowed for the Kubernetes client. | +| policy | PolicyConfig | | The default [policy configuration](#policy-configuration). | +| tls | TLS | | The default [TLS configuration](#tls-configuration). | +| timeouts | TimeoutConfig | | The [timeout configuration](#timeout-configuration). | +| cluster | ClusterConfig | | The [cluster configuration](#cluster-configuration). | +| network | NetworkConfig | | The [network configuration](#network-configuration). | +| listener | ListenerConfig | | The [listener configuration](#listener-configuration). | +| server | ServerConfig | | The [server configuration](#server-configuration) for `contour serve` command. | +| gateway | GatewayConfig | | The [gateway-api Gateway configuration](#gateway-configuration). | +| rateLimitService | RateLimitServiceConfig | | The [rate limit service configuration](#rate-limit-service-configuration). | +| enableExternalNameService | boolean | `false` | Enable ExternalName Service processing. Enabling this has security implications. Please see the [advisory](https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc) for more details. | +| metrics | MetricsParameters | | The [metrics configuration](#metrics-configuration) | +| featureFlags | string array | `[]` | Defines the toggle to enable new contour features. Available toggles are:
1. `useEndpointSlices` - configures contour to fetch endpoint data from k8s endpoint slices. | + +### TLS Configuration + +The TLS configuration block can be used to configure default values for how +Contour should provision TLS hosts. + +| Field Name | Type | Default | Description | +| ------------------------ | -------- | ----------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| minimum-protocol-version | string | `1.2` | This field specifies the minimum TLS protocol version that is allowed. Valid options are `1.2` (default) and `1.3`. Any other value defaults to TLS 1.2. +| maximum-protocol-version | string | `1.3` | This field specifies the maximum TLS protocol version that is allowed. Valid options are `1.2` and `1.3`. Any other value defaults to TLS 1.3. | +| fallback-certificate | | | [Fallback certificate configuration](#fallback-certificate). | +| envoy-client-certificate | | | [Client certificate configuration for Envoy](#envoy-client-certificate). | +| cipher-suites | []string | See [config package documentation](https://pkg.go.dev/github.com/projectcontour/contour/pkg/config#pkg-variables) | This field specifies the TLS ciphers to be supported by TLS listeners when negotiating TLS 1.2. This parameter should only be used by advanced users. Note that this is ignored when TLS 1.3 is in use. The set of ciphers that are allowed is a superset of those supported by default in stock, non-FIPS Envoy builds and FIPS builds as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-field-extensions-transport-sockets-tls-v3-tlsparameters-cipher-suites). Custom ciphers not accepted by Envoy in a standard build are not supported. | + +### Upstream TLS Configuration + +The Upstream TLS configuration block can be used to configure default values for how Contour establishes TLS for upstream connections. + +| Field Name | Type | Default | Description | +| ------------------------ | -------- | ----------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| minimum-protocol-version | string | `1.2` | This field specifies the minimum TLS protocol version that is allowed. Valid options are `1.2` (default) and `1.3`. Any other value defaults to TLS 1.2. | +| maximum-protocol-version | string | `1.3` | This field specifies the maximum TLS protocol version that is allowed. Valid options are `1.2` and `1.3`. Any other value defaults to TLS 1.3. | +| cipher-suites | []string | See [config package documentation](https://pkg.go.dev/github.com/projectcontour/contour/pkg/config#pkg-variables) | This field specifies the TLS ciphers to be supported by TLS listeners when negotiating TLS 1.2. This parameter should only be used by advanced users. Note that this is ignored when TLS 1.3 is in use. The set of ciphers that are allowed is a superset of those supported by default in stock, non-FIPS Envoy builds and FIPS builds as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-field-extensions-transport-sockets-tls-v3-tlsparameters-cipher-suites). Custom ciphers not accepted by Envoy in a standard build are not supported. | + +### Fallback Certificate + +| Field Name | Type | Default | Description | +| ---------- | ------ | ------- | ----------------------------------------------------------------------------------------------- | +| name | string | `""` | This field specifies the name of the Kubernetes secret to use as the fallback certificate. | +| namespace | string | `""` | This field specifies the namespace of the Kubernetes secret to use as the fallback certificate. | + + +### Envoy Client Certificate + +| Field Name | Type | Default | Description | +| ---------- | ------ | ------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| name | string | `""` | This field specifies the name of the Kubernetes secret to use as the client certificate and private key when establishing TLS connections to the backend service. | +| namespace | string | `""` | This field specifies the namespace of the Kubernetes secret to use as the client certificate and private key when establishing TLS connections to the backend service. | + + +### Timeout Configuration + +The timeout configuration block can be used to configure various timeouts for the proxies. All fields are optional; Contour/Envoy defaults apply if a field is not specified. + +| Field Name | Type | Default | Description | +| -------------------------------- | ------ | ------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| request-timeout | string | none* | This field specifies the default request timeout. Note that this is a timeout for the entire request, not an idle timeout. Must be a [valid Go duration string][4], or omitted or set to `infinity` to disable the timeout entirely. See [the Envoy documentation][12] for more information.

_Note: A value of `0s` previously disabled this timeout entirely. This is no longer the case. Use `infinity` or omit this field to disable the timeout._ | +| connection-idle-timeout | string | `60s` | This field defines how long the proxy should wait while there are no active requests (for HTTP/1.1) or streams (for HTTP/2) before terminating an HTTP connection. The timeout applies to downstream connections only. Must be a [valid Go duration string][4], or `infinity` to disable the timeout entirely. See [the Envoy documentation][8] for more information. | +| stream-idle-timeout | string | `5m`* | This field defines how long the proxy should wait while there is no activity during single request/response (for HTTP/1.1) or stream (for HTTP/2). Timeout will not trigger while HTTP/1.1 connection is idle between two consecutive requests. Must be a [valid Go duration string][4], or `infinity` to disable the timeout entirely. See [the Envoy documentation][9] for more information. | +| max-connection-duration | string | none* | This field defines the maximum period of time after an HTTP connection has been established from the client to the proxy before it is closed by the proxy, regardless of whether there has been activity or not. Must be a [valid Go duration string][4], or omitted or set to `infinity` for no max duration. See [the Envoy documentation][10] for more information. | +| delayed-close-timeout | string | `1s`* | *Note: this is an advanced setting that should not normally need to be tuned.*

This field defines how long envoy will wait, once connection close processing has been initiated, for the downstream peer to close the connection before Envoy closes the socket associated with the connection. Setting this timeout to 'infinity' will disable it. See [the Envoy documentation][13] for more information. | +| connection-shutdown-grace-period | string | `5s`* | This field defines how long the proxy will wait between sending an initial GOAWAY frame and a second, final GOAWAY frame when terminating an HTTP/2 connection. During this grace period, the proxy will continue to respond to new streams. After the final GOAWAY frame has been sent, the proxy will refuse new streams. Must be a [valid Go duration string][4]. See [the Envoy documentation][11] for more information. | +| connect-timeout | string | `2s` | This field defines how long the proxy will wait for the upstream connection to be established. + +_This is Envoy's default setting value and is not explicitly configured by Contour._ + +### Cluster Configuration + +The cluster configuration block can be used to configure various parameters for Envoy clusters. + +| Field Name | Type | Default | Description | +|-----------------------------------|--------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| dns-lookup-family | string | auto | This field specifies the dns-lookup-family to use for upstream requests to externalName type Kubernetes services from an HTTPProxy route. Values are: `auto`, `v4`, `v6`, `all` | +| max-requests-per-connection | int | none | This field specifies the maximum requests for upstream connections. If not specified, there is no limit | +| circuit-breakers | [CircuitBreakers](#circuit-breakers) | none | This field specifies the default value for [circuit-breaker-annotations](https://projectcontour.io/docs/main/config/annotations/) for services that don't specify them. | +| per-connection-buffer-limit-bytes | int | 1MiB* | This field specifies the soft limit on size of the cluster’s new connection read and write buffer. If not specified, Envoy defaults of 1MiB apply | +| upstream-tls | UpstreamTLS | | [Upstream TLS configuration](#upstream-tls) | + +_This is Envoy's default setting value and is not explicitly configured by Contour._ + + + + +### Network Configuration + +The network configuration block can be used to configure various parameters network connections. + +| Field Name | Type | Default | Description | +| ---------------- | ---- | ------- | ----------------------------------------------------------------------------------------------------------------------- | +| num-trusted-hops | int | 0 | Configures the number of additional ingress proxy hops from the right side of the x-forwarded-for HTTP header to trust. | +| admin-port | int | 9001 | Configures the Envoy Admin read-only listener on Envoy. Set to `0` to disable. | + +### Listener Configuration + +The listener configuration block can be used to configure various parameters for Envoy listener. + +| Field Name | Type | Default | Description | +|-----------------------------------|--------|---------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| connection-balancer | string | `""` | This field specifies the listener connection balancer. If the value is `exact`, the listener will use the exact connection balancer to balance connections between threads in a single Envoy process. See [the Envoy documentation][14] for more information. | +| max-requests-per-connection | int | none | This field specifies the maximum requests for downstream connections. If not specified, there is no limit | +| per-connection-buffer-limit-bytes | int | 1MiB* | This field specifies the soft limit on size of the listener’s new connection read and write buffer. If not specified, Envoy defaults of 1MiB apply | +| socket-options | SocketOptions | | The [Socket Options](#socket-options) for Envoy listeners. | +| max-requests-per-io-cycle | int | none | Defines the limit on number of HTTP requests that Envoy will process from a single connection in a single I/O cycle. Requests over this limit are processed in subsequent I/O cycles. Can be used as a mitigation for CVE-2023-44487 when abusive traffic is detected. Configures the `http.max_requests_per_io_cycle` Envoy runtime setting. The default value when this is not set is no limit. | +| http2-max-concurrent-streams | int | none | Defines the value for SETTINGS_MAX_CONCURRENT_STREAMS Envoy will advertise in the SETTINGS frame in HTTP/2 connections and the limit for concurrent streams allowed for a peer on a single HTTP/2 connection. It is recommended to not set this lower than 100 but this field can be used to bound resource usage by HTTP/2 connections and mitigate attacks like CVE-2023-44487. The default value when this is not set is unlimited. | + +_This is Envoy's default setting value and is not explicitly configured by Contour._ + +### Server Configuration + +The server configuration block can be used to configure various settings for the `contour serve` command. + +| Field Name | Type | Default | Description | +| --------------- | ------ | ------- | ----------------------------------------------------------------------------- | +| xds-server-type | string | contour | This field specifies the xDS Server to use. Options are `contour` or `envoy`. | + +### Gateway Configuration + +The gateway configuration block is used to configure which gateway-api Gateway Contour should configure: + +| Field Name | Type | Default | Description | +| -------------- | -------------- | ------- | ------------------------------------------------------------------------------ | +| controllerName | string | | **DEPRECATED**: Use `gatewayRef` or the Gateway provisioner instead. This field will be removed in a future release. Gateway Class controller name (i.e. projectcontour.io/gateway-controller). If set, Contour will reconcile the oldest GatewayClass, and its oldest Gateway, with this controller string. Only one of `controllerName` or `gatewayRef` must be set. | +| gatewayRef | NamespacedName | | [Gateway namespace and name](#gateway-ref). If set, Contour will reconcile this specific Gateway. Only one of `controllerName` or `gatewayRef` must be set. | + +### Gateway Ref + +| Field Name | Type | Default | Description | +| ---------- | ------ | ------- | ----------------------------------------------------------------------------------------------- | +| name | string | `""` | This field specifies the name of the specific Gateway to reconcile. | +| namespace | string | `""` | This field specifies the namespace of the specific Gateway to reconcile. | + +### Policy Configuration + +The Policy configuration block can be used to configure default policy values +that are set if not overridden by the user. + +The `request-headers` field is used to rewrite headers on a HTTP request, and +the `response-headers` field is used to rewrite headers on a HTTP response. + +| Field Name | Type | Default | Description | +| ---------------- | ------------ | ------- | ------------------------------------------------------------------------------------------------- | +| request-headers | HeaderPolicy | none | The default request headers set or removed on all service routes if not overridden in the object | +| response-headers | HeaderPolicy | none | The default response headers set or removed on all service routes if not overridden in the object | +| applyToIngress | Boolean | false | Whether the global policy should apply to Ingress objects | + +#### HeaderPolicy + +The `set` field sets an HTTP header value, creating it if it doesn't already exist but not overwriting it if it does. +The `remove` field removes an HTTP header. + +| Field Name | Type | Default | Description | +| ---------- | ----------------- | ------- | ------------------------------------------------------------------------------- | +| set | map[string]string | none | Map of headers to set on all service routes if not overridden in the object | +| remove | []string | none | List of headers to remove on all service routes if not overridden in the object | + +Note: the values of entries in the `set` and `remove` fields can be overridden in HTTPProxy objects but it it not possible to remove these entries. + +### Rate Limit Service Configuration + +The rate limit service configuration block is used to configure an optional global rate limit service: + +| Field Name | Type | Default | Description | +|-----------------------------| ------ | ------- |------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| extensionService | string | | This field identifies the extension service defining the rate limit service, formatted as /. | +| domain | string | contour | This field defines the rate limit domain value to pass to the rate limit service. Acts as a container for a set of rate limit definitions within the RLS. | +| failOpen | bool | false | This field defines whether to allow requests to proceed when the rate limit service fails to respond with a valid rate limit decision within the timeout defined on the extension service. | +| enableXRateLimitHeaders | bool | false | This field defines whether to include the X-RateLimit headers X-RateLimit-Limit, X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF Internet-Draft https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html), on responses to clients when the Rate Limit Service is consulted for a request. | +| enableResourceExhaustedCode | bool | false | This field defines whether to translate status code 429 to gRPC RESOURCE_EXHAUSTED instead of UNAVAILABLE. | + +### Metrics Configuration + +MetricsParameters holds configurable parameters for Contour and Envoy metrics. + +| Field Name | Type | Default | Description | +| ----------- | ----------------------- | ------- | -------------------------------------------------------------------- | +| contour | MetricsServerParameters | | [Metrics Server Parameters](#metrics-server-parameters) for Contour. | +| envoy | MetricsServerParameters | | [Metrics Server Parameters](#metrics-server-parameters) for Envoy. | + +### Metrics Server Parameters + +MetricsServerParameters holds configurable parameters for Contour and Envoy metrics. +Metrics are served over HTTPS if `server-certificate-path` and `server-key-path` are set. +Metrics and health endpoints cannot have the same port number when metrics are served over HTTPS. + +| Field Name | Type | Default | Description | +| ----------------------- | ------ | ---------------------------- | -----------------------------------------------------------------------------| +| address | string | 0.0.0.0 | Address that metrics server will bind to. | +| port | int | 8000 (Contour), 8002 (Envoy) | Port that metrics server will bind to. | +| server-certificate-path | string | none | Optional path to the server certificate file. | +| server-key-path | string | none | Optional path to the server private key file. | +| ca-certificate-path | string | none | Optional path to the CA certificate file used to verify client certificates. | + +### Socket Options + +| Field Name | Type | Default | Description | +| --------------- | ------ | ------- | ----------------------------------------------------------------------------- | +| tos | int | 0 | Defines the value for IPv4 TOS field (including 6 bit DSCP field) for IP packets originating from Envoy listeners. Single value is applied to all listeners. The value must be in the range 0-255, 0 means socket option is not set. If listeners are bound to IPv6-only addresses, setting this option will cause an error. | +| traffic-class | int | 0 | Defines the value for IPv6 Traffic Class field (including 6 bit DSCP field) for IP packets originating from the Envoy listeners. Single value is applied to all listeners. The value must be in the range 0-255, 0 means socket option is not set. If listeners are bound to IPv4-only addresses, setting this option will cause an error. | + + +### Circuit Breakers + +| Field Name | Type | Default | Description | +| --------------- | ------ | ------- | ----------------------------------------------------------------------------- | +| max-connections | int | 0 | The maximum number of connections that a single Envoy instance allows to the Kubernetes Service; defaults to 1024. | +| max-pending-requests | int | 0 | The maximum number of pending requests that a single Envoy instance allows to the Kubernetes Service; defaults to 1024. | +| max-requests | int | 0 | The maximum parallel requests a single Envoy instance allows to the Kubernetes Service; defaults to 1024 | +| max-retries | int | 0 | The maximum number of parallel retries a single Envoy instance allows to the Kubernetes Service; defaults to 3. This setting only makes sense if the cluster is configured to do retries.| + +### Configuration Example + +The following is an example ConfigMap with configuration file included: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: contour + namespace: projectcontour +data: + contour.yaml: | + # + # server: + # determine which XDS Server implementation to utilize in Contour. + # xds-server-type: contour + # + # specify the gateway-api Gateway Contour should configure + # gateway: + # controllerName: projectcontour.io/gateway-controller + # + # should contour expect to be running inside a k8s cluster + # incluster: true + # + # path to kubeconfig (if not running inside a k8s cluster) + # kubeconfig: /path/to/.kube/config + # + # Disable RFC-compliant behavior to strip "Content-Length" header if + # "Tranfer-Encoding: chunked" is also set. + # disableAllowChunkedLength: false + # Disable HTTPProxy permitInsecure field + disablePermitInsecure: false + tls: + # minimum TLS version that Contour will negotiate + # minimum-protocol-version: "1.2" + # TLS ciphers to be supported by Envoy TLS listeners when negotiating + # TLS 1.2. + # cipher-suites: + # - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' + # - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' + # - 'ECDHE-ECDSA-AES256-GCM-SHA384' + # - 'ECDHE-RSA-AES256-GCM-SHA384' + # Defines the Kubernetes name/namespace matching a secret to use + # as the fallback certificate when requests which don't match the + # SNI defined for a vhost. + fallback-certificate: + # name: fallback-secret-name + # namespace: projectcontour + envoy-client-certificate: + # name: envoy-client-cert-secret-name + # namespace: projectcontour + ### Logging options + # Default setting + accesslog-format: envoy + # The default access log format is defined by Envoy but it can be customized by setting following variable. + # accesslog-format-string: "...\n" + # To enable JSON logging in Envoy + # accesslog-format: json + # accesslog-level: info + # The default fields that will be logged are specified below. + # To customise this list, just add or remove entries. + # The canonical list is available at + # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields + # json-fields: + # - "@timestamp" + # - "authority" + # - "bytes_received" + # - "bytes_sent" + # - "downstream_local_address" + # - "downstream_remote_address" + # - "duration" + # - "method" + # - "path" + # - "protocol" + # - "request_id" + # - "requested_server_name" + # - "response_code" + # - "response_flags" + # - "uber_trace_id" + # - "upstream_cluster" + # - "upstream_host" + # - "upstream_local_address" + # - "upstream_service_time" + # - "user_agent" + # - "x_forwarded_for" + # + # default-http-versions: + # - "HTTP/2" + # - "HTTP/1.1" + # + # The following shows the default proxy timeout settings. + # timeouts: + # request-timeout: infinity + # connection-idle-timeout: 60s + # stream-idle-timeout: 5m + # max-connection-duration: infinity + # connection-shutdown-grace-period: 5s + # + # Envoy cluster settings. + # cluster: + # configure the cluster dns lookup family + # valid options are: auto (default), v4, v6, all + # dns-lookup-family: auto + # the maximum requests for upstream connections. + # If not specified, there is no limit. + # Setting this parameter to 1 will effectively disable keep alive + # max-requests-per-connection: 0 + # the soft limit on size of the cluster’s new connection read and write buffers + # per-connection-buffer-limit-bytes: 32768 + # + # network: + # Configure the number of additional ingress proxy hops from the + # right side of the x-forwarded-for HTTP header to trust. + # num-trusted-hops: 0 + # Configure the port used to access the Envoy Admin interface. + # admin-port: 9001 + # + # Configure an optional global rate limit service. + # rateLimitService: + # Identifies the extension service defining the rate limit service, + # formatted as /. + # extensionService: projectcontour/ratelimit + # Defines the rate limit domain to pass to the rate limit service. + # Acts as a container for a set of rate limit definitions within + # the RLS. + # domain: contour + # Defines whether to allow requests to proceed when the rate limit + # service fails to respond with a valid rate limit decision within + # the timeout defined on the extension service. + # failOpen: false + # Defines whether to include the X-RateLimit headers X-RateLimit-Limit, + # X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF + # Internet-Draft linked below), on responses to clients when the Rate + # Limit Service is consulted for a request. + # ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html + # enableXRateLimitHeaders: false + # Defines whether to translate status code 429 to grpc code RESOURCE_EXHAUSTED + # instead of the default UNAVAILABLE + # enableResourceExhaustedCode: false + # + # Global Policy settings. + # policy: + # # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself) + # request-headers: + # set: + # # example: the hostname of the Envoy instance that proxied the request + # X-Envoy-Hostname: %HOSTNAME% + # # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for + # l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT% + # # default headers to set on all responses (unless set/removed on the HTTPProxy object itself) + # response-headers: + # set: + # # example: Envoy flags that provide additional details about the response or connection + # X-Envoy-Response-Flags: %RESPONSE_FLAGS% + # Whether or not the policy settings should apply to ingress objects + # applyToIngress: true + # + # metrics: + # contour: + # address: 0.0.0.0 + # port: 8000 + # server-certificate-path: /path/to/server-cert.pem + # server-key-path: /path/to/server-private-key.pem + # ca-certificate-path: /path/to/root-ca-for-client-validation.pem + # envoy: + # address: 0.0.0.0 + # port: 8002 + # server-certificate-path: /path/to/server-cert.pem + # server-key-path: /path/to/server-private-key.pem + # ca-certificate-path: /path/to/root-ca-for-client-validation.pem + # + # listener: + # connection-balancer: exact + # socket-options: + # tos: 64 + # traffic-class: 64 +``` + +_Note:_ The default example `contour` includes this [file][1] for easy deployment of Contour. + +## Environment Variables + +### CONTOUR_NAMESPACE + +If present, the value of the `CONTOUR_NAMESPACE` environment variable is used as: + +1. The value for the `contour bootstrap --namespace` flag unless otherwise specified. +1. The value for the `contour certgen --namespace` flag unless otherwise specified. +1. The value for the `contour serve --envoy-service-namespace` flag unless otherwise specified. +1. The value for the `contour serve --leader-election-resource-namespace` flag unless otherwise specified. + +The `CONTOUR_NAMESPACE` environment variable is set via the [Downward API][6] in the Contour [example manifests][7]. + +## Bootstrap Config File + +The bootstrap configuration file is generated by an initContainer in the Envoy daemonset which runs the `contour bootstrap` command to generate the file. +This configuration file configures the Envoy container to connect to Contour and receive configuration via xDS. + +The next section outlines all the available flags that can be passed to the `contour bootstrap` command which are used to customize +the configuration file to match the environment in which Envoy is deployed. + +### Bootstrap Flags + +There are flags that can be passed to `contour bootstrap` that help configure how Envoy +connects to Contour: + +| Flag | Default | Description | +| -------------------------------------- |-------------------| ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| --resources-dir | "" | Directory where resource files will be written. | +| --admin-address | /admin/admin.sock | Path to Envoy admin unix domain socket. | +| --admin-port (Deprecated) | 9001 | Deprecated: Port is now configured as a Contour flag. | +| --xds-address | 127.0.0.1 | Address to connect to Contour xDS server on. | +| --xds-port | 8001 | Port to connect to Contour xDS server on. | +| --envoy-cafile | "" | CA filename for Envoy secure xDS gRPC communication. | +| --envoy-cert-file | "" | Client certificate filename for Envoy secure xDS gRPC communication. | +| --envoy-key-file | "" | Client key filename for Envoy secure xDS gRPC communication. | +| --namespace | projectcontour | Namespace the Envoy container will run, also configured via ENV variable "CONTOUR_NAMESPACE". Namespace is used as part of the metric names on static resources defined in the bootstrap configuration file. | +| --xds-resource-version | v3 | Currently, the only valid xDS API resource version is `v3`. | +| --dns-lookup-family | auto | Defines what DNS Resolution Policy to use for Envoy -> Contour cluster name lookup. Either v4, v6, auto or all. | +| --log-format | text | Log output format for Contour. Either text or json. | +| --overload-max-heap | 0 | Defines the maximum heap memory of the envoy controlled by the overload manager. When the value is greater than 0, the overload manager is enabled, and when envoy reaches 95% of the maximum heap size, it performs a shrink heap operation. When it reaches 98% of the maximum heap size, Envoy Will stop accepting requests. | + + +[1]: {{< param github_url>}}/tree/{{< param branch >}}/examples/contour/01-contour-config.yaml +[2]: config/access-logging +[3]: https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/ +[4]: https://golang.org/pkg/time/#ParseDuration +[5]: https://godoc.org/github.com/projectcontour/contour/internal/envoy#DefaultFields +[6]: https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/ +[7]: {{< param github_url>}}/tree/{{< param branch >}}/examples/contour +[8]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-idle-timeout +[9]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-stream-idle-timeout +[10]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/protocol.proto#envoy-v3-api-field-config-core-v3-httpprotocoloptions-max-connection-duration +[11]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-drain-timeout +[12]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-request-timeout +[13]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto#envoy-v3-api-field-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-delayed-close-timeout +[14]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/listener/v3/listener.proto#config-listener-v3-listener-connectionbalanceconfig diff --git a/site/content/docs/1.28/deploy-options.md b/site/content/docs/1.28/deploy-options.md new file mode 100644 index 00000000000..0ae74a53bd9 --- /dev/null +++ b/site/content/docs/1.28/deploy-options.md @@ -0,0 +1,383 @@ +# Deployment Options + +The [Getting Started][8] guide shows you a simple way to get started with Contour on your cluster. +This topic explains the details and shows you additional options. +Most of this covers running Contour using a Kubernetes Service of `Type: LoadBalancer`. +If you don't have a cluster with that capability see the [Running without a Kubernetes LoadBalancer][1] section. + +## Installation + +Contour requires a secret containing TLS certificates that are used to secure the gRPC communication between Contour<>Envoy. +This secret can be auto-generated by the Contour `certgen` job or provided by an administrator. +Traffic must be forwarded to Envoy, typically via a Service of `type: LoadBalancer`. +All other requirements such as RBAC permissions, configuration details, are provided or have good defaults for most installations. + +### Setting resource requests and limits + +It is recommended that resource requests and limits be set on all Contour and Envoy containers. +The example YAML manifests used in the [Getting Started][8] guide do not include these, because the appropriate values can vary widely from user to user. +The table below summarizes the Contour and Envoy containers, and provides some reasonable resource requests to start with (note that these should be adjusted based on observed usage and expected load): + +| Workload | Container | Request (mem) | Request (cpu) | +| ------------------- | ---------------- | ------------- | ------------- | +| deployment/contour | contour | 128Mi | 250m | +| daemonset/envoy | envoy | 256Mi | 500m | +| daemonset/envoy | shutdown-manager | 50Mi | 25m | + + +### Envoy as Daemonset + +The recommended installation is for Contour to run as a Deployment and Envoy to run as a Daemonset. +The example Damonset places a single instance of Envoy per node in the cluster as well as attaches to `hostPorts` on each node. +This model allows for simple scaling of Envoy instances as well as ensuring even distribution of instances across the cluster. + +The [example daemonset manifest][2] or [Contour Gateway Provisioner][12] will create an installation based on these recommendations. + +_Note: If the size of the cluster is scaled down, connections can be lost since Kubernetes Damonsets do not follow proper `preStop` hooks._ + +### Envoy as Deployment + +An alternative Envoy deployment model is utilizing a Kubernetes Deployment with a configured `podAntiAffinity` which attempts to mirror the Daemonset deployment model. +A benefit of this model compared to the Daemonset version is when a node is removed from the cluster, the proper shutdown events are available so connections can be cleanly drained from Envoy before terminating. + +The [example deployment manifest][14] will create an installation based on these recommendations. + +## Testing your installation + +### Get your hostname or IP address + +To retrieve the IP address or DNS name assigned to your Contour deployment, run: + +```bash +$ kubectl get -n projectcontour service envoy -o wide +``` + +On AWS, for example, the response looks like: + +``` +NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR +contour 10.106.53.14 a47761ccbb9ce11e7b27f023b7e83d33-2036788482.ap-southeast-2.elb.amazonaws.com 80:30274/TCP 3h app=contour +``` + +Depending on your cloud provider, the `EXTERNAL-IP` value is an IP address, or, in the case of Amazon AWS, the DNS name of the ELB created for Contour. Keep a record of this value. + +Note that if you are running an Elastic Load Balancer (ELB) on AWS, you must add more details to your configuration to get the remote address of your incoming connections. +See the [instructions for enabling the PROXY protocol.][4] + +#### Minikube + +On Minikube, to get the IP address of the Contour service run: + +```bash +$ minikube service -n projectcontour envoy --url +``` + +The response is always an IP address, for example `http://192.168.99.100:30588`. This is used as CONTOUR_IP in the rest of the documentation. + +#### kind + +When creating the cluster on Kind, pass a custom configuration to allow Kind to expose port 80/443 to your local host: + +```yaml +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: +- role: control-plane +- role: worker + extraPortMappings: + - containerPort: 80 + hostPort: 80 + listenAddress: "0.0.0.0" + - containerPort: 443 + hostPort: 443 + listenAddress: "0.0.0.0" +``` + +Then run the create cluster command passing the config file as a parameter. +This file is in the `examples/kind` directory: + +```bash +$ kind create cluster --config examples/kind/kind-expose-port.yaml +``` + +Then, your CONTOUR_IP (as used below) will just be `localhost:80`. + +_Note: We've created a public DNS record (`local.projectcontour.io`) which is configured to resolve to `127.0.0.1``. This allows you to use a real domain name in your kind cluster._ + +### Test with Ingress + +The Contour repository contains an example deployment of the Kubernetes Up and Running demo application, [kuard][5]. +To test your Contour deployment, deploy `kuard` with the following command: + +```bash +$ kubectl apply -f https://projectcontour.io/examples/kuard.yaml +``` + +Then monitor the progress of the deployment with: + +```bash +$ kubectl get po,svc,ing -l app=kuard +``` + +You should see something like: + +``` +NAME READY STATUS RESTARTS AGE +po/kuard-370091993-ps2gf 1/1 Running 0 4m +po/kuard-370091993-r63cm 1/1 Running 0 4m +po/kuard-370091993-t4dqk 1/1 Running 0 4m + +NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE +svc/kuard 10.110.67.121 80/TCP 4m + +NAME HOSTS ADDRESS PORTS AGE +ing/kuard * 10.0.0.47 80 4m +``` + +... showing that there are three Pods, one Service, and one Ingress that is bound to all virtual hosts (`*`). + +In your browser, navigate your browser to the IP or DNS address of the Contour Service to interact with the demo application. + +### Test with HTTPProxy + +To test your Contour deployment with [HTTPProxy][9], run the following command: + +```sh +$ kubectl apply -f https://projectcontour.io/examples/kuard-httpproxy.yaml +``` + +Then monitor the progress of the deployment with: + +```sh +$ kubectl get po,svc,httpproxy -l app=kuard +``` + +You should see something like: + +```sh +NAME READY STATUS RESTARTS AGE +pod/kuard-bcc7bf7df-9hj8d 1/1 Running 0 1h +pod/kuard-bcc7bf7df-bkbr5 1/1 Running 0 1h +pod/kuard-bcc7bf7df-vkbtl 1/1 Running 0 1h + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/kuard ClusterIP 10.102.239.168 80/TCP 1h + +NAME FQDN TLS SECRET FIRST ROUTE STATUS STATUS DESCRIPT +httpproxy.projectcontour.io/kuard kuard.local valid valid HTTPProxy +``` + +... showing that there are three Pods, one Service, and one HTTPProxy . + +In your terminal, use curl with the IP or DNS address of the Contour Service to send a request to the demo application: + +```sh +$ curl -H 'Host: kuard.local' ${CONTOUR_IP} +``` + +## Running without a Kubernetes LoadBalancer + +If you can't or don't want to use a Service of `type: LoadBalancer` there are other ways to run Contour. + +### NodePort Service + +If your cluster doesn't have the capability to configure a Kubernetes LoadBalancer, +or if you want to configure the load balancer outside Kubernetes, +you can change the Envoy Service in the [`02-service-envoy.yaml`][7] file and set `type` to `NodePort`. + +This will have every node in your cluster listen on the resultant port and forward traffic to Contour. +That port can be discovered by taking the second number listed in the `PORT` column when listing the service, for example `30274` in `80:30274/TCP`. + +Now you can point your browser at the specified port on any node in your cluster to communicate with Contour. + +### Host Networking + +You can run Contour without a Kubernetes Service at all. +This is done by having the Envoy pod run with host networking. +Contour's examples utilize this model in the `/examples` directory. +To configure, set: `hostNetwork: true` and `dnsPolicy: ClusterFirstWithHostNet` on your Envoy pod definition. +Next, pass `--envoy-service-http-port=80 --envoy-service-https-port=443` to the contour `serve` command which instructs Envoy to listen directly on port 80/443 on each host that it is running. +This is best paired with a DaemonSet (perhaps paired with Node affinity) to ensure that a single instance of Contour runs on each Node. +See the [AWS NLB tutorial][10] as an example. + +## Disabling Features + +You can run Contour with certain features disabled by passing `--disable-feature` flag to the Contour `serve` command. +The flag is used to disable the informer for a custom resource, effectively making the corresponding CRD optional in the cluster. +You can provide the flag multiple times. + +For example, to disable ExtensionService CRD, use the flag as follows: `--disable-feature=extensionservices`. + +See the [configuration section entry][19] for all options. + +## Upgrading Contour/Envoy + +At times, it's needed to upgrade Contour, the version of Envoy, or both. +The included `shutdown-manager` can assist with watching Envoy for open connections while draining and give signal back to Kubernetes as to when it's fine to delete Envoy pods during this process. + +See the [redeploy envoy][11] docs for more information about how to not drop active connections to Envoy. +Also see the [upgrade guides][15] on steps to roll out a new version of Contour. + +## Running Multiple Instances of Contour + +It's possible to run multiple instances of Contour within a single Kubernetes cluster. +This can be useful for separating external vs. internal ingress, for having separate ingress controllers for different ingress classes, and more. +Each Contour instance can also be configured via the `--watch-namespaces` flag to handle their own namespaces. This allows the Kubernetes RBAC objects +to be restricted further. + +The recommended way to deploy multiple Contour instances is to put each instance in its own namespace. +This avoids most naming conflicts that would otherwise occur, and provides better logical separation between the instances. +However, it is also possible to deploy multiple instances in a single namespace if needed; this approach requires more modifications to the example manifests to function properly. +Each approach is described in detail below, using the [examples/contour][17] directory's manifests for reference. + +### In Separate Namespaces (recommended) + +In general, this approach requires updating the `namespace` of all resources, as well as giving unique names to cluster-scoped resources to avoid conflicts. + +- `00-common.yaml`: + - update the name of the `Namespace` + - update the namespace of both `ServiceAccounts` +- `01-contour-config.yaml`: + - update the namespace of the `ConfigMap` + - if you have any namespaced references within the ConfigMap contents (e.g. `fallback-certificate`, `envoy-client-certificate`), ensure those point to the correct namespace as well. +- `01-crds.yaml` will be shared between the two instances; no changes are needed. +- `02-job-certgen.yaml`: + - update the namespace of all resources + - update the namespace of the `ServiceAccount` subject within the `RoleBinding` +- `02-role-contour.yaml`: + - update the name of the `ClusterRole` to be unique + - update the namespace of the `Role` +- `02-rbac.yaml`: + - update the name of the `ClusterRoleBinding` to be unique + - update the namespace of the `RoleBinding` + - update the namespaces of the `ServiceAccount` subject within both resources + - update the name of the ClusterRole within the ClusterRoleBinding's roleRef to match the unique name used in `02-role-contour.yaml` +- `02-service-contour.yaml`: + - update the namespace of the `Service` +- `02-service-envoy.yaml`: + - update the namespace of the `Service` +- `03-contour.yaml`: + - update the namespace of the `Deployment` + - add an argument to the container, `--ingress-class-name=`, so this instance only processes Ingresses/HTTPProxies with the given ingress class. +- `03-envoy.yaml`: + - update the namespace of the `DaemonSet` + - remove the two `hostPort` definitions from the container (otherwise, these would conflict between the two instances) + + +### In The Same Namespace + +This approach requires giving unique names to all resources to avoid conflicts, and updating all resource references to use the correct names. + +- `00-common.yaml`: + - update the names of both `ServiceAccounts` to be unique +- `01-contour-config.yaml`: + - update the name of the `ConfigMap` to be unique +- `01-crds.yaml` will be shared between the two instances; no changes are needed. +- `02-job-certgen.yaml`: + - update the names of all resources to be unique + - update the name of the `Role` within the `RoleBinding`'s roleRef to match the unique name used for the `Role` + - update the name of the `ServiceAccount` within the `RoleBinding`'s subjects to match the unique name used for the `ServiceAccount` + - update the serviceAccountName of the `Job` + - add an argument to the container, `--secrets-name-suffix=`, so the generated TLS secrets have unique names + - update the spec.template.metadata.labels on the `Job` to be unique +- `02-role-contour.yaml`: + - update the names of the `ClusterRole` and `Role` to be unique +- `02-rbac.yaml`: + - update the names of the `ClusterRoleBinding` and `RoleBinding` to be unique + - update the roleRefs within both resources to reference the unique `Role` and `ClusterRole` names used in `02-role-contour.yaml` + - update the subjects within both resources to reference the unique `ServiceAccount` name used in `00-common.yaml` +- `02-service-contour.yaml`: + - update the name of the `Service` to be unique + - update the selector to be unique (this must match the labels used in `03-contour.yaml`, below) +- `02-service-envoy.yaml`: + - update the name of the `Service` to be unique + - update the selector to be unique (this must match the labels used in `03-envoy.yaml`, below) +- `03-contour.yaml`: + - update the name of the `Deployment` to be unique + - update the metadata.labels, the spec.selector.matchLabels, the spec.template.metadata.labels, and the spec.template.spec.affinity.podAntiAffinity labels to match the labels used in `02-service-contour.yaml` + - update the serviceAccountName to match the unique name used in `00-common.yaml` + - update the `contourcert` volume to reference the unique `Secret` name generated from `02-certgen.yaml` (e.g. `contourcert`) + - update the `contour-config` volume to reference the unique `ConfigMap` name used in `01-contour-config.yaml` + - add an argument to the container, `--leader-election-resource-name=`, so this Contour instance uses a separate leader election `Lease` + - add an argument to the container, `--envoy-service-name=`, referencing the unique name used in `02-service-envoy.yaml` + - add an argument to the container, `--ingress-class-name=`, so this instance only processes Ingresses/HTTPProxies with the given ingress class. +- `03-envoy.yaml`: + - update the name of the `DaemonSet` to be unique + - update the metadata.labels, the spec.selector.matchLabels, and the spec.template.metadata.labels to match the unique labels used in `02-service-envoy.yaml` + - update the `--xds-address` argument to the initContainer to use the unique name of the contour Service from `02-service-contour.yaml` + - update the serviceAccountName to match the unique name used in `00-common.yaml` + - update the `envoycert` volume to reference the unique `Secret` name generated from `02-certgen.yaml` (e.g. `envoycert`) + - remove the two `hostPort` definitions from the container (otherwise, these would conflict between the two instances) + +### Using the Gateway provisioner + +The Contour Gateway provisioner also supports deploying multiple instances of Contour, either in the same namespace or different namespaces. +See [Getting Started with the Gateway provisioner][16] for more information on getting started with the Gateway provisioner. +To deploy multiple Contour instances, you create multiple `Gateways`, either in the same namespace or in different namespaces. + +Note that although the provisioning request itself is made via a Gateway API resource (`Gateway`), this method of installation still allows you to use *any* of the supported APIs for defining virtual hosts and routes: `Ingress`, `HTTPProxy`, or Gateway API's `HTTPRoute` and `TLSRoute`. + +If you are using `Ingress` or `HTTPProxy`, you will likely want to assign each Contour instance a different ingress class, so they each handle different subsets of `Ingress`/`HTTPProxy` resources. +To do this, [create two separate GatewayClasses][18], each with a different `ContourDeployment` parametersRef. +The `ContourDeployment` specs should look like: + +```yaml +kind: ContourDeployment +apiVersion: projectcontour.io/v1alpha1 +metadata: + namespace: projectcontour + name: ingress-class-1 +spec: + runtimeSettings: + ingress: + classNames: + - ingress-class-1 +--- +kind: ContourDeployment +apiVersion: projectcontour.io/v1alpha1 +metadata: + namespace: projectcontour + name: ingress-class-2 +spec: + runtimeSettings: + ingress: + classNames: + - ingress-class-2 +``` + +Then create each `Gateway` with the appropriate `spec.gatewayClassName`. + +## Running Contour in tandem with another ingress controller + +If you're running multiple ingress controllers, or running on a cloudprovider that natively handles ingress, +you can specify the annotation `kubernetes.io/ingress.class: "contour"` on all ingresses that you would like Contour to claim. +You can customize the class name with the `--ingress-class-name` flag at runtime. (A comma-separated list of class names is allowed.) +If the `kubernetes.io/ingress.class` annotation is present with a value other than `"contour"`, Contour will ignore that ingress. + +## Uninstall Contour + +To remove Contour or the Contour Gateway Provisioner from your cluster, delete the namespace: + +```bash +$ kubectl delete ns projectcontour +``` +**Note**: Your namespace may differ from above. + +[1]: #running-without-a-kubernetes-loadbalancer +[2]: {{< param github_url>}}/tree/{{< param branch >}}/examples/render/contour.yaml +[3]: #host-networking +[4]: guides/proxy-proto.md +[5]: https://github.com/kubernetes-up-and-running/kuard +[7]: {{< param github_url>}}/tree/{{< param branch >}}/examples/contour/02-service-envoy.yaml +[8]: /getting-started +[9]: config/fundamentals.md +[10]: guides/deploy-aws-nlb.md +[11]: redeploy-envoy.md +[12]: {{< param github_url>}}/tree/{{< param branch >}}/examples/render/contour-gateway-provisioner.yaml +[13]: https://projectcontour.io/resources/deprecation-policy/ +[14]: {{< param github_url>}}/tree/{{< param branch >}}/examples/render/contour-deployment.yaml +[15]: /resources/upgrading/ +[16]: https://projectcontour.io/getting-started/#option-3-contour-gateway-provisioner-alpha +[17]: {{< param github_url>}}/tree/{{< param branch >}}/examples/contour +[18]: guides/gateway-api/#next-steps +[19]: configuration.md \ No newline at end of file diff --git a/site/content/docs/1.28/github.md b/site/content/docs/1.28/github.md new file mode 100644 index 00000000000..8a0f36b4f4d --- /dev/null +++ b/site/content/docs/1.28/github.md @@ -0,0 +1,80 @@ +This document outlines how we use GitHub. + +## Milestones + +Contour attempts to ship on a quarterly basis. +These releases are tracked with a milestone. +The _current_ release is the milestone with the closest delivery date. + +Issues which are not assigned to the current milestone _should not be worked on_. + +## Priorities + +This project has three levels of priority: + +- p0 - Must fix immediately. +This is reserved for bugs and security issues. A milestone cannot ship with open p0 issues. +- p1 - Should be done. +p1 issues assigned to a milestone _should_ be completed during that milestone. +- p2 - May be done. +p2 issues assigned to a milestone _may_ be completed during that milestone if time permits. + +Issues without a priority are _unprioritised_. Priority will be assigned by a PM or release manager during issue triage. + +## Questions + +We encourage support questions via issues. +Questions will be tagged `question` and are not assigned a milestone or a priority. + +## Waiting for information + +Any issue which lacks sufficient information for triage will be tagged `waiting-for-info`. +Issues with this tag may be closed after a reasonable length of time if further information is not forthcoming. + +## Issue tagging + +Issues without tags have not be triaged. + +During issue triage, usually by a project member, release manager, or pm, one or more tags will be assigned. + +- `Needs-Product` indicates the issue needs attention by a product owner or PM. +- `Needs-design-doc` indicates the issue requires a design document to be circulated. + +These are blocking states, these labels must be resolved, either by PM or agreeing on a design. + +## Assigning an issue + +Issues within a milestone _should_ be assigned to an owner when work commences on them. +Assigning an issue indicates that you are working on it. + +Before you start to work on an issue you should assign yourself. +From that point onward you are responsible for the issue and you are expected to report timely status on the issue to anyone that asks. + +If you cease work on an issue, even if incomplete, you should leave a comment to that effect on the issue and remove yourself as the assignee. +From that point onward you are no longer responsible for the issue, however you may be approached as a subject matter expert--as the last person to touch the issue--by future assignees. + +For infrequent contributors who are not members of the Contour project, assign yourself by leaving a comment to that effect on the issue. + +*Do not hoard issues, you won't enjoy it* + +## Requesting a review + +PRs which are related to issues in the current milestone should be assigned to the current milestone. +This is an indicator to reviewers that the PR is ready for review and should be reviewed in the current milestone. +Occasionally PRs may be assigned to the next milestone indicating they are for review at the start of the next development cycle. + +All PRs should reference the issue they relate to either by one of the following; + +- `Fixes #NNNN` indicating that merging this issue will fix issue #NNNN +- `Updates #NNNN` indicating that merging this issue will progress issue #NNNN to some degree. + +If there is no `Updates` or `Fixes` line in the PR the review will, with the exception of trivial or self evident fixes, be deferred. + +[Further reading][1] + +## Help wanted and good first issues + +The `help wanted` and `good first issue` tags _may_ be assigned to issues _in the current milestone_. +To limit the amount of work in progress, `help wanted` and `good first issue` should not be used for issues outside the current milestone. + +[1]: https://dave.cheney.net/2019/02/18/talk-then-code \ No newline at end of file diff --git a/site/content/docs/1.28/grpc-tls-howto.md b/site/content/docs/1.28/grpc-tls-howto.md new file mode 100644 index 00000000000..51770de950d --- /dev/null +++ b/site/content/docs/1.28/grpc-tls-howto.md @@ -0,0 +1,169 @@ +# Enabling TLS between Envoy and Contour + +This document describes the steps required to secure communication between Envoy and Contour. +The outcome of this is that we will have two Secrets available in the `projectcontour` namespace: + +- **contourcert:** contains Contour's keypair which is used for serving TLS secured gRPC, and the CA's public certificate bundle which is used for validating Envoy's client certificate. +Contour's certificate must be a valid certificate for the name `contour` in order for this to work. +This is currently hardcoded by Contour. +- **envoycert:** contains Envoy's keypair which used as a client for connecting to Contour, and the CA's public certificate bundle which is used for validating Contour's server certificate. + +Note that both Secrets contain a copy of the CA certificate bundle under the `ca.crt` data key. + +## Ways you can get the certificates into your cluster + +- Deploy the Job from [certgen.yaml][1]. +This will run `contour certgen --kube --secrets-format=compact` for you. +- Run `contour certgen --kube` locally. +- Run the manual procedure below. + +## Caveats and warnings + +**Be very careful with your production certificates!** + +This is intended as an example to help you get started. +For any real deployment, you should **carefully** manage all the certificates and control who has access to them. +Make sure you don't commit them to any git repositories either. + +## Manual TLS certificate generation process + +### Generating a CA keypair + +First, we need to generate a keypair: + +``` +$ openssl req -x509 -new -nodes \ + -keyout certs/cakey.pem -sha256 \ + -days 1825 -out certs/cacert.pem \ + -subj "/O=Project Contour/CN=Contour CA" +``` + +Then, the new CA key will be stored in `certs/cakey.pem` and the cert in `certs/cacert.pem`. + +### Generating Contour's keypair + +Next, we need to generate a keypair for Contour. +First, we make a new private key: + +``` +$ openssl genrsa -out certs/contourkey.pem 2048 +``` + +Then, we create a CSR and have our CA sign the CSR and issue a certificate. +This uses the file [certs/cert-contour.ext][2], which ensures that at least one of the valid names of the certificate is the bareword `contour`. +This is required for the handshake to succeed, as `contour bootstrap` configures Envoy to pass this as the SNI server name for the connection. + +``` +$ openssl req -new -key certs/contourkey.pem \ + -out certs/contour.csr \ + -subj "/O=Project Contour/CN=contour" + +$ openssl x509 -req -in certs/contour.csr \ + -CA certs/cacert.pem \ + -CAkey certs/cakey.pem \ + -CAcreateserial \ + -out certs/contourcert.pem \ + -days 1825 -sha256 \ + -extfile certs/cert-contour.ext +``` + +At this point, the contour certificate and key are in the files `certs/contourcert.pem` and `certs/contourkey.pem` respectively. + +### Generating Envoy's keypair + +Next, we generate a keypair for Envoy: + +``` +$ openssl genrsa -out certs/envoykey.pem 2048 +``` + +Then, we generate a CSR and have the CA sign it: + +``` +$ openssl req -new -key certs/envoykey.pem \ + -out certs/envoy.csr \ + -subj "/O=Project Contour/CN=envoy" + +$ openssl x509 -req -in certs/envoy.csr \ + -CA certs/cacert.pem \ + -CAkey certs/cakey.pem \ + -CAcreateserial \ + -out certs/envoycert.pem \ + -days 1825 -sha256 \ + -extfile certs/cert-envoy.ext +``` + +Like the Contour certificate, this CSR uses the file [certs/cert-envoy.ext][3]. +However, in this case, there are no special names required. + +### Putting the certificates in the cluster + +Next, we create the required Secrets in the target Kubernetes cluster: + +```bash +$ kubectl create secret -n projectcontour generic contourcert \ + --from-file=tls.key=./certs/contourkey.pem \ + --from-file=tls.crt=./certs/contourcert.pem \ + --from-file=ca.crt=./certs/cacert.pem \ + --save-config + +$ kubectl create secret -n projectcontour generic envoycert \ + --from-file=tls.key=./certs/envoykey.pem \ + --from-file=tls.crt=./certs/envoycert.pem \ + --from-file=ca.crt=./certs/cacert.pem \ + --save-config +``` + +Note that we don't put the CA **key** into the cluster, there's no reason for that to be there, and that would create a security problem. + +## Rotating Certificates + +Eventually the certificates that Contour and Envoy use will need to be rotated. +The following steps can be taken to replace the certificates that Contour and Envoy are using: + +1. Generate a new keypair for both Contour and Envoy (optionally also for the CA) +2. Update the Secrets that hold the gRPC TLS keypairs +3. Contour and Envoy will automatically rotate their certificates after mounted secrets have been updated by the kubelet + +The secrets can be updated in-place by running: + +```bash +$ kubectl create secret -n projectcontour generic contourcert \ + --from-file=tls.key=./certs/contourkey.pem \ + --from-file=tls.crt=./certs/contourcert.pem \ + --from-file=ca.crt=./certs/cacert.pem \ + --dry-run -o json \ + | kubectl apply -f - + +$ kubectl create secret -n projectcontour generic envoycert \ + --from-file=tls.key=./certs/envoykey.pem \ + --from-file=tls.crt=./certs/envoycert.pem \ + --from-file=ca.crt=./certs/cacert.pem \ + --dry-run -o json \ + | kubectl apply -f - +``` + +There are few preconditions that need to be met before Envoy can automatically reload certificate and key files: + +- Envoy must be version v1.14.1 or later +- The bootstrap configuration must be generated with `contour bootstrap` using the `--resources-dir` argument, see [examples/contour/03-envoy.yaml][4] + +### Rotate using the contour-certgen job + +When using the built-in Contour certificate generation, the following steps can be used: + +1. Delete the contour-certgen job + - `kubectl delete job contour-certgen -n projectcontour` +2. Reapply the contour-certgen job from [certgen.yaml][1] + +## Conclusion + +Once this process is done, the certificates will be present as Secrets in the `projectcontour` namespace, as required by +[examples/contour][5]. + +[1]: {{< param github_url >}}/tree/{{< param branch >}}/examples/contour/02-job-certgen.yaml +[2]: {{< param github_url >}}/tree/{{< param branch >}}/certs/cert-contour.ext +[3]: {{< param github_url >}}/tree/{{< param branch >}}/certs/cert-envoy.ext +[4]: {{< param github_url >}}/tree/{{< param branch >}}/examples/contour/03-envoy.yaml +[5]: {{< param github_url >}}/tree/{{< param branch >}}/examples/contour + diff --git a/site/content/docs/1.28/guides/_index.md b/site/content/docs/1.28/guides/_index.md new file mode 100644 index 00000000000..8981b8fbd79 --- /dev/null +++ b/site/content/docs/1.28/guides/_index.md @@ -0,0 +1,9 @@ +--- +title: Guides +description: Contour Resources +id: guides +--- +## Getting things done with Contour + +This page contains links to articles on configuring specific Contour features. + diff --git a/site/content/docs/1.28/guides/cert-manager.md b/site/content/docs/1.28/guides/cert-manager.md new file mode 100644 index 00000000000..0f926946eda --- /dev/null +++ b/site/content/docs/1.28/guides/cert-manager.md @@ -0,0 +1,670 @@ +--- +title: Deploying HTTPS services with Contour and cert-manager +--- + +This tutorial shows you how to securely deploy an HTTPS web application on a Kubernetes cluster, using: + +- Kubernetes +- Contour, as the Ingress controller +- [JetStack's cert-manager][1] to provision TLS certificates from [the Let's Encrypt project][6] + +## Prerequisites + +- A Kubernetes cluster deployed in either a data center or a cloud provider with a Kubernetes as a service offering. This tutorial was last tested on a GKE cluster running Kubernetes 1.22 +- RBAC enabled on your cluster +- Your cluster must be able to request a public IP address from your cloud provider, using a load balancer. If you're on AWS or GKE this is automatic if you deploy a Kubernetes service object of type: LoadBalancer. If you're on your own datacenter you must set it up yourself +- A DNS domain that you control, where you host your web application +- Administrator permissions for all deployment steps + +**NOTE:** To use a local cluster like `minikube` or `kind`, see the instructions in [the deployment guide][7]. + +## Summary + +This tutorial walks you through deploying: + +1. [Contour][0] +2. [Jetstack cert-manager][1] +3. A sample web application using HTTPProxy + +**NOTE:** If you encounter failures related to permissions, make sure the user you are operating as has administrator permissions. + +After you've been through the steps the first time, you don't need to repeat deploying Contour and cert-manager for subsequent application deployments. Instead, you can skip to step 3. + +## 1. Deploy Contour + +Run: + +```bash +$ kubectl apply -f {{< param base_url >}}/quickstart/contour.yaml +``` + +to set up Contour as a deployment in its own namespace, `projectcontour`, and tell the cloud provider to provision an external IP that is forwarded to the Contour pods. + +Check the progress of the deployment with this command: + +```bash +$ kubectl -n projectcontour get po +NAME READY STATUS RESTARTS AGE +contour-5475898957-jh9fm 1/1 Running 0 39s +contour-5475898957-qlbs2 1/1 Running 0 39s +contour-certgen-v1.19.0-5xthf 0/1 Completed 0 39s +envoy-hqbkm 2/2 Running 0 39s +``` + +After all the `contour` & `envoy` pods reach `Running` status and fully `Ready`, move on to the next step. + +### Access your cluster + +Retrieve the external address of the load balancer assigned to Contour's Envoys by your cloud provider: + +```bash +$ kubectl get -n projectcontour service envoy -o wide +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR +envoy LoadBalancer 10.51.245.99 35.189.26.87 80:30111/TCP,443:30933/TCP 38d app=envoy +``` + +The value of `EXTERNAL-IP` varies by cloud provider. In this example GKE gives a bare IP address; AWS gives you a long DNS name. + +To make it easier to work with the external load balancer, the tutorial adds a DNS record to a domain we control that points to this load balancer's IP address: + +```bash +$ host gke.davecheney.com +gke.davecheney.com has address 35.189.26.87 +``` + +On AWS, you specify a `CNAME`, not an `A` record, and it would look something like this: + +```bash +$ host aws.davecheney.com +aws.davecheney.com is an alias for a4d1766f6ce1611e7b27f023b7e83d33–1465548734.ap-southeast-2.elb.amazonaws.com. +a4d1766f6ce1611e7b27f023b7e83d33–1465548734.ap-southeast-2.elb.amazonaws.com has address 52.63.20.117 +a4d1766f6ce1611e7b27f023b7e83d33–1465548734.ap-southeast-2.elb.amazonaws.com has address 52.64.233.204 +``` + +In your own data center, you need to arrange for traffic from a public IP address to be forwarded to the cluster IP of the Contour service. This is beyond the scope of the tutorial. + +### Testing connectivity + +You must deploy at least one Ingress object before Contour can configure Envoy to serve traffic. +Note that as a security feature, Contour does not configure Envoy to expose a port to the internet unless there's a reason it should. +For this tutorial we deploy a version of Kenneth Reitz's [httpbin.org service][3]. + +To deploy httpbin to your cluster, run this command: + +```bash +$ kubectl apply -f {{< param base_url >}}/examples/httpbin.yaml +``` + +Check that the pods are running: + +```bash +$ kubectl get po -l app=httpbin +NAME READY STATUS RESTARTS AGE +httpbin-85777b684b-8sqw5 1/1 Running 0 24s +httpbin-85777b684b-pb26w 1/1 Running 0 24s +httpbin-85777b684b-vpgwl 1/1 Running 0 24s +``` + +Then type the DNS name you set up in the previous step into a web browser, for example `http://gke.davecheney.com/`. You should see something like: + +![httpbin screenshot][8] + +You can delete the httpbin service now, or at any time, by running: + +```bash +$ kubectl delete -f {{< param base_url >}}/examples/httpbin.yaml +``` + +## 2. Deploy jetstack/cert-manager + +**NOTE:** cert-manager is a powerful product that provides more functionality than this tutorial demonstrates. +There are plenty of [other ways to deploy cert-manager][4], but they are out of scope. + +### Fetch the source manager deployment manifest + +To keep things simple, we skip cert-manager's Helm installation, and use the [supplied YAML manifests][5]. + +```bash +$ kubectl apply -f https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.yaml +``` + +When cert-manager is up and running you should see something like: + +```bash +$ kubectl -n cert-manager get all +NAME READY STATUS RESTARTS AGE +pod/cert-manager-cainjector-74bb68d67c-8lb2f 1/1 Running 0 40s +pod/cert-manager-f7f8bf74d-65ld9 1/1 Running 0 40s +pod/cert-manager-webhook-645b8bdb7-2h5t6 1/1 Running 0 40s + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/cert-manager ClusterIP 10.48.13.252 9402/TCP 40s +service/cert-manager-webhook ClusterIP 10.48.7.220 443/TCP 40s + +NAME READY UP-TO-DATE AVAILABLE AGE +deployment.apps/cert-manager 1/1 1 1 40s +deployment.apps/cert-manager-cainjector 1/1 1 1 40s +deployment.apps/cert-manager-webhook 1/1 1 1 40s + +NAME DESIRED CURRENT READY AGE +replicaset.apps/cert-manager-cainjector-74bb68d67c 1 1 1 40s +replicaset.apps/cert-manager-f7f8bf74d 1 1 1 40s +replicaset.apps/cert-manager-webhook-645b8bdb7 1 1 1 40s +``` + +### Deploy the Let's Encrypt cluster issuer + +cert-manager supports two different CRDs for configuration, an `Issuer`, which is scoped to a single namespace, +and a `ClusterIssuer`, which is cluster-wide. + +For Contour to be able to serve HTTPS traffic for an Ingress in any namespace, use `ClusterIssuer`. +Create a file called `letsencrypt-staging.yaml` with the following contents: + +```yaml +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-staging + namespace: cert-manager +spec: + acme: + email: user@example.com + privateKeySecretRef: + name: letsencrypt-staging + server: https://acme-staging-v02.api.letsencrypt.org/directory + solvers: + - http01: + ingress: + class: contour +``` + +replacing `user@example.com` with your email address. +This is the email address that Let's Encrypt uses to communicate with you about certificates you request. + +The staging Let's Encrypt server is not bound by [the API rate limits of the production server][2]. +This approach lets you set up and test your environment without worrying about rate limits. +You can then repeat this step for a production Let's Encrypt certificate issuer. + +After you edit and save the file, deploy it: + +```bash +$ kubectl apply -f letsencrypt-staging.yaml +clusterissuer.cert-manager.io/letsencrypt-staging created +``` + +Wait for the `ClusterIssuer` to be ready: + +```bash +$ kubectl get clusterissuer letsencrypt-staging +NAME READY AGE +letsencrypt-staging True 54s +``` + +## 3. Deploy your first HTTPS site using Ingress + +For this tutorial we deploy a version of Kenneth Reitz's [httpbin.org service][3]. +We start with the deployment. +Copy the following to a file called `deployment.yaml`: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: httpbin + name: httpbin +spec: + replicas: 1 + selector: + matchLabels: + app: httpbin + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + app: httpbin + spec: + containers: + - image: docker.io/kennethreitz/httpbin + name: httpbin + ports: + - containerPort: 8080 + name: http + command: ["gunicorn"] + args: ["-b", "0.0.0.0:8080", "httpbin:app"] + dnsPolicy: ClusterFirst +``` + +Deploy to your cluster: + +```bash +$ kubectl apply -f deployment.yaml +deployment.apps/httpbin created +$ kubectl get pod -l app=httpbin +NAME READY STATUS RESTARTS AGE +httpbin-67fd96d97c-8j2rr 1/1 Running 0 56m +``` + +Expose the deployment to the world with a Service. Create a file called `service.yaml` with +the following contents: + +```yaml +apiVersion: v1 +kind: Service +metadata: + name: httpbin +spec: + ports: + - port: 8080 + protocol: TCP + targetPort: 8080 + selector: + app: httpbin +``` + +and deploy: + +```bash +$ kubectl apply -f service.yaml +service/httpbin created +$ kubectl get service httpbin +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +httpbin ClusterIP 10.48.6.155 8080/TCP 57m +``` + +Expose the Service to the world with Contour and an Ingress object. Create a file called `ingress.yaml` with +the following contents: + +```yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: httpbin +spec: + rules: + - host: httpbin.davecheney.com + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: httpbin + port: + number: 8080 +``` + +The host name, `httpbin.davecheney.com` is a `CNAME` to the `gke.davecheney.com` record that was created in the first section, and must be created in the same place as the `gke.davecheney.com` record was. +That is, in your cloud provider. +This lets requests to `httpbin.davecheney.com` resolve to the external IP address of the Contour service. +They are then forwarded to the Contour pods running in the cluster: + +```bash +$ host httpbin.davecheney.com +httpbin.davecheney.com is an alias for gke.davecheney.com. +gke.davecheney.com has address 35.189.26.87 +``` + +Change the value of `spec.rules.host` to something that you control, and deploy the Ingress to your cluster: + +```bash +$ kubectl apply -f ingress.yaml +ingress.networking.k8s.io/httpbin created +$ kubectl get ingress httpbin +NAME CLASS HOSTS ADDRESS PORTS AGE +httpbin httpbin.davecheney.com 80 12s +``` + +Now you can type the host name of the service into a browser, or use curl, to verify it's deployed and everything is working: + +```bash +$ curl http://httpbin.davecheney.com/get +{ + "args": {}, + "headers": { + "Accept": "*/*", + "Content-Length": "0", + "Host": "htpbin.davecheney.com", + "User-Agent": "curl/7.58.0", + "X-Envoy-Expected-Rq-Timeout-Ms": "15000", + "X-Envoy-Internal": "true" + }, + "origin": "10.152.0.2", + "url": "http://httpbin.davecheney.com/get" +} +``` + +Excellent, it looks like everything is up and running serving traffic over HTTP. + +### Request a TLS certificate from Let's Encrypt + +Now it's time to use cert-manager to request a TLS certificate from Let's Encrypt. +Do this by adding some annotations and a `tls:` section to the Ingress spec. + +We need to add the following annotations: + +- `cert-manager.io/cluster-issuer: letsencrypt-staging`: tells cert-manager to use the `letsencrypt-staging` cluster issuer you just created. +- `kubernetes.io/tls-acme: "true"`: Tells cert-manager to do ACME TLS (what Let's Encrypt uses). +- `ingress.kubernetes.io/force-ssl-redirect: "true"`: tells Contour to redirect HTTP requests to the HTTPS site. +- `kubernetes.io/ingress.class: contour`: Tells Contour that it should handle this Ingress object. + +Using `kubectl edit ingress httpbin`: + +```yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: httpbin + annotations: + cert-manager.io/cluster-issuer: letsencrypt-staging + ingress.kubernetes.io/force-ssl-redirect: "true" + kubernetes.io/ingress.class: contour + kubernetes.io/tls-acme: "true" +spec: + tls: + - secretName: httpbin + hosts: + - httpbin.davecheney.com + rules: + - host: httpbin.davecheney.com + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: httpbin + port: + number: 8080 +``` + +The certificate is issued in the name of the hosts listed in the `tls:` section, `httpbin.davecheney.com` and stored in the secret `httpbin`. +Behind the scenes, cert-manager creates a certificate CRD to manage the lifecycle of the certificate, and then a series of other CRDs to handle the challenge process. + +You can watch the progress of the certificate as it's issued: + +```bash +$ kubectl describe certificate httpbin | tail -n 12 +Status: + Conditions: + Last Transition Time: 2019-11-07T00:37:55Z + Message: Waiting for CertificateRequest "httpbinproxy-1925286939" to complete + Reason: InProgress + Status: False + Type: Ready +Events: + Type Reason Age From Message + ---- ------ ---- ---- ------- + Normal GeneratedKey 26s cert-manager Generated a new private key + Normal Requested 26s cert-manager Created new CertificateRequest resource "httpbinproxy-1925286939" +``` + +Wait for the certificate to be issued: + +```bash +$ kubectl describe certificate httpbin | grep -C3 "Certificate is up to date" +Status: + Conditions: + Last Transition Time: 2019-11-06T23:47:50Z + Message: Certificate is up to date and has not expired + Reason: Ready + Status: True + Type: Ready +``` + +A `kubernetes.io/tls` secret is created with the `secretName` specified in the `tls:` field of the Ingress. + +```bash +$ kubectl get secret httpbin +NAME TYPE DATA AGE +httpbin kubernetes.io/tls 2 3m +``` + +cert-manager manages the contents of the secret as long as the Ingress is present in your cluster. + +You can now visit your site, replacing `http://` with `https://` — and you get a huge security warning! +This is because the certificate was issued by the Let's Encrypt staging servers and has a fake CA. +This is so you can't accidentally use the staging servers to serve real certificates. + +```bash +$ curl https://httpbin.davecheney.com/get +curl: (60) SSL certificate problem: unable to get local issuer certificate +More details here: https://curl.haxx.se/docs/sslcerts.html + +curl failed to verify the legitimacy of the server and therefore could not +establish a secure connection to it. To learn more about this situation and +how to fix it, please visit the web page mentioned above. +``` + +### Switch to Let's Encrypt Production + +To request a properly signed certificate from the Let's Encrypt production servers, we create a new `ClusterIssuer`, as before but with some modifications. + +Create a file called `letsencrypt-prod.yaml` with the following contents: + +```yaml +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: letsencrypt-prod + namespace: cert-manager +spec: + acme: + email: user@example.com + privateKeySecretRef: + name: letsencrypt-prod + server: https://acme-v02.api.letsencrypt.org/directory + solvers: + - http01: + ingress: + class: contour +``` + +again replacing `user@example.com` with your email address. + +Deploy: + +```bash +$ kubectl apply -f letsencrypt-prod.yaml +clusterissuer.cert-manager.io/letsencrypt-prod created +``` + +Now we use `kubectl edit ingress httpbin` to edit our Ingress to ask for a real certificate from `letsencrypt-prod`: + +```yaml +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: httpbin + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod +spec: + ... +``` + +The certificate resource will transition to `Ready: False` while it's re-provisioned from the Let's Encrypt production servers, and then back to `Ready: True` once it's been provisioned: + +```bash +$ kubectl describe certificate httpbin +... +Events: + Type Reason Age From Message + ---- ------ ---- ---- ------- + ... + Normal Issuing 21s cert-manager Issuing certificate as Secret was previously issued by ClusterIssuer.cert-manager.io/letsencrypt-staging + Normal Reused 21s cert-manager Reusing private key stored in existing Secret resource "httpbin" + Normal Requested 21s cert-manager Created new CertificateRequest resource "httpbin-sjqbt" + Normal Issuing 18s (x2 over 48s) cert-manager The certificate has been successfully issued +``` + +Followed by: + +```bash +$ kubectl get certificate httpbin -o wide +NAME READY SECRET ISSUER STATUS AGE +httpbin True httpbin letsencrypt-prod Certificate is up to date and has not expired 3m35s +``` + +Now revisiting our `https://httpbin.davecheney.com` site should show a valid, trusted, HTTPS certificate. + +```bash +$ curl https://httpbin.davecheney.com/get +{ + "args": {}, + "headers": { + "Accept": "*/*", + "Content-Length": "0", + "Host": "httpbin.davecheney.com", + "User-Agent": "curl/7.58.0", + "X-Envoy-Expected-Rq-Timeout-Ms": "15000", + "X-Envoy-Internal": "true" + }, + "origin": "10.152.0.2", + "url": "https://httpbin.davecheney.com/get" +} +``` + +![httpbin.davecheney.com screenshot][9] + +## Making cert-manager work with HTTPProxy + +cert-manager currently does not have a way to interact directly with HTTPProxy objects in order to respond to the HTTP01 challenge (See [#950][10] and [#951][11] for details). +cert-manager, however, can be configured to request certificates automatically using a `Certificate` object. + +When cert-manager finds a `Certificate` object, it will implement the HTTP01 challenge by creating a new, temporary Ingress object that will direct requests from Let's Encrypt to temporary pods called 'solver pods'. +These pods know how to respond to Let's Encrypt's challenge process for verifying you control the domain you're issuing certificates for. +The Ingress resource as well as the solver pods are short lived and will only be available during the certificate request or renewal process. + +The result of the work steps described previously is a TLS secret, which can be referenced by a HTTPProxy. + +## Details + +To do this, we first need to create our HTTPProxy and Certificate objects. + +This example uses the hostname `httpbinproxy.davecheney.com`, remember to create that name before starting. + +Firstly, the HTTPProxy: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: httpbinproxy +spec: + virtualhost: + fqdn: httpbinproxy.davecheney.com + tls: + secretName: httpbinproxy + routes: + - services: + - name: httpbin + port: 8080 +``` + +This object will be marked as Invalid by Contour, since the TLS secret doesn't exist yet. +Once that's done, create the Certificate object: + +```yaml +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: httpbinproxy +spec: + commonName: httpbinproxy.davecheney.com + dnsNames: + - httpbinproxy.davecheney.com + issuerRef: + name: letsencrypt-prod + kind: ClusterIssuer + secretName: httpbinproxy +``` + +Wait for the Certificate to be provisioned: + +```bash +$ kubectl get certificate httpbinproxy -o wide +NAME READY SECRET ISSUER STATUS AGE +httpbinproxy True httpbinproxy letsencrypt-prod Certificate is up to date and has not expired 39s +``` + +Once cert-manager has fulfilled the HTTP01 challenge, you will have a `httpbinproxy` secret, that will contain the keypair. +Contour will detect that the Secret exists and generate the HTTPProxy config. + +After that, you should be able to curl the new site: + +```bash +$ curl https://httpbinproxy.davecheney.com/get +{ + "args": {}, + "headers": { + "Accept": "*/*", + "Content-Length": "0", + "Host": "httpbinproxy.davecheney.com", + "User-Agent": "curl/7.54.0", + "X-Envoy-Expected-Rq-Timeout-Ms": "15000", + "X-Envoy-External-Address": "122.106.57.183" + }, + "origin": "122.106.57.183", + "url": "https://httpbinproxy.davecheney.com/get" +} +``` + +## Wrapping up + +Now that you've deployed your first HTTPS site using Contour and Let's Encrypt, deploying additional TLS enabled services is much simpler. +Remember that for each HTTPS website you deploy, cert-manager will create a Certificate CRD that provides the domain name and the name of the target Secret. +The TLS functionality will be enabled when the HTTPProxy contains the `tls:` stanza, and the referenced secret contains a valid keypair. + +See the [cert-manager docs][12] for more information. + +## Bonus points + +For bonus points, you can use a feature of Contour to automatically upgrade any HTTP request to the corresponding HTTPS site so you are no longer serving any traffic over insecure HTTP. + +To enable the automatic redirect from HTTP to HTTPS, add this annotation to your Ingress object. + +``` +metadata: + annotations: + ingress.kubernetes.io/force-ssl-redirect: "true" +``` +Now any requests to the insecure HTTP version of your site get an unconditional 301 redirect to the HTTPS version: + +``` +$ curl -v http://httpbin.davecheney.com/get +* Trying 35.189.26.87… +* TCP_NODELAY set +* Connected to httpbin.davecheney.com (35.189.26.87) port 80 (#0) +> GET /get HTTP/1.1 +> Host: httpbin.davecheney.com +> User-Agent: curl/7.58.0 +> Accept: */* +> +< HTTP/1.1 301 Moved Permanently +< location: https://httpbin.davecheney.com/get +< date: Tue, 20 Feb 2018 04:11:46 GMT +< server: envoy +< content-length: 0 +< +* Connection #0 to host httpbin.davecheney.com left intact +``` + +__Note:__ For HTTPProxy resources this happens automatically without the need for an annotation. + +[0]: {{< param github_url >}} +[1]: https://github.com/jetstack/cert-manager +[2]: https://letsencrypt.org/docs/rate-limits/ +[3]: http://httpbin.org/ +[4]: https://docs.cert-manager.io/en/latest/getting-started/install/kubernetes.html +[5]: https://github.com/jetstack/cert-manager/releases/download/v1.5.4/cert-manager.yaml +[6]: https://letsencrypt.org/getting-started/ +[7]: ../deploy-options/#get-your-hostname-or-ip-address +[8]: /img/cert-manager/httpbinhomepage.png +[9]: /img/cert-manager/httpbin.png +[10]: {{< param github_url >}}/issues/950 +[11]: {{< param github_url >}}/issues/951 +[12]: https://cert-manager.io/docs/usage/ingress/ diff --git a/site/content/docs/1.28/guides/deploy-aws-nlb.md b/site/content/docs/1.28/guides/deploy-aws-nlb.md new file mode 100644 index 00000000000..af3f8df1019 --- /dev/null +++ b/site/content/docs/1.28/guides/deploy-aws-nlb.md @@ -0,0 +1,47 @@ +--- +title: Deploying Contour on AWS with NLB +--- + +This is an advanced deployment guide to configure Contour on AWS with the [Network Load Balancer (NLB)][1]. +This configuration has several advantages: + +1. NLBs are often cheaper. This is especially true for development. Idle LBs do not cost money. +2. There are no extra network hops. Traffic goes to the NLB, to the node hosting Contour, and then to the target pod. +3. Source IP addresses are retained. Envoy (running as part of Contour) sees the native source IP address and records this with an `X-Forwarded-For` header. + +## Moving parts + +- We run Envoy as a DaemonSet across the cluster and Contour as a deployment +- The Envoy pod runs on host ports 80 and 443 on the node +- Host networking means that traffic hits Envoy without transitioning through any other fancy networking hops +- Contour also binds to 8001 for Envoy->Contour config traffic. + +## Deploying Contour + +1. [Clone the Contour repository][4] and cd into the repo +2. Edit the Envoy service (`02-service-envoy.yaml`) in the `examples/contour` directory: + - Remove the existing annotation: `service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp` + - Add the following annotation: `service.beta.kubernetes.io/aws-load-balancer-type: nlb` +3. Run `kubectl apply -f examples/contour` + +This creates the `projectcontour` Namespace along with a ServiceAccount, RBAC rules, Contour Deployment and an Envoy DaemonSet. +It also creates the NLB based loadbalancer for you. + +You can get the address of your NLB via: + +``` +$ kubectl get service envoy --namespace=projectcontour -o jsonpath='{.status.loadBalancer.ingress[0].hostname}' +``` + +## Test + +You can now test your NLB. + +1. Install a workload (see the kuard example in the [main deployment guide][2]). +2. Look up the address for your NLB in the AWS console and enter it in your browser. + - Notice that Envoy fills out `X-Forwarded-For`, because it was the first to see the traffic directly from the browser. + +[1]: https://aws.amazon.com/blogs/aws/new-network-load-balancer-effortless-scaling-to-millions-of-requests-per-second/ +[2]: ../deploy-options/#testing-your-installation +[3]: https://github.com/kubernetes/kubernetes/issues/52173 +[4]: {{< param github_url >}}/tree/{{< param branch >}} diff --git a/site/content/docs/1.28/guides/deploy-aws-tls-nlb.md b/site/content/docs/1.28/guides/deploy-aws-tls-nlb.md new file mode 100644 index 00000000000..7f4f83f685e --- /dev/null +++ b/site/content/docs/1.28/guides/deploy-aws-tls-nlb.md @@ -0,0 +1,135 @@ +--- +title: AWS Network Load Balancer TLS Termination with Contour +--- + +## Motivation + +![diagram illustrating connection between network load balancer and contour](/img/aws-nlb-tls/fig.jpg){:class="img-fluid"} + +Managing TLS certificates (and related configuration) for production cluster workloads is both time consuming, and high risk. For example, storing multiple copies of a certificate secret key in the cluster may increases the chances of it being compromised. Additionally, TLS can be complicated to configure and implement properly. + +Traditionally, TLS termination at the load balancer step required using more expensive application load balancers (ALBs). AWS introduced TLS termination for network load balancers (NLBs) for enhanced security and cost effectiveness. + +The TLS implementation used by the AWS NLB is formally verified and maintained. Additionally, AWS Certificate Manager (ACM) is used, fully isolating your cluster from access to the private key. + +## Solution Overview + +An external client transmits a request to the NLB. The request is encrypted with TLS using the production (e.g., client facing) certificate, and on port 443. + +The NLB decrypts the request, and transmits it on to Envoy running in your cluster on port 8080. It follows the standard request routing configured within the cluster. Notably, the request received within the cluster includes the actual origin IP address of the external client. + +Alternate ports may be configured. End-to-end encryption technically requires the segment between the NLB and cluster pods be encrypted also. A follow-up post will describe the NLB originating TLS based on a cluster certificate. + +## Steps + +### Prerequisites + +1. Access to DNS records for domain name. + +[Review the docs on registering domains with AWS's Route 53.](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/registrar.html) + +An alternate DNS provider may be used, such as Google Domains or Namecheap. + +Later, a subdomain (e.g., demo-service.gcline.us) will be created, pointing to the NLB. Additionally, access to the DNS records is required to generate a TLS certificate for use by the NLB. + +3. Verify [Contour is installed in the cluster.](https://projectcontour.io/getting-started/) + +4. Install [AWS Load Balancer Controller.]( https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/deploy/installation/) + +Generally, setting up the Load Balancer Controller has two steps: enabling IAM roles for service accounts, and adding the controller to the cluster. The IAM role allows the controller in the Kubernetes cluster to manage AWS resources. [Learn more about IAM roles for service accounts.](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html) + +### Configure + +1. Generate TLS Certificate + +Create a public TLS certificate for the domain using AWS Certificate Manager (ACM). This is streamlined when the domain is managed by Route 53. Review the [AWS Certificate Manager Docs.](https://docs.aws.amazon.com/acm/latest/userguide/gs-acm-request-public.html#request-public-console) + +The domain name on the TLS certificate must correspond to the planned domain name for the kubernetes service. The domain name may be specified explicitly (e.g., tls-demo.gcline.us), or a wildcard certificate can be used (e.g., *.gcline.us). + +If the domain is registered with Route53, the TLS certificate request will automatically be approved. Otherwise, follow ACM console the instructions to create a DNS record to validate the domain. + +After validation, the certificate will be available for use in your AWS account. + +Note the ARN of the certificate, which uniquely identifies it in kubernetes config files. + +![screenshot indicating location of ARN value in web console](/img/aws-nlb-tls/acm-arn.png){:class="img-fluid"} + +2. Create Envoy Service with new NLB + +Contour expects a kubernetes service pointing to Envoy. Add annotations to the service to enable NLB TLS termination, before the traffic reaches Envoy. The annotations are actioned by the load balancer controller. [Review all the NLB annotations on GitHub.](https://kubernetes-sigs.github.io/aws-load-balancer-controller/latest/guide/service/annotations/) + +| annotation name | value | meaning | +| ----- | --- | ----- | +| service.beta.kubernetes.io/aws-load-balancer-type | external | explicitly requires an NLB, instead of an ALB | +| service.beta.kubernetes.io/aws-load-balancer-nlb-target-type | ip | route traffic directly to the pod IP | +| service.beta.kubernetes.io/aws-load-balancer-scheme | internet-facing | An internet-facing load balancer has a publicly resolvable DNS name | +| service.beta.kubernetes.io/aws-load-balancer-ssl-cert | "arn:aws:acm:..." | identifies the TLS certificate used by the NLB | +| service.beta.kubernetes.io/aws-load-balancer-ssl-ports | 443 | determines the port the NLB should listen for TLS traffic on| + +Example: + +``` +apiVersion: v1 +kind: Service +metadata: + name: envoy + namespace: projectcontour + annotations: + service.beta.kubernetes.io/aws-load-balancer-type: external + service.beta.kubernetes.io/aws-load-balancer-nlb-target-type: ip + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:us-east-2:185309785115:certificate/7610ed7d-5a81-4ea2-a18a-7ba1606cca3e" + service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" +spec: + externalTrafficPolicy: Local + ports: + - port: 443 + targetPort: 8080 + name: http + protocol: TCP + selector: + app: envoy + type: LoadBalancer +``` + +*Note:* Don't modify an existing service to add NLB TLS termination. This may result in unexpected behavior, such as duplicate NLB resources or incorrect NLB configuration. + +3. Configure DNS + +**Get domain name using kubectl.** + +The service name and namespace were defined above. + +``` +kubectl get svc envoy --namespace projectcontour +``` + +``` +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +envoy LoadBalancer 10.100.24.154 a7ea2bbde8a164036a7e4c1ed5700cdf-154fb911d990bb1f.elb.us-east-2.amazonaws.com 443:31606/TCP 40d +``` + +Note the last 4 digits of the domain name for the NLB. For example, "bb1f". + +**Setup DNS alias for NLB** + +Create a DNS record pointing from a friendly name (e.g., tls-demo.gcline.us) to the NLB domain (e.g., bb1f.elb.us-east-2.amazonaws.com). + +For AWS's Route 53, follow the instructions below. If you use a different DNS provider, follow their instructions for [creating a CNAME record](https://docs.digitalocean.com/products/networking/dns/how-to/manage-records/#cname-records). + +First, create a new record in Route 53. + +Use the "A" record type, and enable the ["alias" option.](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values-alias.html) This option attaches the DNS record to the AWS resource, without requiring an extra lookup step for clients. + +Select the NLB resource. Double check the region, and use the last 4 digits (noted earlier) to select the proper resource. + +![screenshot of Route 53 New Record Console](/img/aws-nlb-tls/record.png){:class="img-fluid"} + +### Verify + +Attempt to access the NLB domain at port 443 with HTTPS/TLS. Is the connection successful? What certificate is used? Does it reach the expected endpoint within the cluster? + +### Next Steps + +Create a second TLS certificate within the cluster, for securing connections between the NLB and pods. A guide on this topic is forthcoming. + diff --git a/site/content/docs/1.28/guides/external-authorization.md b/site/content/docs/1.28/guides/external-authorization.md new file mode 100644 index 00000000000..74076ede518 --- /dev/null +++ b/site/content/docs/1.28/guides/external-authorization.md @@ -0,0 +1,538 @@ +--- +title: External Authorization Support +--- + +Starting in version 1.9, Contour supports routing client requests to an +external authorization server. This feature can be used to centralize +client authorization so that applications don't have to implement their +own authorization mechanisms. + +## Authorization Architecture + +An external authorization server is a server that implements the Envoy +external authorization [GRPC protocol][3]. Contour supports any server +that implements this protocol. + +You can bind an authorization server to Contour by creating a +[`ExtensionService`][4] resource. +This resource tells Contour the service exists, and that it should +program Envoy with an upstream cluster directing traffic to it. +Note that the `ExtensionService` resource just binds the server; at this +point Contour doesn't assume that the server is an authorization server. + +Once you have created `ExtensionService` resource, you can bind it to a +particular application by referencing it in a [`HTTPProxy`][5] resource. +In the `virtualhost` field, a new `authorization` field specifies the name +of an `ExtensionService` to bind for the virtual host. +When you specify a resource name here, Contour will program Envoy to +send authorization checks to the extension service cluster before routing +the request to the upstream application. + +## Authorization Request Flow + +It is helpful to have a mental model of how requests flow through the various +servers involved in authorizing HTTP requests. +The flow diagram below shows the actors that participate in the successful +authorization of an HTTP request. +Note that in some cases, these actors can be combined into a single +application server. +For example, there is no requirement for the external authorization server to +be a separate application from the authorization provider. + + +

+client authorization sequence diagram +

+ +A HTTP Client generates an HTTP request and sends it to +an Envoy instance that Contour has programmed with an external +authorization configuration. +Envoy holds the HTTP request and sends an authorization check request +to the Authorization server that Contour has bound to the virtual host. +The Authorization server may be able to verify the request locally, but in +many cases it will need to make additional requests to an Authorization +Provider server to verify or obtain an authorization token. + +In this flow, the ExtAuth server is able to authorize the request, and sends an +authorization response back to the Proxy. +The response includes the authorization status, and a set of HTTP headers +modifications to make to the HTTP request. +Since this authorization was successful, the Proxy modifies the request and +forwards it to the application. +If the authorization was not successful, the Proxy would have immediately +responded to the client with an HTTP error. + +## Using the Contour Authorization Server + +The Contour project has built a simple authorization server named +[`contour-authserver`][1]. `contour-authserver` supports an authorization +testing server, and an HTTP basic authorization server that accesses +credentials stored in [htpasswd][2] format. + +To get started, ensure that Contour is deployed and that you have +[cert-manager][6] installed in your cluster so that you can easily issue +self-signed TLS certificates. + +At this point, we should also create a cluster-wide self-signed certificate +issuer, just to make it easier to provision TLS certificates later: + +```bash +$ kubectl apply -f - <` with the appropriate version of Go and BoringCrypto, see [here][10] for version specifics): + +```bash +make container BUILD_CGO_ENABLED=1 BUILD_BASE_IMAGE=goboring/golang: BUILD_EXTRA_GO_LDFLAGS="-linkmode=external -extldflags=-static" +``` + +The command above can be broken down as follows: +- `make container` invokes the container image build target +- `BUILD_CGO_ENABLED=1` ensures `cgo` is enabled in the Contour compilation process +- `BUILD_BASE_IMAGE=goboring/golang:` ensures we use the BoringCrypto flavor of Go +- `BUILD_EXTRA_GO_LDFLAGS` contains the additional linker flags we need to perform a static build + - `-linkmode=external` tells the Go linker to use an external linker + - `-extldflags=-static"` passes the `-static` flag to the external link to ensure a statically linked executable is produced + +The container image build process should fail before export of the `contour` binary to the final image if the compiled binary is not statically linked. + +### Validation + +To be fully sure the produced `contour` binary has been compiled with BoringCrypto you must remove the `-s` flag from the base Contour `Makefile` to stop stripping symbols and run through the build process above. +Then you will be able to inspect the `contour` binary with `go tool nm` to check for symbols containing the string `_Cfunc__goboringcrypto_`. +Also, you can use the program [rsc.io/goversion][21]. It will report the crypto implementation used by a given binary when invoked with the `-crypto` flag. + +Once you have a `projectcontour/contour` image built, you can re-tag it if needed, push the image to a registry, and reference it in a Contour deployment to use it! + +## Building Envoy + +Envoy has support for building in a FIPS compliant mode as [documented here][11]. +The upstream project does not distribute a FIPS compliant Envoy container image, but combining the documented process with the processes for building the Envoy executable and container image, we can produce one. + +Again we will need the Envoy source code checked out to the version to build and Docker installed on your computer. +The simplest way to build Envoy without having to learn [Bazel][12] and set up a C++ toolchain on your computer is to build using the Envoy build container image which contains the necessary tools pre-installed. +Note that if you do build with FIPS mode outside of the build container, you can only do so on a Linux-amd64 architecture. + +We can first compile the Envoy binary by running the following in a `bash` shell from the Envoy source directory: + +```bash +BAZEL_BUILD_EXTRA_OPTIONS="--define boringssl=fips" ENVOY_DOCKER_BUILD_DIR= ./ci/run_envoy_docker.sh './ci/do_ci.sh bazel.release //test/exe:envoy_static_test' +``` + +*This command mimics the Envoy release CI process with the target `bazel.release` but differs in only running a single test for brevity. You may omit the `//test/exe:envoy_static_test` test entirely to run the full suite of Envoy tests.* + +Replace `` with a directory you would like the build output to be placed on your host computer. + +Once that build completes, you should have a file named `release.tar.zst` in your specified output directory. +This file is a [Zstandard](https://github.com/facebook/zstd) compressed archive containing the compiled Envoy release and debug binaries. +If you would like to build an image with Envoy according to your own specifications, you can unpack the resulting archive and you will find a stripped Envoy binary in the root and an unstripped Envoy binary with debug info in the `dbg` directory. + +To build an image matching the canonical Envoy upstream release image ([`envoyproxy/envoy`][13]), run the following: + +*Note: You will need a recent version of Docker/BuildKit that supports Zstandard decompression.* + +```bash +# Make ./linux/amd64 directories. +mkdir -p ./linux/amd64 +# Copy Zstandard archive from build step. +cp -a /envoy/x64/bin/release.tar.zst ./linux/amd64/release.tar.zst +# Run the Docker image build. +docker build -f ./ci/Dockerfile-envoy --target envoy . +``` + +Once you have an image built, you can tag it as needed, push the image to a registry, and use it in an Envoy deployment. + +## Configuring TLS Ciphers + +Now that we have Contour and Envoy compiled with BoringCrypto, we can turn our attention to ensuring encrypted communication paths in Contour are configured to use FIPS approved cryptographic algorithms. +Using a FIPS flavor of Envoy will do most of the heavy lifting here without any user configuration needed. + +The critical communication paths and how they are set up to be FIPS compliant are enumerated below: +- Contour -> k8s API + - Contour uses [`client-go`][14] to communicate with the k8s API + - `client-go` uses the default Golang cipher suites configuration + - When compiled with BoringCrypto Go, this set of ciphers is FIPS compliant and not configurable by users +- Envoy -> Contour xDS Server, extension services, upstream services + - A FIPS compliant build of Envoy will choose FIPS approved TLS ciphers when negotiating TLS 1.2 as documented [here][15] + - The set of ciphers is not configurable +- TLS client -> Envoy + - As of [Contour 1.13.0][16], the ciphers Envoy will accept as a server when negotiating TLS 1.2 are configurable + - The [default set of ciphers Contour configures][17] includes some ciphers that are not FIPS approved + - Users must configure FIPS approved ciphers from the list [here][15] + +[0]: https://csrc.nist.gov/publications/detail/fips/140/2/final +[1]: https://csrc.nist.gov/projects/testing-laboratories +[2]: https://boringssl.googlesource.com/boringssl/ +[3]: https://boringssl.googlesource.com/boringssl/+/master/crypto/fipsmodule/FIPS.md +[4]: https://go.googlesource.com/go/+/dev.boringcrypto/README.boringcrypto.md +[5]: https://hub.docker.com/r/projectcontour/contour +[6]: https://www.gnu.org/software/make/ +[7]: https://www.docker.com/ +[8]: {{< param github_url >}}/blob/main/Dockerfile +[9]: https://hub.docker.com/r/goboring/golang/ +[10]: https://go.googlesource.com/go/+/dev.boringcrypto/misc/boring/README.md#version-strings +[11]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/security/ssl.html#fips-140-2 +[12]: https://bazel.build/ +[13]: https://hub.docker.com/r/envoyproxy/envoy +[14]: https://github.com/kubernetes/client-go +[15]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-field-extensions-transport-sockets-tls-v3-tlsparameters-cipher-suites +[16]: https://github.com/projectcontour/contour/releases/tag/v1.13.0 +[17]: https://pkg.go.dev/github.com/projectcontour/contour/pkg/config#pkg-variables +[18]: https://pkg.go.dev/internal/goexperiment@go1.19 +[19]: https://go-boringcrypto.storage.googleapis.com/ +[20]: https://go.googlesource.com/go/+/dev.boringcrypto/misc/boring/README.md#releases +[21]: https://godoc.org/rsc.io/goversion \ No newline at end of file diff --git a/site/content/docs/1.28/guides/gatekeeper.md b/site/content/docs/1.28/guides/gatekeeper.md new file mode 100644 index 00000000000..fa6d01cab41 --- /dev/null +++ b/site/content/docs/1.28/guides/gatekeeper.md @@ -0,0 +1,456 @@ +--- +title: Using Gatekeeper as a validating admission controller with Contour +--- + +This tutorial demonstrates how to use [Gatekeeper](https://github.com/open-policy-agent/gatekeeper) as a validating admission controller for Contour. + +Gatekeeper is a project that enables users to define flexible policies for Kubernetes resources using [Open Policy Agent (OPA)](https://www.openpolicyagent.org/) that are enforced when those resources are created/updated via the Kubernetes API. + +The benefits of using Gatekeeper with Contour are: +- Immediate feedback for the user when they try to create an `HTTPProxy` with an invalid spec. Instead of having to check the `HTTPProxy`'s status after creation for a possible error message, the create is rejected and the user is immediately provided with a reason for the rejection. +- User-defined policies for `HTTPProxy` specs. For example, the Contour admin can define policies to enforce maximum limits on timeouts and retries, disallow certain FQDNs, etc. + +## Prerequisites + +- A Kubernetes cluster with a minimum version of 1.14 (to enable webhook timeouts for Gatekeeper). +- Cluster-admin permissions + +## Deploy Contour + +Run: + +```bash +$ kubectl apply -f {{< param base_url >}}/quickstart/contour.yaml +``` + +This creates a `projectcontour` namespace and sets up Contour as a deployment and Envoy as a daemonset, with communication between them secured by mutual TLS. + +Check the status of the Contour pods with this command: + +```bash +$ kubectl -n projectcontour get pods -l app=contour +NAME READY STATUS RESTARTS AGE +contour-8596d6dbd7-9nrg2 1/1 Running 0 32m +contour-8596d6dbd7-mmtc8 1/1 Running 0 32m +``` + +If installation was successful, all pods should reach `Running` status shortly. + +## Deploy Gatekeeper + +The following instructions are summarized from the [Gatekeeper documentation](https://github.com/open-policy-agent/gatekeeper#installation-instructions). +If you already have Gatekeeper running in your cluster, you can skip this section. + +Run: + +```bash +$ kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/deploy/gatekeeper.yaml +``` + +This creates a `gatekeeper-system` namespace and sets up the Gatekeeper controller manager and audit deployments using the latest Gatekeeper release. + +Check the status of the Gatekeeper pods with this command: + +```bash +$ kubectl -n gatekeeper-system get pods +NAME READY STATUS RESTARTS AGE +gatekeeper-audit-67dfc46db6-kjcmc 1/1 Running 0 40m +gatekeeper-controller-manager-7cbc758844-64hhn 1/1 Running 0 40m +gatekeeper-controller-manager-7cbc758844-c4dkd 1/1 Running 0 40m +gatekeeper-controller-manager-7cbc758844-xv9jn 1/1 Running 0 40m +``` + +If installation was successful, all pods should reach `Running` status shortly. + +## Configure Gatekeeper + +### Background + +Gatekeeper uses the [OPA Constraint Framework](https://github.com/open-policy-agent/frameworks/tree/master/constraint) to define and enforce policies. +This framework has two key types: `ConstraintTemplate` and `Constraint`. +A `ConstraintTemplate` defines a reusable OPA policy, along with the parameters that can be passed to it when it is instantiated. +When a `ConstraintTemplate` is created, Gatekeeper automatically creates a custom resource definition (CRD) to represent it in the cluster. + +A `Constraint` is an instantiation of a `ConstraintTemplate`, which tells Gatekeeper to apply it to specific Kubernetes resource types (e.g. `HTTPProxy`) and provides any relevant parameter values. +A `Constraint` is defined as an instance of the CRD representing the associated `ConstraintTemplate`. + +We'll now look at some examples to make these concepts concrete. + +### Configure resource caching + +First, Gatekeeper needs to be configured to store all `HTTPProxy` resources in its internal cache, so that existing `HTTPProxy` resources can be referenced within constraint template policies. +This is essential for being able to define constraints that look across all `HTTPProxies` -- for example, to verify FQDN uniqueness. + +Create a file called `config.yml` containing the following YAML: + +```yaml +apiVersion: config.gatekeeper.sh/v1alpha1 +kind: Config +metadata: + name: config + namespace: "gatekeeper-system" +spec: + sync: + syncOnly: + - group: "projectcontour.io" + version: "v1" + kind: "HTTPProxy" +``` + +Apply it to the cluster: + +```bash +$ kubectl apply -f config.yml +``` + +Note that if you already had Gatekeeper running in your cluster, you may already have the `Config` resource defined. +In that case, you'll need to edit the existing resource to add `HTTPProxy` to the `spec.sync.syncOnly` list. + +### Configure HTTPProxy validations + +The first constraint template and constraint that we'll define are what we'll refer to as a **validation**. +These are rules for `HTTPProxy` specs that Contour universally requires to be true. +In this example, we'll define a constraint template and constraint to enforce that all `HTTPProxies` must have a unique FQDN. + +Create a file called `unique-fqdn-template.yml` containing the following YAML: + +```yaml +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: httpproxyuniquefqdn +spec: + crd: + spec: + names: + kind: HTTPProxyUniqueFQDN + listKind: HTTPProxyUniqueFQDNList + plural: HTTPProxyUniqueFQDNs + singular: HTTPProxyUniqueFQDN + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package httpproxy.uniquefqdn + + violation[{"msg": msg, "other": sprintf("%v/%v", [other.metadata.namespace, other.metadata.name])}] { + got := input.review.object.spec.virtualhost.fqdn + other := data.inventory.namespace[_]["projectcontour.io/v1"]["HTTPProxy"][_] + other.spec.virtualhost.fqdn = got + + not same(other, input.review.object) + msg := "HTTPProxy must have a unique spec.virtualhost.fqdn" + } + + same(a, b) { + a.metadata.namespace == b.metadata.namespace + a.metadata.name == b.metadata.name + } +``` + +Apply it to the cluster: + +```bash +$ kubectl apply -f unique-fqdn-template.yml +``` + +Within a few seconds, you'll see that a corresponding CRD has been created in the cluster: + +```bash +$ kubectl get crd httpproxyuniquefqdn.constraints.gatekeeper.sh +NAME CREATED AT +httpproxyuniquefqdn.constraints.gatekeeper.sh 2020-08-13T16:08:57Z +``` + +Now, create a file called `unique-fqdn-constraint.yml` containing the following YAML: + +```yaml +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: HTTPProxyUniqueFQDN +metadata: + name: httpproxy-unique-fqdn +spec: + match: + kinds: + - apiGroups: ["projectcontour.io"] + kinds: ["HTTPProxy"] +``` + +Note that the `Kind` of this resource corresponds to the new CRD. + +Apply it to the cluster: + +```bash +$ kubectl apply -f unique-fqdn-constraint.yml +``` + +Now, let's create some `HTTPProxies` to see the validation in action. + +Create a file called `httpproxies.yml` containing the following YAML: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: demo + namespace: default +spec: + virtualhost: + fqdn: demo.projectcontour.io +--- +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: demo2 + namespace: default +spec: + virtualhost: + fqdn: demo.projectcontour.io +``` + +Note that both `HTTPProxies` have the same FQDN. + +Apply the YAML: + +```bash +$ kubectl apply -f httpproxies.yml +``` + +You should see something like: +``` +httpproxy.projectcontour.io/demo created +Error from server ([denied by httpproxy-unique-fqdn] HTTPProxy must have a unique FQDN): error when creating "httpproxies.yml": admission webhook "validation.gatekeeper.sh" denied the request: [denied by httpproxy-unique-fqdn] HTTPProxy must have a unique FQDN +``` + +The first `HTTPProxy` was created successfully, because there was not already an existing proxy with the `demo.projectcontour.io` FQDN. +However, when the second `HTTPProxy` was submitted, Gatekeeper rejected its creation because it used the same FQDN as the first one. + +### Configure HTTPProxy policies + +The next constraint template and constraint that we'll create are what we refer to as a **policy**. +These are rules for `HTTPProxy` specs that an individual Contour administrator may want to enforce for their cluster, but that are not explicitly required by Contour itself. +In this example, we'll define a constraint template and constraint to enforce that all `HTTPProxies` can be configured with at most five retries for any route. + +Create a file called `retry-count-range-template.yml` containing the following YAML: + +```yaml +apiVersion: templates.gatekeeper.sh/v1beta1 +kind: ConstraintTemplate +metadata: + name: httpproxyretrycountrange +spec: + crd: + spec: + names: + kind: HTTPProxyRetryCountRange + listKind: HTTPProxyRetryCountRangeList + plural: HTTPProxyRetryCountRanges + singular: HTTPProxyRetryCountRange + scope: Namespaced + validation: + openAPIV3Schema: + properties: + min: + type: integer + max: + type: integer + targets: + - target: admission.k8s.gatekeeper.sh + rego: | + package httpproxy.retrycountrange + + # build a set of all the retry count values + retry_counts[val] { + val := input.review.object.spec.routes[_].retryPolicy.count + } + + # is there a retry count value that's greater than the allowed max? + violation[{"msg": msg}] { + retry_counts[_] > input.parameters.max + msg := sprintf("retry count must be less than or equal to %v", [input.parameters.max]) + } + + # is there a retry count value that's less than the allowed min? + violation[{"msg": msg}] { + retry_counts[_] < input.parameters.min + msg := sprintf("retry count must be greater than or equal to %v", [input.parameters.min]) + } +``` + +Apply it to the cluster: + +```bash +$ kubectl apply -f retry-count-range-template.yml +``` + +Again, within a few seconds, you'll see that a corresponding CRD has been created in the cluster: + +```bash +$ kubectl get crd httpproxyretrycountrange.constraints.gatekeeper.sh +NAME CREATED AT +httpproxyretrycountrange.constraints.gatekeeper.sh 2020-08-13T16:12:10Z +``` + +Now, create a file called `retry-count-range-constraint.yml` containing the following YAML: + +```yaml +apiVersion: constraints.gatekeeper.sh/v1beta1 +kind: HTTPProxyRetryCountRange +metadata: + name: httpproxy-retry-count-range +spec: + match: + kinds: + - apiGroups: ["projectcontour.io"] + kinds: ["HTTPProxy"] + namespaces: + - my-namespace + parameters: + max: 5 +``` + +Note that for this `Constraint`, we've added a `spec.match.namespaces` field which defines that this policy should only be applied to `HTTPProxies` created in the `my-namespace` namespace. +If this `namespaces` matcher is not specified, then the `Constraint` applies to all namespaces. +You can read more about `Constraint` matchers on the [Gatekeeper website](https://github.com/open-policy-agent/gatekeeper#constraints). + +Apply it to the cluster: + +```bash +$ kubectl apply -f retry-count-range-constraint.yml +``` + +Now, let's create some `HTTPProxies` to see the policy in action. + +Create a namespace called `my-namespace`: + +```bash +$ kubectl create namespace my-namespace +namespace/my-namespace created +``` + +Create a file called `httpproxy-retries.yml` containing the following YAML: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: demo-retries + namespace: my-namespace +spec: + virtualhost: + fqdn: retries.projectcontour.io + routes: + - conditions: + - prefix: /foo + services: + - name: s1 + port: 80 + retryPolicy: + count: 6 +``` + +Apply the YAML: + +```bash +$ kubectl apply -f httpproxy-retries.yml +``` + +You should see something like: +``` +Error from server ([denied by httpproxy-retry-count-range] retry count must be less than or equal to 5): error when creating "proxy-retries.yml": admission webhook "validation.gatekeeper.sh" denied the request: [denied by httpproxy-retry-count-range] retry count must be less than or equal to 5 +``` + +Now, change the `count` field on the last line of `httpproxy-retries.yml` to have a value of `5`. Save the file, and apply it again: + +```bash +$ kubectl apply -f httpproxy-retries.yml +``` + +Now the `HTTPProxy` creates successfully*. + +_* Note that the HTTPProxy is still marked invalid by Contour after creation because the service `s1` does not exist, but that's outside the scope of this guide._ + +Finally, create a file called `httpproxy-retries-default.yml` containing the following YAML: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: demo-retries + namespace: default +spec: + virtualhost: + fqdn: default.retries.projectcontour.io + routes: + - conditions: + - prefix: /foo + services: + - name: s1 + port: 80 + retryPolicy: + count: 6 +``` + +Remember that our `Constraint` was defined to apply only to the `my-namespace` namespace, so it should not block the creation of this proxy, even though it has a retry policy count outside the allowed range. + +Apply the YAML: + +```bash +$ kubectl apply -f httpproxy-retries-default.yml +``` + +The `HTTPProxy` creates successfully. + +## Gatekeeper Audit + +We've seen how Gatekeeper constraints can enforce constraints when a user tries to create a new `HTTPProxy`. Now let's look at how constraints can be applied to pre-existing resources in the cluster. + +Gatekeeper has an audit functionality, that periodically (every `60s` by default) checks all existing resources against the relevant set of constraints. Any violations are reported in the `Constraint` custom resource's `status.violations` field. This allows an administrator to periodically review & correct any pre-existing misconfigurations, while not having to worry about breaking existing resources when rolling out a new or updated constraint. + +To try this out, let's revisit the previous example, and change our constraint to allow a maximum retry count of four. + +Edit `retry-count-range-constraint.yml` and change the `max` field to have a value of `4`. Save the file. + +Apply it to the cluster: + +```bash +$ kubectl apply -f retry-count-range-constraint.yml +``` + +We know that the `demo-retries` proxy has a route with a `retryPolicy.count` of `5`. This should now be invalid according to the updated constraint. + +Wait up to `60s` for the next periodic audit to finish, then run: + +```bash +$ kubectl describe httpproxyretrycountrange httpproxy-retry-count-range +``` + +You should see something like: + +``` +... +Status: + ... + Violations: + Enforcement Action: deny + Kind: HTTPProxy + Message: retry policy count must be less than or equal to 4 + Name: demo-retries + Namespace: my-namespace +``` + +However, our `HTTPProxy` remains in the cluster and can continue to route requests, and the user can remediate the proxy to bring it inline with the policy on their own timeline. + +## Next steps + +Contour has a [growing library](https://github.com/projectcontour/contour/tree/main/examples/gatekeeper) of Gatekeeper constraint templates and constraints, for both **validations** and **policies**. + +If you're using Gatekeeper, we recommend that you apply all of the **validations** we've defined, since these rules are already being checked internally by Contour and reported as status errors/invalid proxies. +Using the Gatekeeper constraints will only improve the user experience since users will get earlier feedback if their proxies are invalid. +The **validations** can be found in `examples/gatekeeper/validations`. + + +You should take more of a pick-and-choose approach to our sample **policies**, since every organization will have different policy needs. +Feel free to use any/all/none of them, and augment them with your own policies if applicable. +The sample **policies** can be found in `examples/gatekeeper/policies`. + +And of course, if you do develop any new constraints that you think may be useful for the broader Contour community, we welcome contributions! diff --git a/site/content/docs/1.28/guides/gateway-api.md b/site/content/docs/1.28/guides/gateway-api.md new file mode 100644 index 00000000000..0759696d3f6 --- /dev/null +++ b/site/content/docs/1.28/guides/gateway-api.md @@ -0,0 +1,210 @@ +--- +title: Using Gateway API with Contour +--- + +This tutorial walks through an example of using [Gateway API][1] with Contour. +See the [Contour reference documentation][5] for more information on Contour's Gateway API support. + +### Prerequisites +The following prerequisites must be met before following this guide: + +- A working [Kubernetes][2] cluster. Refer to the [compatibility matrix][3] for cluster version requirements. +- The [kubectl][4] command-line tool, installed and configured to access your cluster. + +## Deploy Contour with Gateway API enabled + +First, deploy Contour with Gateway API enabled. +This can be done using either [static or dynamic provisioning][6]. + +### Option #1: Statically provisioned + +Create Gateway API CRDs: +```shell +$ kubectl apply -f {{< param github_raw_url>}}/{{< param branch >}}/examples/gateway/00-crds.yaml +``` + +Create a GatewayClass: +```shell +kubectl apply -f - <}}/quickstart/contour.yaml +``` +This command creates: + +- Namespace `projectcontour` to run Contour +- Contour CRDs +- Contour RBAC resources +- Contour Deployment / Service +- Envoy DaemonSet / Service +- Contour ConfigMap + +Update the Contour configmap to enable Gateway API processing by specifying a gateway controller name, and restart Contour to pick up the config change: + +```shell +kubectl apply -f - <}}/quickstart/contour-gateway-provisioner.yaml +``` + +This command creates: + +- Namespace `projectcontour` to run the Gateway provisioner +- Contour CRDs +- Gateway API CRDs +- Gateway provisioner RBAC resources +- Gateway provisioner Deployment + +Create a GatewayClass: + +```shell +kubectl apply -f - <}}/{{< param branch >}}/examples/example-workload/gatewayapi/kuard/kuard.yaml +``` +This command creates: + +- A Deployment named `kuard` in the default namespace to run kuard as the test application. +- A Service named `kuard` in the default namespace to expose the kuard application on TCP port 80. +- An HTTPRoute named `kuard` in the default namespace, attached to the `contour` Gateway, to route requests for `local.projectcontour.io` to the kuard service. + +Verify the kuard resources are available: +```shell +$ kubectl get po,svc,httproute -l app=kuard +NAME READY STATUS RESTARTS AGE +pod/kuard-798585497b-78x6x 1/1 Running 0 21s +pod/kuard-798585497b-7gktg 1/1 Running 0 21s +pod/kuard-798585497b-zw42m 1/1 Running 0 21s + +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +service/kuard ClusterIP 172.30.168.168 80/TCP 21s + +NAME HOSTNAMES +httproute.gateway.networking.k8s.io/kuard ["local.projectcontour.io"] +``` + +## Test Routing + +_Note, for simplicity and compatibility across all platforms we'll use `kubectl port-forward` to get traffic to Envoy, but in a production environment you would typically use the Envoy service's address._ + +Port-forward from your local machine to the Envoy service: +```shell +# If using static provisioning +$ kubectl -n projectcontour port-forward service/envoy 8888:80 + +# If using dynamic provisioning +$ kubectl -n projectcontour port-forward service/envoy-contour 8888:80 +``` + +In another terminal, make a request to the application via the forwarded port (note, `local.projectcontour.io` is a public DNS record resolving to 127.0.0.1 to make use of the forwarded port): +```shell +$ curl -i http://local.projectcontour.io:8888 +``` +You should receive a 200 response code along with the HTML body of the main `kuard` page. + +You can also open http://local.projectcontour.io:8888/ in a browser. + +### Further reading + +This guide only scratches the surface of the Gateway API's capabilities. See the [Gateway API website][1] for more information. + + +[1]: https://gateway-api.sigs.k8s.io/ +[2]: https://kubernetes.io/ +[3]: https://projectcontour.io/resources/compatibility-matrix/ +[4]: https://kubernetes.io/docs/tasks/tools/install-kubectl/ +[5]: /docs/{{< param version >}}/config/gateway-api +[6]: /docs/{{< param version >}}/config/gateway-api#enabling-gateway-api-in-contour \ No newline at end of file diff --git a/site/content/docs/1.28/guides/global-rate-limiting.md b/site/content/docs/1.28/guides/global-rate-limiting.md new file mode 100644 index 00000000000..c2ff23edd27 --- /dev/null +++ b/site/content/docs/1.28/guides/global-rate-limiting.md @@ -0,0 +1,503 @@ +--- +title: Global Rate Limiting +--- + +Starting in version 1.13, Contour supports [Envoy global rate limiting][1]. +In global rate limiting, Envoy communicates with an external Rate Limit Service (RLS) over gRPC to make rate limit decisions for each request. +Envoy is configured to produce 1+ descriptors for incoming requests, containing things like the client IP, header values, and more. +Envoy sends descriptors to the RLS, and the RLS returns a rate limiting decision to Envoy based on the descriptors and the RLS's configured rate limits. + +In this guide, we'll walk through deploying an RLS, configuring it in Contour, and configuring an `HTTPProxy` to use it for rate limiting. + +**NOTE: you should not consider the RLS deployment in this guide to be production-ready.** +The instructions and example YAML below are intended to be a demonstration of functionality only. +Each user will have their own unique production requirements for their RLS deployment. + +## Prerequisites + +This guide assumes that you have: + +- A local KinD cluster created using [the Contour guide][2]. +- Contour installed and running in the cluster using the [quick start][3]. + +## Deploy an RLS + +For this guide, we'll deploy the [Envoy rate limit service][4] as our RLS. +Per the project's README: + +> The rate limit service is a Go/gRPC service designed to enable generic rate limit scenarios from different types of applications. +> Applications request a rate limit decision based on a domain and a set of descriptors. +> The service reads the configuration from disk via [runtime][10], composes a cache key, and talks to the Redis cache. +> A decision is then returned to the caller. + +However, any service that implements the [RateLimitService gRPC interface][5] is supported by Contour/Envoy. + +Create a config map with [the ratelimit service configuration][6]: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: ratelimit-config + namespace: projectcontour +data: + ratelimit-config.yaml: | + domain: contour + descriptors: + + # requests with a descriptor of ["generic_key": "foo"] + # are limited to one per minute. + - key: generic_key + value: foo + rate_limit: + unit: minute + requests_per_unit: 1 + + # each unique remote address (i.e. client IP) + # is limited to three requests per minute. + - key: remote_address + rate_limit: + unit: minute + requests_per_unit: 3 +``` + +Create a deployment for the RLS that mounts the config map as a volume. +**This configuration is for demonstration purposes only and is not a production-ready deployment.** +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: ratelimit + name: ratelimit + namespace: projectcontour +spec: + replicas: 1 + selector: + matchLabels: + app: ratelimit + template: + metadata: + labels: + app: ratelimit + spec: + containers: + - name: redis + image: redis:alpine + env: + - name: REDIS_SOCKET_TYPE + value: tcp + - name: REDIS_URL + value: redis:6379 + - name: ratelimit + image: docker.io/envoyproxy/ratelimit:6f5de117 + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 8081 + name: grpc + protocol: TCP + volumeMounts: + - name: ratelimit-config + mountPath: /data/ratelimit/config + readOnly: true + env: + - name: USE_STATSD + value: "false" + - name: LOG_LEVEL + value: debug + - name: REDIS_SOCKET_TYPE + value: tcp + - name: REDIS_URL + value: localhost:6379 + - name: RUNTIME_ROOT + value: /data + - name: RUNTIME_SUBDIRECTORY + value: ratelimit + - name: RUNTIME_WATCH_ROOT + value: "false" + # need to set RUNTIME_IGNOREDOTFILES to true to avoid issues with + # how Kubernetes mounts configmaps into pods. + - name: RUNTIME_IGNOREDOTFILES + value: "true" + command: ["/bin/ratelimit"] + livenessProbe: + httpGet: + path: /healthcheck + port: 8080 + initialDelaySeconds: 5 + periodSeconds: 5 + volumes: + - name: ratelimit-config + configMap: + name: ratelimit-config +``` + +Create a service: + +```yaml +apiVersion: v1 +kind: Service +metadata: + name: ratelimit + namespace: projectcontour +spec: + ports: + - port: 8081 + name: grpc + protocol: TCP + selector: + app: ratelimit + type: ClusterIP +``` + +Check the progress of the deployment: + +```bash +$ kubectl -n projectcontour get pods -l app=ratelimit +NAME READY STATUS RESTARTS AGE +ratelimit-658f4b8f6b-2hnrf 2/2 Running 0 12s +``` + +Once the pod is `Running` with `2/2` containers ready, move onto the next step. + +## Configure the RLS with Contour + +Create a Contour extension service for the RLS: + +```yaml +apiVersion: projectcontour.io/v1alpha1 +kind: ExtensionService +metadata: + namespace: projectcontour + name: ratelimit +spec: + protocol: h2c + # The service name and port correspond to + # the service we created in the previous + # step. + services: + - name: ratelimit + port: 8081 + timeoutPolicy: + response: 100ms +``` + +Update the Contour configmap to have the following RLS configuration: + +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: contour + namespace: projectcontour +data: + contour.yaml: | + rateLimitService: + # extensionService is the / + # of the ExtensionService we created in the + # previous step. + extensionService: projectcontour/ratelimit + # domain corresponds to the domain in the + # projectcontour/ratelimit-config config map. + domain: contour + # failOpen is whether to allow requests through + # if there's an error connecting to the RLS. + failOpen: false +``` + +Restart Contour to pick up the new config map: + +```bash +$ kubectl -n projectcontour rollout restart deploy/contour +deployment.apps/contour restarted +``` + +## Deploy a sample app + +To demonstrate how to use global rate limiting in a `HTTPProxy` resource, we first need to deploy a simple echo application: + +```yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ingress-conformance-echo +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: ingress-conformance-echo + template: + metadata: + labels: + app.kubernetes.io/name: ingress-conformance-echo + spec: + containers: + - name: conformance-echo + image: agervais/ingress-conformance-echo:latest + ports: + - name: http-api + containerPort: 3000 + readinessProbe: + httpGet: + path: /health + port: 3000 +--- +apiVersion: v1 +kind: Service +metadata: + name: ingress-conformance-echo +spec: + ports: + - name: http + port: 80 + targetPort: http-api + selector: + app.kubernetes.io/name: ingress-conformance-echo +``` + +This echo server will respond with a JSON object that reports information about the HTTP request it received, including the request headers. + +Once the application is running, we can expose it to Contour with a `HTTPProxy` resource: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: echo +spec: + virtualhost: + fqdn: local.projectcontour.io + routes: + - conditions: + - prefix: / + services: + - name: ingress-conformance-echo + port: 80 + - conditions: + - prefix: /foo + services: + - name: ingress-conformance-echo + port: 80 +``` + +We can verify that the application is working by requesting any path: + +```bash +$ curl -k http://local.projectcontour.io/test/$((RANDOM)) +{"TestId":"","Path":"/test/22808","Host":"local.projectcontour.io","Method":"GET","Proto":"HTTP/1.1","Headers":{"Accept":["*/*"],"Content-Length":["0"],"User-Agent":["curl/7.75.0"],"X-Envoy-Expected-Rq-Timeout-Ms":["15000"],"X-Envoy-Internal":["true"],"X-Forwarded-For":["172.18.0.1"],"X-Forwarded-Proto":["http"],"X-Request-Id":["8ecb85e1-271b-44b4-9cf0-4859cbaed7a7"],"X-Request-Start":["t=1612903866.309"]}} +``` + +## Add global rate limit policies + +Now that we have a working application exposed by a `HTTPProxy` resource, we can add global rate limiting to it. + +Edit the `HTTPProxy` that we created in the previous step to add rate limit policies to both routes: + +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: echo +spec: + virtualhost: + fqdn: local.projectcontour.io + routes: + - conditions: + - prefix: / + services: + - name: ingress-conformance-echo + port: 80 + rateLimitPolicy: + global: + descriptors: + - entries: + - remoteAddress: {} + - conditions: + - prefix: /foo + services: + - name: ingress-conformance-echo + port: 80 + rateLimitPolicy: + global: + descriptors: + - entries: + - remoteAddress: {} + - entries: + - genericKey: + value: foo +``` + +## Default Global rate limit policy + +Contour supports defining a default global rate limit policy in the `rateLimitService` configuration +which is applied to all virtual hosts unless the host is opted-out by +explicitly setting `disabled` to `true`. This is useful for a single-tenant +setup use-case. This means you don't have to edit all HTTPProxy objects with the same rate limit policies, instead you can +define the policies in the `rateLimitService` configuration like this: +```yaml +apiVersion: v1 +kind: ConfigMap +metadata: + name: contour + namespace: projectcontour +data: + contour.yaml: | + rateLimitService: + extensionService: projectcontour/ratelimit + domain: contour + failOpen: false + defaultGlobalRateLimitPolicy: + descriptors: + - entries: + - requestHeader: + headerName: X-Custom-Header + descriptorKey: CustomHeader +``` + +Virtual host can opt out by setting `disabled` to `true`. +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: echo +spec: + virtualhost: + fqdn: local.projectcontour.io + rateLimitPolicy: + global: + disabled: true + routes: + - conditions: + - prefix: / + services: + - name: ingress-conformance-echo + port: 80 +``` + +Also, the default global rate limit policy is not applied in case the virtual host defines its own global rate limit policy. +```yaml +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: echo +spec: + virtualhost: + fqdn: local.projectcontour.io + rateLimitPolicy: + global: + descriptors: + - entries: + - remoteAddress: {} + routes: + - conditions: + - prefix: / + services: + - name: ingress-conformance-echo + port: 80 +``` + +## Make requests + +Before making requests to our `HTTPProxy`, let's quickly revisit the `ratelimit-config` config map. +Here's what we defined: + +```yaml +... +descriptors: + # requests with a descriptor of ["generic_key": "foo"] + # are limited to one per minute. + - key: generic_key + value: foo + rate_limit: + unit: minute + requests_per_unit: 1 + + # each unique remote address (i.e. client IP) + # is limited to three total requests per minute. + - key: remote_address + rate_limit: + unit: minute + requests_per_unit: 3 +``` + +The first entry says that requests with a descriptor of `["generic_key": "foo"]` should be limited to one per minute. +The second entry says that each unique remote address (client IP) should be allowed three total requests per minute. +All relevant rate limits are applied for each request, and requests that result in a `429 (Too Many Requests)` count against limits. + +So, we should be able to make: +- a first request to `local.projectcontour.io/foo` that get a `200 (OK)` response +- a second request to `local.projectcontour.io/foo` that gets a `429 (Too Many Requests)` response (due to the first rate limit) +- a third request to `local.projectcontour.io/bar`that gets a `200 (OK)` response +- a fourth request to `local.projectcontour.io/bar`that gets a `429 (Too Many Requests)` response (due to the second rate limit) + +Let's try it out (remember, you'll need to make all of these requests within 60 seconds since the rate limits are per minute): + +Request #1: +``` +$ curl -I local.projectcontour.io/foo + +HTTP/1.1 200 OK +content-type: application/json +date: Mon, 08 Feb 2021 22:25:06 GMT +content-length: 403 +x-envoy-upstream-service-time: 4 +vary: Accept-Encoding +server: envoy +``` + +Request #2: + +``` +$ curl -I local.projectcontour.io/foo + +HTTP/1.1 429 Too Many Requests +x-envoy-ratelimited: true +date: Mon, 08 Feb 2021 22:59:10 GMT +server: envoy +transfer-encoding: chunked +``` + +Request #3: + +``` +$ curl -I local.projectcontour.io/bar + +HTTP/1.1 200 OK +content-type: application/json +date: Mon, 08 Feb 2021 22:59:54 GMT +content-length: 404 +x-envoy-upstream-service-time: 2 +vary: Accept-Encoding +server: envoy +``` + +Request #4: + +``` +$ curl -I local.projectcontour.io/bar + +HTTP/1.1 429 Too Many Requests +x-envoy-ratelimited: true +date: Mon, 08 Feb 2021 23:00:28 GMT +server: envoy +transfer-encoding: chunked +``` + +## Wrapping up + +For more information, see the [Contour rate limiting documentation][7] and the [API reference documentation][8]. + +The YAML used in this guide is available [in the Contour repository][9]. + +[1]: https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/other_features/global_rate_limiting +[2]: ../deploy-options/#kind +[3]: https://projectcontour.io/getting-started/#option-1-quickstart +[4]: https://github.com/envoyproxy/ratelimit +[5]: https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/ratelimit/v3/rls.proto +[6]: https://github.com/envoyproxy/ratelimit#configuration +[7]: ../config/rate-limiting/ +[8]: ../config/api/ +[9]: {{< param github_url>}}/tree/main/examples/ratelimit +[10]: https://github.com/lyft/goruntime diff --git a/site/content/docs/1.28/guides/grpc.md b/site/content/docs/1.28/guides/grpc.md new file mode 100644 index 00000000000..12f0d9035fb --- /dev/null +++ b/site/content/docs/1.28/guides/grpc.md @@ -0,0 +1,225 @@ +--- +title: Configuring ingress to gRPC services with Contour +--- + +## Example gRPC Service + +The below examples use the [gRPC server][1] used in Contour end to end tests. +The server implements a service `yages.Echo` with two methods `Ping` and `Reverse`. +It also implements the [gRPC health checking service][2] (see [here][3] for more details) and is bundled with the [gRPC health probe][4]. + +An example base deployment and service for a gRPC server utilizing plaintext HTTP/2 are provided here: + +```yaml +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: grpc-echo + name: grpc-echo +spec: + replicas: 2 + selector: + matchLabels: + app.kubernetes.io/name: grpc-echo + template: + metadata: + labels: + app.kubernetes.io/name: grpc-echo + spec: + containers: + - name: grpc-echo + image: ghcr.io/projectcontour/yages:v0.1.0 + ports: + - name: grpc + containerPort: 9000 + readinessProbe: + exec: + command: ["/grpc-health-probe", "-addr=localhost:9000"] +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: grpc-echo + name: grpc-echo +spec: + selector: + app.kubernetes.io/name: grpc-echo + ports: + - port: 9000 + protocol: TCP + targetPort: grpc +``` + +## HTTPProxy Configuration + +Configuring proxying to a gRPC service with HTTPProxy is as simple as specifying the protocol Envoy uses with the upstream application via the `spec.routes[].services[].protocol` field. +For example, in the resource below, for proxying plaintext gRPC to the `yages` sample app, the protocol is set to `h2c` to denote HTTP/2 over cleartext. +For TLS secured gRPC, the protocol used would be `h2`. + +Route path prefix matching can be used to match a specific gRPC message if required. + +```yaml +--- +apiVersion: projectcontour.io/v1 +kind: HTTPProxy +metadata: + name: my-grpc-service +spec: + virtualhost: + fqdn: my-grpc-service.foo.com + routes: + - conditions: + - prefix: /yages.Echo/Ping # Matches a specific gRPC method. + services: + - name: grpc-echo + port: 9000 + protocol: h2c + - conditions: + - prefix: / # Matches everything else. + services: + - name: grpc-echo + port: 9000 + protocol: h2c +``` + +Using the sample deployment above along with this HTTPProxy example, you can test calling this plaintext gRPC server with the following [grpcurl][5] command: + +``` +grpcurl -plaintext -authority=my-grpc-service.foo.com yages.Echo/Ping +``` + +If implementing a streaming RPC, it is likely you will need to adjust per-route timeouts to ensure streams are kept alive for the appropriate durations needed. +Relevant timeout fields to adjust include the HTTPProxy `spec.routes[].timeoutPolicy.response` field which defaults to 15s and should be increased as well as the global timeout policy configurations in the Contour configuration file `timeouts.request-timeout` and `timeouts.max-connection-duration`. + +## Ingress v1 Configuration + +To configure routing for gRPC requests with Ingress v1, you must add an annotation on the upstream Service resource as below. + +```yaml +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/name: grpc-echo + annotations: + projectcontour.io/upstream-protocol.h2c: "9000" + name: grpc-echo +spec: + selector: + app.kubernetes.io/name: grpc-echo + ports: + - port: 9000 + protocol: TCP + targetPort: grpc +``` + +The annotation key must follow the form `projectcontour.io/upstream-protocol.{protocol}` where `{protocol}` is `h2c` for plaintext gRPC or `h2` for TLS encrypted gRPC to the upstream application. +The annotation value contains a comma-separated list of port names and/or numbers that must match with the ones defined in the Service definition. + +Using the Service above with the Ingress resource below should achieve the same configuration as with an HTTPProxy. + +```yaml +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: my-grpc-service +spec: + rules: + - host: my-grpc-service.foo.com + http: + paths: + - path: / + backend: + service: + name: grpc-echo + port: + number: 9000 + pathType: Prefix +``` + +## Gateway API Configuration + +Gateway API now supports a specific resource [GRPCRoute][6] for routing gRPC requests. + +Configuring GRPCRoute for routing gRPC requests needs to specify parentRefs, hostnames, and routing rules with specific backendRefs. In the below example, route path matching is conducted via method matching rule for declared services and their methods. + +```yaml +apiVersion: gateway.networking.k8s.io/v1alpha2 +kind: GRPCRoute +metadata: + name: yages +spec: + parentRefs: + - namespace: projectcontour + name: contour + hostnames: + - my-grpc-service.foo.com + rules: + - matches: + - method: + service: yages.Echo + method: Ping + - method: + service: grpc.reflection.v1alpha.ServerReflection + method: ServerReflectionInfo + backendRefs: + - name: grpc-echo + port: 9000 +``` +Using the sample deployment above along with this GRPCRoute example, you can test calling this plaintext gRPC server with the same grpcurl command: + +```yaml +grpcurl -plaintext -authority=my-grpc-service.foo.com yages.Echo/Ping +``` +Note that the second matching method for service of ServerReflection is required by grpcurl command. + +When using GRPCRoute, user should annotate their Service similarly to when using Ingress Configuration, to indicate the protocol to use when connecting to the backend Service, i.e. h2c for HTTP plaintext and h2 for TLS encrypted HTTPS. If it's not specified, Contour will infer the protocol based on the Gateway Listener protocol, h2c for HTTP and h2 for HTTPS. + + + + +## gRPC-Web + +Contour configures Envoy to automatically convert [gRPC-Web][7] HTTP/1 requests to gRPC over HTTP/2 RPC calls to an upstream service. +This is a convenience addition to make usage of gRPC web application client libraries and the like easier. + +Note that you still must provide configuration of the upstream protocol to have gRPC-Web requests converted to gRPC to the upstream app. +If your upstream application does not in fact support gRPC, you may get a protocol error. +In that case, please see [this issue][8]. + +For example, with the example deployment and routing configuration provided above, an example HTTP/1.1 request and response via `curl` looks like: + +``` +curl \ + -s -v \ + /yages.Echo/Ping \ + -XPOST \ + -H 'Host: my-grpc-service.foo.com' \ + -H 'Content-Type: application/grpc-web-text' \ + -H 'Accept: application/grpc-web-text' \ + -d'AAAAAAA=' +``` + +This `curl` command sends and receives gRPC messages as base 64 encoded text over HTTP/1.1. +Piping the output to `base64 -d | od -c` we can see the raw text gRPC response: + +``` +0000000 \0 \0 \0 \0 006 \n 004 p o n g 200 \0 \0 \0 036 +0000020 g r p c - s t a t u s : 0 \r \n g +0000040 r p c - m e s s a g e : \r \n +0000056 +``` + +[1]: https://github.com/projectcontour/yages +[2]: https://pkg.go.dev/google.golang.org/grpc/health/grpc_health_v1 +[3]: https://github.com/grpc/grpc/blob/master/doc/health-checking.md +[4]: https://github.com/grpc-ecosystem/grpc-health-probe +[5]: https://github.com/fullstorydev/grpcurl +[6]: https://gateway-api.sigs.k8s.io/references/spec/#gateway.networking.k8s.io/v1alpha2.GRPCRoute +[7]: https://github.com/grpc/grpc-web +[8]: https://github.com/projectcontour/contour/issues/4290 diff --git a/site/content/docs/1.28/guides/health-checking.md b/site/content/docs/1.28/guides/health-checking.md new file mode 100644 index 00000000000..8e7bcdb5bb5 --- /dev/null +++ b/site/content/docs/1.28/guides/health-checking.md @@ -0,0 +1,11 @@ +--- +title: Health Checking +--- + +Contour exposes two health endpoints `/health` and `/healthz`. By default these paths are serviced by `0.0.0.0:8000` and are configurable using the `--health-address` and `--health-port` flags. + +e.g. `--health-port 9999` would create a health listener of `0.0.0.0:9999` + +**Note:** the `Service` deployment manifest when installing Contour must be updated to represent the same port as the above configured flags. + +The health endpoints perform a connection to the Kubernetes cluster's API. diff --git a/site/content/docs/1.28/guides/kind.md b/site/content/docs/1.28/guides/kind.md new file mode 100644 index 00000000000..dcc374b70af --- /dev/null +++ b/site/content/docs/1.28/guides/kind.md @@ -0,0 +1,63 @@ +--- +title: Creating a Contour-compatible kind cluster +--- + +This guide walks through creating a kind (Kubernetes in Docker) cluster on your local machine that can be used for developing and testing Contour. + +# Prerequisites + +Download & install Docker and kind: + +- Docker [installation information](https://docs.docker.com/desktop/#download-and-install) +- kind [download and install instructions](https://kind.sigs.k8s.io/docs/user/quick-start/) + +# Kind configuration file + +Create a kind configuration file locally. +This file will instruct kind to create a cluster with one control plane node and one worker node, and to map ports 80 and 443 on your local machine to ports 80 and 443 on the worker node container. +This will allow us to easily get traffic to Contour/Envoy running inside the kind cluster from our local machine. + +Copy the text below into the local yaml file `kind-config.yaml`: + +```yaml +kind: Cluster +apiVersion: kind.x-k8s.io/v1alpha4 +nodes: +- role: control-plane +- role: worker + extraPortMappings: + - containerPort: 80 + hostPort: 80 + listenAddress: "0.0.0.0" + - containerPort: 443 + hostPort: 443 + listenAddress: "0.0.0.0" +``` + +# Kubernetes cluster using kind + +Create a kind cluster using the config file from above: + +```yaml +$ kind create cluster --config kind-config.yaml +``` + +Verify the nodes are ready by running: + +```yaml +$ kubectl get nodes +``` + +You should see 2 nodes listed with status **Ready**: +- kind-control-plane +- kind-worker + +Congratulations, you have created your cluster environment. You're ready to install Contour. + +_Note:_ When you are done with the cluster, you can delete it by running: +```yaml +$ kind delete cluster +``` + +# Next Steps +See https://projectcontour.io/getting-started/ for how to install Contour into your kind cluster. diff --git a/site/content/docs/1.28/guides/metrics/table.md b/site/content/docs/1.28/guides/metrics/table.md new file mode 100644 index 00000000000..89405d815c6 --- /dev/null +++ b/site/content/docs/1.28/guides/metrics/table.md @@ -0,0 +1,20 @@ +| Name | Type | Labels | Description | +| ---- | ---- | ------ | ----------- | +| contour_build_info | [GAUGE](https://prometheus.io/docs/concepts/metric_types/#gauge) | branch, revision, version | Build information for Contour. Labels include the branch and git SHA that Contour was built from, and the Contour version. | +| contour_cachehandler_onupdate_duration_seconds | [SUMMARY](https://prometheus.io/docs/concepts/metric_types/#summary) | | Histogram for the runtime of xDS cache regeneration. | +| contour_dag_cache_object | [GAUGE](https://prometheus.io/docs/concepts/metric_types/#gauge) | kind | Total number of items that are currently in the DAG cache. | +| contour_dagrebuild_seconds | [SUMMARY](https://prometheus.io/docs/concepts/metric_types/#summary) | | Duration in seconds of DAG rebuilds | +| contour_dagrebuild_timestamp | [GAUGE](https://prometheus.io/docs/concepts/metric_types/#gauge) | | Timestamp of the last DAG rebuild. | +| contour_dagrebuild_total | [COUNTER](https://prometheus.io/docs/concepts/metric_types/#counter) | | Total number of times DAG has been rebuilt since startup | +| contour_eventhandler_operation_total | [COUNTER](https://prometheus.io/docs/concepts/metric_types/#counter) | kind, op | Total number of Kubernetes object changes Contour has received by operation and object kind. | +| contour_httpproxy | [GAUGE](https://prometheus.io/docs/concepts/metric_types/#gauge) | namespace | Total number of HTTPProxies that exist regardless of status. | +| contour_httpproxy_invalid | [GAUGE](https://prometheus.io/docs/concepts/metric_types/#gauge) | namespace, vhost | Total number of invalid HTTPProxies. | +| contour_httpproxy_orphaned | [GAUGE](https://prometheus.io/docs/concepts/metric_types/#gauge) | namespace | Total number of orphaned HTTPProxies which have no root delegating to them. | +| contour_httpproxy_root | [GAUGE](https://prometheus.io/docs/concepts/metric_types/#gauge) | namespace | Total number of root HTTPProxies. Note there will only be a single root HTTPProxy per vhost. | +| contour_httpproxy_valid | [GAUGE](https://prometheus.io/docs/concepts/metric_types/#gauge) | namespace, vhost | Total number of valid HTTPProxies. | +| contour_status_update_conflict_total | [COUNTER](https://prometheus.io/docs/concepts/metric_types/#counter) | kind | Number of status update conflicts encountered by object kind. | +| contour_status_update_duration_seconds | [SUMMARY](https://prometheus.io/docs/concepts/metric_types/#summary) | error, kind | How long a status update takes to finish. | +| contour_status_update_failed_total | [COUNTER](https://prometheus.io/docs/concepts/metric_types/#counter) | kind | Number of status updates that failed by object kind. | +| contour_status_update_noop_total | [COUNTER](https://prometheus.io/docs/concepts/metric_types/#counter) | kind | Number of status updates that are no-ops by object kind. This is a subset of successful status updates. | +| contour_status_update_success_total | [COUNTER](https://prometheus.io/docs/concepts/metric_types/#counter) | kind | Number of status updates that succeeded by object kind. | +| contour_status_update_total | [COUNTER](https://prometheus.io/docs/concepts/metric_types/#counter) | kind | Total number of status updates by object kind. | diff --git a/site/content/docs/1.28/guides/prometheus.md b/site/content/docs/1.28/guides/prometheus.md new file mode 100644 index 00000000000..f0b7364c340 --- /dev/null +++ b/site/content/docs/1.28/guides/prometheus.md @@ -0,0 +1,94 @@ +--- +title: Collecting Metrics with Prometheus +--- + + + +Contour and Envoy expose metrics that can be scraped with Prometheus. By +default, annotations to gather them are in all the `deployment` yamls and they +should work out of the box with most configurations. + +## Envoy Metrics + +Envoy typically [exposes metrics](https://www.envoyproxy.io/docs/envoy/v1.15.0/configuration/http/http_conn_man/stats#config-http-conn-man-stats) through an endpoint on its admin interface. To +avoid exposing the entire admin interface to Prometheus (and other workloads in +the cluster), Contour configures a static listener that sends traffic to the +stats endpoint and nowhere else. + +Envoy supports Prometheus-compatible `/stats/prometheus` endpoint for metrics on +port `8002`. + +## Contour Metrics + +Contour exposes a Prometheus-compatible `/metrics` endpoint that defaults to listening on port 8000. This can be configured by using the `--http-address` and `--http-port` flags for the `serve` command. + +**Note:** the `Service` deployment manifest when installing Contour must be updated to represent the same port as the configured flag. + +**The metrics endpoint exposes the following metrics:** + +{{% metrics-table %}} + +## Sample Deployment + +In the `/examples` directory there are example deployment files that can be used to spin up an example environment. +All deployments there are configured with annotations for prometheus to scrape by default, so it should be possible to utilize any of them with the following quickstart example instructions. + +### Deploy Prometheus + +A sample deployment of Prometheus and Alertmanager is provided that uses temporary storage. This deployment can be used for testing and development, but might not be suitable for all environments. + +#### Stateful Deployment + + A stateful deployment of Prometheus should use persistent storage with [Persistent Volumes and Persistent Volume Claims][1] to maintain a correlation between a data volume and the Prometheus Pod. + Persistent volumes can be static or dynamic and depends on the backend storage implementation utilized in environment in which the cluster is deployed. For more information, see the [Kubernetes documentation on types of persistent volumes][2]. + +#### Quick start + +```sh +# Deploy +$ kubectl apply -f examples/prometheus +``` + +#### Access the Prometheus web UI + +```sh +$ kubectl -n projectcontour-monitoring port-forward $(kubectl -n projectcontour-monitoring get pods -l app=prometheus -l component=server -o jsonpath='{.items[0].metadata.name}') 9090:9090 +``` + +then go to `http://localhost:9090` in your browser. + +#### Access the Alertmanager web UI + +```sh +$ kubectl -n projectcontour-monitoring port-forward $(kubectl -n projectcontour-monitoring get pods -l app=prometheus -l component=alertmanager -o jsonpath='{.items[0].metadata.name}') 9093:9093 +``` + +then go to `http://localhost:9093` in your browser. + +### Deploy Grafana + +A sample deployment of Grafana is provided that uses temporary storage. + +#### Quick start + +```sh +# Deploy +$ kubectl apply -f examples/grafana/ + +# Create secret with grafana credentials +$ kubectl create secret generic grafana -n projectcontour-monitoring \ + --from-literal=grafana-admin-password=admin \ + --from-literal=grafana-admin-user=admin +``` + +#### Access the Grafana UI + +```sh +$ kubectl port-forward $(kubectl get pods -l app=grafana -n projectcontour-monitoring -o jsonpath='{.items[0].metadata.name}') 3000 -n projectcontour-monitoring +``` + +then go to `http://localhost:3000` in your browser. +The username and password are from when you defined the Grafana secret in the previous step. + +[1]: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ +[2]: https://kubernetes.io/docs/concepts/storage/persistent-volumes/#types-of-persistent-volumes \ No newline at end of file diff --git a/site/content/docs/1.28/guides/proxy-proto.md b/site/content/docs/1.28/guides/proxy-proto.md new file mode 100644 index 00000000000..7753d8c5776 --- /dev/null +++ b/site/content/docs/1.28/guides/proxy-proto.md @@ -0,0 +1,53 @@ +--- +title: How to Configure PROXY v1/v2 Support +--- + +If you deploy Contour as a Deployment or Daemonset, you will likely use a `type: LoadBalancer` Service to request an [external load balancer][1] from your hosting provider. +If you use the Elastic Load Balancer (ELB) service from Amazon's EC2, you need to perform a couple of additional steps to enable the [PROXY][0] protocol. Here's why: + +External load balancers typically operate in one of two modes: a layer 7 HTTP proxy, or a layer 4 TCP proxy. +The former cannot be used to load balance TLS traffic, because your cloud provider attempts HTTP negotiation on port 443. +So the latter must be used when Contour handles HTTP and HTTPS traffic. + +However this leads to a situation where the remote IP address of the client is reported as the inside address of your cloud provider's load balancer. +To rectify the situation, you can add annotations to your service and flags to your Contour Deployment or DaemonSet to enable the [PROXY][0] protocol which forwards the original client IP details to Envoy. + +## Enable PROXY protocol on your service in GKE + +In GKE clusters a `type: LoadBalancer` Service is provisioned as a Network Load Balancer and will forward traffic to your Envoy instances with their client addresses intact. +Your services should see the addresses in the `X-Forwarded-For` or `X-Envoy-External-Address` headers without having to enable a PROXY protocol. + +## Enable PROXY protocol on your service in AWS + +To instruct EC2 to place the ELB into `tcp`+`PROXY` mode, add the following annotations to the `contour` Service: + +``` +apiVersion: v1 +kind: Service +metadata: + annotations: + service.beta.kubernetes.io/aws-load-balancer-backend-protocol: tcp + service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*' + name: contour + namespace: projectcontour +spec: + type: LoadBalancer +... +``` + +## Enable PROXY protocol support for all Envoy listening ports + +``` +... +spec: + containers: + - image: ghcr.io/projectcontour/contour: + imagePullPolicy: Always + name: contour + command: ["contour"] + args: ["serve", "--incluster", "--use-proxy-protocol"] +... +``` + +[0]: http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt +[1]: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer \ No newline at end of file diff --git a/site/content/docs/1.28/guides/resource-limits.md b/site/content/docs/1.28/guides/resource-limits.md new file mode 100644 index 00000000000..a531221a88f --- /dev/null +++ b/site/content/docs/1.28/guides/resource-limits.md @@ -0,0 +1,161 @@ +--- +title: Contour / Envoy Resource Limits +--- + +## Performance Testing Contour / Envoy + +- Cluster Specs + - Kubernetes + - Version: v1.12.6 + - Nodes: + - 5 Worker Nodes + - 2 CPUs Per Node + - 8 GB RAM Per Node + - 10 GB Network + - Contour + - Single Instance + - 4 Instances of Envoy running in a Daemonset + - Each instance of Envoy is running with HostNetwork + - Cluster Network Bandwidth + +Having a good understanding of the available bandwidth is key when it comes to analyzing performance. It will give you a sense of how many requests per second you can expect to push through the network you are working with. + +Use iperf3 to figure out the bandwidth available between two of the kubernetes nodes. The following will deploy an iperf3 server on one node, and an iperf3 client on another node: + +```bash +[ ID] Interval Transfer Bandwidth Retr +[ 4] 0.00-60.00 sec 34.7 GBytes 4.96 Gbits/sec 479 sender +[ 4] 0.00-60.00 sec 34.7 GBytes 4.96 Gbits/sec receiver +``` + +## Memory / CPU usage + +Verify the Memory & CPU usage with varying numbers of services, IngressRoute resources, and traffic load into the cluster. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
Test CriteriaContourEnvoy
#Svc#IngRPSCCMemory (MB)CPU% / CoreMemory (MB)CPU% / Core
0000100150
5k000462%150%
10k000773%2052%
05k00361%2302%
010k00631%101%
5k5k002441%2211%
10k10k0026006%4304%
0030k60081%173%
00100k10k101%11814%
00200k20k91%19131%
00300k30k101%22540%
diff --git a/site/content/docs/1.28/img/archoverview.png b/site/content/docs/1.28/img/archoverview.png new file mode 100644 index 0000000000000000000000000000000000000000..f79bbfe1b4b3a7f0de886d7ce059722308be3ab4 GIT binary patch literal 78807 zcmeFZWmuJ4*ES3Y5=xgKCDN&+G%6w8i!N!9kd!W^1?g@niG_5BY`R-or5jm<#A3a3 zvG3=(_x=5TzwbD{p`<*kcd1Hq4c9-w^E4D z)QoLy1bX>2TWZdI(sOY`o<^HY9x3nN z#LpeH!cu1uh!&2<^NbbG>^norE}KzAMp$$KC}{uw<1Kb^!@-6nI)Nk#>c9VZr1KT) zKmH}~83q>QEt<2)KZat_Nmjnb{eOtVAt?KWzUKaKQQ)TllWxlY5Rd+ggifa$yKn#B z^FaR88NvS_bHn(Fwvd0!&Dm>FOW<$7po+nSU-6i;kcO zrISrr(n0n=Mq@$B{;_Z{TRLUbAgzpm#pwSSO;DzD=RamEnSq90`V6&^`aed~>3qHW zU&Wz?6Mi>~`TdapWSTj=I5zJDlDDov*xK;iYUOJATajPX0i$5MwKk#9*T}5oS?;o| z)O2G$U8%e7x&;NxWzdpKZSPrJYPXXf$YdI$n3kq)5LUR*Q~G;$4_Ou3l$%0$YeGN16!`&_FAiX zTPq;!sika4$~TQ$lpD)-}2r6)g1%fDU12}7=MYk z?3-+8w_c^|Pu|fUef)DI#`duR8pyHeKDh_}yfA~MC7hNKT}UsyuIZZ{u%*;ROkBrg zWaAFfp4$~nz04%7kQO&o*Kggg49bJf+tp`!Bh-xbebv3~51LlKXI7!j@DO?ywbgl9 zYnyZ(NA|EQY_clQlz6{A=pCQkB#V}K`K@W?hd3^8w)a6}PsP0a*{DaqM2ml&?e%l1 zRv@a@${UVLD|GXzvS5=n)^69f6p^u))?_PDZ?YIeZ@b!4cr5$HD zMYVCR@LheiR)?Frq{OSFXjNguw-G}cKdcWsZ{6ecUg=?UJ+vh#4@1vf^QHR?_pMG+rg&2;sc z*iZ3+dfwp^#|Md9qJ%<*QXyfl41-75T-}*7ObQZOXvyI9XLl_=Oh+_*m_EPH&LXUo zaIk5RUn5*!Ff3a;0h>iM8L1nKI6BY=CBh2T!!Ioi?WZ-$gR~S_bQW?1J^g<#(oTpy z;uJx}w=F2-Dk))egl2)sJ*@2$GL5~HGy`c*IY@K4*E38~ATWY+B78WEq2iZa=9Pi6 znbhdqld7%5r)JlvE5){BR~p<;=`Xr3aLBa%V%*CT{;je0cMZR*<~Rfr@54kteOf!c znpuYh`CaVHjfTbWGJv|&ym*2M4a-%Zj@y6nuvWc3^`T~bt^QJ;)v~*TfMc;{Jcni; zrgcHIp1KCy7*<_OT?%omX_~ZgFda9{TPI=UDXFNNZxPx*Cf$urOb*g=cs>r__$sdu z8rt6KWVCem0WlMLh;P*|7uc>s-I6)G=TT=NSEr9NYUcnou@Hy>2yTDnO-9;yORT@C-DttM6zDOAAFz3BmTWaio&`7GByL}(>Q!?B4j*=Z7 z*6vYOl7;V5gTqq$ithDdy|TS0#wtwugn#2JWBD2nwnF*Hjz+b`SxjlW9`S?6ueH+c zYG-;eYfj+{+}d-^mM>+g1vL2u>{q_C@78uSx#{Z-P_pWs;uIfMJ5G-nzILz?Q5%kV zkAWi{T2El%OELB{dHGAGe)~-m4?FazJGjdf`^{8JbWd#+t(a4OGlD( zJ2+L?-$czYVTMB_%Iy;_#piZ%mU}dN%E%K*X&%;1)e$9qVZ2vL=26oTN)k;=hBf%;b^p9mgU$HF z2iTBR;7Q6;vnt{A(msP2ib<836UuVwLx+;1hY&g|Q*ROLuTeHi*&&-(6(jT7>~<1r zrqp#+S$dbhCKWQp_eaUu;LL9QFs{245` zx7kW)@i`=h%HJuT6py;&qt4!ppBtAVvnep`yx&6m{s0YoGemhO{PIKYx zmpip}XXANEI?Hd2RK>25XI&>N!A%%zOJP{9v;Mo1Txhce#dcya?WXg zn66jS<&n4)cCpuvK}$Pb9AgL#!#Sjy2~1An^68244PJ5CfF*sg8GcY;o`ScFNL|sE zu!7Rqu#y&+mSiQ*NGNVop`uT4Nmj~Vk*K1erE-4KSJiw>kC6l+UN+L1-rg*vcPyUq z?_ui}fp`^!@i@{CuZDAS!|Vc|p4N`G*!n%H&*^Kyj=pRRgV-k2orH46@YbdsUC!HH zjs9G`ep?@*USt<5EpOfqA!j|+@l~4sI_`LKd>qL&E6=rLa>{b5Guht6_6uTuS$>F}B`sI_hH7T!(Kzkp=rFgibi$$q z%_QHUe*PhUjH{*9>3kP9#jeM-z=;O^?9?>G_`7=PMT=@_ozz;%v=DBubo=iElcE>v zq*3j%k>ZWR&vrC5y1s9X{@C;DAWRn!sL-!`ZY+P`@SS0Is3YcMx|@LZFig}TF6_&j zrDP)tGPed;gSko%1O3L=#-J_tM0KmFY0bIjrV+DL`<@47(DI5W?K4Z_z-L9A6C%s>h7*4b7WjOt(`k`Ht;4E z3t)C^CFYf_)Ox%d;>yRTO;{THQ_BK>;XAx|M<2SXH{o(kxrJDbmtzTj7 z5V?W`+dO5Slt{Cb70?J`>3VUwL_G=K_xa*Yf-O#aF2|f)q_DmeKM3K5*6u}l!CDKw z9Qw7*_!kL#^)$$JSNe(vMW zQ_7<$;L}GjX6Kxg>QB;JBZ%$5R*=LZsp9~qAs7JmJhwMRkND2w_%0q>xj9* z(_tHeQ{$mzH9mz_g>WIU0_eD2xvG3Nm)=JRea!4Mgmx8uaxsXW7n4|ViQc(%W}c{E zq+VjPXw7^#REg%`O~o-z?|yl0Rd7vMlXSSBRwUIMJUb^mC7ZL4zKX+2UwWlN$yteO zYE!i@yyW(aIfv8TC+n?GWks-9Jk`S&OaAiO-%qnzjw~3>x?8$&x#oa9_@ZDk*4!f~n-Iq!36QkB_e?}o@1%1i zU$zS;5>H*vctKBwvlLn`o-5Si>d9sj8dKLzUH0v=?=pE)+-9e5m{yxkemX_)!+2*t zbM{v~+Om_v&Tot-U>t7DumB>cdEX2&3CVP`G zb7o4RtbcZ0pK-E#P0}cYl7^&&-M8l|y(CMPFe?7}m_F8m^ODlk ztF%@o;b$%MN#fp=WqXxs`o5Cd{?LP9G5-qZi~TDHo7ETF_MX9xu|VBQHBXW;&UGYnRo|Cc`O4zA*2d z@;mQYzSea+v&rLZUvZI*7J0#O`X0Lx)ndKP5H@tY!OwH!6T2Z%iUlz&$MK5}Kmg)# zlWisw7Ep?jVL}Qoo~sOc+nYKXQ^P7slr)3M-ddHpE5&~CxvkKvt9LDJrMUa;yAMVs zev7Uy%qM*QWXyJrbG0~_Xk8h-A-}L8dfP6^Q$wx&6ju&cv{fz|&rA+wre-1f8)7EQ zexZ1?ft7Hb?1|&q%8AjP%G2?QeN3Olr7p(3$3GKA^Q8+pOUm0CTBUi)a<_= zT>HP-!i19h*x7Vyy%L7}%yy{WLfvwO2*GxiWQ2U&&GJ4d+N#Uw!XDz1F|7#SC7e4Br8?&P2>}nlPHos*o)k0$KxD%AU-mdQLlpi$SC4(5xOw+RMW0qP9D(E%~ zi@b4vW`oU1e{A4uUpseEZOj?-hD$J}m#d_lX0C3uPdE%G)7|^Ssvoo75(OL|e;Qj8nMm`vtQms z7fRIUSSN*L*z5j`b!_KzRP&x)Cne*Y)Wf&^&gVVmts-WD7;J+@;6MatXCW#PH>t49 zmm>!W#AQRj|LpHauaiZ$zpBYvUiP@ZPD%n_5M`UOmCYTFp1#cNiY9NKasCg3_C*3`zL-T$Tderz}XX?*w7 zUU^Ir$gqR3o#Y9*2tKuL4b-APuWqFvDP7`5O6}4Q*02;ezat>>y&NC<&Q5KbnXo!( zG)DTc0$5pw+oX|GWLbRDQte{U@8qy8cBzxZ@fdLd#HxIquj;+dFQr0ARg-W#i znz@|ck*L8j{IHrOm~HP&bGWzDa9P}2q9>+jbv}9gN5}QZq1lWd1XWdDxO-dPHNU7eVuGeGdncM)qtHt?g4O)i zPwJISO|w6`wQCJO&%H27+_-QMGAI}}C837@oY1Yb-Q5uV_Fdq|8fldOtH>L-1!}IM z(bE{TyY771llq9=)gBhLQ5o8I<3^Qwv|BTXe5JK>!@H5@{xCzCBAW0q&=Ang*UH421 z#X?(mLrBRCztk91NK?0duG{&I`y!OMOhB|;374Jaazfl7Z=JBbB1p@~Z``pqu2~;1 z^_lP&?#Y>6rY9j?RVx$8rN&Ps>>ie-Nzju18AC5k+}Z3L&wgsB@4@VA-!V2GJq?n7 zmH8Qxml8{q8k#xVXVF?5(IZyFdH6k*_W9zoNn0kqmLj3hPq^$39)Iq;A0 z;gYY6*XtsP2eBZzh1h*<*U2#HUUB)Kik+k$MxIIouj9!b-PQ`8W|R%7<_r$4*DsP; zpIqL1vqV#tv6`OQJDL|b>(BMqfS?GAnq$uX>WtE}FyW5p>)=bHY1DSgI0jXf^BM0p zsM4NFbGX@@5bmhOV9xhCE{JH9RuAVA>*~(69yq&ehmevOLZxoL&y6I(=IXb4@$-8L zecwsD{uy9@;88*57ToCWru>rDMbS&U({`)xw}@Vn-^wB}+>@(_6Sm>6q}+8j61%%k zU4JmOaO|t^|Hf}s-x7Dw_(`|A?ber!5V;M%t0(x>e)XOlyDE8abT!)b7IH>!>jHWh z&!#Oa=pCEZ8#{$?r8j8roKf;x#@E_aS?SZCw;Afg52d0?EGh)CAhGes38K2j8or-- zxxb#wEqCIcIV7H>+qX$J3$eI5_6```qrY<}u#kD#%jTvksVTi(oX$3M(DQm~j{)~! z>0Q`c-t2r^YlHKU)&)wp<7}9aLb=;^+y|H8%}jxJ($q#@t@A_H^A(>&IH-gh7=VoS z&_sBb|FT9N_W7-m>A3fXQ~Z|fb;e8mA>R=RytR*%^_dRpv~zZvuBo+n!B>@w^H$8s| zwd5^if8}A$npSX*p_B!0)mBK1gJ%l9Q^vAC_by{n#JYcF{sGQdiY!Hxp5ZlDwm;L}y%cbKq0c!k z&|AK+N}?tddl)itTyzP%b9#Cc4usRu2SG2d*QPM&P`Yx-KX%D-a~7mkN{l`ndq5vq z+ZSdj(W=g2=g<6pV}o4!l(ANif#BlcNkOz*bjP7}MH)T_R=XA6>&gYPT1hF|vFrAN z3Q#P2N8d9=q$+>~8P8_r-8Hb|pB5UfJpC^05hd)t?5f3_S8q=dEH=A@3yBRNrp}x9 zbgjG)DWOb~UQB3lprNqW)rtLNdsFYC=_~1Kw9DOU)P7%|x_(&{e`7GGx8}O-4R@Bh{lGzm1zuMsDP)Xd3pqw7^sSGa3krSMAd5yMTEnfaK6sFn(Hr0WGDW*% z_r+m<&}>HkKRT9bj1bb0J?OC>nLs|7s8kJLOUgoP;FN|nl8WV7ARNg5+!LV;LX`EMwyggxceJm5zXOzi*6jvEn zoqu_$8Q%2dvf(s(V_@oyh~7?IlG!)?8yT$_3ydoN!@c`G&zP=$e=7_LdA>22`Iw6n zv6Un3*Z#TgGP>_DFzD@UL@_KK!KAGLbW>5cDSEf}(TC7C)MKcyg2h;FhPrlgrCl3K znq9liGh^f422lU1=7=>LiZ(d$a-#Vid82D&dNsSy{CvLYO=~)J7>%8}Qm2RQhQH}EWt*a7r8!xys>Evl2<((0XM}C`cnpOXKu_3-WHF9vB`i&oKy9#PhqQqvR z+M^$8fjo9w#pLx^?@xa)Dfrf&bgLQ5_@Bqk-nD2mE?L>>2&gBEzA4;)=8i1qCK)B$ zw{4cJfAlJqEgDKUS}OKxZ??{YhZ$gUCyM+U<8*}<4p)D>+^r`YxoT<+X2}D!iZcGP zdwXe1rQ3#^#;}FD)&;-SdV5u`qa@#lMvm|vXLzD=<-`Qlm}2v;-$AR}5*|F+^}O%= ztjD~)rDY~AOKHK$9z#^d8$=BGEMvq^JyNp70$Hj|=k7sFqc zyB?z9t_VBsER>fF8%P`TB8#FE50+bOOrQn!D$1@EyCW%HRdq`6!P!&FKW0!j3E>#I zv(GA5)iRKVl^;gCNv<2y@suJ>Rx#II_1L8$9|cEkeCqA9Ee(vz2A0|NOQCrxSGz6# zFe};p3a{a`!@OXd1@9R|)}o1h$)gXep?dRr#J&VF+GZnzv>s8A9pjC`!d<)4PYc+LQclp6()aew91xSlSmbHYRQX@NEhTtPj z0+dO{d@8I$pVtR)+fo{K$r{iCv#{@Ti@KV`;~}^&)z-I?(3EVO4-P9%%kCb$KtVkR z!xklEHN#NQDCkW5E9Ab(+I$Vl^u+cUpx<_KQeSA_9IZJ*Np?x$OX%+di)kw`AopoP<{r z*^B*+rU6Z>O~>0(=X7@drLSTZsdqr4HXAC>+?v$Gwnd3lN=GojKfW?0BeFNQO~Qgb zoIy`tAV0;lUG_NK7fQ@Hi&-^&s%`jWyPDzb<>amA#EIy1F06SdaDdf(QVfh6`xwgB zj}wuyI>Gzv)Kq7iy(n3+jsLOCAl>bpeu3A!yL*ShSWx5ON)va9l>E*UxFd>)aql9u zjrG?t-HkXdv6{8`^@oBNX^E2O=va^?mtSniRXoNh46)37Kn9;>@Jod<8`SpIC#h>E zBr7&`5@Ymrnj8PmSpW@&+pz0kq=}hEzaWI0`c?YFR2Gze8ST(8Vm8K^Mdw9wHRv#r%%Dr8? z966m1V`d5-a)%tT6W+5SDx^k^Ak!t~kVp=VBsXR2fjO0;IxDZ2Na0SUKzKRtOC)wB zBQORAEYA(&Cr{$S_ELXUh|Oh^Jw-UamUcSk%%Vb(zU{y>Xa<-hswz_=hqtgg{f0g1^rM!11n%_)8=lqdF2I2GA4~a4E&e=?qR6qeYOq zZwG+C=82EG1Lm?7*ugkyb-4Jz!3&C6@2v0;wP5Y~IPTYOz^xwo6oE9$5s`cuAnh{) zpLf87Qg&oqn-hZ!UD>zQqT~#X%#;~xj9bts0MKv`lhx7#&|s5bg|H33{rQsUJA+bq z7>>>rz_CCKq>2)0a`%bpbS%EV=QTiX2NwFvM3~eX0bkss9C3#?6SBh%4SznG*C?mo z>h=H}Y-n^bD#iidc$Fqu*>cRK<}5!UoMT$;czS)TRQ}e5N%>6xaxs#0yZ|DpPe-GO zz~3stwk1wV$+1$g5{x;!71z9z$MMR$2VO%#B?l@nc!He(W{UOsMGk}OYOXw*N>Lv7 zr8SwVJff+^{P^*^TjTs=3~~a5kmY+YnE*~zJvAX?JD~^BnmEObfie^x(~R-r3Kr0l z56GhppS*y!c80eJkyCAytn}H)mM)=SJxsxqj$AY%R?@_moSfWY zeRR(z9s|mzLCDd@E!H~8ev4Z+u%HsvLJ*Q9={}-$j+HG)pV-)N1Xk1*^R4E| z83%*@UU9 zk|qhhT{!_*`HKfO=-@4nB7FpM z?_+|OpP(`3>N2y9pXdLSM|CeZ5aJ|3s`4*pa7<-1rWpxWZ5(uVHd7V`neA%hnQ*K0u{+??_+t%73_4YJOl|X?Hh*d+vrB2eO_!y1T8JFsSd`$jEOHJLU z?25hM1#;U14*=+z^8W&qHXr~KUA}0TBCos$gPy1F&boTut9)w;N;XbE+WWTrK!j_drM4>eW{G3Tn(Ny`1gqm8lJ3<@^Rn`XhtBHLTp)~G?GyU6W5N|AKB z9O~MmE8rw9JUh|3NLY}UTq49#z7%7*wWnp^t33VjC;+=L4+G}poWWwqk@v?S+JEDE zNwxA_n14vuE97*CNP&?aEb=-7p=;kw&f#kBEhBcMPjG(Uyt=T}x;#buJho9=V zQzi$Y$>14l!u!9qJ2vbc@qSc`-iq#*8EUy7EnB8*XpC&%7*cc;IMrbB7a#8{AUaJ_ z&UzzNeu|H9Zqcq*!|@H8o;gIivf)`>bHm@k$R7BW`eCe7;4NkDU3>QI4SVy46xobh zS@KCS;TrWv=EnWH!(-DIMT%U1K5(uv)dMNOv&5qnOgdZ^)NxcRbj$f?Wprkdl|uyX z`prA{NRz`CC&?P{!3aq@I53ElQB+do4ic56xTRVf-j%k*DXy&bznH4F<8e8OLeAtU z6o{sU^|1iaU1$Zlx*9cGIQaO16RRYuc_Uo-%4yVAynl!HPci^Jl)tx;!&tDj(lihb zlJu(>;^eX2c~h^;3+hHGcRy5Bg_rUeVW5C1bi70cTqUvs`hb9Tba{5mtlZkm=60EG zYa)iDMzRvpajg}{G`EF}aN>tVQ(VKhu8BboLcyhdS|^WH{VZB4Q{de2@gz5cxsy%pi0j~zPl_oX~sp`d^IY>qa_V#%WGn(EBCjHJtgvoC)vBqp~q-mqa zJqFA^n!Owu1NM=ITNIw8{*E9_TQV|hiKLP%^X>R&=&F6>)!!rlV6ofr)ja@A$$GGC zHvfWJ(fRVoMy$XC?3VI`wi=`(UTV%L{aZLA5T3-bj})$kMs6%*w_7Oru7ZXC{sVL( zt{hF>V)Kc0Y{%rgx5AqM!`cxbB}cw3M$Uq(1+k5l6LSm{A>4Wq;M7fo3~&={Kq9+D z=HmcKCM@(ptNomWn{2Y}Z0uEwC>s(wg95_r3PMS`Nx&Xb+t40JfDSD*12YO8=e@{ z;}>*>XfdHd-LgfcE|*BS@F1ZhS3Rr)7FU4Qd7KJhIh5coZ-rGuIF?tajn15i^0#9* z0Elt+wE<`HfFI)1^lT>+8ZSj}-mCl=#rj>g?b5wbRNNy_J2dvUn_X<7Wc(iQ{;${W zD!hLDC_wN1Ab2xsB-eq@m;s_QP{uFRuJefgp*QKzqo*I7O>T^;Y=`w4e_bwk@kN=6 zIC5X@r?M-oAasoUS}SDjKf?-9AD+kON8)`t^w(ik8S;LbS@73feUmsz#!1n$hd*ym zMFuJZzs_+RBC*lPl}bffO!{5qtc5L_|f*bfo57c-Tm+#7LR1= zHIH_214>HD^$9yiInC;AYpVk5R+VDcWAE*)3~_*!OvQZmrkHmaEPp9%rcNoco}0Uud@9qtTfb zHa$Cvs@1xx^&i6p2TSO0GQL-@;LWss-)49B?B?65s?e&mmkH+Vx0H{& zVkG*nlgS40+5IC7>gEdXm@lGU&6&Ny2`#w%ki0L8wo-h)Qy6o@R`%^mkz42-mcU6b zj3k^quK<#s#}BK5Ep`J0Wyp(=pTkXzsjVnFXu5{gDpFm3rrhq6QEQdHTg#te#^W*n ztXlv5mPwUQoOkVKb~X=N5MLK>e#D1qF&-qNER#oIa_p+$3u(^n!-9O7S_Qt2BCysu= z{$+S2==9K+#Y5~m!FQV*f7w_jX0dwOmub=PZP$Kyud-UC-pL$kXMeTE6!j9)rBVO~ zGf=#3SqZotTcC;c#w@+9>X%Ce83{uS_Q}nGZ0&yS6^>-;`UQEkB#XoQhR&yNuD);1Yc6J%Nc|TjFPd3|+0vobH3G-yB=B ztCx)N%E~=nxk^Z2{?n03(>?g|hKP`z^oqAJz_k;7SGJj{Y$V#O-FseCA4J!zPf_~fXUv&N|SFd@$br(3YJ{I71WRwJhrBMPkfn#PDBxM}b7}w^x+G5iYJNjeb*?O?_ z3VQ@k^JF!E8iRdvR{Od^o#vg7QK@N$=fwC~#dIb3VJy9rVa-A<%^i~;@8~P6cQS7-v@fbv3ZMQlo{xdMo$=VG)BzN@*AJP6?6+o6 zmu`}`ajA&ai}R**G518zYbyqnrntrUmR3hj>#h`#-rz#?*0@PKf3e43rU&#Oz0`f+ zVl94r<~0Xis-mNtv|2{Mru9iHje-6L9&(F^ql+(&JNtyD4G$v{lev{# z7|C0BKmjSylz7AmxG{dTR3|nQ4{@{FLz>33K!Obm@yA+MJNmH%q;Mg2*q^1Q5Si`x z$>xjsLZ-&!9uae;sgi(=S)$)8ITv^pC7T&+@XNEWS9;AAoj2m_n^({_!?qU{jq83_ zR)tv#qasT;jxNRBMaDjii5?PhY0?QTMy@P6d)vh9@v<)mk@R2`@C~v0Rb^nZIWGez zA_ih=lk8g+UALZJ@D!S4CH?%r5uRBUD|#!xyEwQa<=MRHHD6aL-7{WrFYQ$K8F)MK{X2ty zVuQh0}Z7vX|lwPVb{6oId-U!|{2{Mtoz91&s}SCZ0<3SpO)D z<;E6R(K;Q$%YEQJlhl5*#9? z`&5Fo(oD~uk4P)U3b7QY&x=;FW#)^P#K+Lo=}A!Gym7>L+!O$+MhSFBMsQ@_i;UnA zx`Giin+&-&X;O3!sEHQ1-0equO$`t8fF*!;!@%W=ZUA8{hUauTPhnK!J3S11O7U2K zagIGu4Yo4i+ur@3cR_A;d%xmUAu=t;%R9mB-wUoI+$xbANrT?Gtz<5b`rc+|4{<8Z zy1(2qX$FG(T5W9f-pnPQY0^1GXe%Frx`%uDj&I96uTlWrG)>?`CR;URSdgJ6#Tu?I z3{*jE>(~O|A50y-gzF($i3Cvg^^?dbV7~^e1RU*eql!DKD>$O_cyvvkv*?Hl$D=+# zUP1YEAJ{gJrVU692&@T#qI?hGYV&SJ5!;wO@*xG9N|AoJ!w$R25YxcLK6JWvK9 za%P|YlFtJotCh-xx}cK{p+J`$;2+2-V|Usa@DQkcss~!Vi9y+oUiVy(Sn^+2Ymh_i)?N#IoM3K zf^dw!9u!s(KhlC&kY${suOQp)jUNOFdq*ph&t^*X^PEFoS%?$7gFYQ|gi?^h53FdT zKHL_uD?ldK=oi64fQo+2M!=Enmd4`SY~0)1Fu`u3`;&08Fau`mRhr|0v@I8)w^ZKQ zC=vik7FD7&&q5;p-VX(8aiJJBeL?`dsWdcb1<3G_1?q&J4g)L?fK(<`;r$-9d7Pv5 zPQUc;d>>`Q)3j+a__&moCOMJ#{R#{{D%0yO*f<9wmP~h-th#S8k$uVzUn2Edm~v=w zF_>vLYrm9`Bi9xT)`nl*_W-Po99a)_-NG=jl%I5Dn`c zgigmu=y^gyMBj22HTs957e9QzmMOf@7-^Fr%^b%Bvks8#1zQI}{`f;3l;Tq1GaEVu zdMBF6Nw0LbNmO~5Ip(wh--b=PCOu!d^$^3z0cgkp&Vds)iTSk_hep%~$Lg%yq-gTX z6MBYfgc&EJny#|6x34b&6}pXvBNJ$FTr@$sR8)&yNI8Kj^XxSX9W`31)D$P%qO0`9 zluMg}Eb0mH$)NNFwmxDSSuuF0m;;Kw9tGce!|@P$Qu_yAk68s}P&tpA!o282KAm_N3bzCQv&uN_#zz^$i6ZQZ^&% zP0;bg8#QEI^^++8%l&kxkVxbjb->u4{rRrQo&Mj$e85(&K`rBW)PRQw`M?9HeMO1& z4$}Mju!9HtQ#?tDC){t-s8=sKeR)t&381@oCz#{GZb99;X?NRfNT9n>j-2i=>O`AHo4W$kcY@K8&8(o zH6j~DKnw%mQE~SbVYg`dijDq~mzGei*WD}m?{3sX{Xqjj$&p__24C;5F0i;AMuU?8 z8S+xGYjyFiw~I|?59+=Udy}>RBm%LoKv$NHwTutcSi#-nnE&nd?AH?Z;T$?mf7tXP zQMp<~I&~m7575tWvI4PNx$lwH-Apd|70RWQDs#n)gkK1z&vz(qo1Bt#fgl{9zn&nu z9rqeT{$-+|O>Dn=sh%+nTc$zMcN*(k9)J?~7x30ZtFPE^S0zV;m889#o4DLc|IAY= zt|>s43zFZu|JcNw6o8Y zY}mo3K1cHEulJ7b(z){Audaz^wC`byhj;S2X} z`HMe;hf-1!&%6#znLig02;Y{T|B-16p^diJo!nup>JsmA|I{Yb8aIhuPCup;Nb9G^ z=-75%5~iLVwQSetzSQz@@NeCM*x4P}TMjlL;PKHnJB8YdLvR8W4F|1)KvYb&aytBq@F^5SjXQ-q#Urgg$CC}C795U2)#ztY-VBGAcY2aVIco8FO{+Cg6f8m|G z-)E;dyp;TmY6or(F&$df+(#eI?>`m2{EOH5x7KVQ=WOC&@ipO68}}p^gO0^~6fejQ zUe$vTvcxNi0ETi8nDA`p&QB3`Mvp$OGasmKGh|44MhtPCoZ-Du!n1v{;_6KediJu? zl{;C)+DJwn4(bYw@^S7U7UpBL5S68UGsV_{6uC@i+I=(SOe$bVqAuMsvA}tU=!#kI zi@%|}xH@30UwP&moF@Dwztm(p^HRym^1ggH3(Q~GQ^;(8E3UAR2^$^FumW)~Gi~v5 zsRf*5Q)1yl9`zw&0Ifd)2GH#V_xl=zbbMj^&W-RkOp9e0cRzEs@1s>bN=B>eGxRx^ z`o+G_t(QFu&Vz=CPufP_lYUZ;KMK?PxFdV|Fyco(Wn?U$xiOh6`t-KG7S}%g*_%Bd zXkBmma&5-@X0BWob>VJl!C@2ge}^wTmA)ag6g7*B%RCbeF*i*FHKvGYT2&6{|M_aa6s4+Wv564xy8T-T9NltM4W zuh%p#4kNi2+8ru{ermVBA&qXkITLAwFJoHV+~cphzM?f>Y4u2kF=ukUbYC8C>wVA4 zd*F%im0K<|wmtuyz8dq@J~O$oeWwxQ?2n>-&tBzM%>DxMO!oBqTiGWoPtZ$06Hg+~ zYL3YRR~Ur!!bEgGWB&MdwB>pSu}7#a=9B!UdYbIaKUvFw zSp_1-9QsjA_0n-sB@3!+?(etT5?<8**Q9bCv=Q;McRhkaaNe{R{UhTcS9Mp6r`skk zB$2n`Q*QGfi=LhC@d!`j{xW7adXw&~!6VH5Y{z<-`DwNDc)_|m%AD6==kZ7t{@RB$ z>2mkl`FjwiCp2EyC1-A)FWqAg+l(I}{A?=>cdvU75^@e@+(mpOS6e)aaYcq=-pR}mZt zzYndj4fMvrq7^!P(aZNs8)Jst;Fvc~7*J!B_MPW;|(>F$%jvOUS%d$VHf3oEDc zIq7#EEA~m{U&Rr*|B=e0tTkN=-nZnwrCV)TPUW$~;LThp()mTq(&b0@@T>uaC)Ma) zMEReenBKiZp73LYa{bl2-EONiT8X_MM>y5IRxe^;JdeiSKi_nU+A^vAQG#jlgXzv% zB(yE*Yx`w+tG5S&b9SL#od3N2c(dJr5#g~H>pYhrG2eb>xuo8F*X*p{Dtj=uH=F4y zW>I$Ix_q&sf6s~fx4+eQc>0lrk#eQ*?o|9!|}+$u+Y5w+1F|K*#*Qm&h7 zD(|)2@|`Eo4_nVAh^kiwHb<`3+qt?uZJFoVGXdu&EA$2QA*U7;8c30a1_sHF^3EOZ$%@2K zT7SJP__;67yRnVf*tAgr-^+{S*uxI5wQ#Govn!e^T12GZes!;th)(LLI4QM9#Pwxy z*IGmgxfIt^`*iW9YP0DxUI^1OYIr*De(xGh>y>5m@a%FKF>_8$X3|JdqUU{R*)Olu zs}*v=l;H)3vQI(2=h31#?{>m_<@!CXWGk-Bj-0Q=tz`G0+AA!GcWZA&T!piDBOInK zXv(9LhVQ9})1~7s@)4C~EPX}is7^@(+~}|FZX`Ea1Z1`W+Xnan0)n@8m1$@7@>j25 z%(M+k?u!oTeVRhq{9d3xLm$}n9?RuZSB1zvovyB~^Rcdf#GX!S?;f7;j+D?^2YkIS zqUx21hs05Fg0Wz!Z07*qYxfaF7B81hjkBMG8!qY_Fm-=UG2;;Yh3OlENjJe2E|t+M z$08BPh?)O}DqeMD%|(aO`W!~>>$aEdGbZaPVy?0UYq<8}G~$;QFH*40Hd6jP?x9`W zvDygew69+txZ$_z-RUl(Nl+5Bxw)y(Yy*e?rV6>iE=j&O>1O+fYcm?c8_H(NDu>fX@{b-FT+I zS%hZ$%KzBjRQ`(Zxz!)7HJqp2O+{pimN`dlYi*q%hJRfEm;UB4+B8$qb@Fz|akR=~ zf?fo|X)G`5a=9KW`&&8PC)TjHbX1&1=)vpx+C=BkU_^wF&eHi&`}zQd;9L=kFs5G0 zsA_8Oqv3NWArbq+5fO(bVdu1*xBQ{zZ|ZS7*-+aHtdU&%C<9Pe7Y&(C5Rqj9UGJ9u z#*A?|Z%!#Rbk2QWoAg*kxNA9)C-i9wF=A-d+cLS&lh1KoMMBPR{H?n+&vSZqb~?n( zsKM2Px6C>eE-+m-SSp(f(efiqvUyD5lu_|iZI7Ttq2h0Ijk=cySFfY>1-V^{LoTip zJ>e_coAdCrfcojA;C*7$%+c3Eodeh*h0)c@VroNwpy_VuLyfz%uf-+!znHwA;x=UR z5IYK6vMdvUNWfd*nOz#pMNPpQ#@BZarPtyI{U~l+`|r#E1Sx>d3CZCsDvbj^Ef&AP-Uisx{!FJb=x-uQm%2 zdyUCTELG9=R(Z|(Eo=j^x01~vOH%G1HB6;MbG>`Xz0Loqj|%N8TtI)2nipD^ZrtpU z=}XcC6Jmm;EI-eei4gKUntAv_y2%d+}F2RBmx_Y9s%w>(Ez1o5nr`)XN#8I;pfRT8L&DJij zyR%TIZ*S_)HLS!Pl$dTA3_53Y#OS{e`pm=$4;~|_#fJd$Akz30UEo@V(i~+#iD4VW zivoW<sm%X2&riV92?lO<$loyg@VeBY?VGyNY#4W$yU9QK29GXc?q6w zXWv0O16uIZ=SjFYIM6;|MLggHs>!Fw>aPkR1~^AZ4pKy;l!Bozu_lSSuwiSU(SILw z48R9Z#Z#oRaRW`(tFbMf0qX;&mlJo3!q5mMJMIB7+(YV?)2}KA$}TKx08;$`QZF|H zaKJ|}!BbkrywMP_?78Kz4n}ng?zt90dU}_o@?g`H9MS?Aj9x%od@RxQX4{KjDc`S{=M{eN|PJA!7D{Boq-zgvCBn-DBY zCYLXip}lu~G|A=(YgLhs^zr(!{IdS^w<-lCu(}_V04#QeK`#L22GO`%+D^E}od?|Y z-!R>|JdH(#UwU~yn>sKJ)UuoDuV;r0^cwpy)9-YSd*cgrc6H_6HgtFaR!0>{KLCSB z$1r+l-;Yjssv(SQ zJWsUmvBcun#*s_y_F`*QWc?q`-ZHALCg>Ur7CZz99^BnsgS)%COK^90hu{|6A-H>R z39i8t++F6}Jn}yC&CL5_{;*j0p3_pbYj<^3bziCoV0-r8GIr3){3kx82!dP(Cod?v z^Cw6M3RF#kZ0#@5{qxxy@KO+etY_kZQbm8g3(V3C813H-^3P{){AU5SP_&bc{qycI zjP&!$5$*NznX~2 z>47P>^LWmJZiu`CDhhWChK)hx>OjdWP$>I(28#)J{U=aVos44^oc>4Btw8GPpz6cI zpF9_d3cwP|y4au;_j~a=K#{}UEU_RJOz{GPxy@__9Ul?s&I07?IsvZ&dI<|CtQ~2l zH0uUQqZ(2Xr6Sw+dTl!yPVRjnoXDY#H|cl%KRuxkot*%CxUAdt*l(=HsaeJgS+3IJ zD=eTyJwcp1PzD_;IeV$86^q|IS%pNZMew`lAb24~`n>{DnE1@2BpdoMDD4MBA_okT zM@thFOJ~v+&`NRcE#XbXsY<|e(RK6w4cuLqblkWo{r2jR7{K@VnY+myFf`ERh-04T zXlZTw3Oi!k?-u2Nx-g8t)$Kv@{}yV!D#^25PrA~-ezKC{mnY&rVz!3Q0wW+XYg5(y zymmbr5k2K)DP1Bjjm`iAFwojd0XmxYISrs{6I4M?kZk2Z@J|yD`3oHX)dv9^pd4%6 zzcK+o?E&=;k;h$tEFu*Y8{%U8>xf6(N8m9BZ3|F+|92HxcK z@(!K_9%yu+a_PMZUSiOT3BX;el0~){HW<2R!4+2O_$AA_vfYx~J5#Ix%2oAG0z?dZ zlP|HkE%mTmyL~!w=^;Q-pZDTG>X(XjqS6D){$!u=`XQ(5T}n^JTf^4SzY6k~0p_Uv zQ#k{f08CRd#1h(O5W8fV?Q*g-(0HG=UP+x%2ZZn!AoqW7CyRv)5&|e-onZFKD&G4Q zbLE|i8tHgud)fzt!?ih+C*YqmD;!$L_A#m(uL1PNHsoS8u1&--mZyKnK;Zv|ZD0XWLCQK!zpdAP zt;Y9oyA5gL{6vwBTi#fCGoq^Kc$@-T9v=ci%zx^n-ha+{(^CfRnDG5<+bJhXfA`z- zELz|$M#dShI`0=tTfn`;2jJ<&QHlTyNb57;mQW2!h>Mmmk&-a0i!|YHe{KOu^ehWN zl&jK+AEhPN2RP2(!JiF_Mx$Hj?en#a(sqVpVje9p$>k=#W_;A4a5 zb6XDk_we1rt}wTY_~+d#p#{Aajc9tEw&W|@2_IPRzd8((1&;=@JxxG|Yeidsox=Jn z<>T!9StLhS5?#Cgg;~j{$cu0Yza~D@(dkvSqrz%d(e347(h_loeh)2$8dvRS-J;%XIp#AD7&YP zE_-8X#Hi%5)+#Alc!`bfre^#EnUo`Aj1!5+eExoNVt{YHeXj!kFMf)}Tq zXSMg_v-UFIm}~dh$Cj5P|KqpR`xxAwQPt($7&>B1c+gIcZuX8gYnsw{?J$l=vYH{u z(lsMBux8BwcL{)saMpriNZY@Vt-v$jHk_{ru_au_;!auAF!6ismG#uQzs~DjWrVf1 zN=$8<*!mD3?=5dRyB&F$8U44|=?}Xc6j>61kCioOit06Q+8_IJTjhRietg&- zUO7B`eYYxJB(09$nOTRbpvDdhqxw3z?mi@@@Xh`yb={LZcwNwLrcg4GC?X6zABI94 zwJ=-}^3x|sDBbihn6RsNGoJBO9ib`j1w8~kJo%Y76AqhPTcm93C!Y#-OmouqxtZG@ zSJK>zN^(gYcwwo-S-yp>krd?s4Pi7$=v0pPq9`{xJe*(x2JwN_{5@71fT+DEG`i7N)b$JsZ8fzJ@@L@>fL zfDzj_;m-kw&cTTEt02YIVa?O_?K#~XC6oLz?=^OU<*gOpt!7r}S2hPAc}^5>uJCWG zT#Ulg<5X}p3OhN|>FxQE%Srq*Z+(5e zfl1*kEUWhOn(KzaND`%{jTO9TUSxQ?fsKo`jZJ)Va$zmr?nrW9Unr6@lfDnLLLs$+ zAEHi>ql|yd!@76+XaeD1T?}2ZSwLR`mU#dcw#Zj%6dK* zRz@Zaob-oqvNx^E+VVz9WD4&I3`iqP^CeM0_z@QK3rhAQ`(Y+(zR5t(QfWI>Sr@w# zEy_zxVIVJNhHzYl>7gTV4yCbkxcS>K9D*5svU8?5rZolqK#81?h@6;M=oqDLzEW%Z zdpt4R0GbFxsVC$7KB?Z4oecf5SS+4M2Aj=QZ+|~AYW#>q&cpBYB~(R1qj8qu5h|+7 zd|kT=kHwW0Vp>`m7{L)GIGDH^DyV32Ish2}w&MV#fJGaYm>cY?lNM9HRYO9o?K!AT zztt-(msNGaOaGqbNjhru%b^<))my$c>Rc9Xo-}0k+1AJ?aBNKalc3PA(WWUc@bpYG z1F7TXMjPsq7(r|F2A{$AsukG>2R%19$4m8MVK`LoNyk`J=&a#Rgvraz_QW372Zc&s z>k+OG7ofFF-ENMS0-gYK5lyAj3Hl)7E(zwZgi&Rn^i* zi4F|ro9Q%J1xttVVSSWz2?26CJs}~Ot!)G{dhmQA?O|ku;+h?~uyzfG>kT-4j#Idz z#`@*{WPw6~C{!w3OO<3YRkQ19wk+XSiK*3Qdx*TeJdXu6@ii7_3c>~54i7ZvgW2id z0!9qm|I`AczSj~test>KfYt6o4QW`pK~wJZD0H|x%bM773bB-d410r20B$M-AS9*; zvy}mT|HK%^mVwYvOha8pE5i@h3_g&Hf`0A?$y88MVd>VO_PdhbP^u;BjKbzH-WKTT za*56FiM~V-pj247Bz!E`Ba3inogBZ zE#NnmYGAbggQPxSMxbzD92eYhK}_M)VbG3Js@Rg9P5wzB5?}XngB7BoahSUC zLXAl}4O6}s%8V)ve>rtIGwE-XFgfYLBT_54H;d|8MypdkpIul^6h6$5N@xG!=dTig z^k9Qks!#Rwe~{>9@s@97ny-2&VybF}{aSLMLbGG1k0Mk509H~Tz{Lc!rc@xMY=Ocq zn0kjsnp0F)ERzv3oJekkhWKzsJ%aFskfG7%)Fi-g6nfXHkw{85l`K7S9G)6)w zcz5^YrQzXW|H493Ur9yvQfe(-by~g7k3t~`$N|DecqpnxsH%^*r$ab)?RkoRRe>QU z7%*un)Qa0b224eMYA7S1Kh-Ma$v%6y2uD+)jg@69|BbfyNMICAOEAc# zF|*RkF_+}BN?Ako3^yl?YvO)Cz~RV@K7RSa%^~Hg%&%(Lha9|b{#&ba%CIwB6+Phh>F709ETRMYb&{eTAeOa*ajIS<2n6jxk?_Ynt5 z0s?Oaqp%8+v`Tuat*$q4~^R4S%&I`?$Mu1jei#!ttMjiC@J^K!trRERok7a&&vps9#tU?HPzMnt1|*NDzR*(6;vj1f;I1;z?nVw&foer7os zu2Q)cv@b5MfFMaI>;?NJ|ucy1&G@43Z;Pd=2^=(XA z9N5Q^UA5-#811T-DNF3eZ5|z2M`1F8OQp~#guSIGH#0QMA3-2~v>Av%!{qp^@6Qb^ zdV&p>b3cEnW3DMGY1Nqc&VXxJ;|F8`s$FaZVFxSE+yQ}XtOGEd*i5B-*MKH!y< z9e$*~--sqHJ5a3|h@fweT=u=Y7Sxr$)<7wttgae?(}61eL?edU zt8Kng<3%hM(;ol@AJm)|S6mYH<-JLOa*Db>D&Y&Ynlgo!%{xsE4gYXa$r%y`=XJa9 z-<2~}8tNN9B|fk!6nl_D-eK?iP|CFKu!8te02_eTZ}a`NeMLt1h65Bv!Zo2pm>JR- zYa5!+d;7iJm`n!FcYuG*i6%OmapuYMPFogL5iOZ#FuihSe^;lZ*|44v9)oUnh2E%L zdlYVbYz&fnUtC90Lc$;LFozGwh1D^&)GaK!=5gh0-RK;?C_I7zVul1|k`R8};U>?kZrO7US5#Zmg6TAa?0s4sMziD_A( zMSAA%r1QpUbsC`v6uuK(k>=3uue3N8N4PuF?_0wz2SOuVl||GBCBHZ53!tj;7J4Ab zyGB*)l;0D)9DXX%ZecpvppQx@8tt0M;x?MZ8yJ7BvkIEvf!ocmq#I#-dU`tB8i3cC zqrdas==A55A{J3Pj(Ba3!bCu{TM09*}&yqSYDUpJcS z?BX+O7QM0ok^C}%6_mx^5IWea%bMQoQ@G$HFMGLy`ty0$biEfASORqL?BD=)5-cs{ zTCQK07j#bZk~yi4jpT<@c|vFB=L(Tum5OEc=_gtf9L$|{?w3vhr&JMUsOkjUB}P$N zI%-+|=R-|m6YUjO-hI-cPLVX0u&Cv!QHRHM?_hMq{u{~_PLC^!nzz@;waDWaUaC`zwkAP6A%EC4d|eb5s@x-DhOBSG^zvZX{&;4LNP{x+$th?pIfKe zUjMWMvk6F?yr@4gf<RabQJn4Xv5>+t3m?)}mul)D)M2UEnUiHzL3`ptYOuc^jPegzG zV0lhN2%V@pus!oE{o=ahd@%71Me#Wwj*HMl9uFjqzdW2PNC(Hu&%5)y+8xgLz$&6j zc@~I=D_^cD@H zJ_$AFG0NUaaagP;{`pe~B`Szl{wxOi=#bgMJVRToT4)Db`^Vvg_*Z@ffgKvN@l>B6 zzY6*VsUT}|k+UOJN6+BiJS}Fv;aJf+OSnQdx=_iukB8=B`>w}C(J#u$Z)N>5*aWja zUHDhKz|{RPVfsl)3?^n8;8ZF#8o(bq=M)g;in&ny6#*As1v$fEp@l_SqtXYpwB3Sj zTREx3XAHgGen*n4^FhY-3_%lIy+5RI^e-pT4<;l3%<(fnZEl-d2*-Z^@UKt-`=|Nv__VP=o#{AN znC+unPb>~a$@RJROW}4A2JG}K(%qlT3N$7wfNzW$0 zyO3#L8FR8Fjl&SvJ zivXlFfaqk2ngj)++(h89tS}0Q|9smI+FH6TM_6jMg5K3RmRJWG1fUG+6@?s_%NDNR zDm^106-fkMH0gf@@E&X%1SYQ{<9HYtLf|apnaU_J~Tc&V<-qlG=5c&sa zVSY&fCK4PD6HiHjy_t%{OmW?RW}|Nmyby(uG=>c34~PU7Qe^2rVj_48eA_=IsXR0T zP_~MNwaP{Kzk-UR0W2fI#>1gK26jSRL4YS>JK^S|HT0H39K zqbfj2fmoV!v1Z|fUu0{PB^kS!lRHV)Yh-R6Mme z_*cLDH0R7kqIIVz9Bbc)MM!P!-nqA;OSuoy1qCJ7hIiJ9^^OSZ57Yb$wp@X~Ej@sM z%C6BS1U>oyW<)A2Ou!!X{o^AuEH&yiX00m%ssZ7D#t92kvDAvheiCBQuv+nn*2!w4 z7qT!>f=K@(xS_8vnSn{BPp+ZJ5pJKb`uG3oN}mYaF{MgGTku7ZYWIWoAV%Lqmr;HK zFc^k+V6|QRi8V~J{PMLZ=*Z)*s)SQR!lZE;|9~D4!3PvKbhJPyUu)$^<5jcgpPPGv z&4BL!;GML>ohHbHnP(w<)b(OKDgH*_8}AV!Urh{iIUiM zsN^Pr0FbFVb7Bq3V7S9yKEt0?GFKeZfOeB_sdB;m=_FV7_1gz$deeJ<8O!U0NQQ`9H++ zhZx2{%Qk95KY+a+A{Q0}TDyFd|43foFA(m5NGDuV@Mx1rCMbC9ui(Ppy}b8V1Vv=R z)02Te-3k8{Jm@O|D!TB;-TmKGlCJ>BOP0P;RVe;oj?2o5T;=i6WhMpY5fSfKSO`@? zLo0$))QG8|pr8qJ_UI-{=ivC8PZl>A<^wxe>Bi8&%ZoGsL1Iw=9q(yihfCeC(coR) z`qQ|D61x1t2HHU&*0-^Ng67srLOcs-t1mDR{Y52#O3@r!Y(~V*EjB~*-JM7t1@g{& zb^fghMEm9mQO9HR;zo{ydYbucSclQC$l&nOQCGaa_4&8+^B{|zS%3t&Te)G74i1h$ zs5)=K(Eb%9fB4dfA@yBbE0LCOicC2 z8D9`wUJdlPtW*&asNgPE-hkIVx)l=eH*+lg@Lqir;slFKK?RbFggWfuCz^|9i5~!n z?+nk-oy)&``^Z$4-Mw^(bXONInun%uW+n3lAYBSV@H!1>ww0-`s)ZF8tQW0d2VnbJp1UVg09DxeP3Te)x*u)U@<{C$+WSUjDn+5VK7v7|H z+oV4m+V9X$nsDan=LDSPiXC9$Re8e(3h#5zDI!dn+9Vab7~9D5;3U5IDGw26R2mHr zf6DX>l2Dg$o5KF#T)O@yYB&xcZzJT~b90)6nL43oQO#qS^>lVH?AX0EzI02mUdha3 zQz?TpytBUow7 zP)Re%I+ag$mFX&1dbudj{y5qH-hSMH+lRIdpmmm#{&mKy0U}o4>s_JyZ~=Ri+;jEJ zZ&Gp^vvz;-CR^kLbLSK;T_AiPg@f=dV)=3~8hU~1zeOUjUCUvSnq612k(Av?BG)e` zP`0gbb8-IOWmQpt1TysD$=+QaK)kQwUb1CFqtZ z8L3Io29<`EHnLiuO5zWq22R*vsizSbFRMz_p?jZ0W6$p_AhFp?Ak4_gFGH+%mUnk{ ze(Ek7@xaCkI9y1%xi$96Y*TK6@XV9aLaZ@bG!sL667vHyjGeWkDKcafq{3 z-;X|-&B>z{$AgVXw|XO-=9XpxF1B~6)$0P+RLSo@ViJ_(3=EL}?Dbu^^R9LXcF?Sj zzbDKY9vOkdv#l!8u5DM{fK&-#!pZ^!w4G*k%Q*@#KUS87Jtm2P%Eu&9`4DxxH~h5P zF&hiE{VDty1)94NDCVVt7)z1e7yJv`N5P|Km*;|}rfdNa&(pxM)%LXpVry&bs0pJ< zf8x)M&LWqCh*74G5_il_9=F5@IEzSq(7xY~%N{eP;Xe2i*2ah-=hDupeDx_}wjcOn=OA0(lx`I3{ahaBKD)j2HX%V`tUdq!eXM^Z*zrvBc^PgHgXR_0w`wDx z<4~=4WfVe8HoIrvsQBkfwdl`h*H+jAv%{v7!EZ}l`UiIkznJ=|6OEC~oqtJ4>CqY;?vV|udesjEFH^>PaD@p835ks6v%;&Lk8h4OS;hK18s6ibe;ks{5)o8n+Vg!y)U}ddDB)Nf z9kM$1%s0KJQg8X(IBi{DJ*=~i6GjNJKJ;snZ_j1!dE6W-qB~A~r~qav<$y}DOTk9> zChE@dS=IW%D1OikvaRX*-k2m?q@z2m2ckK?y)on8F=B46IOb}r@x_1YuyULXU)w=zl*?j8BULTW8l!Tv_4mx>-~ zs^M5%98Y6GA4%W&@e9kdPNx(srIE*9sW=u90xP#e>m<``&R6F2obNmV7&sbJ7IG0%OGq|zL zFf-LSU!&OWh&Um%cJgC>GI^>s*cDXQLZkEbxx0g1KVlX)D3Z`KaNZho_u?`|dFWa| zMHNGuTasag?e~3$+xNw;Q!FDzrq=w1rNM<|?J;;&$XPXt$sFJlh0Lr#zy(;Q2(|b{h|1n>Ea3l6~*CQ<<;0?c?a=h_7Ygr;)=Zyxj8M25tW+4_zPx6*JOwt=W?YaG(U6jM_5TPnbHhUm%v}ALga{|R z6eqAay42~h%~s8fYCcI+aEDjy(DSK8oey$;etvagfO>(^ZC1F`SAQlo$5C_)qfyT9 z*!lAIdedi+l;n(*GEarNXJARg?EV3!JSs|>#{+v})W8`5;cS~mgOdjBTURl(Zqe5* zcV!kJc1N~beWLmsMMyGXjx&YZ!)c>3)wSqaqX=a zHlFw z1Z>cxXVv%Z_>51t%`r9Cg-O4pYSi+@B?qH<4xipGVU%c=5@B#lj{#wpe668I%&C1F zWv_e; z@?*~@Rtz|!s?X6@>~@a!rgnCr%XxEW)6l1%3CTSdE7a@3nof8Hb}liV^7fB^`)BKL zUwF&YthIaMTd`Yjk8&DrZS}B`)W7+Fe|sGK&|p<|Okq6?>luf?SeG6NFB5)@q~2wM z@h*p>@0gjf*R-Y8)p8Ol4RBk1r{3Z5B1?aBb8o#2CDu}1tgwf;@@#_EWU+v}8E_nH zVy-!zvR_%@9F5}Z479$etBh-DPm9^BAwh&5- zYIe&@7J$d&HO9|S>#esf>J!0z+gIZ?x8Zj73w8??b#v!um}&Ikc4BA8JxU*ZYPG@q z(?E$@+uK0|92guctBNNpW|tH0pgjEB-Cm0^cILZFAu>S?oh6@I{&}0;B>RG?uX*;V zd6CY|Gj1QuM&oOk6xt+g1j6R@ObiB0nU=5a{BGeIS%|(#l4^H3Ll4R3Y#**KJ-DXW zu6g@`^>qeR$C7h3dgG>`r`+wIG4idB&H%`~{1;i`W@RLCgaki*%{--rf^Zpwv zUeA~U@=2naD1Nq=&M+~s)z1AlomuzHBanAS@~`VW^r(JqxA+5#l+2sIH)B-Cb+`36 zm*9tkriISWB$_8Kg5k=~!o(49xYN2goQ@Y$CNY`voVVw7XrA5QV$W6g=@Be<&arnr zYq5Mf#-4N2x;=eHudY^409H@+yOenkz>ANmG2ALJd!3xhlaU(BxvvbE{$7G%eyhsw zb$?IbHB;@{V<#A_Vyla1`qB<_$adPD(6SLI@=?3Z0>@Ihe2f^wQc_#}xdVz{8f)@& z|Hueq<<-pL>2l&h0^<$BOEICIJghnS8FuI$YmA z0j0k_uRNcRKJaNQ7l(s=9%lP)#iEFN{GUktJ}4X(#i`|dILZxkmx5lr`Ya#fo6 zKD#;()VVXeyE)$6Qr7RCFXd$&rW6>q)alo&IAT19*mYvZEM%|+Bo+`i^>oT|adDhE zELkJNue5m#PkP-9_pE30uP!=>vUwKLd9!%YOz5-+T!uFG4Kr@UIBeBRZ;bui+Kv@* zl<#su%-*e*;bt&85sbp+!^FS!Zu5W8{)>2wc;jf_(PU#V2Y`aYdvxMXg#yPu$yt^s3gc~xtQLiNp19a6pw}jQ= z-r|OW2aEnaELiK+@=kxYQlsOi&jeqL%|jrRbJ_RTl-mQJ`w2e-uN2>ttLheU!_lX= zUN2~R(e~E+TrW=s`2C_XUj|cS>dihr9vA=CE3h4x*XTem0rX@x1I|0L8|5asy4_L-{xEg6! zx1Dw$WcaunjZYBT*N<4AJkR;Pc)j20ku8?!;^N(h(>9r_H>vh4KP6kS8~!eH_PQr{ zv>Z0|S!{h4y@YyH#+KY$a<;2^AL{`J56T|`p$mzc_PqT~PXB@uvBP2E>!qXtO#;orY4vaPkt~}Y-rau#E6dqi!21)Y) zhMKK>cQ3uGILX`1=+SdBLW zA-Xbsu@>Wz{Z*spo7d=s_nqmUcDC8C?oOy_l%=jEre40BD1p(U=sRzh^HZz)gJ^#A ziBH6ZHCKvwwTig0hPN4j=P6pb$Q{zD-hWU{W-xH06peqa0rs}>~ zOZ=miZ)HCj#BPGC`?>&{WB9ZFe%fOv0fm%~uNOz1lnOFh1>GEs5dh+E&VU+FA77 ztZ_V_l71~JCS+txgVxip=eDNhf;a6EUe58g+sz34F*AdVlhZvZhsD>-&*yb&(;zc! zn*YM-^wE>OVrTSzN6FF>`y(!HbB+6U7E*jhVr1XS0=lumW1ME^J)Vb?ZLCJ(5SrJf zu|Jbbg^p@mY&d44aq#%p+9f)hUdz?lH1)GS-rMZgWnlTAF_x4N+4zJ z5*m))=&>1@2Z82;N>nj3!`w_@AXVs_&KFLfW;A-=`GqBL@~P&z#o8jbRlKo|SG62t zQslbqUM#W(i~Qa^_{gpf$z7UmbN&hP~-9?l+}9j{9yw=n>;io zYY&V~{UJR#?sTr>=k`afw|7gaiDw%PTEKRRP}KVwcjgDP8v_!MZ7D_S1Ai^#!ut~e zKt(hFqQ>5}z-liPJoiLOU28qZHTL*|(>WAT2q7kCINN_Z3s$=)j@t6tloIL>`7 zcwLr!ei>B_pMPs&Y)rt)in}WaelJANN{idV$q8(41+~3+@Iv{w!RQw|=^OiFfD5a{ zrMH+hkHAL3ZFpcjqp%z?de+8+eLpFus;{LXS!;aE=!qBMHm+AV0-L-+W$alno1$3t zJc~;uE$4@yn!f!(&yYLGjmdwY)DespNz>r+yFI|Nw$KmA5yV|+d>feP;2+F=IYm3- zR=RD18dWnG24IU9SXAAy92o}3oP6IxI35%zAims%o!r(rd_Y`@dPR&Q_+ zskqyP?kp4JguNEZs4?^`SJ#KX?^|4YDcRgE-r8A$=jin0)eD&5WAb5jC);vM(rjem zh3}epKv&sG;d^ns;~11q_g}Yj?g_E+WH_jgJujU>#xJr~V_Z!6H{{gXOO)TT3+F!r zgF`j%uU`W6lfIY$gTCqq#inmDK4|0Rp4IvjZKOAXxBaabANqpr`lb|@dK^L{Ue+`B zfe6i8@5K!0>cwVn`UJgB;Xp3d`@lr+T4SjN*-Xw*TwmJ2>Lzy8=MF5NPQIs4hdbtz zsVBAcen*79PD5M``=-Fw<9z|S&(OkBeZ#eMZsFIW3k^>6;8>`byIeKb&UY`q)bl?h z4RUf#5<_@0&z7TC-1x}k7g11TkPMxfRdv=MgY1+|aax4}z<(ZW^#-bypsGfd0vh{r zf5ZEDsgFt=itsZYXYM(g_fAYMJ!Y?(^`~dw;tM6)W91v*}QMSS-dOpiehjO7t}`I zqb4T0`yshZnruZvaTjrvaLk9_T%38T}aoRTqa-WX}#fe>SAZz zNe=rZ4j$=Qxt-a?J1ud0f-}f=uccF!OVg;kilHKJI$VR?=H}vQJa+e584Gj%#?di-xMx6xJ za`&TBLo6h>djDL>ZK)#^Q(6+M%$R&WaQv-(lPgl^X7IUM#V)^YZC}KA?myt74nYvsB6*>9VHQoJ?Louq z*1FHVDx1#i(9byWr|xRpFOWTTn2>L94^HS9KNhNY=fM{63nhkJyVVf0X$|BrPNegs zys}xnpx_OB9$AccJ3W5Vm!qkzIVxYU6WI=NzW;Q60GXFGRIGfu{bwaj601b^#yAwv zw;GJi<{C|ntJT19!8`$=kn0>t=5`s)1{I`gw-{2+ZfkHe3k${Wd*giZR9OC`jYKbp z^l}{om9GDoz9%@fH!E$X@@4XuTm|kxe*GP_3 z@6&RlCw~aiL2R7bOAxO|055dRo}I2w8#RV%)L}Z}%DH`)?o)ZW1BxOa{GI(yKi0&r z(BbW7SZ7}&!RX{k)3-}%dams3cV~7y{orh+spDQ<>G!3aycRPRDEf+Mhh6dGy2u-1I4x! zPweQUQ&wkI{w=CF|ABDs+-+~!JEqElcJ9_cpNTf+P(mFI+5|Rb1Iv&Yt1(i=2pHah=(1>N5K(Z<$|B~cT$zGBLc?H8nDr+XP> z6oXD_QToycoxwb)-32fI}O0=2NJ66F^Pd& z4jPwswNKayH7HV2Y3{s*E)YOq@$FHZPNPDTPgXh)+(xaE+2;0k@cl;pvyjPH`#_0D zVVd9Uppk{`=+;&AgN*%5imis(q~4xq!lYhjgxo_{C?Wn$JRJgU_75Oz(FA0dCtR4@ zG^LK;609(IZFX6S%lZtP>8cZiG_^VJSpA|z_D>)oXgF6-sE|@x0&+G=R_WFBG~ink z-l0I^;=LXhJwD@tmzB;FYr(nt(^#|u5iGTlys{B7H#xs$Y(sKkxFiF8y<$69&8~&D z-G_}FW23+~zIq-4U(}kCtZlw>;E}E@iaKRJL?as{P)0-Qc1nNpFeO8Z6P92G(pFnX zxPNj~KzI&v1?mUGxAs5nIYBT~-{dZfX8_4Fi>9u;b)_!Gq>nmckWq4eg9Ybl=%FG& zRym*Mf6r3=|I32iL)%5tg5o`qK)gqMTo2V52dIOH5(GL{V33@ExyBi0<>a&;1Z5!q z_7|hDo$xzYac7>0H9KI;*q(-`m=A{W>0J*O zc~8Q*96(x%Ms~TdnC5`Ju$Xoj^&It|=bewor-+S;`JA^#Zh4)}T-v8S= zGaiYV$`QmT2Sm|#sg~d@cv8-n>0_J+>|{b#E+O^AO32(tAL_P#=o{G}R?k%$;Qlms zxlVEj{yXuS(P2?3nQ!fbqMC2bc3J*S+3pSSOA*S%L~o|tzUu13fB^wxdDI2g(qf|c zhjCx=@p1XmW^Yc{yDCdsx==}b8^GCCnz?u^N({`R&`J$TrpOq7qN1I{@w;z;oC^ag zhw}OKF~M46aR$easz)FaO!Y)&*2TV$kIrf8z^ixPF6`BmZ`%MrynX`*3emv>l@Mla zX*!j^-|D-_2%;r00762seIja>eJ+AI8#|k6kNVhu#S``|iKWA8-*6W)7UCF;8or~t z5I#x>P_8`(dJ`I;A)@T8#8;K?e`*zgNO3FJ7d20Lo3Ap!Bi~jw~mUL9~ubQa3EkmPW1wfk||DRd<>^Nnn08aG_lBW>oBInX?IT{vk=8kRszK)v^{ z+~e~vY?>175o3v!3``o@u|X-|6-g)^RM(Yn{R=l z<7YxD2zDdpGY(1|dPT>$q_jwV44ihICDS=j-u8vWYx^`f~ zYzIR`gXK~*uJxI^ROEBTs(vkDP;eC=Ryh*PazDh-ygCI6)z309c9!qZyr6`V8)6)n>( zWhVZ+1|YdLPo3#q+M&SWD+gNr#K5+NLn8shVe8$tH>rV%g@J!y$4Kt+U>G=#EF1dW z*CJ|Inor73+L*qA4_stZQ|a?%#vJV^ z?Fm6Du)Xv$A{i@)`m@uRNAG?-iOAqS#$T`299g2wEG>U(={K$IuD1HX}$-;M5j_pDKUYbh)myhTcMwVRK*#<#L}w7D_L(tElzc2T}@qmZSY19 zotrx|mI41pC=|`lA0rqq&!ZnAnHh!T2(L|F=ArL**mAK~->Oola3#$P0)!3_@ohIZ z=VExBg@k%|-O^a~%$^ejrUL_ZXwKIIM2oeI7dPLggO{@UQ|P?m*3W33x6mmAau{2+ zJC-P3xRo`)5Bjy^R$S4g(h-0UlF28XyPa+-2@mw=i4<@RR-rFZzXe~g<@d{~L@ZN= znQr@*e}&TlUjXlf0;Bf;DS?3+pOq24+%>m-pVPQp^ckTBpgQn(UE$w`N}JiAW&LGt zZY7z^yNfVYmD*RYVeB1Wl+K1)#N6Ft@;t*PMCTLy2aObdC9gIBWuYhz z2lZ34nN{jS)Tid5iQiHCxLfHCf)O9I-q?|>5y@AAAOMa>u5^K=Cej@doX z1k)N&zPqPI7xVLpDjL5Kmewg#R5VgU#@5u;2>zV5{T?;me|*laY~7aZDz+rCD1+Is-7klZOn(?{ z)3a#d_nvzWayPI~sGrsLAB6Y4{ucQ}l5Ut_M!_WW}TD3wU_`~%P#UirML$v;Ok^;5= z*YfZ%^{WpWoCioRl^yMPvHureUjdX=7c?v-CDJY3-6bvE{SeaKDc#*5-6bMONq47o zcQ?}A@n3v>la!$>(U*KLRuVFI~1XiT2ZFY-psQ& zdR!89a(y|j9>Dh~n$Ofv7$R^MX~^@qg{*UwPdBBh2%R{c2xHR>QSTZEMnX$Ri+mxe zR=yusO1k!|L+oeYfCAHw?x9Z@d|}&oPu)m<1g>2Oj+15%Ph)E4$;XQZ!q@QdyyGQFWK%&e?s=^rY930IXGB+)n)h-xbH zBlC;e8d2-Zr&!_t(9!8q&FZOfN31K5Jtl6#D=WGg9E^4_2Xgd(u3#6X5ef@3D}07^TF^CLH}JCnkjt8D zxAJx&s~eo6DI|1afI(@FjsPVDt{u#D=1a`{T>!6ZP_x)D;d=ev?98?geWS>Fc3#Ve zL+Tz@m5ZgmQNj6hW?o%a##VWCg-AC+QCrWFs0p5<(a$K^?n>=@^a`$kx^@%b5Ju~u z>XClx6bn76^|E6`DSd$&NT$!5v8V@`Lwx!AATu&7G|}1_lm7jQ7C~!h-^eBqLF;kU zdV(dexWpfiu_2Rtc^>)u$#u(=7Gqv0#e1tL0X4<7@kqgHO{Sa}X!aHN&{K-Dk;eID zl2>eDM8t9Q1izerA&;`*a~yN|!OvLlBlL_cpyu+s${jim%veFA(gb~tEpLR-lS50o zg)3>ix=YQ{a&0wNDGEV!`y{_#Sn5R*kGO>@yV|o_1UGQy$4>Z z3LCH;2E{L~D20!d`PsFaG!>qDzhrnOq{WAxSi7U`9iZ*L{n4rc4=u>00`srSGWgqN zp`!9uU6JgmV!87qO1icJNij%!kOgc$x0Dz0V`$2Dox*fSw&mYLuE}~}@GWEJ`Rx8| z^gVH?_)ww(oGiaCvVfu(v^gwckko8+LuX=QazRE9{An_RB>(M=$K%85;bEjkwS`4B z=FtU^jT8tmH0cmMRGQ$-QDup1yEov3p z>tVdbMt3lKETBPSfe60sIduQD5-?uF- z`OlDX3O|3Ic7tGE1=rfJTPu_aaVdSy6xLxt^k6E8p2wlnF{#UDOwh6dH=Wa2I6e7( z8ko&BpI}oKM&yfi(Xuzrlqja!%9KqrPWB##629oO+(3JCjIkd2lraah{Z?QClwZ`< zXdf2?1tMb5iimmQo&u@%R1?xo!rFDkVwGipbHBIO&)CXVZl0OAvhg`a4d%abF7oS= zl@Jaleo|n!d7q1(if#&Z{%Z{gL)Wk1b|uV2neD8yH~t&`Zi9?nP1s@99iVNrbqIWS zt2)?Dd1<)xhWD2_aWaDh`H&ZW{hbSN51)iy4fm-nEUM*0QRjJyTFpC52Fjq41P=Lp zYpsjNGXC_843z`?*;+(*r(;3UhP?{J#JS;R{EU?Yzqfc(Vz6n~6Pf^?lfr9rI{9bR zZPcF_TJ9%9%9fg%!Mjw=JSD6ct6oZ0KK}pHY7S6MZ0+;viSrbSG zt&^9f-lQyr89}hoYZ+FmynJh3N!i_;(BQIL;eN6isQT{We${}w@$9MWWIuI2dJA>j z=F@4;iX*Ccw5)$dEpMwF6?{?lQ~QbKR^%?p$l64YPWNm$yZh(NH1!i_DR{jONhd)K zHR=xICDmlI%Bm{iAtMoP2g%!2eN_VIIvZlWyhaYwVIWNPJCpUd5MZYzezvd;6fire zqzd&#N{Nk3+(-D>-#NeCo2Y%Wqd*6S?&L-~Y1oDoo z9^ALz0H=6NwkNs)(=c?D7PsShbsncE&m3v4uv8xtbw+Nxv`Uqyd zRru8`Exp+4jCeqsK5WwxYRx<8J(Z|cKwF$lsg!iITpzx~?d%83=omWW)EDchZila zS(ZZXX!dQK3-m$GWTK{5OpD8qBP)!FlkqBUv!i6-9RI<~x$Mz$K6cd0K<&rZqK+Bf zp6Va;M9^HjE{)KZnwGYnqv(Mrzrc=PcjV_XTtQg{X9VME=p23><%$Qk5-pO4^mRl6 z&tpin9J2e@6Rw^_)M-s?L%prTx7R~}+8^Klb9z_w<-)C@#z#QnO#q%A6;>{(eE@r3 zh}#j2eGT<2B3WZ;Lq5WG^_5^gT^Mk`G5e*!h$MYMWy6Vpt`ow7YWJ1up?CT>q*u8H zfQMkYAGuk~Q#Zf&){1*4nBbI=_6<;wO84ex49*hgr&Yoc3WkWQ$8*FQo4Nj^V^5x4 zRORm)DuZ$s!KSTV3Pn5wFzWaRokM@QsqwRs~Q6@ZEr%*=um zsGu`qNv`J?KPF7@9VK-()5otamfyqSu->hPBQEc~a#qF6NEppu*<}^QhJ(?> zwS!&zi0>dsCUwZr3hS-|O(_O-;Z5_ZMeFfYZj{|{XX|*Qgs+C2I%+t2_oivc+OVGv zid9&RcLB*4t9}aoAiW4@pqhbYW-7g(1$2~oWVC#z7nqLiKW z(|gBmfA>K4zUTQ{-Q-kq8D7mixHHYWlH+-DUCEiq^~M!+wp zDd9>{kD-82J*d@}ty-*x%VqUdjpbs%x1rRWXEBI?hPLyi23J)0?PqZEAg>3rs9}q^ zxLC%gqH>;<$zLm{%^xdBQ9)U6al^>MpL&yUqp~j8nwloFybYv*!>%})MJ*FkP7o<6fl~J# zjW_Mjhs?96bs~D?`L>+tGr8_S4wUbNp<2X43=IGyj0X7dW zg6DCnp^26Gu0#7*Onmu5#zFBXsedqP10U4lg-l3;0FF7jw zlM)Y-qa=%*%YwRoz#xraKpU~5*KYv!X3IXOBuo3c=VL-T zQbKCywapSiax1BvR)g!tYmBEe8lGkzCf7aX*?Cx<_dgSJhLYJ4#u&aZ86T(?DA!le z&)gmdBjR^_L%>z;@{v|6S5MXAcG4XwT`IuPz#|ch23gD`cbLzulieJj88zK6yPHmw zmJsqsy?Y-Kxj$2MqmbS~%}a-1AR4(nz~Y_CFDKs|P7;^1aoSZ+GwZO)`hys@Xx)@* zBaw)qxS`4{DDlUy+NJ?OW@s`<2D2IIk)DUa5{>9GuyQTIVI*SkymK>`Tyq#Ks>TGr z4_v+b`h0Q|egB!R#OhX#yKd@Co{KPjit6Q zt9!MW70}Rr9(jL8gU%nOq$bkp;!CyS0q=~6IQVc1-MnYrKPZA7t!lF(rr}18Gefu7 zY0}>iYqf#GdA%Z2$I1N#C>G>~OE1|v)>x+Kf(kGO>Veg~$juRNBLQIi^7T`qhRf8Ma1@i|9# z_t&f8226E$s#qR=j~R5AjhI=1*VjC%jL*l=?Y1@LZQR_M8%`cMb=(iugda4ET|b9M zUu_+$>$TJQX%vw%9=^Rti+pvN_T@CLRYO}%y&WZkWD>g0mHCJWWgQN&?z&(jbQL+Q z=-oPf7cmVvgjYsCVbkH;&27reh260dV$BwmmUxCOFF5=Mc`VDHJ^inzk}#}#_RNZ` zpeijQ{7WL~9uS?F@a17Oz5uSZD8)+vc)-hXqq1fkudYp4g%VUrW(T1=a4>7nonxl% zuJhoyLl(uSqRIF3>Lai0a8L9OTBoqh-gY#hi3O{AejTK(5wuR#8~ZjnOw_VX$u*QV zBb%FSt1=Q4X8SQ)t2O5E>Ws%WOIIO#*nS7RPf8kE>h8 z$Tp&g5e#1NIxwE1>+_m5eR!1%%%Ukb8#{iZFYadWr_BSnFm zA^VkAqOV9-7h6c-m)%?}I@_x#k$0_wQDJ;!*^ z_^dhuh%_~kjc+oeO(O8|u#;ZwpS9m&Q#nXPh>@sd48{`zCtf}Nt*wi14UM1brMC=ofUk*OFubfnazFmrXVl=$8^-A~T--K8@ISi$}g5;Z&5@@j) zef?G#+r&aMq+cLwDa^e**%#i^f7Lqw3F^74d_%3)iEjB|I+Ea^NG>cgvbz?wRrGRH zJ_3tZ@+6OTwPWxX%j){N-?6dR4?^#)es_Caix&xxr)i2OJ{iO|0$j6irP7)sYx4 z(`;_}SZd^?5)FwRCX*S^O6A1G+X!g9#BSlxUDRA0WB_?ElmIm)#R(w3L;Y93YuP$| z%U~Lr6$=QFVnyt%vLgWv--s9Kp=2AoXi|*ImUgG>@Ecx;z~VJ#OfK5s2M`A|g_w(t z4I=#2t2n9pU-fl-50dRVZ+Hng&&_G|TY18ZrMsK^1{qN;fMRr)D2FeWu4wm`x9Q3G zq}PGu*ly~PIdEdAPg4!1fbv95&|g$aHR6dBG4n*dcuYFrP$-9l7+9JJCw@J1A zc!BEuY9EzZ%Xn{xi{CdiM^>vLyRq#RMmQ#2M>UP=SjE)7ORLR_pN3glxqb@0R#V7I zBE5fgHCvBNx=-Xj2bPQ)lU<+iH@-@na7_A+>Y_rg;@fi|6UsGAOwte;wK{JgiC*tE zHqUgqg6!_Tr5^}_ZDt~!TaBm_ewmWSzMxzA91Xw z<27FA6f_oGniBy-76u%RDnCd3eT!dDm?oY#tX-pa_SDqdGMDOLZnIHr(nTeNeo~h8 zv1($?9_rV%b?iOyZ`|cny&nvFEKc$J(km#@hy!Sllf`xetY7Gzp&3xd0=Mv)N$}gM2>04bi)5hOM5SK4A(H{`#YQn(($oGIW zq``{WMa;pG6kP9(j~&X;8!6H)x$PXH2gs9*jA-U$-WPdd@nvJ`+8@s_lcBhHOhM=* z?4ISAkWJc7qA|Cbg!(}lHu0*E2Cr1^2{9V9Nsz5!B`u?TSAp~FU2{#ncL?#bUx9#X zW_bLycG1Vq_mti>G;SmC!d8*O*4p&6w6yXT^;gmIuGn1SSmz9}KQNEzrbP#uQwcPa z_G+(ZTrQ-7$-YO4mEX$%*@hc(e-UEKW(Kf>OFktgG*?3*#%ViDp`vrpUm=J>)Q5Oh zyrFP|?&tvu?Srr8d9~YCS9i^Bl+U_78~O6Gqi&nogkGfcOlo#_rQKnFXV`1pIB&3i zZ&#s?%I>a6UiO9$n;8-e42*iFEYHTfMBU$H4f)1nQ#>FZVa-(*pTGTic)YFMf3!@2 zqjX{41+9ez?j`@r2ymJml@oe*xb%-d?{e>o9UXV>>B44s6rA zy>?Y^;62AVVrWo0IW9$RM)Qh(enN@8u2jLXm!jXa=XBw0H?eSEotg{N+c+X3qlc>Y zQer5s$jT>fIcEB5v_mjoNW;a=-RUTSss_!y-!Iv^Pxw!QhpB0>h_J%|I{0Pyh4GiY zW!_zx~5|Wz9TAn#% ziBeaq5rtNDt=dUmfgU%?J7NWmM(2sasdsoiPLSBGX4_2s_NIPB`?N7r>a_68+P9mG zWCAKRn8#0dzs72`$obe0$hpc8LnQE{i?|JF2q3oWaspfP z!+iH-Wl@OG}{D}k|xPMLQbmV2>bP2^heAO?3`(jkQb-%NoDJUR_%^DYS} zfPl$BOhN*|*TR>~ZV)6$dv!1$2{@YB20OC5W0m=Ry~%t~@slo-`BCvR55SQylXhBq zu{#p%*e#G_AHM&t^bz0AX4mSgQQmiDACZG1=GyngI#2>(T&LhB_wN{f=F=7%@^`hA zBT}UlUKzIDOPfIk*WCI#GaInz6`|F$8|{#gK6^l<)ED08Pb%1-Ir`7^u=hZSC;m-_ zu~jxW-&h=&Bpt)mC9PX9k`}Y|zMaT#S#%Mby-$3_QMi1CYko6Nic3n44gxS)j)kqF zb_COXe1a#=RUIAAC``|adOi_p1c7Z=Q(oVxTls_5nIgj|_itwPDx-{i`cKrqwjO@0 zJ=^l?4;_m7v^S1jZ9W59Fa|t54~exrcuZu1A6O})ot^%{kly=;wQQpOsMN)3YkxQXmg z8KT&qG$H`JvR3ODu2jA7dh~JVYv`C8p659|;B=mTt%0Prhaj|jqPmdaIT=BWLQMHC z&)f^@+$Y!ZxqToxX%witS`)Ef9)jxHh}(P)>`Gfwae$^K#^zkVQnVjcVox56Mt=czWO-p61E$KH ztH3Tn^ld~!&4rK@!$qOxtbIs)5|zuvE)jkZukbD0mO`nfD<{{^k4Vf|AkuoeJ4TXO ztyymm^9F9*75n3Ik77dM5B%l#rJuJ<_Rp(DpwLp~wCsXzax8a@&ZPJ@u6dYS5pSR& zvw@0nwoZ0qyE*b03M09nlars%&`?mo-Jzi~(!)uFB%*rPPon!75ncrQhTE4uK~g@t z2g)7Pz3?9BNd}ul1~%ZR;JUTRzbdJ)Qbsx(2n0Z6(cg~ADiP$jl@~|te9*>6d7ULX z-u$4#x)-ZN;;j~#M??iWz5UMAS`DF@#NjIgwKT98DW>d}_&ZH&U`1%QD)IJE2V)!_ zsL_!l?D`3XvJdwaJZ1T>Whu+XECOGN#HZce0e{(_##M&iCVpXnGBXJ~%!th!yX0m3 zS_5B9M|;vcWH|W1;k{ktz$G?lbvPuVVsA{pM>S;q-G73!4c~(M{@11`c8CuZO#G$` zYaqX2rOV5v#NP?AlC!-%cYu3cq8sSe$`<6k!~7mz(mg$>m!BIe|X>FcJcHhw{o;uTowiS{^n;?W*r(~KkUV=2K) zGEsch!=s1nTcVs202Ueo()gJHLi&wj)b4YoGybXq znhlmWL(;O(XGn2VFz^6+86-<(bYu}>NMS(*K?S7lAOsO%!BYlFWTY(McI zd$GnOu zw`}l>32?8=x&INB}pw*V)_Ug}Fe{reSv-;?V*6>ccLWE*pczFGoM6I*q+iMjo zoRCo_RXzi|r%e7B6z8q43+qOhPBg7O0*+i_2%;3LkA`Rfs+1V?&-G6 zGw262qg?Dt4ck{AG*wPNwLi9I3MpTaYc^E`-2w=WlPynnswE82oo z>s7&m&*HQ_q{}-#NH9`W`o=~TmD$0*d{qF29E}?(m-b}6E$oN&5AumKV&5?0?7&ks z1xJ&XX;j_T^30`bMPtpuwmncQ2}#i|l{-E;;-}?NbnWV}Qd`d2^*2{<7ouvsKlyo2 z^p8K>CX{pDdsaPMDZA3!=-5oYQ^n0B61n#IW)t2WSdJT$;BF*3)GGSwfp7m+B|*}C zLU4JQI~Tr+yoya+ha~a_-97OZtfN(0JkPX-LL$03h~}+8I?T;hOOp{&^ZxB>-j&Mg zo_nS6jZf@-d(%&EX^rc^S9LC>BIoP` z=JHjte>Ws2KAmXZcU-DsG`8Te*8z!p+{Tx#i>OEb!$jI@p48~kB~2B4o=(@giy9N~ z`a09m!Eq=34NaXi^QzZvlWE;%KE}7|-8xZut8-IESznYjYSkwj-)lhqa;VJvq9;&^ zE-WCmQSOJt_>l&tY())hsGrmV_c`=NN>vu2DG^&vRc^7anVY9@yE}QX?#(;5(^nM^ zVMi+{e$)kGNQFzzhY-xA2^7!TxMC*a@pZE6MSe(o6W!1c+PB zQ@9J?n1k5PgM;Ttqm2koO^VY?P#9iydlk@EH*bxs`-II*>$LT6Bxa>6&vlC6CysIY zNKv36P^8jPfR#k{+GAwZsv?11;r9B;h03renT6jQi0jT3r*+W0Eo93g? zo4dR(qnBs8_^a6<9y5G;zmbF-0wOUZM(Wl5Gwe;Au%fj6&Lm# zX`63mclW9Lcr}~E1*9OW`0%T{!i?%a_&k1FcM~%H@cJrxCD6QCNTEb5GK>bsVfqbN zZj@N_Oj?KJ7}B_VFC_y;$&B;xk+6q1B`m?BCi)Qg`E)^Vo{_;~DrYfYf@0|&oF2Kb z%0!{&ohrR;)12PR9C)w&uoJ>x-OJS5o*JXbOSTnkC>&pYD^p~pjmjA2zRA`uU}`b> z8thB>HV?@`>epO7(gzxEiEJ{hY(XQAPv5s9-?H)8Dh+)Ro7RZUy#DM%0=uin^F9{( zydvV&eWX#k3nnb5-`^P73K`S$;kn>Ma>^KKt8p;nj7yIUxOk^2Js_$9qJLP_f_nt+ z4t~GPlicyjb2g>0p!alF`r%Ro^9r}Q=H0+y1Z2c}{7Y>cI2x08k?8Ui&4>YT0zI@6 z0@#2=H!{tb2R5b>2Lnw$%Vqley}xq-Uf2THi6Dk(m6 zm4+V~u`f+jvqMo(mmoL>YBoVF)|85k=H(-~G{GYRb6jOiTAKg#QmXEOiO`zPRPE#^ z%n>qT3X0>CuZ3*X1JC(n`5XJSiTYDthHM?2MON|~Hlo%zI;Rf%p?4XCdv{7~pjS7J zq2#iPyv0sCQfO9&`bY9@ePdA-%S`tqi|_Oxn3*d^OWhsbWY{87LnrZEy+4xv&@L85 z19gW^rD~QiIPx*w1xr3R)>DAH9z8dzcXRThiSICP-3_j|(T<37zT<6mn;hfrDcCFV%OFlfd-!Tx=Uwz>*ew^t_!IF2U zrSIPH^e?}e+6kq1IcUD$`jI643}319r2TYYY~MQqOOTY}tfBb+2*Fk3Y01*Qdptl6 z?r2DSMEH5tBqk+I!Q2fq4m-=*4ZRvihpWWaGD(87j7@S`r`C>=Z|*@O#Wm~wr?=6y zL-+1QxFn2rbEXRdxTI`=mcmW#kjy&#RcVQfu^{hwg}c9Y36JkT zSw%xJ*pRv?U!BO`RjlX)l5IbTLZWIV_0S;A?dT|!6{h@hl@;ra`9Vsv9!ZQrt6uxw znzXbvm(1S5!OkR)0`94d)%x{dX`Z+EO?wXmq3ob7SaS8H%%r87)>D(wEq>EjYXKn* z&C16ktKgj-zEst3#I9*&w06cRC-?=oJSeE=e0L3$cO)*iZW@U50#sc1mvggdps;y5 z8g3hnl_|}JIHh>2z?3|Q0>+EMWJpP*RTsnjvLJx@*(QBz??&2swx0XCtc?*Lu((SC z+EO@e$)}$igqAmskE5aTml=N2>Zol!cO0yT{fKIUFYl7o#5PlR$=3QSq`nFPkedj!X{X{-43GV2}OcTbpr%Uif z-lfgs0K)Y59`sMQb`I^l2F5%A*8bL?pId&+SBgu>B=Wab-=1fazfm|=lel$`2{VS_#Xek3r@ORNY*1%Q7BVI~g_8&YJ(HTFG zvo6=FGVMsE`$9u72)pM{M~hxJAyHfo;VTH+uaR z|G2Le9m81PW_I-iIJsY1S~{J$jg>-9@~(eP5Pc`Q%wpWrxyxQ)a7%>C3iZNSnH`b} zjo4NKSS2lC4G2TAK3c%Wn1{+;izr)(Z|&pv+Owd|dj28JX|WFp@Ir|+iI{U{+e8wS zY%ur7^(h;%es_5IA~EtSp%sNZ_;kCaeEs8ZLd-*|!OKDdmrX*1M}-%p6%Lh~BbBvs z0;c|7jCPf_s0@uv`db;eo?$hYwCv7Sv3bUh5N^2%bZk5b9@kW8_zO3L-z~U*Sf1D) z1E}cVlv2+9m_?~pcw^Baoh+RsH&JIgrvb z!7v!B;x|mag(lB67hi_;quKt^Ehgtl=6&^JJs7Gt9}SI&g96hTG@O=W&sJ~Hw*^73 zy~~B}&b}F1g}KcamUd+2Jk_5S8P-ig*E8VW#M4|(NiG*6<9;Sp{9xYvP=9SuyB4+E6htPnK@EfWr4JpKh$k?ykSYyUcM*u zdR`voy4mS%QbK86e5MB%DvF1WSvzLibD4B+23Q_JtJyi?OrJ@^b6_C&Iu1}`wtx<+ zIp6FCAgVbydqQ0@n3adrQGc4aUpq=sO2LrkCEOnJzAW$k@|J*V>Ip_-Tf zIU`No&?f%o(Pw^SP4R)uH9Ak~q8|m+nbsP$yJ3=7(jkR*ejSideLVm!9n{kOkG{3M zTxRMI?>4=pV<1?T1CJtY11{*8ACAMkm$_YF_U$$7g~t&gZjb~cE~XB>x{NG>h5 z=1=!wU$yf94;3zqz2Ur(vx!FW$-TedE~KvINhRF#mp=3BNmtPF#?f|E7QH4{0Wld9 z`t{V{J-bSCh{lb}giBX1slL2_lRw=Nfje|i({g^3+8giIe=L|?d~Uq79m5a)Xj|EI zm2Lzu^I!VLKl@k#R-n~}$>ih#$Cl0QX)}LEl=oF%KqCEjn#}O#0F^9iIbs^_W2Epv z3cjwd?Uko1sgGwX-6nbLbPJ)dh?_&nfk9Jk2N|x=>hX@v{1@=WPj+z+4jWgOOqU~e zBGyA$^#hp6ovF9+~65vfAPHhnK34<0Bgk?jZUZxE78 zhRFaxve&dcEF0!d-Lc`W_unKN^<_2NvQ{kH+LDfF&rIB5i&`-(yP%^-5^BPO!wd2I(KF%2)=zx6X$p{rgDM9e|rh_Cr%d-@DoKRcL;4o^ zp!lSD(-v_y!R7?_#|-PA-I%tnp1Bt&!-c^i215W8!K47mZW+u0$26P9^C**eOZ>Gb zHKMcJ0~Sk3*PEelE6(~IkFG4jZ04ZObWhd9tvM+**oDAo{*fO;1<|k9YH~Od3Kr+H zYV^j1D&f8O_j23otac+sj_z$P!6I5MG}>eKtQy%n)A)fKUX;yTy>YqF6AJG%pr=>A z1G|pnfRFfNi^2Kph66A(P=h7=A^Lp5TLE{vc9fV`ZKprAbrAqF+oAvrC?mK_@-|dp znVH8fWyqM-5|8}tKxeyEjEL;prmdE@E>GtT>%vUzNAl-Wn_ttN3vw~YO zttmgX!Y?jr={Y$Fy4j27_;dNJjtUGeWnJg2jhEUjebYVO?!?%!!n4}=%Dm?yEi020 zd9bmSGtl#`Y}}~Q?8m66%Hmn*ViEy@8(aBJaFrqQw*is5p``Y!a*0*d{QavTHduH=T|m3Nw)Vg+ z9QHDRXc~~HWT|Ab8>Ky1utk%A?Xz`s7CAgYy6|qHcz;btU2x`bum7O`l{EjuyW^A1 zVE=yFt{VPp{o}hP;Bzqpw~mF8qDl81IW^)|8nRM%vFm_n?_byGau3H}O4JyCaisIO zi4J$D6k!J}5FFB;S6u9A{gT+++#Xs~cZ+DutBG_X0Cd>L^cNjwWVGWMx-@n0g%a8d zFfv9#?q#e!wW0$3~7;JqN>ZwZb;0ROtFsi|ytk=3u<7YG9&oKQ1T1tt*R ze7q9rua&b(3!v&3{Am2^Rn-(eZDcth}&QX<6ZpVZE#%z0wYdQe2%!8RkIi>=C zQj4w^_%**wF<{9Q;sdRx^vF-)qM+)v{lo7e)I+haU^T-9J}6Q<5pcmGI;&P$C?0Fn zo*$FS3$&Tqh0ECRg4x~awwmWEaE%gR4r>X6t`c&$T}=ZoHR1DF|H%G>iDxObu^0C# zv6EtWO;Z!R5OgI%M!?|G(3mg-c}xL@QWhg%?8Ht_N=iac1e?}1JKWD`GM+{oJxYgy@Eg`wMoM_TOkKQUf9 z4|<;`4fHmot^PWU>Z8dNYQ|tYOpmi0!gl1@YhDHn(w>9ziSlv#=21csF4K`>H9xeZ zPPa%Iy*v~#2Fv(h)tJ}t+===oASLaTeJ%fEzFuRYwJybZp3531_|9Dq# z^%_ycM+QGQIkDS+FFNQ?=n-#20jDQN9W=(QYpmC>=RPL#C5F6s66o9}1v4Sm{j*fA z2}(mPaUaN+r%e*v%{#liVqRJlJe3q^QKxr}Jco~$#xZKxs97YB2AU!6Y6U9l12^P- z_5p*zx)dCKB{M+1_ZjdO4eZSuEa?as5btY&CY>kxtzQ%tKxBL9|yp zenkMaLy~9mlo$-fmezN0(6Wn+oP>x9%25bhfrYcJ97@-k9XY$K0#;`(6d1)fPyMgy z$sos>neDbcc!s-r299$=pIu^J!Ez=F$jZ`pImKr8dldlJ_Z*e>+|jSq*9pTmY524n zv@cL`z|nB~(pm=rfikr}OOY2PBw>MHZx?;wr{Vsn&c|Au=p$h*x|$~jURr8g*O-c| z){U5X)RPA2)^iphjHr-*9hCzE|FYcxQkkX;7=zefigTyM6`jUbxEP^imyTQQ*fOQ8 zuIu|1%@r@apH;MN=I2*Zn;XAVl_>ge?-yDFkHB|;cOInm@(K*XW!lyYF>${B2i1SA zc!x+p&q)0vbyob7bFW~%aSq_1CnkhA1MB`X%3tsVy$Vb)k`dH1!lqajdBOERPY`Jt zz;f!xQA4=96;GOQ1^;2AKg?7QLz@3>0Pfbsb+$=G*j!}dQ5S;%7{j(1U z=4A}nW&+Ib{~-8J3m+wv>@vm4Vt{ws#{b(7c)YFVjjw2PEe29rM>;Dh?HB=P7C%yNiE7E_$32#E2!gqi;joT=^G{oHYKaghw$7c7 zTWBC@h|gfyAqqde1YRFNyPk#^_`VV57nhOgOubA4%3Op>Fho$Em38cVt_Xzbjb`tW zyUi-CPVnoH{CLd0;E%Wz^_OL`VSdk`IS9{)lZr1Yy6- zXCV&~bAFj`#*mir-$CO^1@yYL1;Np!d^!sCZ&{rG#S7rU!qGJ9enmzpO9f`0+D!(| zoBrCAK9E&HJ{^+WR_(D^alkvKg^X(Qzj?}*8Ni0@barvn5wLfDmG-IW{yQio0A5(L zA0&0+t3Z|RGn1pg85$rBCeY8RU7UnemkpS?XpD*IUpRknRi}ABGA451ok0z^h0NcJ zUo`}lm0m2Uj<*CLZ(J*`yzSpX8*2{!70$dZ6EdUyP`Dn>jEu zDA(Y_zi^Je1*SQyf|Amg2Hy2pI#2&2blUoWWpSzdSG;c^0g&EEZs7axpxLBAzbiPD z0yUr;`ao9wKV|a-rKT&lL1h)WE* zb}b%z)2XVzzWU|69l4)GgJ1(pRhAA+yH)H$@iztll@`>dvtP45QvH#ZdIYc5sVnmE zqxvTX8$d^wy#VRBm>l*mb5f_b&G6IpE(^t|(uws>580|-e8z7H~jo$R% zhKP9EcUb9^O9c8ZibRcG4WcQ=GoTu&mNzI0vg!kXZ5q0E`~S!jbjaZ@&9>)lFCFuK zJGnQa36fqQH6s)hLf@W0bzlEh>Al}W_1llduOE*qsYr%hS*^qXj=T0_AM+Y z0|3R2)yL_GzhMSGC`^2+$H1*QOk_Kn|4!H7Xl;@`Us*^hfBHh#76di$f5`I^T4J(r zWWNH>bSucxIv9ibKN0-bPR&++;Sa2TVEXfqE(rhuE*LY{zbO7|mGWxki2ttlFFo!P z3BX_p`E&Dsj{=AezW*rmzh1Kgh^Rnbor*OvHrm+zjx||`@rr;Unz(j*b5nn$TuEG7 zlJ3kst}lT4Y1tG7L!;vp$m#7>C~KdY$kVnyGf{RdBJdHwEwX?@kY`N39dM%wCTbz* z4ES!JO>#3XGbIorW~?q=k(Hn_93GtJp18^B62%O-J;nCq2AeeRE9Pz5+=1UJwO4^o zrA8<#mDw-OPY<-Qis9ev(9OUf6c||Rgj2sxvcBW9d)r4go~+PZ$iEi^nIP^!#f2^= z8_J3efU#{Zdf6sfpu}4yoEq>IZO)0xjBFwRQbn}HTt(_@Xls0gLB4_1S375iKyf7& z&TQe-x-L@T%qS6aH{+PrP*yhoB0|yv$xzmv4TiOwlykCim%7IO7ErVK7K)iZ1Nr(* z3cUCLWh!uyDXzIHqCmBeB-wa+xKvwcrJXoKV$Z}9f}^>zh&=i;irKJsNN=A5u?#4t z)zvkG)fcAtK$TeL(}75OSUqrY`nuU7G6qh_EAJH)GuiGgqWA1A!Z-d%llYyww1;+-FwGEwaf9m3l2o{bV=&i+wDUkmVl$-w_*KmQeTE*R%ouK2BmT( z-EB(p%(wN%D6$O2R}H3UQvbHDF~x|WEWZpzkgOyb3l*_jQ4K0lOs)Ql(`BJ5G6+)= za;gZf=sYPLq1-J^+fJ`J-TuG$5?Cg`6|2#TPaa1}_uo_Wu zSSYDZBuo)JY#*7(_*B4D`9z(|cQn1NjZouDiv;T8>ErirPW8Xb2&;VuAJINqBKOuF zW9VnDuqE7MrAPPvmA8Ru6fBoXbD5_ac<(?HsFL#3g3^nAw=38_LAJ zhyYzIaD8&o!PVEwXClH&I7kdB2cEFrUb|gf>8;6>E29%x3u%mpzkP(w!3J~hBbZ?{ z5FBN=K$D|)e0qsFs=^G>fHIo0KlzKc5SW1M8lSeh&m~MWsg5itl2(KD&IG<^o4(jd zJwl{?2gp7zSk8_tZojvI3E=%7)JhgoYK6Cg64&7DvnBo#nu5BI!=3gFs`-g)k^u>2 zbZ6Q8Cf+13_DVIR^1VZK-bkgaUY-v#FhBvT#ESsWLz2e}p(>s|{O!*&y|faW1k6h? zBfEkGPHb`7Yebr@`1eriMs`OA=sNBa4E@!?cXgR(C|^e^2Qk8Jze8-S+Ree^$O+KWgA z>Ky@^IxkOM?q5~#+ln^=#B+R3p5FiZ8Ms=fj9F5uGV_0l?S5bwst;)i86qMbijsoemxAQx+BEc8;WRXSmo&kJLZ|4(8AAEhNZc{cIH&*m%qMXX+=-_+hp zZt2kcizWW~o1P5VHK-i)MWX*&6fcxq#R4>X)Y{?K2P9sn z$0rqU_uF&tXmW!G8x!QD*pi~V%CdQ)(W20-i=FDCx;ahCJBKu6oOz$3a9BB~(l9Y@ zMNRZ07(mVh1#)IO?>|u{%aB(^6<8>}wV~w?HgZR`v#4Xx2y!9*(m0#3pc^(8h#Xhf%nA50P?IPFy=;B>4-CpF72WU7ub;xYzhuDH zku5^gS&U{`w4R&i1_VC3ZU##8Of$WLSWxz*JGS~YQax7FKqI2(-9m=%SXj4~)Z1|Y zLYR75w1#R9BYN3JB81wt=Zu=tPEpH+ z?CRXMxu@@gu5Y2E)-&8GEZ8)Ae6tt36q@{?`bHzbMbCDjzu>@V+H^>rmJa3T;PC%r z?=8dPT()je9D+N+Jp@m1*CYg&1ZdoX1Pv|?G_C=X;K7~X?h;%B1b2698h7qX*4p3N z`<#8B=bZcd{^3bl>aDICHEY%!W6tWz@B00AV6d${*fPsI-7Aj!$9;OXs5q|3dQ$W> zQA!X=Bg*eItMX{eIt8HLX=eAMX{c^GQ2(7_-uY>v=h{G@FTXbA>&=L9YN-Q8G(D$G zO=1Sf!-SA7pMs@TCwe@X3evyx{6Iu777xbNNNI0+nfXpV;C;p7l~=7O6@g}Vy19wC z$oyi>3@2r}3EqJM4J#9gajC_6Af~4ae((CqAGEFjeIRLxBf7i^ZjcFeOgUU;uk zdOwfn0~jS0KwkqF`>dGmr-U^T-!nA{iPA@7fi8sj*v|d@U+n--KpF= z>o+73t$~*=UW-mnz)X{_2`Pa?4veKw-`qs_`n&u^qEFcunxu;L@199Vq+%}-%U2qG z%;56TJIOC70^JfPGPJxB0>-LO{@zeJq!4T>lpwYQVjWDm;{2W@Bbac_*N!r9>z`xk zpU-_kMJ&fUN+87S+(*);O=rPn0s?0&*KRXgF_N)O+r#Rk&fasUTSH6T9zSUB+-KNd z8|A?C2PKMND5Gw$ry;zH5-2RG1rkL}0jFCYmh1D3-K*K* zQT>EstjL3i0q^7cG+lg4r7RHcuAcogVKNnIdziUseGTawPze?fYMlsH_Qd`gn z@l9x#t4-0QN6r(UdMjP_)Kk?ZR_tev4;eKLp$3^9O$14lFK7+xL;9*JNEJky-^lud z<*pvTh{qBc{@QT}r1jgzTK*fbWntBQ*R$q&Wn}s|24*yTf5t!*)%e=+mlM4-Nx=R5 z$gk2L{d+TMg(!Wbk6sF_N#{bQ%^JAh!65f`TAEL>I0N z{=V$NXzzPG}@RfT9TaCHJBLJ4tIh(e~I zBA76|B_;NbSkIm?YBY@zQj1X*gwrhzBNIAgq|@DDqV(rR-yZ!2V3n$T1m45!{QEsJ zz`r1LLit`51`MD2bi!MBcwjD(pFc06fRAnO$BRh}W<+`#!k*CyrjUF@AMjeUzdJ|@ zKp(zbQxD!_^OS8t04SdW42F*!05n6In!kWHB>`YQoqHr(9hj5i_U>2cXxkHMtP*Xc ztTGZgWe!NDn?_IIQHD9%N33Xa%N$-o4XNUA0jvh#L+z0sJ0nxJ@)_`{>gy#w zII$@_qhVv{&82W-NmsnYOiS>cKGKumhI@~^8Uc>%j|NJk6qc?Zp&JQvT{l%x660GC zC<8Y55!QG0e_#!CKp24rK>z-;1dGf|SvAhR?>eXIWYA>d$98^BFV6^U6kTmdt4;ZN@%kE@O6n zw?H9AfJ1yK0U63L!~oEwv;DGI^vMVS>6uD#!Es{5a%p>EJu}QsrK#+OV%*1NYb#v( z23-kK@-@it3e= zRHe8k);C}l(Zc`T+2Y#(yr6#vxw@~wKTem54gi%uc=~Tx^QHj-9uNR5#PYv@rS9tn zc)+;Su!C_f-9Fc%OJ76e6kou)NkDA>wr+qEhYo11|F6LTY^mv^0L-3-{0%c+TmX&R zm^>eefUzztd-)Xs!Q*TTT?Gg|{r)hyMk3V9i+z znEcBl2U(X!u5kDiqCC2~oE>47Kj$tY?ap~@O! z0I*vAeW9SUqO&48yE3Zhh->=Az9|Mg{UK6T)`kch*@_CsYRh{-DcR}30~pVZHgW44F?GNL1CI)RGZq2D<4zL~<#VZPzvHk=Er z4Qc>XBA4Gh9>yNe50<3Ql+%O)nW2hOpk@y@k5f<~x014Q$GMFT>_GEm#o!12n@A6o zj11o5n!MNm%+5%gP|`Hd&n7Za%P>6UOi4HCLawOL(6*_QE#sbZo8Gs|!NI|(L88|J zLh~a}Qd3hkX2zxH{`cjv%-YPv&xFdPl>D=hGpb|3>n6jl^*+ai9VWG08q0b#@Gb4d z<`v0EzN$&EYg=dMtJ~&doZGr>@GG8=Ve#FqCD{;x3ggqQ*B_afm`u(;D}PD-8gzq- z3H*%f9KN1=FEDH(-qBufk8j(3j*_ce_!$3cIPC&ClP-#ui3ye0GGIBBNrqOW32(6E z+Vf+sCgd>01t32E9B#(B6jFtp@uAHpe7iw`D>GXLRV-_r0Z6yyxBRzdpL`XTXhbOJ z)5s#eS6gbCD$9pH4WXPPOS`ori=+?>z*82D2+|N!@aD5ZnJm$Y5OVHNskWrKzp)ek z22`&(?9v=LZkYV!=;&yjvmcZ6=*CRMV$)EeM^Q($TXDAfEP7pMKKP*a<7)i4G`WIa z9>nK7J((BaiL@}z)Bli|SZO}I+-TR@eO>*~k5pV@rD&v%x!^jt1}H@^J^0Q$It~g! zC>kcNjEs8i`=n`fyzE4XDA;fAuCe6US5ieAVP~dB&U2K_DnHargC`h(`VMxjS7g}K zLLoH=r83%IVj(AKTh0zz{KH#Fl;D*AKlEYgPaer`c-AKfu*g_vPf22ochVm-xr z4J$SJuI*D(BnE?tfxLy9D?jpj($)9)8a%atDJ)^ABjN^R8h-^Ee3GR&TR7^gNLkyK zK2&(tK2{EZ^*{$k%IpJ@Z3H~laRZ40C)9=QZ2|r`D0TI&sIH8~&On5UD3lrk3fU8$ z_u)I39YF2i{%wAAC~TMMav=2ddfNo}wFPEA%rym%K7g~ck-9duvV7zD=h(MQC52bJ z$B}8b->9ZrspY-319Tc);s@}Wo0^^%VbT=sP81qgLS`$scH8Al4d$CZ(retq8k1EC z(yj#FiHUm%4%D1P~TDx1Cz10Xb$d*RHPY?v9iG=UkN1r;bB*1c-{;Sm z^PX0kPEdE9wtFVpqGzoqHS^1y=UO&%6%a#)*Gwp&ig1v+NF{awb zV^IRY^s;c9CzLmQT0w|oza!-^<8E+)(oQvm@70>N_BN~5E-V%r+Kq2Uke8eNVwrba z`&Cz>s5A30S*+&|(YV8+?I!253`li7l?o?jU)k7TKR`2LjC1GtI7`TsnMo7J5IAAy zBMiQfjL!YF?)}3`f7QKm1nisN`&Pm0L66635)%viNsg&~XS%}=rlu?V zi57#2qS5XBvIa35oXAaXFR^_kB}0T3u`@t>L=B2 zk=qJd?>qhMTH3uX#C^!^T3*M4&Chm+OD8nWFNJ}P>N#;Gt$ye0H$74c-va`XW@7vo zm5~XtH*T*$BBICkJNt`ndz2yRuFF5Yo33^Tjt_3KFY+?wV&OWwyO(20Ql-zxXx&Z@ zWCf_n!#`3tMMX13W__&OsOvTL6j#*qRkdYo*@f_HkZ|gE zUQIu(vYDb%78C7W{dkVCHT({wms2a`Uxx2x(S7=01YKNkJ1xhnhzdy;*&EwAKKdp@ z4MwPS+F_x-H1oPH_q+squ0OA`cBX83IMlhVHx~5s^T&JoG(Z{^hlY_6Sviu7{h+R) zUe>7E=uYUvhwLnUFPO_H+f6?1{pzRKAT08Zb>l1R0t@VN>sKN5v^e5^O8kr212k;A z87#PV^Nxh=!%h|&*K?Lh6fbCO9%F=d?Hy7jceu{gx2K20Cl{dR7cN!nv`Dc>^{W!$ z2dqcSl;s1UO2E{(Bp{6D$94AK6pJhk$!8TIJ5LR z4gXFfq%1gCER2lSopXz=xwDNUdeQq`cNG8P_mHEY2xoVxbih319DEq?BGjlEag@+* zMm6?*E8;nHyKb^SSBo0Gn8ZTO6@Oa=;&8{0lw-5ob(1#VzqLcng`E0&?lI@~bV=_I zi{FLZP(KYg6t(pisJA=#&U<;DbhW*(WjjB1(Sl&aNM$J_cEv-+|1m5f!7)MDoG&v= zc_4U;m|aI}T#Zmevu7RC7c_n}Oayrgzi@IcJW?#9yg%2dY3oG7#OHi4N$GmgtSq+t z>-$SRlsR}D%=R4l`1K!385tSdQxEXt`KpLLk(3?gm13`BS=2wkktBUN37F8H;cr}W zAqU(XQ)=SMk_GT$ z<|leko+|_>pP=t)i|Oa@59^+bULSaA|7}CZt|_c&P~j?5fvuU<+wHZKl*p!+m`t~C zPnw&WSVDJC&stLHrqS@B-qZ8mHH&!$sqP@igH}Y##aTR4o!;m0jth*|uE}3X8~en8 z>Ig!C?k2DD3ebLhxRc}?S{^MLFj%wNp$ELKCC>4fE#rnYA0-pQr=^9;?-IAo335B4;($D-vQIGLGcTVS3aF4sV(cdnpTZ+3mpD|MvzSTQn6(D`yiX=+lA zl+-%op_GoI#I*FgGs<;Lp9C!2q?j%)pC<%Mu@`8xOp8aHS64Eptq<_^g6~BX!u{co zIcc{$pNIy&CIKW00qX1JS!xW(z+RNwr=Kz~ksAt1z2sbvd8*8ikllcVTKg+@Kmi z+&53xnn!sOq(MS!3sY>HRME?C<`?$S#TGlvfjRsrNm#(IM0ecsd={tTdu>Mvzvi4?7__YnXI2~C`vhIg~P z$4FCq+O@Ii0U;0D{>*?m=v=0i-at>x5$Eh~zJtcg>veHy!Z43lV)~9sb+yo0%bUPg zb_47E$?a1M7w6HObLcnw6OaeSc(|Z|AmjCS%Jk1KXLX3Gc9$N5L{+o=rCJ<-K~R;1 z#XaMDhLR-{A(2#b@cUx%=EX_`tj_KyVn{@2U_v*E{EgW4vRA#e-D=~zb)lVM@uWbY za$l_B`tEKJadAmUIA>IRyIe@stn=>j6^VY_MHuR&B02wZ($&dG?UL8AK3)tC)wHIe zJcWtZl&IGRdC6^fd;imR7FKSIG^GbLRn?yC5v?02nVUP9mVtrL>fsL6^}I!gin-Zz z>TM6XV_{p>E11qs-1YRbd`D1j<1 ziGaJ>)X*z#<&kXgnoe+Xans;%ZwfjczUK9Ojy3Hiah!4@BWw2ceLB)8&gnVdfGcGz z-BQ9LPyQg(<&yJOK=Wk1G_RQNnB9XX7wD@ zuAK~<(Vgpl775cHJlqT|eK_jtp_Vmr?n!Yq8py@EbU55P&Pk~YcuTOR{8{?tKr#e~ ztx1D&vKapFMikqw4rPU4C`q~XcmhNYoD*Z3VmVz~-d`}Mu{%Z}Q+cP~wk zg)0oiZhJp{G@lt|bhFr|w{Z1Bz4D~fZwSpP5cBp{18r<>_Qqm-?TPF&r?d~f=@xsS zBjdG2AaPs__UY0;i4sd@sg)ApKV-ZLecJMT%%ZHK90UYP@X~kJJ#ad&JUcx$mBmt@ zQ6_>G%RPWAllM~k1e~uKa+Po3^cpW>RnS;r3!!?AF8!ixf$jH-(wk!9SWISj+ ziQ5+QqdDZ?`RpP~H@#@hBRX5e?ANb+B>hzzmGnY>b%#T4srVP2FlG&w%6r9_@Ls(( zAbcQcm$Pmnxq02`4-DL3wA*t+Fk+W01fjG%Ss6*ce9NjM$hq#KcGlJig*+cK zH8%%5710E~4bl0pxUqHi$>j{r6xQGwd)qZ*| zeQPCrA+|z?B6|6$ZGa7Cd=?CCdEE$@F!~|+q;h;Pv@=`>hOe*>BZzl9y!_M;c4*!I z5*%ypcUX>p$x|c zYa<-4{iVHMpk0n__{MTkw|+^Qt>@|eC7QcL;ALv!WlP9*>8efBGzsJ6&v5>DW0a~l z7S9iAG@It?RJyU+9TJrGKkYD6?1oVhv0PRNpQHmAhQUmmS;1% z+t^C8*GuAiDq!)pjSCbmR32n!Oyfdj#CQ%0#mR3K-SN6ABc+DmMKiSo*3}8rGw6so zm4NPrfgQyBvxgbm_gV{DoKQT}9<;Q(Ta40Pf98NCgX-FT z1a4n7wbmz63Ka#(8+Sn~Zgz9T(qho2SWC60@5wbME2GKLDsQ7B>VgSzSl8 zyl0xRoGfC$FuJ2by?Lp7|y>p|>)LMJsiNj3Ibky_3_3%4QK0s=lC>T&S2oZHRwu?z?r4AB1PT1F3oq3D|eL9>M zbUK)&0ntA#ul25kH&B<`|5Obov zqKZpJe|~Pju3x3X!A&^uB+zG|wNpV0IFPd6V9Eq~K))qEvL3*7NC4{*_a;;8Y{eHNdC@4QV@MG_DZqqVr)+V##W81Dr(!P=WQjmU;PbS^sI$3-Y9f!3TJQd4whbYVTBbR88Z_w05N#B6c-+S-RU4qd)dV=-+3|7>G}f&lY${0e$#;N`9sS- zNs(S9S!ie|S8tdPTijk~)Wvs>VNj^pbL@9`OAQT9%&J43Vc<^Hohj{6rp1IXX??l5 zfr$niVZq90-9A*De+9&i&80v2Kvsq!Ggx?cS41(u-L}UTXYmG4S&=6axy@`xFClIxQ_c+`tgK-lMq zV6N9End4pMTb1St@l0?S8Juy>;Uwj&Gz2THU6w?yt~ghj=NC)fU8VBgaZ4#47TZ}4 z)ajSGv%}&X?JdoX8;kow&byh)OWqb^H8yRvPr5KP?epUVBwl+4WxWp90G&S+!L%dYq}bNx zdcUcvlwqt(Xsx{Q6C)RmI9u^dO9KahC1?)aY^K4*2{GoJoDjQYMW~+Ed5+YId-J9h zIJ%q(<4AjU*1j9~#E3I=EAeSYRP$2T{&Ry{pUSL4K}g^gssf>yC!-xP3pQ{>Vu9(^ z-11yqgyYnPo9eB8(6nE#2FaO@hu`1svZp1-1nehUyMe(2B&A)P_PAkgskrw756fu3 zmpa*E+yrT^KfzdgKE(e^3qXXNSsJ#qvD9ilrQ|7QPE5vcONT>&zr@3{n)4VFt;zg5 zCi)+AM>C2sK)0o2U`DUDX;OURaUEj268yZ$uH8q34Jo;m9y$+`HtLiyjPUrKCS0?z z#t9^Sa1(0gk=w<|BWeP?V=xYNOr?H`U4z!)%m2eC0r991Au49^Bk!Z1_kN9?$5S_` z*xl^4F7~=cJP8DM^(N$ujJ&T?IoRUvL;W?5Iqk#BL5u7yffnQPj~wFxK*s*9K>FYL zjt*XhFw?5lXw=ma`0{m){YreMdeXa0aaT{A-UsZw%bJXYa{MKF!aSsgdUCLP?PFZd z1NUD6(f=cQCgz1K(1D7}OP3E$MIz4xfpocuh#@DIbcAspcPxOm+^74)DFb1Q_o>&9 z%rs-LCfeNB-&;8cWw>*3_kesMhkv({;&kiUn%|tQ`mqnQevd?^O|QT2G>V%-|2y~@ zR32#wbs8l=2;+PTJ04Nc8(;y5u+5~mW60TMqfRGJ3qGB0ney`o#&!oIJo0RB*Sbt- zCfyK8^W6#%%2RPi)AoK;S7~ZoJ04Vrs>;85)Jn~@3`-Qv<&M2-BMssGjmd@thhpq= zpDf)*3@~yvBPQBl{B(d8tT2Z-DUo&7p?!qPf{T6xVe-8$Jyx6X z(d!xYYq)p>OHUsa(8nfU9(@rM;|TsQzF{&(uZ>L84@$UzN!T(UlYX61yUIruy=|JrZKdzIq0KmjB#<)e%qisL3gMyi^ zFL311018Md^a7|n@`#k_Pu>4FB)Nde23r1q@X~DV|BaWHY8u=fDQfxF!5VPTyL~e1 z0(zUSD6%tb^T>1o6#pNl3os;TK92;VDfuzLpu>)F>_+ib0HC4$dd$^lnr%V72`FLLt;3)Iixilq-;f zlpwK2XiEZ%0jS#RL_YWJgXz{=#1b=-BurJ%Ou+C_C}{}R5;6~>#ISF|y)O4c?+9{+ zIKR`0Rl%{x`Bs6X128Q{_9D>9JJlCS3Ko>AQ@IrX3sJ~|+tbNNMP=7k2ZVMhKkNQ) zc?h%rKJw}`i*;MiI|quef9?To&kf26P#Ahv&r2Y_V=*9%BE zRBC8(P>ji!Uot-pnR!wr^|wh?e>ACb>H}=3|1zoKQ~$q7{U7bc|Ak3Czm+)pdBs!) zwHDIfCk_a)qL-Ei<38o*N!$-h5GWU(`lUE*&LRdfM8P{P$f4K9+SNR zw3R9~d1W3ZSAuMFNg*6qUcWPgn7(UV1QaH&%1KrV#`c{S=~6U)i8MIZZ(m7p`n;`6 zBt5HM{v+~%O1`^lVhgzLFq~th#X{{D;>6v-nt~0>Qv$102`NjyNg2kq!eSU2j#E#q z^zP4&2{CU4XPU>SL7^aE2;ggjZXWI8lx3bz;N4aE38~wD5FDoEJLH;uo^7!&g>LLyzyhV%12 zMMzC`lXc0V-vP|c-1PHbLecrbKMGL(fU9XNpIr%SWq_n}h%j&=CV5wRpaCJ{BKFl+ zyv-IT!Ktdz2ey8E9v2TylIUbX%EgyIZD}6Iizo(gNuHOk8`&8#vb9#zp*&D2w%5yR z_2O9}xPASpj#ihXh*r288AqF1$KH-}Ux4@W9_^K+^L zIl^CbXPPBcgr0hMaF&Ldy)tSST5l>T1?FJDIfQZf_b z0Xl3Vq9kBI3=>iRWCHnkAoTs%;Ub{sykU=0GqBwJE4@c0*@ycQkl~dZ{F8b1|2;Q| zCi;JE1yDL?ihYSqx$vUa)Dep)$+re-&OC~p4F!Sya6k*D^eC5p!388OAs2H-ZY})J z;g+S>_fMLD4-%4ZLfxwnyIkP*YHn&%yy2K`skkba&|PchG2x{-YcJDFw{)OYH>6JIBGboBQ)}<*YwH84%MiV?IWRUU~)A|MjW=`77|4 zKFegQs}X_p9(TIj3Wv{bDKI%%m&b-8a)@%at*h%^zU+NW3g08be!fMjsI0_uUM18h z(#9YmAqf~qdjn0?8+i34E;aJkoQpBkw*$!d?Qv%RzT7~p7!mNiA=(^4vkQGIs`tklrNQ@wOt33QOOx^0JJqao+zR)Bq?J0bd z#U)Rf_9cXQOuS>&;K3)Y6o-m*o;phO)Ti63Z}qE>3()?@Ja!O1{s=PgWAu0kF#b#n zkbl5L1K$HA3aE7o1Cg=+sYH-&417Z!({)qZ9`N{CBSjr+A^^bJ+$MZS>VHg|ZR%vJ zGoTo5bcPTPJ|obU8Ly^6w);&6Up{CvR+A#&z=obT-2HQ6;`2`*7K^C{WV-e}5;m{K zr)fUUNwu`x-0~br`8s*THP$ycJ<6}MWV1dwSiSiniM4WMnj%n2m5?PMap5D7-2D)SPUtrpD#6zZlFe z?9$h|G+XblYhd8^!@%Ci*?hQUy2Y_{Fwbi*&SI>Bw5dsCU?Mv&bJ%#S=Hb)zpcVsz zzSM*dOa41nLOt7kG|pkx8f+@TATQLYw{vH^<5FfC!0%gPB-LBWjUAjDO8HpSz3$ST^y{6m9KFNR_Iz+?7(uq%8IN;bsuABAL;`=7E6wHRf*c#J83P zv$xJ#uZ&K9el-#B2e^JyE&WN@k_BlM)m+(`(c42(Q-!m#&(-gqPIX=cB40+kc zQ!R+V%Ai(LQya;b^m1yxLb-GU6ZIKfZkebumD%q>1RVKL@UZr>WY<3J&p_UCq35fS z@;h7SWrkY3%lngRWS9YjHM9g$orQ5ax<0gHv3C#wR-NTZXAjfzit5@rVjV7PS83bD zLc~k@AXyjI={G8md} zTdYEgiGjiTH4UvIkP}a&HB}HxpO^|F3Y~kMaNL)yrWO9Pak(-|g|#YZ(D*v}$^jB@ z_)dFKk&O4J-|#&uKfk6Hbh7rGQC< zO!VD#(4$x5kA(U4m$0c@P6`NRRs&Usy>a^H0$O3mr#`qkSDK6vaRu)?6_ethLM=s_^Ss4q4 zbA+YjrN?A&zAF1=LAzYjPwn#_mZtN=;MWSFBu>0m?|bUZQ@?O_bTaB!-8ES=E~W}K zk6XX~9ukCg)G@E@G>Hh(jeVTrSkvKJp#11x5g%+GW-}ow@)LBxn)((MHO)k>PHA$B zNfd4>mU&I3TA>%lDUzF<2S+b&ZTSNw6^mHBM6R6Y=YJp$a&QnoVWp)Jy4dAhvJJC3 z?1Aue4!hNB2pbeZdhx2iO|v zgRt83S8!r+HF6f9TWb-f7_Ab96Fyc%(U7Uggl3n}|SkLBzL9goxHP}HX_DvCMU(;{N`@_39npO`Sj3l+PMB<4q8z=xFpAme`Amp8Q- zNWBW#{Y#dX16Sa$NF{_HiltM#Hc2i_SLMOm*~PS+@pX8mvv16SbSa55QZh}r!DuV> z4(L{^n5*H>h32y3wCaS~ z>zi-b6E2TIg5jsPR?)a=3D2!Km6ix9W$2!gw04qrro|V3kva;^@PA>vE%Dj&p4WQ1 zB1@vI>E>EsesbfPQ{$GTZb;+vcxA7PtA`Ph%&&xe0BIC`0niSjZZ4hlK)Q7MGE?{R zIAHj6$DTC@+43*=B%ZXe3lOQqtoS^vmgZa)X% zqW*d@yVSx-TQpl`9R@Rzkz`{cTvgNc%PF&0E~UagG#VVzM*^H(AWBgk<2a2c#(eHc z;SIVbKiqarqWJ_~2Afr9S(^$2hbG#Qp*T z^rF^k3bV~>Se)H_wi6w#O`@~H_u{-eOB%(nZPnmtB`-~W&RFnP-sDZcI$5;%_rP8P zrW`CFEYOosX3h>QR&ZQ3o6f%+Lv8qHoX;3mx69W;BEqFL%!uP|ThzQ;Ws3r-Z`QM( z&Og}J549YrNzgv?LoAf@bucNt*{DFb_c}Uvb85Uo`RsN$0mzojoKxN0z7VP`-PaL9 zAtE~H&MycVhtD7+D4Jo#o{27Hs1!`bvj7UI*6s-q8x6ESM^p9z);S7 zy}e$X{@5}VGbUYDHux1YfIT-qtHU8rIF-L5jZ3B`eW-bL7S+0*3a6U(wF5cJLkYddrXx1fGAp5X`q28+XX|2N2pf2 zv`o~>V4~w&IoYnjaM(AQ`){p^kbAcHN#az1R>p3*bgNKkHGhyirRFQ33I7GT$JDH> zH)Kw)+bSe|x8WaL#yo5E>-rbh!4WOui|fz~qLGe-98t7pa;-C_%YJmle>_svepT;oavNh&j4QNjD;o!l7fgb7E`~?wj}P$k|FUL+94- zx&qZLA}lY@8izMhO9}Fn*3R!c*1e1;y?1pu>6`Qy)B@G_0|lBcH^B~1vT?oWgRtAb zzwe@b5q7}l1MFVdR8z^mUZ7&_qgqn^vKe(g$yAfQjH7T#Gt=ZTYhjXHOemq4} zxO2kh;^Hz*7a?<&DuGf9ZHo5UV{ar8n4s)n_dZ>H`S(>IEd{##Bk_t1*4pH zP3HxfxX>C+Y@OS>?ZuX>b#^9;M;&@mvw%D8XcwNN|wi9VzUODlE zqxF34U2}7}eO2FAkGntMfPW01$pgSSagpjFnb2p;czA8H5rvrHVJjZGZbWwlE(-9` zzVFbjr_~+**nUH8vZCB7XT+OtK;3k^|2ACfG z>$UR!JM}G{ly`UIT5|f{=XkR6HZ+Yc(6}F!sb#^=FkVZLME!YKTdHBsiEA)sorG#m5hybg|5DKT#`@-rpXAu#b#ztr zZ`6BedH=6D76^rK8?nx)D*RfvE~ghb+3KQ*5y~Flm^)PQI(oK7OqQw<@@>##pA<|I zckY9AxTI;@_%UF?B<}uBnw0;_+fO~PM1S3@cjsJ$FcXOtHRcR{bavnK#^!sh#*#06 znLHEn;@u5;qih{Xc7AlibJCq3e3&Z12HT2NRfaho6miY4OeWA-t3yDMRw0HVVc*~r zlN`+pTL*v5s95ZXrw%aW^Yu?V6_DObW*ktds>a$Iu7`S=eOa>?bE0Er1LSrjIH==g z8N)A~x0kn7r+W3?Q4!urF5kN@l%74Uw)}V|cyN24Y8X4g@DAT{;#9Z_n|@qh2ufAh zvM~I0hoF1*)xkcy`{>qaA$!$MjpuIz(}^gn^@-Q=@+soZJ=m$$5kBDko@F${NbH+__9vDbHPVH^7)p{gqKs@lD3k4o&{CVjB~&NYyQ_%1P{{ zoZ6Oca)?>?K1RYXk;SfT6=71GHc7EFh2W;@F|X2Ji$4g0y=4O^lo%Ql zg?;JXUi-dLLpImvH`J!vA-|tZ(=g5uQ#gqKWR02-2JN`kxoencU9P^9@mEh}|CHTv z=`=A%O3J*)NXX%qQ(Phew2Z3o3S+UNzV#Fo>$*XA@*upB8Y~rSNQ7=0X)pCeA?dDe(BQHL zD`Vv9O_q$V4J(|I_p&M&A#Y$Fg$zC4F>bcTl3C}trvIl=);>zX+}efmHxBcZXH!ca z@#fDBp(l-fUakw4@P@lZJsTVR#5#6S9HjT_`#1Ztxg{*l%M$jbiHl#VU0FwRrRQu( z`DcO<8~CxLvP!5}L{YFMS3e7wmT&wffav<;ag3vrrRX^}3erp9R~2HjSOVoh}M zT(aTmu$g34E#2;&>0 zXCh98X}ZczE7^mmJj!LGssz%gdLIgxcaQe_xVL&62gEDD(b%p{TQy0q3J7<@vKroJ#dn`vIj2har4B^N zUYaE{fp!v|p_4OyZNk(=N0=GpeCx)fj(5<51%`(C2CudlBTmr&&$$S)1mTFFBfaqiYkjZQ)r=s@Q<$?_Rz-phM@em zyPN5$WMwX!qe#Pmpj!p2HuU8I)b>CGt2%R(B|Jaa$`DEK)nsJ~C=IX8|Gv&whq!vW0wx;^Y%^|P* z*E*iE{8-*XZ1$HU^41m?F{oj|c$Oi;H$`JMO2sXO^8A$8kdxj*n~+9q|5n@6l!~?O zRry1~_CurSQ_$=2G^JPSafU>y@k#v}uOvwP>bzE+hHtX=gH+zHlU`@spb-|y%{}z4 z#LvkAX*Q)z8i@`aWx}2wlVll z_`QXNMr+1YAEy<6LMhlg{vtV0LR7=IB!}YytR3vK!BJb%bDhR5)E8Zu>!HC^)O+DS zOyeW*0e#z_%gYzq)$zt1&J&7bip*-j>*Y3?r9(nKS_CA^U~A+&*%K+2F`s8Wn5!un z-#M1A(mN>CmP;(m1SnGU5MsO7RK?94Es(I)w}8%(o7noQjpiHD3+M9-naTiDcMHEKyZ_>bo&L z2kkI?OhL^P^>5h0jo&LFGY(e;fll2e%dnfrsWBTq=I=Uee&qT%{}jB1PL6;^qk;$T zC2+QgO5GQ*Qz?3Z>Sd8D{{wRLyLBIaHXQ>zaH(U*R?d=s-+0c){;*9T{JCaeVfc{E z#E#T-;48S51_aJ^D%pwDYy2>_Nufh11@5V`ac(7(0v9>`rq+v40XH8un^c_&U;)_;f($d|HLJWR$S zJzNh`$QDFfi0Yo)pEqFLjopOCeT@07;*kQb(S3PIC#xiMuJltn7-z28e1pVb4*x8I zo0~zHNt5dPP4Zbw%I_ck$S?Vj+GTwViIg;>8{QZAEPio{j7G_hx$di(uLV2eSb?rK z_)`JAc{X3Ij;T4VhpZD3%0<7~;bZCtCptk5d3T0hI!F#XG72*d2kBV2FBy3+it?MX z*B56+{sv{yX)5>Ww|j?^kV2a-vAfUbWU&+2@l$c`wKLa8pXSaFD!>=|7_Sc{ zHo(-szv3KbcrJ3PP90x+OQo#kTyWe$a#C~_ClRzR&%rhG9%fliNjlEZ&%qmMtgQk< z%6pz*5@K?M6$XhihiywLp@t?W1*aHk8N*t2$@C9p1x$b&pp9=ih3;nA(pCUTqdH%Y zEH*}HX_I4;MV*zy(7+<#u52 zJpSUwbL$1KCI3loVoi1>GV^S$k@0%thL4;JdbJA-q7BYsc!j-!^tdWMh8sWQrO9K5 zy+KUBIpUqH7dio-d7yw!q73~YmIf3!dGks@TYp6KS#iYfs}#p47IF0^l!6nGXPvZW?OGn%^b>@Qr#BoXcPMSdh;+J; z7D2ZqP4|;(H?#|D$sAnPy+3`B&%Cr}rQI%jjY1>C;(~J*Z5;8Y+vR`mkjNeTEgxOC z1QhUHi^)^6fvg-z#z(T6#kXBqXiC-*YKXBYo zDLmpp{PhvtssC^|p8r`3y5?1@hh^KPx|9A4q*{vNmj8)>7yUEPUG4w@EHJ8CQb@Df zGtzLj_V_}BS8PR?DIRPvQOBVUV@tLjmR2?YSF-4wKjM#Xbsy7F8*iTsl-MHGbh}wYr*f zdH*EmiAJnXF9)s!oG&^W(4pL(0t6D@C>kF)gjkwoC$RpLJkTM>b~#J@^GlrV?1}1` zE51}A)?)7?;dCURCq5E^NPmtF166Z;j_b`I8lcrPIyOsMADa{!q(}mBXn~e`Xn~fz zDe?%N@ch(AJ`g_k3pbwy0entb_U?yPmbSVe;}9b7n#8gIQhSCd6Ns`WFc0mqdANW5 zS!S0gTfO<`|BwH=eFN_|VTY70@UIX3c^g1zo9pt(3OzmnC6OP!JsQw196S@U#c;~F z=@QW9&rqN(hokEqOSQtujkj%)3yhJOR>M>IR7?ljAFh#0=w-sz_*^+ni-%WXrSS!sR;I-29Xaa@h z^{I=c?;5HZSw*`_2M@haKX?sk%+xq4hhAGGqR2iO6)0{oNYn#g=p-IAp2x8fP%{2F z!_Tp|tax=bZoZZ3RUwuq;j+)6^#;+SW4&QCU-Fv)>D~S{J935NMGJn=o z5`#pW#`FFl;B~7gyF`mVi!Tfx&-Oy}4WPxJwy0Pu!BFqCwO8_HmZGwXN~f$@Q>IyQ zf(;`+jfU0=RXnx{Y|OGxyiHH9?FQKiFFt5MxfDlt=Xj4rYnyBuKfJT`-Cux|b=L3L zf6vXEc9qn0Jy~?XaP7~Xm--F;azRW&K>v#@=dGHQVk?&px(g`r4i$37I!0INJN|+W@pZ}k2$(p40>-*d2wBmba z+KcNS-;3UQLn3qT)Vyw+AJYQUb<1CDsGn(e)<|Vv)tn#ujFS&fbGkVvUgOrkDK>s< zwg#K7I{Ittx?gke&DrnUC!-m;tSV;BoJ)HqhIDs-1R8fe%I$XWd*A)nWuwgn_xdfo zaVqQl7hYNzRTS{H@^Dq@8s0TM-)erp+q+3|xx<&Z2fz3F`+H9M^6TK%=T+x3 zfNSS>-edO4o_#v&{MNHKcJHs)DEatRYn|DcKV{6E1JAhFtoU-APkvhBNnk_xsf*YGd z7rtO#BIIbO7j_FMwkmVxw3$NU!fz9_>vFEAZhwAtNo~MEuiKwr6?skIKh?L~R{yo* z%(jg+^Vw6MZhL<7=cM<)FPwflX~FH!8q-x&r`(&z&K34;fzHOTmv1W@5=#HPtz2Zn zsTLudUOi9jfn(%?gw(f{UXxN-1lO$csgCp7ptaui{)}ja-!*bmF3#(2S!a8_Jr3At z|NkxK_Or6kJ+|eamN{-H3YuQ4j8w8YxNr!pQF>$)>`b;k+BsVooW@6D+FTH7wT-3U>FdWoU(legwg5)M(Ny`!D_i9r<+?7DX zJ2)7dLS16gv^tU9q+Q+ZUB`{vi~X*2yU?U-|C=ez2o;j5o}PK=p4Gs<5m`|5-vQ6K%}C;df9?=9TG z;y++p-hEZ+Z6X~W7qw%px9qy&DfGPg>h#rY-8-IHM{=U3W?-GJA*3mFX{+<<@Hrwy zHW88Qr?#$ManLoWWSY0i;geh&QIem-0o6_GPN-@xS&=dE@Xdy6ITUoPexi9i${Ez~K!{!x3>|TCMQJ3Jm3iz?9hp8&Vgk@ zhX`Q8KJ;l*kS2=$rNG=W<(3RLvVDhuxmtAE^r>Db`Za)AXyKJ-5ikQmMhi>>W{eGc z)`XzA*9n;1xqt`dI3eZ0#tk4hJxyI2greUI=zNW>mSS*c0!?iJxk*P~dn$_l0HE`o zR-WC6$bZ0ArVh|eiItHnMNssEobQ#}hY}=-AUB;p?X?s|{}iC}2Vao>XS~{Q{J`T` RG6D=h;OXk;vd$@?2>^o>9Z3KH literal 0 HcmV?d00001 diff --git a/site/content/docs/1.28/img/contour_deployment_in_k8s.png b/site/content/docs/1.28/img/contour_deployment_in_k8s.png new file mode 100644 index 0000000000000000000000000000000000000000..add5e554a07e9500b9c48681e476246cdc52d035 GIT binary patch literal 134492 zcmeFZXH-+$x<9Odh@wKIOErkni&CVclpqR75u_t*K)Mj=0gSpOh9*kyg7hZ67o|#< zF1>dMq4)eJ_v~}-HSB%AydT~#cMQjH4c1z7J@YBQr_Q{8tOC1y@!G{RXU<%HpeUz) z=FGWahD~vfCLJ&YWR6^FZ#NrmNxd$b|v}GdJn+ouRqW z)(bZty-r23lau>G_^$|YYLJZg3{hW4rBWhMlvG(o3i9=zRglJMgl2iyvb>SxbUm8L z8;{ZQibM|VoVUp$FfX=ujOOltAVAhg?hN0Nu*k|(Tpb@tV93)Ridfb-@o+lCCTU6 z&wg`-`RnEXEkP_Sv^$snhEVXj4D13)gSgdjB-`JU^sU4Ke|vv@R7^>Re^hO%kNfXQ zB59B${Ci?L)d*f=1FjXDU-(;+WcXL<{%f!Ick~_FAp;lBO^0SrxvB8nQ6m2`+L22?4q{#V#Qs?BeW+}0JvQ;kl~klDa&;VSqIfv zwl<>$&CTitR&$pcsLcd~)pOm1lG<3w9tG$>Y8O>~Q0N^H&cJaKHvJ>0yM!UPN-;ON z)y<$eSC}S5NWQQlQJ1p#33QCw49DCuznDQi;%QoLGD3*0*{`>VtE^&#Y{|WnfnOwP zh=TK`L-A2jP&0m8c-N_TOe)#hb7$a~R_Ny3=mU<%hb`>eNW`p!~vNtl z;?Nih7Jdc-|9zUF7d>{$r#uDHf~B*&`;OJjmz7(7t1B_;3Jl?_ZD>jlSohEvmwyDPb+&gPRg-L5Zz3s zv8Wr`kXedL$ZyvjQc_M0IfI-fUu$rMx89?|_uj}dQU>?U^EVr6(&xg=X4*v8Gf@RF zIi@E&{@1FFBcKLq$p}Nu^_ji)<|AL~wk2Bxo%0Qu_$TLxrn1CDoha}A{-i{$B~Y^W>8sOxkf+swD*I* z?fq9WEkIfIoL^qNg|DoKI`Kf0E>tE?>GZM(_%&hB(Z%nB#W)T)H0t;q>#C=-505Hc z2KIUF0}t#;&Jxg5%zyC~b-#EjhOlM-(0xy`(f*S{(i`YZBD8B1B2adje&kE2qnx+W zUUV?m23pP38$KZ-wX}j&{s@O4+fQPgz6vM&7^fhp#*YqO-eA8o4u>xu$S65Hm3w5B zxc#n6NeDU;u7PlR*-TpH-A=c2#Y|x5Dodvqh_be$(gN^^LS7+H_55aDl~V>|OCpo6 zI|~uWCLHuC@H_fOb-N2%KXydt{7FEBcu~{-w>eiKv#)Li)M-`rEfuwXVz7{avd@=tM zrkc4OD9-PAd|%FH?AeNRxAOt(9F7~k-fh}P)6e~s-+SwhL6avDNr4ZD<0NNON%5>R zo{-4A%ClW7p*wzhE<36;+)p1f_Qi0kypriA0bp-V zc@d!7f57a&E+lU7Z>))aLTgIigjVuFizaUS5r`5)XV`+u0`y#0we1)hVz`xG$xr}B zMm?uhI<)|UW2?Yav(Sj7=p+S4Jsc${!y<3r?%*J_Kd0|Ls^e`{6Hvq=WBe8<6|2OV zA$+AG5+-Sl5ic&;?%!DsbKLvIU|Ebx?X(Q9iKN8xm2#^ZxPFV+5wX#xhp_NN0UsgH ziaGE!TxJ|gaK3VDcaBQFwFPn@Uq`EOnZ}g`di+eeUu#Ssu|2$Xd2HkzVB;fTBK%fh zDLgI+^M1uG|C)l$w2j7TNbx$_)LY3BH7hziq+8gPpNl=7f~3_XgZJgY`{d?Pr#yD7 zzHwg=eA_=yOd4AGp%-;=Q+~Pyu3fS5F@J7MAR%NR`V8_J1-Ty?eb%3NN^q7S>gJ24 zXN@*GT4mDA5c~J23sKHt8Sm7LpUCZZm5i>c@;zOvcd9K3Ou9f$d;RRUU6OA@`1Zi^ zm?B&h-ac=lBz03=iVYg8Y&LyPT`q#vE3C!!fQ=>^+Z~jncn)B)9>8RKwWU)Wh<#V{ z4aR`$ik{j;4REQyl=Rm#5UU_qf_Ci?E4akDF7#Ksj;-05IS~+D;{irlP;!K45N8R< zNGq_ZJ9eY}W4PR46KAVp#z*%MV06itvLj{1;9^-TmW`pzn2RZQliS2Bq}m;9-Vnep|21-iW= zYM%cyu^cA^y%K=ReH^L5B0sFB;ErRPi#cwa&3ycXh(v+{F!7EW{8UN67)5ZN(d+OV zM?DRzNy>HJne7Rxd4EdjWrHzX5f^pz*7#oxI6_T77M?Q}5$BH<@8{8ee{*{pa-$E> z?mT(FgZNnjWtMTHDrJ5mHhle$VdY<1n+gn|EPSz58q@7W|1#2)MV*@`{m8!T1dF?g z87+}AFj5d)yB|j4yYOoq|3V=4j`z?jehi89rNxzt&=)S#>lm6??^!n|oi->DiC_3D zV?^D&?IS$=dih#Lwc~-Qc0hZSOVXB}oX#(Cb;Mn$^YYu#p|6cjkOf@Ug0AQ0WPXR? z*t;Xk_cD!udE(|h*YJxd*VrC=+(Eo_F;nt3DwSX5bP3R}x)HL#7BtBQ$$cWHdF_d> z=OWJsJ73LK-4k5Q+-dG(m5Fx%nAD&%^!|5LC4UY_iZHqzQungQia%~UpyW_(;aGu) zI{P+F4OMKZSYcv=(cUGy!*0022g*w!GUWhXhint}@!|Cv?^;7*z+gp=_jkBDCmBl7 z9;N7Uv6f!yoq}zNFbr`3EbDHW8vUTp8RR}-@RGfiJf2#_%M!V}2Sk0X${48PZtj;? z@{z0Kf|{uN6pW?WhKjD^ru8Fo=MUYu#HsF$5$S@gWOR{2QyR~>_^%QyjQ_&8sn8MT zJQQt12OH9es?xo`zbpzRD5l|PtC}C~_LhK_4*@N^4hZpi^c-&mnfOmc=9>&6&%Vz$ zlQy#lK7#nb>V#u@stwPdTUF(VbHgY2Uu_bZ+q*2IsM{a)2XnOEB{RXyD) zYZ4HLR*ONE8IZSaMAr$dp-H6Fu^#&ZtVU=M+PU5YQn5&wWx{7gB9VD(%#hG_@s1SV z<>^>ThnHU}OyxAiE&{Wmo)1*imh{jcJGO{%(vrSLK%}b*c;S9WLjZ3loia!|7^9H+ zVNFSx0%ria$=;7aPw0h*o={GWeOcLtA2R}ejEO3i3xTkF6#yBK#izU6Vh_NF9m_SV%l=RnAIglsA*|&VtpRRW%$+?D`UJm zTv}gPJX~r)S$`gCVlKD)QCYRw^jtc`K^46@q_`&%)Scsqj#6*-p6A;b`Q#46IedG~ zmtCvy&pD*RW8=Q%o#oiXePolvbM$}>(ZgJ)C6ZtW);ORp2HHiTERbmh2xb0^UvxyelYppNV8mO0p%kx;iNBnL-?l z<@{_Dx`Ml;2#z4w4Adqjs2MXV;5^>9)Gn5>Z6O6Bkf%T+jb9Am`|q|}{P`B`TJ`hm z(+t>c%3P<7C#ea-6i?}bc>SP9dfrTx(|K^|>g2Zl?kmV-8gf68BNU|~9+X~6ky#-L z8OvD}ieP(%T`2egidm`6(nNx`{r26^XK!V$}RuJK?$opYmul%rpK*)9>^cqs#VB!DQzpf_!skTyfA;9Mq)W zJQa4Ck>@dKW6p!1W9;OHiqY`TtC6=l&w$Spez3iF`t#R)81v0^7Nmrr)k08Zo2rXX zdXNMetX=YITGDxIukUzwBaf^jWNJaJ`f_3s1Rq%*5uERkTKy2+eG59t)}|SzD`q%8 z%7FDBF5iaxQX@821NzU%7>9$mYl*D!OXTrx=geEfhlD16xp+&^U|oVtl{U1}^R7^p z@W4b}5E$V(zNh@f&UI)I`Z!UO`}NcHIO5yK1}VdfI)Nc)`5ih4_8p2nvf6~oIamfg ziYgIHntVeOcLx(0uxOA^bnOPv0rCP{d>xpDgo_@Gp{}I;lw8(~m5e z35XT}={Xc%%$(p{@ry-0yA11@pc;>h(##_0>2JdYUEpmf* z@1)M)zdK8PcOEr$frR-}LcpV9XT&NF)rM~EgB!|LX#IrY+rybQBK?GGl3+bhnV zJ4+x70ETR&^CG@(`I2mIwlWqvZ%SIgrmM3UhlinNT%Tm78LCw|R1924=`1EdrZ`V< zeBOBeofaOOh;-$~mGc8f%J?`f|ro!JW zHN0`^O>Eq!;e!6iMmeGu`PzZCX}XSR@alE1p?9a%Ry)teaF=WT<-$) z{w;n@kjFeeH=>GfL%}tfzZ$&-94qcXZx(1ypxMZCp)=ud?4HFT3GqKu>wAIWWt{`F zGUS%r7aqOLmoryOgqjh}-$`e2=Pv^00!?C$j4Q{FMW_MhqbO9k;ZmYWt}4DE+4=<4 z0l`uQYs1|%@j#rI=xCp-PnGoEuh+8XzuBWgzj`C=gIbJxd(B&E1uC*0wuO`bF_!OZK{QShOTA;EH*t7_tnc2TR|dL+~XMLd3LB(Ebu3XVa_Xlu`KR zoMSr&m2}!@)D_)==Z5y@A3l$fF#t3>Ju3iJ#^1E4Q;8ryz;!2+a)Cm$D>h5BSXW#( zo=;x?CDzU2@Cl6Td8|y#$(yeWF5$l^MsSBLF5fe#IY+MUbAX0rOsSJ=5}5)T4uahV z53%8Uz`~)x!bub5@s(cdYPh(Iox@6&OPjwUCIH2wm*!mPoLR#Rozx)h5T9xdpz6Gf z6axw263UX}cZy}=orugUw@O4{L9+^VzIrKEAtyLoa$TDf#&=kpqu-xKynpktDgbdw zp)7fP1@x=AXD@l|CeP-1bMEjRinjaqpIikL=k}ppWQ|*)KEMgl2nYE6dltak=@!9! zgiIv>n=R@>CVUof5?J;@8ky-Km_XEAvC_}QWkqB;{L3D|IQJF%ySu=doCkC;lJnqu zpn4GAN~qa^+ge~HqQ4g-|uB)dGSzb&yyxj9G7rq{)sQqHNZc6l6+-+{+UzG zFD#^GG8S${D=vIN9S)mkswv0te%Obu2XYZEFwz_!EEKzxy*s|p^AG?#--9Lmw3vtE zMd!q=in~b&-GBi;`Ip6iP@wHBkmAtEhbIEKvoic;ltfS$L_yCT4)DE#GTVQ3Ft+A- zR5=sEDIgto>64V*3j{|TUA<-jqG8eA`+Q=IvN)ne4j})O{5hWJ)8b z%bImPHPq(*&lUC;E&+&!-O+MYgRjQ-3K{8pD3C#*j2#$U;fZhA$&he|9yQa3oj`Fh zbum$>vrXi8%B~*-gh5k-O*7Faby|a4vhy)DFM!SX$o5A5ruAT6q2)rW1fqRgUM-eE zlo=9KWK&8^Ic!I;lN{ZCZK!x=_#El%cA*}8|2lsc0EwX3S4V$Cg3!Uh2wVqoBT0}8 zdQ(vO*~JAxG*`%^EKTek%)W}XVKvdU>p+Tc^CVAk0dm)M+aZS&?qJot7ZQ|^ zVRljbc@)VsLy#90hvy$TG&XycptBch+Z8TMA{YW3ZCb-;T6}AuBf26s`L_5=6LTOc zt?hB(H8J1<7)2+!3`V9@tJmn`40`XySck~S0v*0QQ*^2Xf05wMTq~VHY4v{g?ZzJ* zNsPLm&4r5otO3FlHPdz*WV7g~PUI2mB0}Dz007+NNO}$F&g!#k8E5lk!Jjm(l;)5UHS+}2`jH;@t zSzAe#QAGN}019C&_lPM%X?ZXiWZ~d!{6Sn}p99{c`N(3YQ@TS*xC_s}g?JdX09COQxYFM+ayNYd(A9xQc4?Cl|aK-Vl`-zf~HMal+BxtnAMc-j?8J1faYQU@7b zg%o}`EQL%w6r;cM&U}Ck79bQf`3`ls!Qfy937HwaYX9zMDzYXHm_#h`@B0MM5OeN| zYvTirGLHl2CXUMZ)|pX`Mmx|xfOZu@a^2)K7b}ux6tq}i(@q?dJCKD2&}o^Af6lkuJ)Bw4xhFy`+Uuek{p7diWb z?KcJf58!l40mI*pNK*Ox#f>Sz;!&@rLCpSl4?JfE4*j52{np>!W%+smEUql$2qN#_ z9{_oAS2o`mrU2!NOYBz_l@9kcao}w6Hmq7kbNN_e-tmZ=Huz7FAHnb$M{0E2lEbK)m6 zV%jV#WgS&Us9+VprheEL4^~GA1XT0hLvp3k7hX~I8*X=N-5fOAKh9AU^}Yr5w5acD zIX=#$@2mi^TISA=X~`2PCQ&W|8z zf%)jkW_HtKv{{%@-q0rDsBYT~4Qm3QyzU2$y*AC{Ik~!98fdPAn=X}@K6zhvpR(!$ z&}VW3sYO$V4ComBCVrW@i~1p9P2x*DK#uwY2*4`Dn($CQH}_U`n;C0 z!Dcz}YDBd*HKfq^a7dNXPddH$TjpYY_s&>pdHJXL;E62Uq)3=Ce)~ zLM+|n5Kj8IN~4UUigzWoesrb{S@fPyRb~Vr*si8rL3#af4Y99^Ga~l7j`iottM*^n zYIsZCQr9m-{4k5l8QGcCZi|$7yduuwxGZ6pAz)v)kt7?}$BI0D#kt$(1v&ylqX4agq9$+C~_c71U`fY0bxv5!H z4juu!57;J`M7w0@_Au(rBFj}r({6>uE!O$(oeXjUgGYljD!8GmEgV(9p73;(JNyb< zUGDMG0nLpEz`-eXt8?KYN2eWuDy<)ef66~9aK+##yJ?}IX`z{_h1Wy*B-Yu(FiWKR z9pW78Y~|}hM3W?0=jOsVIx5|MP{q+pT=~P(OhL{;XC-<$)!>t9OR!1cH+UJVRH4bj zOq|<EwGH6$Z`L|&zMI$>8ut!^jO$Z0{j;|A@RWn9FN3v6pzaj)`?#aGzjv#)jS91Rd_i= zB7!D^qq{@WP~xnOu@JW$)XVnt0{8YWwAG;P&8!~qhILXTsOx(kd-ig=R-)hTi!ZKf z0lS#ssXX?s@6eQ$mT2q7GJT;cT-A<&%ZO9&NHS(eL^MTpI=XQt*ee2RPXXaWq4>f= za#KbTy?+W>gUVavN&UL6R_z+T0JaI}s}T9r>!WlWlH{WO>yb24!*2GP>(<)(PW4@q z+hg8{vF5{;rk^6tn*A*~xL*k#&QV@9)3>#06u!{NizY=p7yIbdsi}BZ-oZoZq7{xC2F2*6=~KU z*BX?Qd2TAB(WcN;Ez9eM<1&*x0#X051vl27Gi*PkBvg4LeNVL|=V-&>u4->e9GH@G z1dtPyUwj9T;WEau{9YzX*rDj|MU;dv)H%KKg28))%*t-y;MqQL+|02!rRQEK>aaH2 z%HFtta@bK5y&Hvk`843LfqjDytz@PXAYoVkQQOW)+^E92=fR^2Z*!G}=oAXS9L|3K z7WsY)Xj1=d!d(u><8E1xS(+qNw?^G-AQtZf-)*UJHhDF}P$;pwQp%iurE@%&*G2}H z(NX#3xv2gPKP-UnnI$y4lw)^S3$Od@Mt0>W0aM@JqY-gA6>&<@07WyVPYH(yQK3iA z_jnH&)b)Ozrg4J;^R*t3P1Y&VF9TA6NE!n%H#;Le)V?^70n^CBvfQaL8$o_^; zn2}4pEtBd0(&3XL@Rm|yo2d-tE1jGhvLCx+KDkY%PXp=TD=SYP+02(Ogx7WVR9*>> z4wZDBO`_KKtj`ZMl7gOW$+Ljyx zMB^IKlp7`?wPGhZ!`pS`-JsQ6M&Lr$vflJ$oa3d~qsoa->H!aZgH^9dSRhEg?GCQ; z7*U9NOThMgmDKhguiTB;c4Kh59}fqiSIiyj82l;uwp(kvcN*r}d6JLU7HgZEaG{O} zYv9hUjS3R|PhkLg2krY*4aLh`tlDRoI8v&Wf(*%nq)QPCGe(R7 z#u7;t+G-6R_7$`1xIyFG4Xzyz9W{Sd`Du$e_Nr^5+1YZDn#t?o!KRLqud%%$Jcb68 zg?tN-s-0pgnbx!$eS>YQed0dYJp|~MH zVT*r73@hOr2l7JgzQNT+CO@c{UGLK3yyWytfJZ76i`~rUu<(;s0|CdrS56?qhGQLW zbFAB`C##ruF-Gj@RVAEBLO4k`&=_G5S>cggCoTVlLv$wa*l~f%H>EvX;Cjx|sIUT6 zhW6odmrp=6_PR`b8p!gLC7J5+t5~+YYj3}~u3TO=z`4v!l(JU`{S_nXl1BHxRFx8z z-&a?1fUo#+!`q`^%`n)PD$SL#O8b`F9T(}R$4;6p`EWFj$MM)XU~^ef&0`5M^UnCN zJ||MhEq-w4eUrl@xqW$b2`5ad#2L}@&KU74&r=IiwDXZ>4r&z58W^ZJ<{ykfG30p8 zx7^#XaE$19kam|>9l@@y9|!05qcq@15s{nbkmr;_bboxvH((prugc@w91*lZ3hj!J zR~oCb{E<{_XH(Q6NIPbWAvFBxyFMj4SYHc+uOX z-O>(yxP*EsKfRft=r-20U~OqLCe3S9;p!A6T|CJ8kNsq7YQ^&9e2fKa(kJMQq<85w z+Q??!Y>j7nt8nAHX?b?`dVO`tI;=V^=Ch>TNNQjxM>VUw4HbkisH?D75mRaQBdNb< zHEV>XGEpiL?q(wwNe;1AuVWLPe0BNTuJM}J5TW?2Anj_E5Y)=zU4MY3P8h4bp;lkj z@@z)7ZsF19g6XYL3PXDNW5sDfNoYC*d%)g(c+A6TRO<9Ip(@6xbgU@EiXo15^q`4u ziepvL>~N#c^q{)J6+4M!Oj#-a75)=DtDn5n8}R3YAQi)^%{+PfsG)W~@fUMS+FKN& zjlv;H{XazvE9d*^v$HB!Mnkx~<5;%?Qe%N$2I4$wJBT}IjmDfFH)G!`T3X4iss`D$ zksZYm?1Y3MKiO3+-V(vAuX~O~t7EaKLuRf}{bSX_gB0Z`VLRpi*;~o%$71N+U68o- zkG=>rNXB@`pkG?GJ8b1QY{uy?Su7gfi4Eya{lzh33P&?qH$bo>O4A(@hh}L!hl-pr zG8Q1A6*p}!yYZhS_For~+Qza{8v}eLnNJSoq#ug6MT@5A-Nuj$EN(~TlzrWHUN^-k z-!X5c^~6LrJ5!YP9WQ({>1uH-tk?}QK78goNCO|uH}5Gj+uY)-cE-j8LieSYdPlX4 zB+Z+(N*QA8bQ~R4Qa`KTF4K5?m+;aQF zS%V|b46oyjdNQeRo^1y`X?`+3C&M6zXFH|vqJqv*g2J_f?83y9xk>CdR}YtLagbu$ zfU?l)0)7TdQjiPkYW_YMLIgyy;PQ~JyEF(NK|8M!ST6R&V(Z_YcYd#VeB59r?Ypw?`Ae{MX-6j!XuHJKI8z^1p)VdDM$h9NzSEn;mh!Ul<8%`s2Lfg zbLF%sAg>)%&w>f`lPQNJ%d}GmL_5EL@7!ec%LCJ9_rZwQ`BNiaGR95dk?Rz?ug)Ne zL7R;pWqX>Ga&TkFDQ_Rz84DiXj?TzFCHBiFErH-6b8uov4Ga;<$rPWOp(fc~S3WsU z`A_rmES&vp@CH zAh%Cu^yc)P@cR_x&r<={KMxDD%7AfNuziBE7<>`Q)P&i)gL$gwJiz>|+a4C;(}GN< z1m{{b0_4>I_?)Q1&;MUlp$gFrPL9f0pByEyHcZDK93>Gfqq8b|aF zSS$1G&*y-Q;(<7k14X9}i4|mk8wR&B_y|@2QrLHtE}k~U$3VWarM3#MYRFHvPxKPM z;UV+t72nt;B;*4qQ0`AWRqkiu{{vJjKV0Ae zG9m=uxm;I7b!yWFCoC1y@q|1-XnhLCjP-6^5;rt?fpb%o>I!cs!;%m7Sm;XP57VFvDd(N>{*JkP6=S;M9%#`7JX$r zPVfPqU3QB9f|@|SkL{wsu?RV^ee$y-DyMwWc#Fu%!R~@kAgaRIBwc)3WHc_inpSW$ zCa{A}1ZacrJpZlQ`(Ji@3G}L@{CqKY<H$N8u>{Jc z`Cm$*FYQ-+I`|16?K*S8)&m$T8!q(d#b3YY#`=BHf8{5ta!Hc%^f3$)31kgNT;$G9 zpqHrx3^8$sS)!eODi)mkiB&Q-y|??7c)FHRMLN%`eJ?eS8+SWNa3bx->BRMfan#4V z=`;pgM%4qRvc2B9L%w!01w(bPjtxaPkbBgA29!5l_G&M;NjS zwL4~2xWAzAcFLcmL8E=I8WcL6qeEj)sW}l8^acq|qK36Gj-*PcN$t>N?Rwwti*r-- zeT;{aa~17TlTPm3-1uXj|A0tWBVHs)aCM@~hljylj^EJ36cI0E5pVS$ zP5So*QW=1qJ^G_H01_f(wECjguD`>#-J7pU-{Ol5oK^yQ$4X?cN3e1WSYma=A`1VR z|Mu5@V9cz^;o#ZVRePXBNR8Vwc_H!xj1j;8t zOu{qvKk+vqGydQNq`*Ove+=A+-kktIYfb2_PEnx9?Gc44r!YF}Bv4=3ON;&IQ)1+< zSAmr_g6V!S;6|5-Eb0C&m;XRD^4UoMa_8&Jg_i+A0PNtv|8rk||Q_9iK#^Xrojk2XvLwL(d?CKTtSRspjNgk9)P|oj=V%pZH8KSd=plDX z0f-{C$J@&>zB!%;2~R7{S3Xg@X?A1|xHZlR+p}_lV3r_>KgyHyHi#OF+ z)jZn2iy;q_F-g^J=y#GsMFFoerpeKNDy$&!i>^tie>j=a!sI==yBW61c77{t}u z4x9%FG%Bc4lFd)a;?_lp?FuYoT)9ET(pQm}&_82A<1iA0CC|N9@yFajAQ4&5bgWe!fy#1%VfBeoeeOj1_Lg!hx?R{(B?VA+p zC>a(=R6lHl6$RMd^mubf$6EG#CLJ3pvtloCa3bs)4bm^uPp4C~(wC@SW6K<`)SBG# z+8QlcPaZAHl5ntr7)e|Dx_&DfankF)|9gxx{*xf^a^1P<*pq`}61g>|gbrujYGWzC zxz?t}H7F4FqBN=;jJT_w9d(y1Ef|Pd>O+_%5gXyTjo~RSi5b7!P|YV28u|K)t-F2gqMbZ|@9J5v)J+RtFR6Du;r?B`#0sn5A*YWmVUYHHZ3-LmO_535#9{ z7v4_e-GcwFRBK-d0RVrKC6m4jAEhel7rDA&d{{p|>sM*;n~`hgb-Ki773 ze@o(4xYtS^BaEG<&wE|l3xFr+S4u#4is1+DAgQmpL#`OaImIgM;WnKW=$GAQButBz z-tWKjw1+1O%)yQcrc9Jt%?vWwi*B`-*!RA}^&?!j-NZ7q(3FkLVgjSv`xjK_g!_L} z08n+g1eh>yM8@lTc)%xDx=+K%o9KBWi$7%+157p+AmW}J=;m;C^mo0fT3jd4v9VpO z_~B|h^6oNpO>m6E(IPd;o*B8okIS1p6PL^rgBErY}y;GBfl2QF;lD@xT zg3Q51iG5pa9(Uq4*Vxe;)L5JUvNCp?v7#Ngm$;f#TjB8#T2xRHqaO zj6-DIq2#!~(qU2?<14hZ9XH*iK^SKY?1>hNDm;>2Q2i;wFF{}FxH!K%ES^#~zdAv?z+a>H z`=r!0=-NE1CYXFH)b&T~>_Cq&jo0$3l_O=1<0B`FU7Q;Ck8ibKF5?n4EU`7xWNO}z z+}CJ%(YHnA&`20k;;qcqw@EGF@Q9A0AvkyDiVasbO}_2ExF-Fz%u0Aj z9M%eY!H}6&WAKIEecRm|Tt^e5*}I2-YD~t4gxo!facP*HTJlhrk&XQNLxU8|fNUf( zY&_;SJeYZSH!jkaL>uVptDP^!*@oH;)>4n-Hmc&%8?;x1#i|g?)NjIsptLzF8x7ii zf!-1}`6--j9lwDI_(=dJM!)|1*vsEsXLgt|uT~37?v0N=32|+V7;2E@@^!5>%wRr$ z$I^z*-h1SYK)SW75evhjoK<7;@aBP>}8~VxMSaViTHro zy`?g@#o1GK#Ol*(_0l(`Xk7jS?D(Kk1*Y?WcuaT4QWn`rG*xJ-DU7&~lBoI4Z1gqu z*)xBX>D&l?|7e%EehV(n$!Psh4eMV$miPIat8Kn@b)G@(@!(@w7VyIq|1+ZMPy~XO z-bY}ONF>UmiWwY1toxNG0)|FB4xrSY(`2d{fx4PfJ)a&d<|<^(_b&PF9t%-SWwwa; z$|h$8d?Krq=9CXOwnC2$|75H#Gu33+?CMnwe{W-TIm&&c`#$2MFMXv^<>G3pQ|t}e z98r?SrDH)5OsVXzz4mv9mlutM;p~(utab$6h*!@Zd82!sjvYJv=_;3M-a9O3zOR*k zZtxr6J_nhTtM4VN@Rs2o;|k{+4^~!|pfle#8knDITw>D5+cGE2?X9!wsj~lCEM3ox zSwdehT_2C@mnwYW;%S5yXPQS34$bL3%2d#47?0}N$>AU-T**xYkEk*kF;;l>mO)pI z4Bm54WW3qwkt*ct)-NqWo$u2!X?fqqm|Kpsp$^lRzCH@?JbD95k@%HD9p3Mr zll4pdgGs)FnT^2bYg5c#`Q^^St}Am(`x<`qAyZYoWLtXW=92@rR}FROB+`?do%f96 zL``h%1$O5?HH5qYZ4l;E1sf4FWBw001{&fmmD_WLRq*T;Jw|=gTKc`h{2%9+bhYKY zv$C?(4OEWasj%== zrTsJs&Kj=b@?EIMZM9bDt3L@Uk7!4gm*4TZKqzce^XfXGus$(jt&whRBJVQY{zO&o zxA3n5v&5i9;OXR|eB2LL8WdC>yrFy~)nDHm#BdbTz1emog*h^AejzRQ=e$x_P^6h= z&?1JfttRblYVhGA^d(#*tfKJ%tL&dMbvCH>qVc0<+d`q`^2|MMU6 zo#LzSuCl{II~~8c{d`?3r*qdKQ&%r%cSmSymbeCi->-QeJ3eRNSFP&Kq2`8&vw6fA z`u56U+_+sSw>Ik7L_cPKvF6KJ9om8G z+J!V#s>%=E1%6BI`?~i*By?r7{ymXu6UI1f_RkVWMPlND4p=Va?u!Nr(jwy2J+m20 z&B<N3jr>UbE-%3?Gs>y* z!e6^DpUk+37(`^=%lS4dlBjRFs2&v^%>aJSf~MSg<$IOq!CHqjF8C0#wIOS6{)4%A zUw?9H3fnG@86W@lW}wnTB!EdWJz3m!&Ddt7tWZid2G06FB?+#PN*5l}&Ygu2m_O5( zTeZk}z5<5UE_78tGTMTh?2ZqaUi=~*zCExLGg`PS4ptB+9eUTRCY{CHK|69 z_X`gO-FH;iC1DwI(?TAe*scOOw$0t3fP*wWW33C``{;<=J>r zP=s26+^b*P7EDiF$>(4SFXpB_-%iV4puu}s;XmLu{ICu8`3DE>h~)X)G$vR01Cl<* zH3i>J=u2z0__s^5*X2u6?S%~uDPM2u^Nd!A-m9dJOV(H#hBrTS2;O_(F|j@B=UV?_ z=K-Oi0RtM!+L>d^G#y$ysu4R+`Q#Ni0e8=&>FdN9jD#P%ZU zPlsGVx20L4mv)A)b_K~K4(0Ev-!9zUM?Q63@_$;^O=izW+R*A?S>o(Uta59~0e5Sn z*>HMFd@4Ap*>5kXS~|y@y1MB?%Y^xA zwoQo-=UQIqORufA`|t0( zE3m_X&%z~GNL?N&Y6$aOrQ`j%3f=99V9M#c`F*>pJGNvlL2yQu*XD~|(QbtOMy&`v zVXqil`caJzVeGEhrL0IQj$D0Lor_afla5y!&K#E2(%flGnp(dX!P$KH$7?3&;zP}S zj0XbSmvcS6TCYP@`~Knf6d+lReZQ!!wx$2peGSQoG%v=g27daBQ-zhjz(8N`qI^t) zJ{j$?a)iEKAHm#ww)71h;kP9=o{|D3XVf(hnGD!76ccB%_{2GwiDIvs$$Gvu5D+|9 zrBd6W2j^s5FUBcAxoZ|hp)QZQ6qv!1B;4g}`1WUYHJ;y4`IY~dQXN{=wyw$c3znVi zVVI9lNXy(#lbY8r=;r9YA*CEQZaMbpOa#w18*}!>@AlpYoI&LeUsj>1PpPEqkHK#gi7rt?r`-wtmLiBuG1|qHZ7xk z8gmpuB8Q;#r8Dh*G4tUO)r1{~pT&$d_SpVjbJeeUnP48U`~;owNNmi3tMuG!%93S;bA1_(#``C|J~IxbJPF1v>bruN%)J?yjz+ zeT&p){oMbn$}=p=z79V2#dHTt!0j!S@RF{jc#hK>TWtO=-XPd>Y*9WcAN##{A!%ir zccP&`aePKccy#={iKdB9Gg>a+`w)z&`DxJRyzg$78hOCN!*luGy?d+6A3cN4T=?*x ze==`afWh6f(ePL8`Z*m1_3H>{{&T()+8PH*nPq#u-A_*toXVrtXCm@3G_ig->G}Yo zlU~&*G0F&;|!pFf6ZvCn9op$0X<>hxKXe?4Wu<&wbZq8}x15f7l-;H=sv4 zWx{dC!V;xq%n6wZy2tk8L7Tjdz8qy3{h2lb&YLt;W7{y^htIC6z(lHw7S(8Tc)DgC z01QRB-q#hlDMf{OTuf#Nd9~EI8`9@_5OxVsd6QJ_8`JK>!kS|s!vnUxRIiPcmx%nE z}|$xSl||M~n1c$z0_hZ;7Ah?kacW{&(%t*^5(`%`>cCCah97kfH?#UN+I^dy{A!k4zqnRGOVNj0lYv z{P@N~(&4}-sN}1v@G)lnk1e7KxmfQ~sWa7wGl3S_O5Z!%OBaQ(P?`w?XlgxlCUm1) z!1j-K%1l=|VuKQ8@8uFdJC;vU?Q2=`P<5Ng4*dS}dOA6#9o3k}=(Rh)Bh%YoSM`fr z0LE>zK`OMiE(nEwE$K1U=Qfw4EvD|2e?hbKsW|L>qRSG3L1OMbl5u^l=g9*l`aJ4} zI~xVAF7o788fn)Kd*sZ1K~0rzl)nhdW&3y(<$qlA?2mU!>l}>lZL|49remPt`Treg zlt=BdGN%}CjfHr;(+l8$4En}igtOfz=d}H(kJm+%+hiXMSuAc)%}bpqmCp_mOG$FVx?jD7RfoF43qL}EZoxT1}GvozlQW^0xn#VJ(U zr>-L({Y#p}kx0m}(65hihYJIy*5ed_i@1K7y6X+8w{I>i<#kY_MGVIGdf79#8gSv4 zt^DU_2)u;{Qe%6Qv%@>ol#!4JUs68+E77e%=b(jXs3R%s@ zQJnO9v_Ju(?315-U-Q)oXVuda6zRb_U6%W~-&GRn{Z>?hGXOqHDAMxL9czUxkQ;#E!!zl(B7+0h_dC6ppNvMLh|NB--3#~n_d z3RP&omhXJRF3i!Hzre2#F#(fSG9r=I-?`}gj<4RX#$9?Ir95SzLlm?VL$GK-BSt#| zck%O*A#8JUx&LxQt;IiAV~0r!z+923)FXpwsrSM@0O_Bsy_M#DL`SvkK9G9uAa!w_ z^Pd*w+XKwfn5WHrT4_NS2_`eC8|`v0n!T*ewr?~W#6n%at>|jnKMw*uSm-(U-Fr?a zWoLEkQayY{|6GvWM{A(7-5JG(2_?wv;;IpRgnkMeAW{LC|NZkS2-p<=YHe2b$xwVc zJuS?_tXj)B)HcIrXAkrfL{{hRJOz>GIEE8sWb!>Bse#Uc(ktKLD01S-V`I0>(DE0r zSwTMBYsorJd(_Z)eC>9r2`DQj1RIjJ$;FSH}7p^62fX`Z|L7)A!Z&g{&efdn- zY9{QlJjAm))%TB84XXm@M8(2(r(G#t93Z`x!-!u{8=^~T5cZk*#jeqd?DLtUY&0R zuHwNBEh42My_Qt9+O;^#n&2tXr36khi~9~&)@G65kSzuae;%s2>=6r8DTR}uj3`|Xp zsKtIa-ZwPV(-%h*m8h{INQ8?UjKt84`a*bpGpo=e>LMg0M73>mFjaZn=gXJjLRFfr zGgtAXBCem}?(RH;X}lq8YsP0uV%Z(TnZjtOs2TVB;Ytb$862dfr1=LB2!zo90-MJ% z=FdofdUJQN7?qHaH?h!QZ~Bsu2gIejeg$7>7@L|JHeRGoLPaI18h1KgVI=+%m!-Gh zuFxF6RsP?rPC8r-uK=>vx|xquqxo_)h@nUQdc8E}1yB#jM7OSt6lfuNJd}05kBg>% zA_HTn+=nz7{)@jh0!Ocb^;@;MVgX_}GGqFAop6cYS{5G0Ttm-qG!-7n@ zoHagUx81QORkEA!-1A%SQlk;%!s3PegD9`5h9CQ6b!&**6S+{+p^lB8y(ga#6&$#9dis-HF04wwYY|3N zp-nOMyht&H&?z7qwUZ`j9v=Pk!@fzJp_q zZ^pRC8$aHK?rdAyUou5N-;neK4p@tIWH5wuvDTHC4^AAmvA%^RadYLI{ZVi|h`4&O z=*7P=kZfxIGDtv9o}o!tCjnBQjq2|19{KgFW{#P~0RuVt3p(vu-;u3E>%@S7fZ!}- zWP0lXBhI!6{(I0{(?J!SmcdxXY%zoVnVKBgLX11Qku7jBH!f#tQc`eWAiU#gXA~Hp z)Q*?*+g@&zV^b0;)URYN#im-KtBrG~sglj@;=pgt-8R=@e+CN<8Q&%sVK@4JG5r$+ z7F%FNk}sd;_w*-}b!|6jnQ;E3ZD+cPb#2C%D`CPI4loj35vH7YAw+TT6jz`qEscHm z(}7ELD>D1a(ut!q0-$9N7 z`mSAWlLT})=RDw~e*LJ3=zc@jBtqNb8OlJ|3@*p)Y*l_X<=08z-b)31w&b%wGgdF`4e?r$GB{>{_z+I zs|vvi)dkmGI-biVAGr%|rvsfir$vvP{X&vZX$o*K4wmYj1GLt1meIHuHE)yVRoBm4 z)1frB*+y+pLh>sjk6%%vr`4?;M)Tex=lug{rXfEzeNgypYG3ch{JCrfkIQznVZRNy zU8^@oa~n4X%;Uv)KHB6v0u)&{fdYKy68tZ>C+EGf9hLkb^-bkvSKKHlUMVXMPB^cA zK~LG^MYrgu<9$p^-1`pG)*`f_H{A1ej?XHjUSFkaU~0}2*PO#Sk)7xkJ-ts-ui{$` zM_dg+AyV`FaUKkKZ zuFE_6*=okr@P?dmkr}qSoNkoTwpE9nH4j+VD}x^Ps)iUnt{oCKUlS1M?(AF5O9mhl z*z8R)<=xx^Nd}Y6l0e>U#nV5tz)>>5hixD5s>{KUDtN%8AEbU6eLVPxX=$)K-vY>-k2<4<1)7QCoKQwiDDn(?cW^6n{7&Gj~|ZQ1({d^HeEji`U+`etg*UbO&j(bY(-L``%8?FjjXun^g zMkprcRGQnzkF+9~wW>Q>pojGYeMY;r-k%bOK=kwVn_jfg%q#g82mUmxon6E0AK15< z?!`AzqHUTGbZM!L?FOk2Yy!4kNpAtX(WfWzQ#t4(5#u|7=L{d+zLcC11_gYIAmrT( zzSQ?P!zyjNzeYSwSc_WiiKuHR-7RfG*7v$|+;)Q)Yz=2dQhw0xj+gidq!ty^Kc(jz z+t@5;V%;R0+q$34sa1r}le)>2SmB~mfyly!O77aCX^9IwQD-qlgV5{Uk1cE zrAwloNAw7aOs6NXZqPm)hB8_ewKlUIwSwXTmHX`3VV73~O~7@{Y^I7YT5mf&VUJZw z+>gD~6Ev-PE)5VT_6O{72dYo+7>@cLrfld~BuQ+g?eq(p-D6L}*~2vw7Bfxq_5@7uajnpR^u8)V}ieFrQ$?}J0oNu6V-Fi(3o(p;lNmz$xXq2J`XSUV7UE$vVhZ-DrRwcxgy z>SS{<@08#+pTxWbdYT4Bm?%;I0+oj}uMQ)`qoQY@N>~2o}ju$0j=* zUegTvcQpW5(_#RfY(_nj8{X#V!vVsh+q{@~T>0O+_`g^PKQ%WWfz1G_h;doN!tY%Z`?u6zNmhbtuM- z`L5zf-iix$qpd|%Z_`lpwKwLFHsEblZ7uN9S(n;3EfHkS%;dh9g zC0jG$b0Xo_=Z4t`5%&yOD?V05FSoXWP!4E9;D3^gXYD%Lg3ELPOx{oNcvnj#2BXpF~~IRE?rp#ARd1`DY_gYfCszYGXZt$p3)qW3_U$TH!HYC(sO zAr{*7>?C9{&tMsfpU_x|2~}ne16??OWh8uE+__u#Jllfi=A1ObGy2P-Qvyyi&FM9E z)a_S>(ekTw_iv_n<0;&tyT|)RC;4KME{_GM7V@TboB=ee-t9U zWlL>CCsn5y{>!Cjy`!)T3kwJLjwW7zrYf?bk9lLmGCH>A$1#B-CP8fsgD|UhuzYWx z$u4SouCR&?(-(IdPySDxjH;ia^z%CkM0nj_idDnY2~|`W>oFCq(@C)6w)cz%24)yu z;z~K-h)YE&`ozkV>{OX(ylLj0$F1J!#ni|vMPLy!m<#>&m7PySP_cV)o(d;S@F7ii zCz!|2)+sW<%r*$uDMurCN-PGUjG?!EVD)yGRsv4^p8T$v3~tCnnU5+xTas~I_*O>f zP3tWQp1iI)w&=~2X@N#V=T)GsW?QyV6Qobm;IKjG-sIYi(J0Xm%wyR=IY8(^xx3{N5wx~Y@f~yAoSE5tF)C2~@E)1BN8MUYj@d69fuabm5{!_JB}ug#Ty zQ$jvD)N0`^K!OeRTbK+{GhAFYS{E>{!R2w7b%aMK<+Rw4`VfM)_bbe`+`en0 z2%_~Sa_CkBhYUSosxb-)Qn*%-K6{d^If$Y0$a322vi`K+@i7)#6R(S)il|hQG2+%xd@o^E#LGw*h|q!|HDycY@=o{E*za} zeOdpM{tM!fF0ur$6p3uiEqe4|fYCAGzB^h7Cg$OwdX979w2yGHLw}&rOz7l=8RWTt zaMuXZ^vVxREH}Nnzw{_$ zc&{JhOIV^aYEsxFS6e0w6Q%>gsZ77C#|#Kh7&_co-S^8oNY=wy0@45o@xomENEZ(C#qh+h~2#2j=MtVyi!Tm^XP@VS92o>7R zyy5k5lde6@E@I%m)*CfdZXg_HXGRIB7wGNn{Y;82D^2rYENSu?pizU*_h*~p-f;g( zpqkA+LYwA0%RNYa{%h6lS6oUx%~e3^#xVJO$y-{9DN{b^9mAIf_$z>0gY;T8I4{q1 zAwCVQg*u9WoZhz%j#)bA)kO`~Bfzg#+CO+~A{lGWteAh!J7{>$$LBw@paBGJvQ|TJ z`m{^hnx9rYyet|35WH=vk$aV(ZYJa!k0x%2c)Vym8kuOI60uI}N{wFv>37qZ-gW*( zQqlW^Rj}+?W6jUiuOB)hMbh4QMo&)^Y%lGyYC50hh4xJrPQL3;RvdKPduIv6UXca0 z4FbAP=rro3#SXF8w4w4zEC>L!vGBXn)-Gs19ptu>&!0l|JBA~4eqz5l=y;^Usa8T> ztkN~f%`o&yNT=t$YHK{{C}z5?o5>@3x!x(Faju*#WN1?s%QlL*X<$~b{ZmZv7cwm7 z#TsFu&<`1R^Emn`pILw1Ec3|lPZt=knZ?!P5$JrQ75Wx9Y_O0E!wJRH!kS|x0+Svi+epW-z%KX#iq5JuuzIq*&jy&pVD4D@5XiBk%2#oa={TU zqtUkhl!hJjnyXjd+6Upov=+~mWfdaY>I9_zmklKp!>O4lNNoV|xUFe5V>B^RJ3~|{ zSFR%3CHO2jbe1;5SjP?G>^ahA(KjM=zn|%+C13S9ONq$tm_I`PLP76%1ss`1@+IQM z@>5axV+Q&1ry-N8{m#HGAlnsrKoKjX+>yyG`2&~I#JxS`_bJ!7_} z3ndTR$^PmUHL9iDc|B0DJk5q?pmVatdj$K;ucgaoI&GA;0NMB*P=%@|T#^lS zk+9{QbfF-n!HdsI^!VGsAd$XN5(W-u;l21{DmxDp@ z*5X;K4=H#h_r#4&Qy9>@+uL%dL%nLt*@=Tl09){+xu1NO$}=9C0R!rhv@|S?j0ML@ z-9&ybPd~nr7{er*U;DE-O-_fU3SLJ`9jHa9Zruyb#XV>Y9~uze6=_gJI5=379)B|_ zC|XM%)F{B`_nfn;uA;&B^|G|A@QxwSy8kI*$6;X;)h`zZS8%n$xV z49xDj71^(34 z#>}s9tD&!8Kr?XZrst=fUk(}l?i%;8%ET-)X}2ADy+ox|11HdpBKMtpIzCx*zq?cF z5d;v}7@Fnr07YgnA|mUQ?HrPR35vpZF8k9OsX*+e*j;hs{PbF1+n}8UAkmf0K%ec# z(1R?^`r)i3oiZ~Piie}O`0c0Y3y%>xZ-q`d&15tWQk)McsR6E2`eemq!@S~e$;)>U zdB;3~3D53GnP1ikW$3|Dvwqrlwj2}6^E_Lax*6viw}jIG!L_Ut4A-iK^V#S)&5TgV zmp{U_pu+c(ut}oFS_kDjEHviJ)V%r;1CQ1YoTc={^(%;ytuAEvkh!E2bGa<$I zr-k%<6}f@5)R+N2{`*vY+Zu{DKs`zdyC3z&3Yx znG9&?$B!=WXK=$UZca@EW%_LkRxsipjO9NMe*a!U#W7LCNRQTzK_N%0TQ-NkHC~i3 za5k&$Q`Iz#>T9c6R903tkdu>}3#QDc9VxEbWuHucYl{4SAjzc4#RT}!3S0gUjD-z67MU`koB>ZZGI-J3G{Z`Nz6AB=k zphmk&uSx^x_4oDPfG>eGuxQfBxL4&3gb58zTmhmCnD8#wmFtF+`NeP1ik|{$RaW-A zt6t~~zr~BtkIM2rE(vHk?qWBP5;&Y?(?=LgMt05iFwU$59UrqSml^3fJGn4I&%Q$k zvUM?_CcFsSgo#xwpxJQeZ2cx3-z&U|i&zSDW*(cNE)^XvM(Lmluf5am6-!UhFrR$T zI`~Q1{Gm@~s@?HPwFoA5Lg19VCq^!~>ZYb&J!;g8;4Lw)cEAX)U7t&+7r@w%zv@+r zS`!ru`Zj6Q$-l7U?;Yx9kp9upNHFWP+fa1p3OAI)c@P5+<@%lRB!1kF(RfCB`)NnW zXMm&1bnAD=(xrE+Fpof)@yA&iNXAh4)?$->rpdu)Dm-x^$by>3kb( zyzbI^T92c5LniXv@Z2&vPjA*~217R)XK7hlc`Rj}y!#lI_l0AxPr|}Cjb5Jjx+z}( zazrRPG8n#XKM+UD4=dBi;pv*U5$7}ZFgbO0ehnScVPD_l?7X4n7;7&oxSeePht)ZC zx2xcM;QAQ~sV9l0E_%Cl4{{VQDFnmRx47CL!gm}U=;i2=e#0_aQ9fpC`o(Hiet&kN zMux7-w;bfG^Y$kkijE%GFuDJ_#U=5~Ab6ma=d3-RJzIJ)hM!cJC{!>rOk~V%azxS8 zZ-@|4c!=$QzgHDuwK7s&-vcXx?>c|r%)CYm6BAP)ugXKYBaM*|3(GGtF%i*Y0;uVu z^#awsng&Acm4X&l36>TSCG|QMSOcAUXJ_ZBYMAY@0t{pVE*0IE`Lta6u%>RNKkSzH zA8s*Dsy~;2B~{3%TiAkIc;hIT*8DM${+ZVa0eKxs?2bBt8{z7QX|B0r17CE_wp6TV zK6wajRu{@yr`ZX)OIexJQDbp7*kn|Zy9_2-V zy6Xr!fM7{UotPtL;0c|PsS!*(u&kvoj zV9E!_0HTAW$Y4N#SOD)5M2I6er3LajokTU6UddsHz`p95Af?dv85}?Ycz04VCFv;J zb>3wvv^6lJ^jJ%q6BAz(g`DQVlvFEK)RD^-?j#+?WWK;{6ckv-c0Eg;~v;^XO&JhxbNL)b>ug0sU1DJE9!fj%t@vQy`3l z!^3R9k7{hg+&9$Bhar*$DH)yB--C z;Q;E-ehtBAK_a5F)L;iGCD9<*TGcfnHLE8&j^nCR%`Q~~T(1N{2|*|z#wXmL_R1Sx z_;h?W>Iu&TYPE58^(TEa`&x5*(^YUSZWp!F_dyhC?Ew9yu-x+NmjmpJ_%>UULot6A zLRNFkcv?*uuZQS7+2WA7HBOfk(lpl{D))!G3%1=km(5gj`pnGCPhMpvkJS-%=X8j3 z4L{=aAGKW;s^1ypr&$cBX!D(w@)JHyg222oDQG)#gY)g~dybgmo`-{Q(Ln18bf~ol z1G@UlL6s<|k_gYejcNw^h<+Ot8eJ!%?XH_*FU=DxB7JlOdZV=!?Gi;^POWv(&7|_~sjY#C)X+KY6}04yOkdk&QlW;aALaEy0vH(3beB~lOw72H zw^YK{=j}PG;`Io*!t)9sCwOJDxK_=WFm}(v%lwF{yH+=Kcz*}F5ZnZmwx<`Wp-Q#b z!x!n)?O|mJLDOi0T(oYj%}1Q3wp^_`x+mftI=L?|I*cY`>taDR)}c9vEmhJAXJ>@C zA3cgb#aL@0Iok=6k1U_}0p-WQ*KgmeINu~&w|1OO>RZ>PhGJl=t?UC$2|2K4lAw3G zDQ7_0mXDdaQiVlUQc@6Ls&WuSyOSHW>#VS#@y6k*S2DY2t`eBd#o`*0D&@tZv=ToQ zx1ya#;>~6id~F-9-s~0^_ukmW5EBy%sP^~v=C^mGT`6999kSbpi!Wn$)~0NN+<-y4`|t+DaV#o#cnb)|SR)gQCO>1)h`H8jFDYyPMSs zZEL^FlSr4~fogHMLZQCn9>OYmJJrhBkBjW#Hjg0F zOS(g`m6dxIH8|YCNtxtMrM$zNS&R(5n5un-DD>*E?>X})EDxb&60__4sQymz5_A=@mF!tIh}Jk9en_GJiCgzWZ5<3 zb+w$(b{nalud29UND&>Gsmw+O4wa4`nDj*M0OYhk(qHT2cGK(a0df=t!fh~Z2ygH& z>?%st+vHrHCCfe(OfjPD{HpUbZ_z){f7_nv0o-*4n4j^A~>0q>{QWF^X%;P2 z{fR?v!yH2^`^zH(hl9E415_}dHib&D)SiPwE5N6QpIekV9e3lbPU?Hr%TdaqUK>q6SX`KXFC&+89>pldd&uvqvHN?!nm8eXJT`Rjvn2aaS&2KOoc z_LwpZIP}4z59z`a-+Q(vXITu%%Nori{eelv<()noC5E)qB~^u+P2QXm;7ja+0zJ*8 zqNT1W<0FP_%Lvd=Ri{E@;?E^8-JAJq7gTb7J?T&HvH@oGBVVr@_*O)RR(SdDo zhJEKH5-08|(;#EDBvcAqlR+`jj@A!kHgM18SKB}C-YbfUO>g?4E#fNaK;=ftw;C<* zE6?&?YR^dwgfjt%#nl#8hxAgvMVBDDRb)niU*;?lvELZY^u7d;xH#E$Y)yZn;X3$B z!?aNf#QD{&Av=@7ZQMnxfY$r3X=vEEz5!NEwJ+Ld_M?GHp&5^0pjp{5V;0HFRa7 zuSQ)WNGcAKiqOLfEE1oQbKNpekKa#0gXYYS6)5j($y9$BeL*3YlFwN33Xkm_P!AhV zvXTYzR*s)(s=@2u)^k74;oH;%jt7c>v=jVEL;L4$&i6y+o1B`0pSInd<3S^ctgAdc zJ^4tP=e{xnDw1N2iYy(Bs}t;d0jq6d=i0{EjbbhQ%F4!bHYKvLa0X za>cI><-qwjAQ=wqvK|b5cI9~T3*8jNmH>pCArMfX zdb5SE``O7Vq~|-VrZwqx^><|iD$&3Mk*r4@sUhGuR`~Bb$-Ug0sGcYXm=yM&&$++y zoZZj69Vy|3k|o`2Fl~dTWz!%N`B(RV@YkjPOWY-`;<#z_FDVd?HZIy)_l`(b^FtFO z<^W7^EF=9sHV{%*`0sxAO_bS}2BUi&^e|$DF|d;xhp!ydoztPe0_Z%#9raM6y33-# zD=J}TEHAX?ZX=!MNw>Q1>OqQ&8t7l{_wAUBJ~qw>zZQpne60l(S5K%yC)dhcl`){3 zUSZXtmBjN)PxyK4HeazyPBmI1t{!9+SI4yi1DTH2`atiSk)ZUJW>#jlny7~T_Y z+OPfXB^uL$T*h_(s1H+Vy3+?DaU(=qmRxuoWJ)*Lh1gcnF^0n2{Kb|ULVX?`y)h>o zZF_#eW!V{!W22w*bOT~tzY3!swZsj8Bnoj_aOqj!o&+X*jsplZ9G&$lYXN}~x6Wea z3P7X~6V6WLWFo9GdmZoSwRyHk3p2v9#CKb$$+Tl{|R7SxMPP0caWTDc->rkHsXA{Nzqz6Y5=2+Cb z@x~{`Q~P#XDy z*x5DaL_R|REh}6^G^dgAwmiU_@-kq+!Ic)zY&>(RcWSkO#GAA+EZ~PC-1Q?(O{{tz zyJ2tKe_Xs4;p?p%2#Zgyh>QO%K+1C^GGvD8pJu5t2PM%0=Ej`h>kHfTotz9I+u3fG z+H^2Qut=>WMK3%srayt9=Q)m!Lgqe^*R8>+qxcI>piwGkg7N%1axK+zw$@LCom+XL zRJRD$WcMekpRJ={WMW{cZWFb&m1*$aG$8e&wzNCn(_E)GkSN&uA?YURYW|^SMIs&D zlKx90{7n3MZn6~wN8f!}0w>228itq0(_@nMfAHC(CVgMsVmO8CW~v7W}Ff{{))n1v>*v z0Vxiw1&2#RB!hzE*J5!KQ3;g3(F#H@2Gx@Mik*f&_?+y?eIF~h3S19yPV46Y3Zk$m zsgk1B)_iL|qF&bpt}9pzRE19{Fn(=~lM}s#<`!@nvXVe*Owf>53iz5W=m&RWi|Qp7 zo8+CT9<0!Ex(~IXtj>uln0GPiUT1hz<8F^C6Jkg$00`F%? z2YvwVX$PA*I8+DcW2JAu5%w3zvQMoTkMvDIziY8xmdxdl5!ac*@aC2dq??3%?c(Ebs28&7rL zo36BWg5<`GW;;*hPWq>$c1|I0^~adxyN6i5IR37DicZD=u`xM~lCafGhKGRPtJfv=#I^2`m9X4+hD0)) z#()X;D#of>m{BIv2LB~nuQ4L^jgi(=3`Z(y^-5LNQmDmlNmsd+5CxP5=x1_em85SkEQBP-~B8?C+Umge7}23iJxtd z*n5B?vv~%11wdQQBX*_*N??8INsKKDTo9hNj=X&CGJjCtjn@i#PF)R^8t+EVGx7ETz9Lt){SCE4KAL?iZ2@*O$8~A=>m30Rgo#i;-q4 z$_Q!B*Eb656rSV5!RHiV0WZ{rU}_`;5LQnWKbn=LaU?ucYgul`tkkBJmvv7!c;u@m zx{sRVp6P)ir0JmD^6LDr^H67wYj1py-4>*w@m?vX$+b1oK3sT=4{3$j)4B@=Y@~mv z!u}ej8RO&75=#p0vcT>X@122uK-x3JIxAAeb#z(6Jqtkjf0mwDW~Wpv03+-D8Gbc& zGkYoq;!I~*Cz(C6<*lUr>Xe{;N1RKWHiP^}-fjyc{jPp1FPyxmUW<4zSlB^>i(6<} zr=AM0>^3soV7{5r_A?Ij;-bP$&h8}aawp;=?E?**R>=!~o{5)SsV^QO%z$*zIG6qk zMeBB0KCXPNW{G4a(?9B*k17L!l1I6>MLs7g@Y@Jb0H&x>Bd6`ZcmuRA93-cQ%EIYH z4C~!GaA>ie3cN2x%O(o4N0sk3r-L|LUVTOPzDr6#w_(Zc&1vnLG1;eyIy#+b97_xP z6P*0@8E)vepEAbF=F8RH|oABG2>YVDicM+P*}jnV&Y-?p!$0Q*i2q=CdfkaN`Y zWN6dyw%*FWRpqB@0b!&SdxGU#;L6WRqD9hPbBcw!jM-XXlg~Oh@BXD8`g6UK@PTK_ zTJ<-)1E%MMk-;cuFxT;RdP|esP9m-%r?tPJ2@TP| z%oksYOf_||DR9)@pWFnaVHKCmO4>O5=bpLB0(;i7KqwaujO+~{(RiG&{meT+->P4M z209Tqi}}FS+qZ81mw&j`wHosOGtv6%x2zA4Zsk@C>5u`I{0eABeSFI5cn0v4)hK(v z#A~}OpZ=0NbKY6kl`6PSbFX*d692imOOHB#8*L~8pa~vh|J#d_<23{4QKy^r)X!0b@inE^JeDErJ_*v&&!V8Z2 z=fz_Gu^s|2WWWtQiDf4Qq}>zrUFT`Pe}`Q$|8u%66{yov$exS-m${D<6Mv~U z8LLN!j!psekS})La~^@khdqInDIO* z!C~>orbKRdnfrdSeMZa=;vAL=$OtDvTAyV8%UET7KWl>6#lw>KRal-g4ZpYYXS!jO z5#1(Zspeyh<7-$Dd1CwZaaWEQp1vYon1shPfzf)#l9oAqc_HRKB;kzPEN!Vmo866< z+*Y6QuB(2x4IP+CDgkg8(0@dY&)Nuq#Pr=}Eb&@}fgJP?*7qN%(vo+Z9MShe9}yBR z{8QRILxE+0R|7B4!g3!vbTL-?>=V(}AcTt71S9Er) z1MiI`d57J&o|nUDb?;;pfsF$KMs%0(1#Pvo%1HV@90}mcxF6s9vB29#XG~&mOW24rf0%1KiX&cQMf4*%MLnUxw4Z4_n-ATg7Na<*$tC#Qo_L z;3$TlAZUcF#w)H=ra+S%Mw?Y1hcc}6|E-Wf7%-zAs^CeG`QvsCe@4)__SX(xd#^Zm zV){%kcfLRwFcbCv*Gw|R5T;JhO}{yZflW7oZF?2_na;bpB4nkK4{^1W2+&jgKTD8r z3o{|a0d!G{4?ca|3F4>H2F+CPD;soKj0e{SIgAHf+_nD+V1SrRCZO1?W^2y~821Z_ zb}eG-&(b#LeVEWxh-xXbpY7yy1>jl#(-!{qFJrHPFjATg#M}S=g8#)#-dsSl)STll zOsKADPyByz6#v`qreF#XJr+XoPF=Tx_&5{{Z_jJJ6uND72 z0dI4R{GAY4)kAeRn7!Yx+(XUZkrq`woW#`V9}@Kxo4{Ppoh&JbdiKOIlzat-xgr|C;d&}MA{eAmO0$}$%7LJoD2(7U5L;z<>0lU**W1dP& z_&D+Je@t8&wpcXPFdMDATMQ&iE^zO2CH}ol^KqFn2I0+E81-rU@YkdR)QbE9*D>Xvx zCygU!ESXapFRwJOU8ntwN`3_R{0mjmA zuGlNe%#kt4`rz=Y-~Wx5EMsyT6@M#atDM*w?^g{uu~x`R?k`J$xje@A_pg*~t$1^~ zKd^#ev>43pnuPIec~N=%SDbyO>!JK3Ct3AqucuuCC8dPleW4IRv8-+2aLnW2{T`Ao zS|B2lkctNJOIH*uLHe9rTGe8HcG=h5@3^?(prHhgHSXcF5(s9uZo;#-^k!egVm+fu z2lBwURBH4^xUjVR56qSJw!nP?CozAGr=9O9z~(PKA#yN7D=k&FxS{H4oC2=sC{_Nq zy*qj^LSOi%T#pUtqM_>?7N{z4L$4O)F~&}+sb1Vp_% zm=xEvs1--|7r3iOxDf(oS*8LQtSu>wR#$$FOr^;dh3T-x+1(hU%(l$rz;~?9?3*}f z0Lye0YabO37%U-K+TB-Ooh&>v*anPq@%g{qicPS9U%q$@0)=68WMtB|3V-qMsN*Qx z-me^iOqV1GYu7J4g0# z8q%MDfAu9MF@D{KzxX$5J9|u`_Q?!y7a8y-A_^KU!Y3dKwzf<%2uPWnytBH(z^yWr zWEmr_otQ32GKz0AN4NWeR>RIhSnAq5(aXcJ*^yQ$jAC{-eK~>k03enr><>tNM1pC| zr5gYo&z?#A+f0x#@)I4Zy3hq$mjJ8)BB6Oau^0eVR2PEmlP)ib8LkO(s&h88%myS$ zU4Fx9o~3D#ODwn;Ptl-ZQKJUIv}n+E{;Dvk{8F})5j-VW9ZD=Raw;_E>@fS`YeSCiyvR`^#CQD^4c{HXL z;_AuQ57k1!z_G9tAS_4^-%$7m`z;+DPRRj#KaKi zJT%H~_@n9rdQN zk8P+WJ~o`Y(Uuo6d`Ykxw{Jf?eKE{LabY_ zvl$O4sU{vJ&)(*!<+opquw5xb)t^x&KMsrv2$6GpOnMltVVKZehvekBC7=axE`D%w8Buz$k75Lfu=#xsg$z zeN0iQSp4yXj6dGXf_pR-3;6DZ$2|S8))&L>v7}=4xtD%UD5C;?6(|G)7o4QXl7rnp z?M*!u^!BzgP>V@jTVFRATJTu+M;&2fWJDG8ehQC_;H{>NF<8giP&jj_J?Lm#p%}El zl{&Ej%goGN{?N`J2#+G(^vNX&Ov@WH#^V)4IPn3;ggbOGd4V^CTE z>>fX@Mj-!0ac6#1CmKG!j@4UINTXLHwI{JKf_~N9%`#y zt<|;?JKY$G%tKzdSt7w2=doL}33N`2iVCu4V&bsh2u1HHYx_hE21Di>n-dc?+#gn9 zUSnS@cm!P2k4;Gl3BkmdX#~Yqv*@@Ds0M}xnyE;Cd(5v#p2_}ct;55<$AF~NaPy!o zDkY^@jbNepHJ9T~;Q9Ux(-zdFy2GiUwu?PF_UXu_chw)K zVF0Q^&`ct5_I0n{{c@*xxzQ$lD1n=2b`uBdvlz!dPdDeSeLk_>PxX7ihe!ZKML@+} z4EJbMKC(-gnBGv*&@#;?LV2EZc&%Eq<)Z^Bk=hsINWG|nqXbL@?+tFRaP*--8yMpq z^n*Ep9WP1NrD?jC-yU!gUA-e$qvO7kL71Vs;aw=ZI_EV2>OHph`pt z3Zj&aFpN_-{1%MPZe)~~nG(a}uDkYf<9`8Vmk{gO^JgE_il z>ZjWh58-2q=~QfkZ~TsT?$yT2&ShG+uRVcC@-L{`2@5p*dfs+P7VDgG-*Y;{dwV|} zc5^1C;fC{mdY{O%jqY$THnOjXk<4b@(IFhbv>x0at8b)>bDG`u=1s>Dv-6v_j3=C& zoP9kCrDQPY|Iz{wJ~W^2P+3LTP}9f-7=&6TKO z2&>S-NlS#)U=PpM9r-jV5Jv{TRm!K-LWbSgc0vQ1$pcSMPxG{n4#8jxMMWkhW#y>& z_}pS)-=bgZhlgdC-)q`1fgTr~e)7C;`SmsFer_v=Y4U*E0(p;olnhQvSbfX}h(sk*Okj@KSknV;#`1$_k zna}ggZ|0BrYyRQoIo@;5-fORXueI0a8r9r&4^lhXvIgpBnGbwcZMYM6s~1FpT@Zzv zsc~`Np~g0~ zr%vlzT&34OudAx6xGaYlYaHf@V`HNjKBnWrfKd2U9%x9Dm#-7^=zV{GlbwSG!@oPe z!@;cB8*Lk_cc41mo6s`|qY!c>x0(K-O|mvomiC>Ub5XbT#soo%-0!$jcJZDupXEfq z!VypF$Nkf3Wj2q}F>kyUUl_eyO{Di#qsuX^_RqR`8TOiKhnX-sg=ARSyj3yU9aL*w z!e_8ftkQB=P%+bm3+41+dM0Vc{I{e@bHDAU`1g##NA$IeXP%W&N+7@WRb6WnJT7+X zps+ydz6j&`^=XTlR&derwy4wbD|L1CgfO?Iv6p}t2YsiRjsP~~LHBqZq;;%|s~Y4~ zRC;fyd?AO2mJJ)5WG^%OZKlh6feqw|j*QeFn(FL0-N(dFcjifSbyHIwI%MU&n>RMo z5{y}Vs02I-mmex{yFxQUPkJHDZoJF{P`cQB+K}{%5igMIlBz!6*+)A5f!dKmrL@E+ z%y*HhbA_K+^qqf6(WMO7n08U;uBTR8C2}%N&*O7)T27)#NlSn8b={wfTGqNR>%In8 za>+ZMpP#=O-Cs=bznPBC_)~j(i)f+1<2|EVV>cl)Y*g0hy1Nk7R_CBCQ8`2>EKGiP zecn-V5|V&c*w1u%J6LY=inwcHB%bdcP^O@si#2 z(3kkNJCzWj_0#PVcvO&V!sjfKO+fhP>bgH4f917t3DB5o^iUHq#EO zS}bu5@9b$^w#Rk%V$zu!ovJ>~8+|Mt8#AVRp&;TXCU*K~_9>8<)8L~9@HA?TEKxAZ z&Tj_|UUuEtS-_Ey9;FoFbm@CRq*!g=g_15r@;Q=TnQ;*_bt0}{aD{3mhJ~X^!^!aU z1pkxdn>bHsPj6mDHg1NXo5VctkC!U@1C3uqBBP_bD{>@>Z18F}6sg2~5y|-MWPrW+ z>xI#1Fp-~bU0*t$YCee>GHAYo!C;zk<2+WQIThLBB4>i8GaeuPCV03joF<4%_1X-5 zMnBBvHVR7S$wU`VXGM)DMnBdG$c_SWvh3SR%D z73e=ZSgbel$%*5j;Sd#Tdd1u;Tbi*#ms-!ISZeC;)>ii{XgvTq zI)MzVJZ!*~u2e}c00UN4s5i3KCR*GK9}3jq)D|@4RE`C5V zyHQS{1Pb<6XmOt$kx8r7fgv5pNMu94wlylPp3w&H$ckk3UH7hJC=ScfbniSFpqr#h zl7Q5* zdP!fJTYUSIe~;_Ou*l69Xj?O2i3=>A80 zQ>&D?uOX2PKyiv3ASR~s)OUjd@%dR*9Qd^yth6(dtu%W}cYH}dE|t*7NR*mYef(w` zZAgf3YjhU38f}lw$%S3e9&S#-gk+IK7nUYD-*HllZtdmreQvP#RKFNy{~4GdIBrp- zzLM5R76?mJ%rb1j#a)RZU{Lu+hA{qsY$j9U_fT_5az-eX_S*5zIhE{EVn+9wx;|F5oO>;9itp_&suPf3YdY!zJNodjilbLycU>NkT->^W65? zI+uipq8ht$+G`e%g?CjG90qmd3@RDWu+^@~;0FDf!Jan#m4V=Uz>l2-%B$H)E;eP6 zEuMwf#XcmXfleBn-*_LdGZCH9#JnAlUXM0t0-loc9!$mwF9z|t$ZgYfRZmZ zFn`-PG>2EiO%DemIT%Ywf9(L zJu!)FW>~K-*W-lobbm^L zO>!hnn77gAMtLKW9Z&9RIh}RTN&9Fol;o#QRmby<{ zMFkpHWhKAM))!Ow4(u~f2~^AxvnJq>ndhzcMb^f`_Nt1``}%A<4;stSTE(ECeOt&r zDfDSKOti%-Q8ZCC%7}ya$75b==ZRow>0_TE8*(mGM<9WW57mCC)G`2jyr<C_3Fm|k+n1ool1AKq7TUtFG6e=ttKpxBPZi%k*U;6X^gSayqP_=HYJ za@Pm~``)5|E^CqDMObX`z@+!PPHn%wzq`ip_Pc4hz#{|&^-}uCZJJ9DZnyLML9c$X zl(z)@{_!5&akF{Ml*zxt-hbF$(%vwWKTwR4PmR34>i`te-7VF8eXWPD_ohe)uAWMo zS~Uy%mDhWC`1xXxJi^%fJiW0Y7cBdX)a8f%=+85<^`G0+41EmgN^*+r4e0T-a@XO# zlp({GBr9)GFIH?&v%5Bu2ZiHLYDkT|=}wyU99q>jKOQtc1f)Ndapjpu_c0Q->aQ#$ z-Wi)?X26$6Zm}~2KjB&{GCFXlt$RZ(-pVOp4oc3+8oI3|4cVF5IaMM^u0 z-y2QQg;VX9;Pvse5AX2gf`D`6QUV(4NW_@&02oLp+{ib|QYlSNBwF&U9P}0^0~ueZ{4Ey(1M-qF1JyM z-M_+l*^z_K6rUN(ZY<0oME1Fil#wIcJ?s9}fmP#j=(AShsOP*vmXM}P%*Hs43CPhg zPD0?(u}zWecf{}h%qvxhiO3M}L_gK$ZP?&^eOIEkOHx5J9g*Q^oW)?JY0vT+d(mCW zSc-uAG!`Z8iv%1I2+gXqq$P`UTxMb_lSjrpdT0Z#(1d?CR{H=tRY3e<*0x{&Ya^nT!PW5N##DwA^GR7j@P-evWy}hV~4D zuy~=~%^^R((0FZ~>G(@$=<~Y0J_G%zU_Vxg<&tvf)$mu-^B8cY#~`tkj8vcG^A3J0 z^($2f)w)`K9nfpjWly{>gZWL%U_|+6GA$!D7bB^@jHHmzn6C zX&k)XQ!~piSGDSz7^{d`xB2yeMfx5NgLuF6a#^Z@a>ttNRdTQop1RikAS5 z$bq1CV+#OZ$cOini8%9PlM4n-FT3k;PkvA}UOnTY{)`f&Mq@Ag`T7hQGWu{uvfw-s zb?n^kB+`3$Tv8sX7IY#?yy@q6afh>p=6l(3Lp%Rf`NY8Md@TocKXHqcSi(WD`-A$+ z(@pQ)796p-N{_?VN^Yt`v-$0aR`97@YV|}jHz0HP2b~`Liw{A+ysyNQ#SAvdS%`lo z>7u1wU1ctM(P{-@AC0&38=M3Eu)1!6;yWct2gbVaZ9uD;TsIuW(}o<~d-V=@`wdKf z!(UxnC<)C@9ZOZC^FBA;6zI5|JKJ&U`Xq@lTKmxcCg29??jov1VRK))gTHoFA>5(u z#xQ+#n#k&cD71$e=&Q-IQ(1w%P=_HJLBRU!qF-qB+3dBai2PR~%6*V=)fmf60_$+}QGJg-gr2XsicdaOZ>#%ZD2QMnCh z8hE9=;CP4IsDcK)iVMA<&C_y^Ii&k_9Yw}f;U~uRk_p5yU2c^nBG=)56)FS#shyzF zM9>r`a?}kNK!i3vJML{1%TY)kSwnld#rAECOQ{|)hsj_mHa52EHb#MVzSb_P#Oo|> z*oD8+@bZRQcU&G7*MNaV`;LY{ThRZKvmGL2@A|g)n4*4}e(;Vz;KAxO-&QKkh|SOF z?a38xy`LElKaWtH5^x>GuDjnA>(#T%#DJo+U-Uv>EsvzrT?KL+BCrU)r?1kl0#Q&z zm6Y#?_Z^}+ndm$B_s~hqP6Rk9+i&}O{BeSoPA2wq8qqtBtB}0P;bO?tf8S3&bba=x z-~8es(@*WR`TQ$F+)-b1@2uE8?aF5duu-amsbL#Nx!x1F7~9J?rg7H*ZUc4ww0 zr5}RvM~<$}rh|3rO`iUA+hMLqugDzqBP9pJu%`RXv#^POx}eRK?@zs3*mc=|=OuXI zb|%)-`NHIWGZ_FE)KM&Ee;p%@1v?mqcxMt!Om+ zAo>%+5p7D3!+ZRTMgbpagQnp%k7YTy2pdrbeMx|0p~)dj9~0h+*mAK?fTqAXg7#&4 z*;97K8R-8N(cgJR(7~c@iVt}JqGXWMja`*`Oz`wcr$Tw|rxIfPv`z^(KJXl$?Hub1 z;dU|cgVy6IguREhV!00n z`-h1#Km?r+n^z5$jArlnMQ3$q-4D8Ar1i?^S>L;hq`QresXYf3MW&8EgK#wNjQpy~ zDX30BfeNsD<8k_~(K2Ut+rkTG~lztIdrH%`38AXc2;oeQkLIQ z;!yB*x0S8D8s~^$I+dT8SG3gH*l9=SkztK{Wy8dW(6PRh-q^`k=@Y2#);xo|tGUrkLf zuMMzk6Ut;HByintCw!P`@Zi}e^QvE8{WUxk8uK>GI|Aqjx$+g^t|#1(m{XZw%>A(T zc+BOe@ZLn=QR;HQK0~0>&*5d?i>IlI%WemYXqZ^>tTN|m3Pu8N3TeI?r{mZ_#8D01WESucRt2SspVF@H;0qrZCOd~KpVFvm@$7m-$-g(RgbQj^-o94yM0C5zIk+B zqW&2JS~6~}wQr-wd2hryg16DUl{mc|G;13N5)rHtpn{=J&OSQ;nf34ss0ro zih&S-skjp6^?6Zw)1qKMM+SX+W7aN9rGjfc;PE13vb_1cFoo3m{E+9SKSJLAOJ5Z3 z2mTj|92_79NEVM<=94)!n$SF_ypUXEzUbRS7&`ujEbcxt$jYc;Eslln!%#L^CbplY z?y@sX)hQjk-?tI?sx>IcvFDosZ^Y2xaQx0HG!_vm_MCwQh4iXJf@1q8Lqg$G&#kj* zqMPF+6zDe*m@4t@xsc$e2L03JpP$G?Q;$=nFvp3M-bF3i$1AbwZn;=_zv$qHS3X5K zm2Tp-%f}hgEMjT(to;M>x&Wm%`JF7XrcTGS+$e{~o3lQHX_4!$-gVD(Bx89mnH1he zNtP!=>=Ew|{8Bzk%3>=(sB2*ZT5yFg$AM1v&*Z`A@Kd|_8vL1&XCBdPi?_Qf<{Gp> ziVf*hLka&?8SV>(x78H#xIb*IPgkQn-Ex_VlTP)G77`Q9m! zpXp-^h9j4K!VEJvW$u+1dCVQ5=o zbzJW}Cf-`qUHEwAX_Xod!x+$ruD5iy`d7IFmCN?R+c^fbEdK3x{TOh3Gf^p@SN4Iz z*#dmj7F6RC<8(5i0%6`SUV`9N28Q7JGHep8o3|~U5|T~_B5o`oH<(*kImLJ5W^bCf zG>7(jmQF4Y6QnJW!xATsZX?Pr|DTxaDU8G8sBmk2nl|sKWar5;vwKk63;dh_USTgE zYRJfJo9w9i>*wz{4PQemnf0YLpTg2P#t{rkLC+Ae8vCjFmT9d;GR)F@@t;4ua%i=+ z?-QUid*H7J-wp**`F)L9e$b%>b9{Y@HrN;u!|^9{(KE6;reaJ@$Yi|e(rrfzz*<*; zNGWNUK!I7AbHs!Ejcc2zHfA^dE-lFLa7QA1w83YFtqQ}wcO>J|{gyVoKd)rQvex7# zIwM73$17k1!mxU4zYr9TI7IrUPk;w*af3sd(1-I}BR$O_sh4YHtJP1d9Et#MBPl(9EoH4!Eam3d+~7fD!l^CGjbeTmf`w@F zE&d(f&khcUWy8%(poy(OWw=kxP$+3fpOg9iP3eIjE*rlC+xv9m^o#ysNrx}4r09JD zY%~<49E<{U!(Rs!qCZSng}DN)H}U$01q8(4OQL)8wM+}%@te41CF?nl`h-P zK$oWX=@02m51dxm`0;Ucb3w7(vN4oIoXVduU#~0Rd{whfSrrj)7#eN(37(BetfEdD zm0Qr;-b@P_pj2YrK!yR^I}7~aVpn1eKrQE&BdpeDiX*YL`j|yC%=_B2ORGm(Yr|)K3}JV_H`sj z3-g!7R3>Fk!#o)*r&h;CdQ65NF11eoMov<0$fsED@XK~6gMW27UUE;91W3DN=gKSOL( z_%6TZ;0X-%aNmmx1L$(P^}N5#rNPpdK()mLM(>orEOt)mq$mJHcXE_|r!Sp+PHy$j zul7oHfizW{?QvJd$Nt;5qF=m)P2w7Mh1^`t+k`Nw=(kad<}+~gCing4nY)dGrRj?rYy9~I z1yw?CZgm?MzHl1y@^iNfb@Wk8FZ$`H&BSW9aCO~knHQqkEXNy&83RFsLnoV&$eq(D zXJmcy(w!?JUKbH>0>9MB3_q`O=49eRe{J)-z5U+DqHF|f>&nz@ux+09X}apyy@$F( zH{0b#0=Fp2;9|z!^kv-!X7Fuyf8S7_qqRddx;uLXVP7QL$W9|hqNfFX-FWzGt*Iav z2#dSUCG5nv;dDHbP9o?6i30ZOi)v9=A6g1Trr*`d=;osFJ?{@V4=VgO#A)3Ua2~hl zV9mqiwdspT>>*a z=ljUY?qI3lEBHx}-C>#d>Gc^w@~=paHhO`X2d`r%gsX+i<3s>vKo{aOV*bjtj}3x@ zxQ$|Q^oKs)E>EcRNqzm|cd;*mAKHly2$S;`^UGI-z9Wo8>;^t7OO?lg0nd3Z(iQkf z<0V@7`!j?bT3M?LCi?LTj?n>Sc-SY2ll|TnqPVp^ZsKdvChB8O%}!=cX>;Gd^}lKX z1d#;KNwpmxjdBjEa zp_cjjlqb1UuqD1jK!#aR)gzW54A!Bn_H&fv%=gT??}tcTrtU5@fqEx~FF(Fb;qNPN zW^B@dA^j-@(-*mYI0N2Pmf4k9VriuNEO9Kg%y=OY@3)|pWWaYsD5-XbkA*xlQfg3C zP}QLJJ)2kGf;S9n4Z3j#Ru*(y8m;C_tq`0$PXU6!9v1GDogmEQn}KN5W6{&6hZ(8noC2oqkI z9zWhK(WktD9QW5jpPI*;b~x2Y$t?CT zrwbH(KO!Ko%3lrhC!1cY8hgV~3CCuZWlCPj=;2n`IP zeCz~C`NpufT$*yRSK>n7b&1@Z_YWZNn@D}eGU1DXfu9EOSm<)nfLW1|w-zG@ z`OWkZVZ3RYe}2(*9RX-4#&+IB#|Bhe5l3VYgAv5hw9<%-GNex#(%&Y#7K_lowJca& zfk#G@att}-nO}8q{j!muNU(WJ5TV(G=tSEC8T54l)5W}>T5M%HKhWJ_2CW>u^Mm;abIaFVa> z4AqM-t-W-*4S%X^Cm~gGR9bt_x*fbTx_JXbQiUj*CyF}Vizj|b7jQ_y`)Lm3 z%-Ei-&x~8*v=XYyo9Xj@(UR`4-a@idM^QW8bOdLeST(aldvTo~uBP$Bw^pm;`3#Ax zafVci?DuWWM|W1qGafQYf^RaPM@D><{l{Sx`5z9WM|f4!byj50(VN3z^x6(+0xI32@JJBFVBFI!!eQjri^P6jzDeCC*9;w;Mh|S*+qrrN7JC$SJ@eUmhqfo~fKB>)uN2jo^{e{mlJvD~&QCrMe+=%oO`=#sUq-Lb zi1!g48f%pNGK%^Q^3cE&X02~$n2JGvQ#a;#NNVr$QycCp&D-7cp9f*9yg5T zy_EouQ(?C-_cd{L#@HNwK-Q~wAb=C}evUt6*LINrYGW`@#yyk`8D5Hji5qVd&venC z=)H})mOroGO2-+(M|B}1E^Hg*?hD?GzNir2x5aIkyw!(g1N!6(G!({QG^;^k|6 zrH_Ow0j>QNbI(#L`N=1UW!tSQXapzej}YNg1HBm{@0<*kMlB1I4Lqh}R5|y5YQ3Lm z0(8Jdbn9dyN@$kvHR*#rxZ48)^7S$~uXY>x{^L3hu_(|9TIgQoxYTMs%iYf!gND=F zj&Mi&*@)0~wmHGP--tRy zRxiKVv-7on^xV=_7YD+iV0uv2sa}3V`*Oo;gdb$^q#3l6-suCZ_PmJ_Sm#dQ$+s zzY;3q;mCq@5b7*aAL{k|o5TCzD#zP8E|BD$RklM3E4d2K>iov4^FE%)_*lIKy=6H@ z;<^37SNeU2q^YK-M@JlL*6K7=I5=`Z?zz22jOMVv6V0h3W;c@=&Pn#NV#!wU%ByDg zd&VLSAtcM7<;=DKkgNqEH&nRjf`bK+9kghb%ahKSt8E5z+f6YLt?28R%AM~fUV^No zqKX6+%&@hCjs?Pxn1QtODI|nkB|~qXsSHT&0letTKnQ92p78q}G5~9}V<9t>f!qw4 zPkuI*MZc(hm7=&M@2mL2n|{Tc9{sAlQ+?={9qRG%Nj^@I-V%H(v}KIWrx5G`gX>51 zw~|DmI0YU7&=Zk}mrK{{r>JtG^g9A>MPjuablWTXb#JjE*pt`cNMm~Sd+k|~4-%d- zf`38dcb-2hj3%!X%~l6IC%;~TT&;v?GBKHX zUvP;*^l*bq^=UGnrw4gfB3I1$BkxEacHCN@+9ZZoY8NG-Lq-iK0`V3nIExKJw38so z21iv?Ie-@Xx{bG_28ghmi$zI#uerIU{8CNRiPpiHy54ybV!GFOewTokj!sH%o}@Ls z$-=W?ssibL_no<##Wi3O+MN4;+#~=GO#Xw&U*vs3HM=U%iH}_uMcP?5az7FEdEKS?I}-Bk9!r)-0#LB|G=ZF7=eI`Nol;b0n4Fqp6Z*)Bv2@~jWnp$ zkTT=}OF3?fAnEcIk7x=>utD$b;nE>&#Y-XZDBp!Zl$?|!`fyj6X0sft1Jc&%0~11Wp2|ICac-*`c@pe7S=DvJ^A83ESBI{Mz8qpPc{b33gL zlrNwurDei@vE-fv3k{SnH>mL*+fEjnRF-~<$y6kJhpY@d(!5(QVHkiQR)*aZdXm>2 z<>P}Y`wATs{1Z5>BMhUKy1t!J+!MNnChTj6|1axH3=UQip_czHbNUC^|196T|7i0U|I+3_tY#mk zjg0*XnsIq^rJ(h*2-5&I1j2dtY|^45lURG6MeQ-1YvW2Gti1~plTj%S_*sd3Y259E zFiu>8Kz5G2^3WPC9U0b-Pe+}>_dEb=rzM&VT&F%%F61uDK(MKz|nny zkjq!`3dZShZyV*Bbzh!&;lAaN&u=XiuS5{%u~E_Ti&#WxdKuGve5-}Y`93L=fLa~R z!u*d}*oUBbPvcFv=eWSqDdtHyw(;K{$sa(OgVB%=D1~J6arwUyLc;g|s0fjNs|eug zWhUi!V6jCXdGi5`u^UUBp$v(F8PL7O=4H zS0O=UL=0A`wDiH8>0@)YHFSe{3&&ijdOGiMVrt(m85N;^y(7 zl?s|;GFVs^K3~krjZLxdY*0Hw!v=cKAhea@bexLOaGw9sIBj@^ImBz!NP`yd7bB%r z_J&%mtV#H3I4M1+Yj9csrNZmCX~~m=@nOlpgp9c*=JYB>(0J}6+RwZ0(J<>?(oaS} z^z+ugh%JbbY6)@LsRd1vP4Lum60~?@Xzr>#FHo<%-kDWl&NkLRK>2^=)1uJFvYSyR zK=y7WCHR%$?yju}OuF>p4B^<7FB#iI#Kl4i`7vm;#;c+bE7-JNuy-;a3h}qA^?v-^ zFl^`gG*_aO6ZE7GIEqeOD-$m#Ao^TKXxUU;rcUj6uq)6u46UxyGITwG!Rl*1RmVMV zchC{J>t!lA+>ug&&qKcO?Z~K-=#>D1uTHkvgmPvKJUdS~yYF>^Q9*=&dWU<@R+-gZ zIj}TmWvYKolL(-BfXu-ewmRqjclGxwK>kt#fsYXI%|hHgi-GmMOb31~!b2N0!72lX zGzVGghPJ0++q+@T2fVp2uQ=q%{A}D(sMzO+O`<_1fg8pH1L9&k{z$2~20|?F^3a}f1wM@+${Y%#apCDV?&Uq|y z0zW?2`0^LFhd7`LC~?)&4#OUYO`XS^3kVdv0=OW8G!f)cRTyM03?O5A7jW@tu=dLTr&>Q%1*Ul@06cfI@Wnb*__0C=C#+b>UFvZ* zv1(*$$Ql7)9pC~WVapvblmClr@o&B1ltqTW_XYKldI1&BVu390IrFU;6)-pZSankeX}qzF2~a=b5FJY@~@Z5zxcP^s{N8leBnqH=6GGa z+8c%NTT(NiI$PWc)_@>Qvj7K-sO9b8;hp&-c{q(k?Aph$r zR(DG|eD)t%J42f3x;NdiuCcfT+gG94Z!zKYFa-E zF&YZ|%l(gX51Y2q)!*etFiTW67M8%Y0%%K_8B#N`qR#DUn8 zarctYt>TElQD0JH0b~J)&tV}VO7F>V_ygSEB^oDP_13l%5cmx$8=0cpN&zH}5y+bo znMQYKReT9VyS`yQdFkxs*>HwzFA&kR z&Zd4FXlGM*Tz*qsu&nKS@o(h%HamD82N}JEcdUhgv<$ zio-9X%c3VNJFZ8e0TlFDkm^=hy1m%XBoA#s!?fRvi%!Al^@>eDkG^A~bHuS|jgCS5rZ*$LHo_OpO3pW>C5K z(b;4VVX-x*A-_ZI>q=^)D{_o-)FxP={0Pq6RXv?*O+E{ScS(r%n7jm=S@hhp0sr!2-2IEM|)wqFT{I!A-Pi@`rL!<&0n_{kDQ3AivaOzfn%tv=w z@~os;m>_=l(*MeKwLX%5*zEnZkR!T1#0SB>!VhCEBl&Z!*VCh8H?Cq5J^y3}d8zkx zY709;G1suw`+jR&ZGWl<^q%$L*sWP%%=%An#D0A44My@pq9e=M;B`j=9+f*Zl9BQ7nH=I*HQ1^m=w~hkGR|YYCB%y1x_I)5Qkr zzb*#z`v5dQAxfLnsIm5V<6GOtM~{T>8p3QMg<&wabBnf0ZVN$?=cT9em+w}aq>Tc9UFQz1cD$O{vae5^K;Pk)A($b9enu|-{#0lJncN90%&c!Ys#prV_L2nbW;&z>JH z5E2~|&#_{f0>GC_)JGUJBTo5~V)81BtPIfofc)JJF#p?lAcBfcWbf0Tz+imHjZV^k z4ZTJUA`&d7u1^pFN`WH)1jC*h1FpU$SbfzXlgcOC0y3;RRDn!>Qfq&RQ{C6*%uDBp z!o0+y;=>YN_{l;7hOyT-$<$~D0)b#%qU#Sb;y1r#!axR8x*UtV1=EZf&ps-Ld(h_> zVrkvwL-&t)f}wHWiLY0Put-5Djf8E=xfPNt0ZBp$3UYR{5`@kCIm=GIvk&_ zNg$5|n;;1Vx&R|I6uDu{Wonbxz==WKYNB9i&~@!VT$D&8F|>tqLbzQePea%***X#) zfhdXq{h_7vLkj_RA9I<(GQRWaJEEpmK%gv!F)I?R#{i~zlsm=s=&s+q|8HW^e%W6t zC)>(T$!~D-nUfZ+)F~ticjNUB&<4 zu}XYfp&l7F>tL#8%oR4_tr4SfYM)657n$NR;CoaG1NvzvlT@2F(>-yczN10---y(u>1NJ zeFAxOqk;aicOqT^b6+1_{!hrq$PhA%3817uY9TG;MCJ;0EF5Ljv%c9?;vZMO@!#5( z`8kBdKHD734|N-VBw-ZZ6yOp@XlLU>P#tw`ojCX1p+`%S(T}7Nqgc35jPA;j;>ne; zv!3E4sl+3;6(R&+)2AyARj}BA{w)t(Vs&n%lqyChv#+g%`_taKB@5y}hWn|agA7Wk5k_b`9{T~p=gF&ur<_?Ai z65xF)c5I0hndx_2Hu}o`Inzc)KBnpqt*k?*7voWsZf~fELx>78{s|Mk{%yQlQJ|y+ z+-iWAL-W_}l#2(oVc{5w>iVVquUddjM@ZVRZx1=xKW6ip#gT9yyM)LKIzk?ngO=(0o!|6 z$^mF$Zaem$;JVbGBfu##SdAG)@m4!eL!VOoM={1_HeyeEL-?Sn%BD0k=%NFGWt4-Gc{%?dI->Q%D6$#01Y5i@*tOKceIaAwWJC0*!d7}7$S49! zqo+niym_kWaMMZjm`}uko|Hz$ujQI-nj8==tx9D39zL#th@H^@sHpABOfsYHO3#CpB}?x15=RzX2%f#{JC96Ia^u?Ey}eoeb?dc;try0*-5IN zrD*CfHongUZ?Apx^UCK~;xqveg1#~9$M76b7=}QE?-}~&n-u|&$NmTD+7_?@a1VY> zu_81L00(YR39nqBV(f1iesSDVYP>LrXmj%SX^oG-UF|=s6C)*vqThfKW|0%`Y0v?{ zg*zQ(GxP6H$S_S?@iS))1ggi-9N2@j9D)IDVXfdT2j=%(yx{Sd1(c$D&CDzDkH|&8 z$uDJ1)5n*tb(EMI0M+h2C>k8HM2C+62Mg%p*sl2hub+3HLV=Y>-H?AEB@K3aZ>xbs zN$E2&+k65ff|P2{^#7qJ@8i_#@FwnoK&>30=Q0(|p2@~z(re>+`S%4qfSw*MXLA|> z5dc#3_l@4KC`fg6gZZ?hW~>*))NWL9` z@30Rub^zo=$Sg-h4f%V-Jds??fN+mqXm+@JXiS*>T^PnZ;75au zDO%b90eAqU_ZEWx0a-I!5qL94y#D*yM=`(1ZJ4WJc8mu8yZK|_(GgE;Zvf5FlQ1`6 zuL6AMhjFv;_ie7foRjc3A3>;CQUV0!|Am#S(gO>W{FeR4t~BruFExF;_eA`%M2@Hs z23oq892``yziWScB1(K*$HxKS)2;3;d%c+69WmJvuH&7QHIX zrYY4*ebSP`!lS+Hhk6%hg{=KOg09FkEw!XaH;ak)3mdJSzaN#{PTtyBVgPCkR z8bH${X!h!>akVa{n2mlpvCI-?x-rLu; zY=5UH{|Ln{JqJd!^5Kzm@73%M^nuhr;7y=jj+_CyD5G*LvlvlRI-tt`=oF$@s#}jY zD2NutA2fICD=it4m{9~aO_NJJfw6nU+7O-|pfLpkzca6-dkJ=|$iQ~uKBSP<`qGzW|#IH@{hzxO~O z_uXZBvA_rObbs9NT4Z~W3SdMq67c68zlh>rS+06a0kVGlU;s?cQ5smqvf}(t8VJ*m zV*P)XUX-=Y{bY7z2R_c(YI4%X?{c}-$f#7%v>8^R>T)pi+>X5|yW-#x4f{V>d+WHU zgDq~D5<#VFX^;}h1u1FiRzLx1kPwjWF3F`Oq!ADVX^;+yr9lk3m+l3DMd}&6_rCYu z=ed8r|LpDuc7Jnb=FBM=2Z}IwqX>ErD|GIi2;CR^25Lcyes|HZ zf4Y23a^8o#w@DiE_?drNHQy~!l0)ADoz?xYuV^r8P3ltoSBUMp*M01j$?a9j?gha} zWkHi^!yKJOuuDutq)|~#L!mCsI&Ii8ho0K~n`I3XD0;@oD2;=Er-amx+kp*qP)9^u z{bmZZ7C}yRGwQjb%IH&cKi#0Fx{~}Jx#4fiA3oyTJKzD?cfdjlgO>^QIPJgb4ht}t z&78>-4+Tr<0=Lr@a-U~0px)nOkQ7gR5vWJ~z0%r>RjkQS5G^1Hok*H>MSrKSucmWt zljNPur*XHC1IGy)-2ma+KVB3@;G2u~-tVyMP*6##+~y2C{F*9fve>hvTg#zUt1;?E z|4O5!4WFv_kNG6UZ3|UDsV!%i`V@f^1&lsgGB$pZF!b%)cV{a>SN_(z9N2l%=)6?m zbn;|;kOPO9HmdoDWewR?l`f~$@+mK^@0g6$H%slHq&wR3yb>!X&B*-|!=A7z!_u`4 zUoYz4+rRLBnVUyl+UW(PS^=mu%D_TPITmrsM%efFiAPkZZH*5F=w%!f^ zc)?&pX8oPiTK1TZsMtfL4ph{%uVeBzr8)_4Z@FVoW)xgRCQJfZKXc!ij?QYb4*W3vEW&o}af$&7b#72_Yxj1L1m2u?R} z4Xt3+$DtOrE)elXOtCf<&-^66!q9F4GAqwo5d-^g9NY?Lf2+P#=Eo`Bk1a8)(P zhP|^pH9Ys@xznX3USba4B30E-_8w_~58j2Jom(T;%7k54ilufW#G8}7o&ufK;}g#% ze(;p?tLJrwyy@xu<;J%!g%5mJCY^Rf9Tl&d?RV4D&Zc_73Hjt}zk>s!-&D@c7aoYP zV<)c+^2y)(C!K2JDMRPjP*7f$=97_3*wW%s{&)B+kK~!g<-|e`TCg3)Xn7n6FD5mEn4mAZ-pe%9!OfvU9|XeUi#Es?DMd; zhLfinc)}$_ImD2i)F|ZoTiwgv%qJ6GN;!?Qxv3997?D_++@hxyLF9(rn~Q7}Fy*N1 zO3|4$Fd42x^zAV3WI>GkE3}*U@os@_(qazI%6DFTeyMLp;d-Rz0E1ag-!Q7QU?Bc! zKef?QZ_H4&w$Ufyjqfb|}y_kMA?s`}DO6R_tp9aLdtvv$IQ;`z5R6ylyQ(ICD+_o zS()~u?ZM-HF-(XMHD2YkdVs{89+#KVIH#8f*u~Tq@Lwb+jL<7u{O|2(# z{)Qd2da8U1{(Ga$s5e zG)}uVcrX!B=z=So!^nHErQ}Yw?dAAOy63r^CbM2G8Ly8}%Kn((8f06&O zM(8SZMLP-dMP>6R&P-9R7JRG~s@zy(L6(>elx#r_Oh&g%um<7>??2_ACE!JyK^z?% zH)($s+2|8!EtY4nwSMz=K_OY6h`l}8+wAplvw?w?&WKdO<6z#}LZ)9QT?C6vzkX3I$Z|9{o@dbg^MiMq-ZDx0k$9p}pvSc;X{y+gAbls? zJyv=>j1dQySE(Df;`Cw*{V=g}6Jpig$Zma({S}A6(fV+GL{-%|OEXQ{KOj}tz(^93 z5x2Vh{iQSx9`AjT!Kl=L=-${+F<)mH+S+20(4eH#C6j^11b%Riy3J`&5ZnvZ(7m4u z=HYsJ44dN!B0#cGWtfDl}*1~fRE~x1jdy42f7q411W_s$V>jTSw|JoLe>dLe~ zl+ZDZ4Bw-Amc|B7437>Eb`4D(A2RH>YBpZFfQ?fs zx-8U=WU!3jnBp-}VyD&*CjHg-bJOXE@>o~s`g@nAloU}+c+zedPkkKk1>5{V91tie zzTBI1h1R}~_qE3tTt4{BT<~V-iE5E!q$BRqZ<7+cWdbuUy{RppT10PzQz+|qI)~>qIYGy3RTA>IJV-jij z;1to2jq8#1k$T+p((BsNWUGW!`z};Tv~2rUULZB2g>KKMHb)<9xN8JauIi$yr)u%g zW34N7_>kLcjJ%wUXLwjsJlw*u^g^O3yeG{MX!5z^;N{(7FyoZaOkdIL&F6-T0_cx~ z&Rm0?9(UIFtdlj5G>i5uhLI;=^t3Oe#r`(1jRYLl?z(p`Zi5wj+n{%wTghJ;l>N{C!e9E5ZB3D^vlcA;3R&s5jrPp@y7xAL) zU9yTzB7^>5%Ll=7XEm=`L9rFk@&Ri@7#>fK=>1;?78(2N2O{UX9HgUFcx1c0 z-R|Zg-}_tHPqvT=#WvAjdb@W~k4iqUpCguFHUZL2!E z(q&YF)3}b@Tw#uNT4ZoOM4{4gQ*zR$LvDTVy=-}Ij)HG1oh?0LkNWMdbsiUs{ zNO=|2`DiEOCA0Ed=)=tyD@D4C6tADmQJ3ajRoYbknB&5C5WUBWS$(p$+yTR4<{pe! z6WgAHL}MB=n~jE=e}DTDGk*+~O{Hj*%%1c1(H+^Y1Sg!=G&rI`UCdE-*nP(4aT(sFdMI!i>{H<(m1%K0U*+e?$A0K@!vG zTpT^x-E#R;X$d%u&-z}SS7I^I5oV*oo6WQ5g0X4k4bPM5G66t4^z7P_VZnwXFe}CO zoB(pwZuIL`IluA6DXktxn#usAC?o4>&Tf0%1N3I%!&|}&V}ew#Maad(CFw+C*YoTP zavFAjXk?a3!z8nJpBv_$Y&hUYM*D2VxQ(@_6V6}qOADU==Ercr`}|hE>I!8Og9+;m zOIzXJ3RpM|uaay;!!y4)a9&8qm=0GL4eWY-E6o#lkTMG9*t6@5fP0ZsFT9AP)8(VT2YghN_iK z5%b=+ZaG_G4jNccyM&-$U44)I5rotVNJ-6!BVbkUu`>48*}-UXw~1q;Yans6%?UkZ zF=QMaHJ9|g6mf0;fa#xh%8~8A$u-M=_+plSdAw65)1<{}Vx*Xy1TSNbmD=~pr_%{F zepe$hX$BlL7FJUf-<(Sw`{bAL<4#Ui5+>$7oI7{kd1Hwf-kxQC#(`My2I)V53~!;G zx15YN;@opwvE^@WwKNb&8(!=5_dWa-H|dhQ@=JKWQKex`7ndHvX>n~fy9$Er4C^7W#b`4_B5k%~W8a#-Hc#*y zT#}Q*COZ45Z)dA5?P7;~t%w-yJmXy(3$OmJdS}m|IM~VK=MVFL+^%#(;BntseQSe- zz?!1?b+5Z%wJ-#k;ub8WBfz8t=ThkmE~8u~XM+@JWdx?9r9pUM4a#h(4YS zy}oQBy>W>p2+8KH-P;k}RkijMKV@%(SjaPXDnfKx z4!4EwXqWM`WG2USW%t|jNFNE#jtBOr$)_at*UJo=E}v1Jif?}6oObn95SVUP890$$ z8dnJaZe+MuBP8-cyWEDHwaJBKx0U-~cQ%%)37RnIa^TDESRWaENe0GueW{ei;2)HeIbe_)!&xG|dtvXAt1Lmy097>4gN%;;_OsiVa4&Wl(`gON=_-OJyEA}9Ih zk$wz|_J>kjG-r&sqVp2L2hqVAXgg9n*PL`yw-3i0RWrNG2|up0=zeq52G;w`bfKu1 z*4`10gCCPHil8Vk+h;>Y>_TF(^Oxi6*mMjKrWDwDOA*4%6+<2K{m4F%l?a_N%_=~x z>GU?F?n~W57?JB{09G1M{hAz$uX(fIWd;YL1%!r$X1<_UXY~=xz;n;Qdyzqwf^paV zBZL>Z@Pl6e(=DFwUXPpicL+mXxP>75qnLf4DZf)*muJMVexH1a{4UEmlfhMX?+sBT zls3Q0RpUz_lC=u|TlRYgvUS0lUP_BY#R;2+HZQDsgLi=r6Uq1Bo8;|vZp>{n@vLa6 zylJZe;-%(&773pI(k-tXQhT84MJGq?G+l=zmt1dV_nPmMPYA>jGK{+LRu?eyUUmL* z+VGQ3>rVa_xr?<66Uh@~YLf`PiPg1A74NkOWBlq;UBoW(eQHMAG#>8fM5xN=Wh|(yf-SU{?~P8RGIiNk1ZGR!^6Xa(R~-?UonkK`>+fcyYUd|gwWgqOETcM zm&TjvQXnb%7407@2UaK-aB6w(>|~i-)DSFm+!{_-Gz@kPkfiEYCkGq$Xt!KT+OM~+ zmr6K9v)nJ*uU`iVPgCY-)`Hmn17C=f{fmnOejbXZ*(th;%dFIF`I(edGQm+uvf7LX z!qaTky<1*EP6;;P6+;bJn56|iHh#G6;zrB6CyTo~)iKW z(9II-+5U1uHh(OQO7V(KMoL&Ef6OVuo}LxSjb7zn>|zL`ky&r-ZnXY%bCcms`cLiu zO8<$0yR7tnC9VcU)42|Xg@pxk=RCc_#g*1gLpYG%LP*&~=m{>+xV{dxYY{Qk(_Ctm zO?9yjR5BP#{fX0Um}N$|VMV%lxn8dN$-|{oF;Y^mfr*49m1XIo0h}BW3p>V%1ZONA ztSN(pt{>3Cet4La=%+@GObbjT(2pZ{6Q82#-mJouia&DWT` z`cU2bTg~0ildg{_5~M8&Wq-u9dwP(+*cp6c^9AqJh$y;&Hz^PanD2Rd?Ym=)tT5D8 zuATD3$8M!zUsL55dx!CPM?6y#QWX%^FN0(!3sy6Iy+4#*?qg2%4b_mze}bKz@Q%|B z5vfI`XoQbT4>n0RSRP8yd>a;`ZKp@U*JSnTEX9e5HRjLd>b8HB`n(Tl$NqDkXIcgc z#lEFznSV6;X`RcZtB9s!!PK{E{i4eg!t77*<7?{do0oAqx32O7&5wp>Oe>(uhl-DNx zX}%f11=qELKj5-O9&hC+LtgSJcdzhh7v58keNnXR@OGIZze{m$Ku#~H(Vo)NiZ!WU zbYJZLTnNBrr<|nUr$yu8s6?IUU#;yMh}ym2K#5KyI!G^?#|l$&k(CCPW;i^~*S0Zs z!GPuT-KXHaGU1}h0$0G$95rMoSc`qZzVp2d`ZF$>o@e&>{J1OX zy6;#qzIn}CtI`msKJM_GNBaJ3Z+*PA@Qn7osIw_AHM5oPes>aYt6B1onwu*k0Dpa< z21rVapgOO=`Jsn(7};0|QnM+La}e*c^ft}Qi-6thWueICdAe!f2ID^r;Z2WyEgwi| zSs{_eMZ`LE(pINNN^UpUkt50v-KfUtzp%`rye?1-6Es|@uZ<{0sazCZyUd97dEB!If02N)t!Hw6 z+c>RpQq0}!V&4CO5>XzE{Bj&}U_G%Voc%gs$iXsMsFV&({8?1-YGoG});WK7$=SK#aPkzX{6I;vbUGsGae zl@Jzp1vESv4Q>@@9oY2De?#1qhnSC+ho;0^L<^87yy{#hJEDPQGagq8DQ(HbFww){ zx?+rM?GAMKela1~OYgQqL5f3Kgqi;AKEdTa3lNKu>h+;vUKooX+!yKXX2bZ9@58~%td|aYZMl=t3L5hvBVRI) z;2(IfTXErDMz;|25T(&Cn|Qo*+B5WcVLA#iZO^_>{dCjAXg>3B3_*KD^NhAiM>c}Q z_xdM-_ZH>YV(eCR)mji`Z(%vtLTp;BDRD)ouTx5hFQ z!F=>g-WdJO{3(|O7JWtKbt$~kD&|j4+jvlGJGY#PjrdvY|E}Hcv)A!k(`u-N=EqxC zmYB<(7tGP=-!hPFSR0{JSk*(2 zwo|Ay=`BVO=T^!Zf2Npz3y`@51a+Om)n03C97$D@BJ?`h6j45p;knOXk|)vUQ{2?< zVSlK58ja|9M;emqD?UX=+hQ*x>Eld)1=%_Ewg2d8az%oci%N@WaF@k#3TfSQ>x-qyjK%LrpE z>UbC^&N>PEGj?^TxjYC&cRm`y75XVZI4w=g)g|T>>}@34YFlLArbi61B0pQN|4CMa z@>`%!xXQX)_}L^gohDkNBmI~-rZWU$5IW3FlICd>o=)yPEQ zco(T&=_) z#qcgP5sMll&s@3V<8+`;eM#B;_Rsy(>@h_uua!prZ0G%&`edzaGjhvH}q~&0#6>fTAD$`t|!%g<2fcsQ{jdZaj`3jF`l`tsN zRA9;Y{2UpMM+JVc^ zloK_}6r=2#BO$79QKll_7?7k!f`8m}@MB#cX*rjhxR7|pZ9X{4TbdR=D?ygS+q5Lz z4oOv0lB=#L9?`Z4Q02{Y=?e)~ttmP7Ki$sSpgJ_MOrX`AF(_y?&{&E6Db>E(NM6^t z88H(+Goj5M#6#_+Y}st}gq`g9f}dPli6mXgP*mQvCk+eAy1U_}N~_=G7jvN|?+g0K zj}VPtWSvfO%2FC;zJJ+rHp$X0y@ku>Ys$gz_;z%ZlQ7NdxZ{hq>lGb*9y6lVs$5VKJS?sB@oIiKnSF3A%ksY}gKj(i$$;7$GqF1Nt zKJ&APe3)Z4EQl$QM11IWTEG0QN!`;B@iz2hzy~aTNyFIrtdNIEEgsurgBO%8~5nQIKvlaxdFxXSVfrmZ5(Y*;e1cK=+hYW{HvVy5>W4L2`bR z`m_WKA$D|$Wn^CAM44dpJ-eR|4#zD8@|b6W2gIno!^I!!8+6;{#{9C=%upLJ5B#zF zJVSMWQSX~zG<$JbZIUym=Agl!L_4==+)Dl7V(v;tp03Y-_Njhj9kX02850-1vWd=g zpgu^wO~lScxqD@so~)Rn$wVTD)V6)XR~3NFQ$GF}h~xX|oC|6>J*51i{@90i)dnlp%3 z_gKW{lOdeTUm5Jp)=)@P5cGx<8ZKQevbMv8RX&AgFtyQ%po>Q$`|{&FZgvb3a#$op?9x6^V3J0FR{2PxI)f+B1xe%!4Y#!9lw-1{BVZ`*(JMOgKq z34N-V-!YAoHElQXJ=(7q)m^>Dp<5~ijrrg4HQE*4eBY#{+}D{_UZ}Bus4(nSXj3yf zEm_w|(V!#Q^TwQd?VU#?(4BhDN%Yhz_>nXKWv)tBq!5tm7zy#d}%|hKj$XG!fsD%x4O{%xi1A(htjQ+DM9J1I(D*e%7NWe zTh#6L^fON)UOuc^e;Ph#AMTRKnIn>q-OH6Jl=6H8<|M;IkF9~hc+*?ccqu#Z-kZYa z6P=CLgMr( zus#qWhPldwbtfW5%D++Dt*xz?jKge5$;g*iCyWS!J*P{OA8>N!LNqQ5dx$^3s83Vt1^?SiG=)%I`AT9J27-Hxj`@2aO?xug!pD{~p~4Sy(hq zMVW2qQc6m^xw|k;i96~ur9fq$eJI+O{n@gu*uiHnHAA0s=%DsBKw%YL^Vx5M;a`)a z6fsB<1`uXKeehnj+CTq+O$tgUE}9L>5)-C_PJ2fp8wH*>Y?ctP9!>d~?Qxyv0COY~Di0kun^ zo`$g(cMvS-pkyMvuEtD-_}h~}GlRP@W?k2K84(dGg_IfI)63FAD!k84o_7vvJAE05?1q zxmu~n5c$uCUi{ZXvFIF6ehHc(K9)`TL zm)jopkoQpVf!bwW6KWHM)Xsb!8;O;u68P8HaK!)T07z-MPz%~m2M^Djgwllfn0*~e zw;4*;!wjFJtEtk2_1vbNUk3nN896$bE?q=Y~>-T2AwG0TCu zFY1&1*unb%u4O_jf<^p|@*mpHqXbkQQ(kJX`~2}v4wmBL2A0{gc_vy&^BkSsWbLgA zhv~5FwySswxfADz}L)Vfg!w$zY?>(9uj%d0)VrEb&)iC+7eTi!^r zD~{=u@hA$}kY~}$9PbKrODP8fJKhX*M9c08o)}G(6Q%~83>$hDaW13?5_j~y03u1= zLGo636;&0#(#RYyhCx#3*>vYH>)hsf|2sdo7)G`a1;uDZpM}+xoGK>n#`VfTvs+jO zIg$dGZYI$GjtE-T&EQXk7B~r$B3_G~(LBcOj{JxGDKB#Mqmb6lc1$1J;A>Yx~shC$eJuoz1>o5TjMx!6ebySXH( zsGBx#RuHi|XmhF0>nl6Z0hian{dI$d0YK8{3DO=ElsM}_4~vWDRcqZ;Wc?QQ*!X_f z#BG!myFV<=3k*X{pwh8jaL+yMwJFExA=M%FFJH~7V7Q0c$%rl{^<>62WEK|$LWSS& z2}<8RRPmL6{?^;?Fe6|H5;ybx6_`Rn(9<85B_iLjz!-xY;f+{1fkmo}m;}Y@8J>Xo zB}EW%zgNuQHy0x|V=P215sCe_=b102ezISw5a~n*N+kbbGZ938t4E$G&UV)}cC_b0 z^Y+l%&rA9&q4~M;P)~g;kG}r*{Q1fj5j^Rl{2OjjPL~xH@`@PpKr8KQDa~8Ff#oef zrBu#A0a>idMKp;ONr4bQ-AJp$_IwYVXzZ-1^wnK#OB{bZr&s-Xn7I8ErtrkaSp>a5 zv*nGs(764k!e}L1V)Zg?0xCMluRZ?)px*WyL!i3`8GwWo-TNM#G_%;43 zyeXx;0ZFN0lw|v7@z`_Gy?M#KDFLabFk3zts}zVuEb~v>5@Tk-vDiPgd?@+*P_khm zpqylMj}l8I%9f?yojF$$Lnu2fIzxR#A#Cn3D;(3U_n4yWO9cK;uwzI~ztV5?YdqV^ z+N)2A?1?P)H7|>H-kBLtJAAp1PW%lhih(G{7iM%WAYI*4vkX~66S(L72S-%Q@kZcJ zH&%F=9bSilUw4)nf!vpvcuR4D|9UrU7bvo;;$jntv*V8vu~!z8@NUoC&r$eY;x>w0 zyICc%DE<9ioT(8rK}0P{>O*!=|AX4ylN4b}RD}-eM~8xEGhxBkmHHSUyEF0DLmA(fUXhlIq=@uqRgA!m$OHAGlCGk} zwPpqiLPVO;lLh?pEYT4LbG-XMJG}9?!z^$)3BT(z?#~NCAL^*TfFk4H7=tv*2%*{0 zoZ)0Iwmn6XrOKRW!^FrFFWw~Hb0S*K5^rUcG32!h8z9V)wDsg5NM`~_aD-P7=*gXCI4A|A?Zc5!>u!~D`8i~-G5 zEY@$uMJj9SM;yTg^l$R;mBSclCN7(Hlo=gZQ3?#f(pyKi0|~F|WBt;_7g=DxBi+lk&qi+3 z_kIogShe=gh4Itdn{)aZ%r;Nh3!z4Y&@?vaMiCfq&7Xibz;`WlQ{xHprI6+}8rXnt!*69HBP+22AhKmpMkt={JIz z{@?kY3$n0r@Uv#RvB2l-cXl5w#nMheDXB$4oo+?^ph&Y>o2pK+rg|BMyR6w$yp-K~b`Yb+Rv2Db+m)GH=LPgrottc`E0bj2lMX6dMb8t({p@zyY^O#AMJUcA!? zYRUyyNECetD19!Rh^F$X@||*K08bjU{MLcCnQ!-IcN|zr46mq(zX=2dLI~bz;@Wk5 zO4WQg*Ln%OMsx|&9@1N;+Mv$2igka++?C|u&za6HoN||7x7j>`IGAzKisda0Y4)P;J)sJzzAdo551Io*e!DQ zLNmcq9)Mk*SWU14Cn{E0H1RYMR7MuXcujt60a@{!ilTOx_A*rvi2~# zeTBWpbAXF53b|4A&P>ePT`UQh^j>fiS?}4x^j{bhhobri<5c>@SXE$y zi^25e7X%`=y#vqPE%HX+$1fe-2aXBKYQl$3rYGTRF@?4xSVN2;Pgu@36Pu@xv|vw$ zXgp~CakKCYRWU<^m*d&HVnkQp_r{c-WD=0ncH4{mx|Fk6-$chIyc?gpcIOZg`~TqKw1 z>06kPD8CFY5+DKWaB(O4yT9Tfr%&iyr^9_cKe1zG=nq3;XHo`DQ}0m&|1T>oWj}w& zANZrl%TaxmkaHZD5^?Bgo_IS8C9wiLAJj=q?iAQ0H%YnIBqn@(@LPLCX0zLGdsoBW zwBmVEcA%|#PIErNf8>Vq3PX4dYl4Ma*ZD%zK=~6^foID;WzwxgfPxLSr}H5b%27AY zp_5qgBgA2U=f#tYzp!2QN1{O6UGec@Uh^6?e|F@DT1=p2Vg5l+mbR5hG{Qs_aB}q2lG(JP82zM(pmS;Vg%54=DkX|~WH6M;i7tGP!fOH2EMld> zOsIl!mH{^9T@ztO0}zsI<82^acSDrvBU|4c|1re# z(`e`YJ|Fqk&*X4vjIUU5LDN(p*`!%fW#YGX-z2;jgkMXhd$MUU+xp+w_PTQM|CBQl zS=M}F-u02I*wzl8Qp-Xwl6aYo+YlnSCMy7xhCX#!LJ2qA7F5!VHqamA`!RZz<(K9%u1T3 zsm9+x)RzuZa($tuaD^)ES15o)h6#Uqea zx6=Y?=#!Tc&+-czuCF<~MnZtN##r!bFL_BS4oWF>CAvv5c0#B7d;t&O$8{1AH9H_@ zZy1x0h&zTiAy5eUekuwOW4Pu?#+hlu;^xHY&eNta0bH`ffi3X=QQ20T4S^f$&+_#A zx>l3ole3d2^Wym{s}A0O%G<X;(M=ue|^+`bEUc4(;vyukPLdDi@Ih9OcUDtMC|p zO1wlaI3|HmQv3Pa2C+R=-@a$pirB11z&x7V!2s-j09W7Gy~Afp5-F4`0i8-XGEvA- zlQlVF;L63mc6c?i<1%Z(G+K1-U7VsWmp9n%_I3;JQ#Qhsqyn(y_o)>2DKXzK1-06I zmyR0Dyx|FKFXsyWZ6E;6Qn7G=Z>jy z87SH~`xXKrIL;;c&2JgC?S%^!Bt9U4kSzqMC1dDb^h-u2EIYFUxYMT%KwWlJjm;30 zMIWZoW_6Ev9lT5X%Wwgn}v*8KVgojxlI+F;3Agbx9A(O@_DhU;Us;b zsQ^(&WJ(p^elM%y6q#-&cG!rZ{BskCT#G2D;v6%;i(0I->tjd}o7LnZ>ImXAT|SHD z2REbR$$qm;u1+-nZS1Yd5Th*@*hXGQhQEx5Yn^@frsHCdTfJuNS-LaQXPy{oOsh=2 zLr{#~rH;#{+E9YsZaB!3*Wd`PikDi!`slqF*;3Ru3P4{b<>)s_;FK;$pEb!AQ$R<2 z;I4X3G**uZ6)70$(o}BfwzBpKpz%sov_RQ(Fp{IzCtdY65P?O4{5>-hzwg5i#gjuSjWjrmFAw^l+^)V zYJA;t5mr`~p)t}GcrXU|@j$Fo0vhf{93XhE)jHy z)xRZ`5{6!Nn2(yx>|tu1Fu8T}h_64Q5ej%QX-ioaG}bM=9Yg)*Ep%R+HMf^40f4QR z+O53(H8j z>wN~=hAjCd0(KRiJ%2`Z;w^6j05hFu2kxJ}BldS&*Rfai36p#;h!yXG+tWhFW(1Fi zLpx+fSN0n411<6&087M{E?gl*h7R2RJioJFVqg$%8hnom{mdchnvRe16xRPi z@h__01@Y0p09t4%lx`!pw1}XL)=)XIbbmL?`ptguk5x@I`?jr+G(#=2ztY@>N+8h{ zu4Yz`^Q<5cXG|laWq--P?xF(N&1sM;b>5L`!{i+dQIEKt?MVQb;`z|206yR@*g_sx zP)12r_n=mMMP;0oHTetWe_u>}U8 z&6m-cObXLbvf~zrqf?u_GzoL4BUszCO#6&Djp<|^D?|~C(Er2DQvX};JE{OrM8WI$ z*PlXKjA-c4#&>H>b;5)4_*{t<%`pV|E2}%hOUWA;Sc-=%`|sTup#xjOqmZ88Ef)Gg zjv|}$ux0NRMn5@1IriLli{!0Q9L3r>`o6xAIw=5Y(zt09=}WEiw_UO+S&tHw$gpY0 zpLKowt5N0uF+dOCMe^@dp%T!e-tFTjZ6_X>9(Gmcq3@SXCj_YD1C4M=g?&-`NnuNs z`pGmJE4}9I@Z+Y3kcle7TtH2FiwUJ*C9=RnYI;_)$8J{)V*aRC>mXDq>UNHuqQGTN z4_t3H(&dofr&QRdW(m_CrYgFT;E$+0v^<$~2H2obz_gbeL+LI8SHI4yli1HKvb`RTapM3;(sh#(e+AWxzsZMI*=ToZ@u4g&k+chbmnLuy3e176!8m zY7T6+2&W^W3@30o85r&ai}wB-U#t43kj%hyYWp-f zm_Ez&xf=uiZro1ZJN*swQA4 z5&ae4tz_*;o!=k?zCY-nqy%jA``=z~<|3UEmW>Eznd~Rq?GgWMc$=C#t(3EJ5+mnP z0pQi&VZRMn4~avV$o!ZbT^oN2v&}O8ul6w`oZ@cV$LS|)Hu{P7cuvX9QPW88&h7O4U7nMim1W$OiGrnOn1M;-Wj5)qo=dNe2+r_d`;{ zGjYufKE$qDD*wMT4byyxpmvD0Z(^rJBtBibiN*olGs5e`6x2=P=szct4z+)45e$ht z6*pg2*lNH3ciQU|{!u)9j(0Sqdtgc5PV!ivsBfYLKmO|Jx_}JPwX`YT06cvxlr8t=rSECP3)f@g9}SM6Xe1yC>^28o1_v z{|%(%UDV7fe4aZBsi;>ij=K@lAq(Xefd9hIw7gc6>}i;{j7CC&!0(AH*~QI%MngQB z=Stq)0U5f_qOp8+HzQw4MqX<18U8oAl}j$v)>W4Kukh9cj`|t#0N%w-F9;aE2q27S zXvbtGRwu9l>%?O>9=~-63&9ZdlM$rPU`XK#%bfmK)#wK?MplQXX$BH>a*hw+=6nJ> zp#UHN)2;(v8rBDz@Hk2(UQ zii!5Yx|tZFA`;1$3(?2t3bn3Xf?(M`1||fMK0gZkLGFtM__LywTIZ)qH;Yyl)#3_h zX(w(R;Hh>0K|da+r~d@;4tWRg6%VTLa3QHT34;bF9Udk&bOhk>h2}G%W`5wy6Q>si zTCPB{M>8}WAT9Ebq=^ndFaLl1Sgjgol9QFxN`LA2&$sb?x)~^g9uk6Vx^Wfq2KBJ_ zSTKOkW{dfI8;-#Tg9`p6f2U`#qJ>PCZe~J{++|X)V{a|^mE0=3wC5^L zoM-)EDQ}uWS>{LA&^isLjLzl%%xciUOF{oKJ^T+hg+EGFkHuNi*`qA6)mu^(tU>nV8OqlNci74?R5 zg@@hj=>!+7-o4rMK<$Ue?@!E23{;hAnA}_dZ|IJOo+V1%ztQV2 zkn2l;>RlV$?3B0+d2j0kpgLu_p#X5##xTGGd|%(P4z7??Bsf zhk_(Oe+urg>ull@_jIbbRts!o!9T|Chlhl0kzk0`g0%&l{};{4D6sa)!P+;MPVkHG z5C)ws$8H72WMWX27oS*>_8;>d;Bsm__I+ODi;0H87ee~xl}uS~lfQj^0H@FqKB%iv zffjWKEwp?ObK5_CU`pK&)q|;o)$pi(Y3zBWxhfs&t|)mwsi?&DLm@%N6xKumet|KU znE~HsSF+w1-*^Y4(07mw?B@Fg9<+1PX%Ahx{Ag-$ZPG>be>i*Vs4BO&T^JDsL>dGH zN$CdZ7NikrkaSVf-K{i>ZYdFwZYk+nNF$vRi;!l~%{SS5zwf($XPk4!8Q&QGv4+62 zX590hcU;%?K!n*lpnGDYAGA)f^Cws46rQXuUJ_{;%`Q>t9j*tLL-eNP%r1N;6}w9( zaJ?;T@ZVls<=R$SnQu|9RlOy*@AAAO(oyfr zaC-zNMv@@jmhu6p>0#J{k+-{lSzToA@SKG^*cB(nY?NxmjSBKE#GirN_65V;Fm2U5QcL%M9#-YktKbjT5MgW z>shfsUF11SgKBnQS4>e z$0bu$x;HhIEe}NzZm{NJbooJ)AgE5tNO7>-?0dB{PfpmK$b6u2Qf)1zGrQE;_L{!A zaW}?OX~u8$er}2`L<|0hVt&fkU3;Lc|7hX&j^?WVN(|Jc!0xxucGt(WABmyK z$2AvqdI=`F<1*nq%Nmn7VGF}Ms>j0%g%o24MZ~qd1aP$+ z&}W#fGzQJ*8gPO}T{i{x`N6@8#@BWwy@LXU#v)L_Wyb-2sHO$QevGx0v@lQl9eGe} zM=ITIO)l)J2^_SSv$Bw@=Gq?#S0XN&HE|<`m)-BIZHXWC#xx)HS{4@%cGB;bb^qqQ z4UXnZ*9#@pBrF&Z+MAmS+og)egI7g7BX&@zp);zIr7K5|oM)p=fAvJc^^{#qJuKd` zQeBL^3|og<<8tooLJX_m(^{Os)!e#SHh-UB(kg4}h)c$6Jr_R_TYa@4I5YR~-cjLW z%cAKlITn|JGOy1PUDVxvnTFwgQGIG8({a}ZF%}Y&pHXiwRnt80i+`<=y?vafgMJ1h zClYlqY+~X&SRhJRUVi0KXg8hmg1zI5$w8Tct=h67@6grmtJSmCIctqH{gq}kyB-#z z`pZM2nU`#Yv18m3+wLnDBmibuS?g!-AYeu?jmYB@(wHU?_=X3s$Kn=sczLhc*(@w> zPV2XBo+UJdIhWebdd}Chx=`iDwc~T#)gHyum->0k?@M2KW(f$9E(n)BJ|{7wEe`4~ z?<-2VKFD>YEfK4Gj=jKNt6oClF~4S}4l1Ij0IJ|^!&Tn>C@dC4_s0 z`;s@o%6gDg7ZjncBSD4=3Ll_dS@geeSKf7OmGwDqW@h)`Jw$vDm98F`rw2MIi*d%b zV1dZvJ*ga&V%MeU$M`fB_Z&Gz^ZD7kMo-GRnllkCE#_E{E|KFYZYJ0(Z38#eY`lcp zrip-36;8HX?TNh&HJxedgchfF0&9sg4nt}B@>d2w7>Eo-i%irSw?&1-UG0<_=SIwiX7aQ>L+3UFj?}%_+%Wnz~ zPp~s>V8*(hi7d@q_~Yeo70=oi0GH#SAWN>{!j_(`p-MAS_r_7OuAwbVOkhdE5+92S`;FJ4P_$ZsnXz{el(S_{1R`kNo;o?)g{(3Rqa$I3N% z*BgaM2M;x)fdg;viv;R%<@Fd;pAPb4>9$!+Np~YPqKn|B@LwQ~lJqFW1m3G%*F|zO zGTu+9iMYd-!uL|X0dI@qZCtcnmSMO)E6pbU!)NzxkJkblB`8xD7n<@Fn*#O?m3f&5 z`7-rFF^JX*m9d5Eo3OJ4s?qWWdSOltm-~N`3>4YFF9D>xv2-@(Y4dpQ+Doo}+8o2m z@m2GKwV=NH)j9>mwI<{;`0$MRrnB)3Y-#nAS7D$$P9C!+^T-)@)3+j%N>#tdrNu<6 zeSYmW^`~o*cPF)+OmSCTg0#oQdGgqMlg7RzHfbF>1a3|avGPdZVde7}Byh2#`}Zq+ zB?OM@`zKp{>?DZZpDY-`Nl{_1ui>n3=u1}hxF;KzM`BgJ^ZM>MPDrz05_4ag9` zJwY(1E>?x_6drZ?T_2YBHe-?Dh9MxRw(j}&_INOh6c^HzncE|a!pn0^i5Jeg-(8&s zt@3->*7UL%wB#Au?CQiBs~p$lPMo3MYHtk*lM}+VerrYRvvx2=2*2sR$W}h@I=d~l z(?B+;{GMwPZsK3IFdJ%+~}ELOfF>z3`O?5}$YUZ@FUWjoFgyEOcakGqUp zrV5(p6k;lo79PCE!5`2pVmJJnN~IGS&yPAH3-x5d)#MtcALf_HW5ZRz;_bmL(TSM1 zbN*7jP$CEItNY5*J7PgnXD?BTcTMQQtC1*NiX`1R)1WL1%M+fVn3>7Ocyaw1&-dB zU%iK1bw#G_w_DkDFR@3Qu)TsR_p4LH?@}*lJh^;d^TSx!Nq#|Kj6-@s1X1q z&Bwro#t7ii!pC^LHuF3dxaan5Bt-z7fY6G7c;hkjBs9N&7gb1feW@i>j##8@_Hz(e zOPE5WY0V&}k`M!YGyvv7w<75_9u;+2E3R7Ex2^O0>&TV%gi zI1LX@H0Nrh2vxw`JG2$~9Jtv@LkTPM`Fw8{3zHGS^zxVg7rZ33@(Qb`|MZ4krNT*bv3evxIM3Hi6|QKUWXa?wBF22 z)5g4{Q04X-UX|3%BK7ml!(iXt5rbIBQyi>)Oi+nc?8{T7z7_G6{s?V5C>jHPTaY7GaePpMqg^6lV6z|GH>8*u|uVyDOKro zA9AJUXF-hrJuaK|;H+n-Ng`L>j8I^|t>J1!2P-xQL;~tIOy^xPAodz37-xy&c^ zf;duTHr461N(&Ps$=4e)mCd&mC0gjyG@W(mXPW}Kbtj!KHSku$Y?>q{T|FD!9c8j+ z-gEPHeBs3*tQXFkx@}@wC?xhdV84lDz{lPxfrv3>$5|XzvIlv={t`8z_RK!Vf&`C4g1Vlb*#?b60=g^%#;sLWjaC#aBPjAqu*2T( z7N=@+_(gd}LWJival6xA--XJ+ZA?gkEK?c9)Ijo|HdQdlMDdV+g(KFIc(-Soi0(^D zp0$$XQPK+u#r4sZ*c3(}u3ePswwAi{Runi(eK!8FkIM6Jp)v*2EYm+)ZtQdM8n*6Jo6)Ln-&$@W02_fE-FjIX?udElw~K82;VvXkQx zhx^j=lq>6o7vh|3Vr&$9e3(mK%C%6rJq4omrGX#!s#Wqr7mNwv>jQnTA@(x$>1C_k z0=46cRel@IBqrACg z$&dGxA|(r7*B;U4sy!U1`%I_4Hfw*XF>a|yeMH~uUSE@-Qomlfk^i%H8Bx+SwXj5% zMmYWFfIIIA^Y5%{-T0Z-BT)a)Ku`WBDORkX=>QSWm7|2t!%~p~annk%mf5TUwibfE zZ>Gy`6lvdJ3@#J7#XWmsyhIhwcx$3 zS3$w8Nxcv~`8-+l#2i5InMr2sI(x2pkJEROG~;ZmLB#mOMY@N;*@;JP;TX(M*i+U9 z=R6Gm5ugdalCKF{Oz<4;R_;?Lb-i(MI>m+P@g8}XImpVbX>eDnuhouaCkake)-Ug9 zsTbWW*pR8Fu2!agO|ZvhyqwSbq)`w9%%GBSZH6@WVIAfkFXlVtt@4?Er*|H~Ol1eZ z#KsvpuYSP~6C3Te9o}8<`d%I6^3s;C>UrcCId$NixbUlF8f#3CtG->GX&HkDZYn0? zvbucF-K+79_PmBpPZvs`nYu;Yst_KvLw4V@I>at$%`f;^Opb*VxVlr6B(?o`pGn0!?VdaI)yv!G?WbZ!dP=1HB^8QAq>cs=1bX1tt-8Lc(8r zfBt-mgU)VOBizu}a{eur3$~ikZ_|Knv|DUR*782{q~*24`wd4gY3>pFpGR`-`cj_u zbeDDZSq#%M(t7q@aShWJ{8BvQ8rqfa0hV-WE*Fgk?v3Pi`T#7+1;COp_gb+z{&PX} zugoBfaL(|E61oEc!(Sy`OaIdqR|c*1DDkfl?@=#Z%IRf%>~MsA0{qfbOPRvJXG;WN zC1!Dn-U{12aov7)Y6Hw+{R0R)iYW9|qavQHE=Q9JAx=*{#~wl*W#zy+y^Xrd>|r18 z7b*sirQK{!)AGCdVzJQ0*t&W%mNLT>UvYPu6C9PCOK-7pQ<0Px`%2OcP^-C&0j$kZrA5M?OAGCamedj z1(Vdxmf@#k1(l?6sXn`nWLF20iJ)wQWBArh)|62}`V^bJK-{86L+(9po9ee!dO%_w zU|wbD|Gt>LW%(x6N^MeL%k6UfZ17WjNd{xnH`pzWWFaai+YPQ-DODhMFJiQ&j_H#c2g;P7HM#@)?5YFhOuz=?G3fm%gSb{aKq|KB<#k~ zlI77+T!20vvc2Sf7!s_J!W@+r&CDjGtV~6r#zJ1^_M%86CUKV?13!IrxAW(Fx=Z`T z>R*Z{OR>0*u_E)KZnZL-HIXfh&WZt%nR;qGmI%QCxERX!a0d@*ANYV$p>yvF=u-(C>P(J7`FQO*PDD_b9HW!x zFr^NEMGQ$RFCb0WxqGpQ12D1ED^Ag{#Ib~=gJ*FYET-JZ$m*XS7~qGo*2Hf#5a;^*ib-MTpu@-Z`)NbBrSZC8e+=eR za{>X%Tc2`csj%T6Y{_{2jw}pL3=&Ow10)1#jdY~i;jIe`qFLM*Cgz2 z4b?hkHPw;2lBaXkiPA_!VeG5;Trpe1+nK3?sZTFXanSWG_BIfD`e1f(hB$w&H$j#<(Ayvv-Smi&h^#RRQj0`~=a|GK&qk4>?|JD}Ny+BMEM{yd-)7mXf9KZ&obXVR$p0_C-CJwbAo zA8e`sAUWS0Wl8=Q6_F!MoPm?g^ySULpQ?NtVY0Ee@`bV%iOvELRv4fJ-pQs@dSk2& zwaw{pfAj^Qgcd@&EVEcVHA&mD?B8c26mrs1oP#{#{|7=~AU=G{&=*rxIw-^!T^4qU zuCQi&zI>h{R3*sp2Ec9CLHzj-2>T;3U)sR?z3sLv3ZI8N8S@h6bIz-)GFKAH8u=AZ z;Fs8A?^DkE^pR# zftK(kPPvV2CtjkWne9@6EC2)uAWi!D(_V_uK6pM@XEZ!Ee#8GN1KV59yy7aQ@Cq|t z1P|Fz_4T8jEhCFF2X%+T=Xm^2@47G8|8!seFk@8>1kMGeG6)OsIU5;JT)1Lp8|U~f zaF9Rehy_?JHk;dOgwoORgFOtH@E+QjwD_Q_IkNr?mB`iZ0Z9)zm7o5A?vX|RFRbxP zQ)mPWuAJ)Z6!daZ^ue@0m;H*F`4WtoUGmjN>`T7!Mc7*?-!t1bFWs7Vp2sg(K8a!T zrtv%nfDNDGui<*kqRqk-cO|blvfGD!l^X}2MVRS27i1x6697LMo* z?QRM|utT&BB7A5=S}Q^kKZ2#L7b-|SJnH%3V;Z>FpmhQ<5pF{Q7domwBF!Qz#LI;5qiTqiKeu5i16{BBqd=Pg>Q^mVL@t!w@8jomC@l) zh#m#=W{1Kdh$6czC0G2O5x+?zCo+9&4_Xk_7JGNMV&{oL^^#+8RBj^4*~z)7{gh(e z>a=F#r1Q$)LB)?JmvUGE@4Lsa*mJ!mikD&)Q^OApj-6-2Lr-h%P0la4Wmx>LX-wQQ| zXe@c@&dA{rk1zxJ%&Luil?1qUG__fL1=wCw@0*57NZ~y1az`nr>Ciu%`8EWCoS}X9>44*UjRt7&{ z`h#Ywa)x@S)B38>&ZUS?Lv83|M_CB6*Qx!x6Eu zxYo1vsDM)~K?Hgqu(T4@EYK_49I8-}mgTffNR_uvzsD)M#l8Ce?POTf?Ox0p(n_ZC ze9p7J$ftHEFAgV+J7hcSIu|B>1=R92p)&Rn^8>U9f7MOOow1Yt%ht(d=6H*9ztf^eP3 z`4KG4&|3*g%E-k!nb<{Lfqpw%-8s5m6*(TnY|+?x{Xg5=4<0AB?IO zQGT=3go3s59vORECFtD7TXH#+kA|H-4dGloTCRj2y!m9@7Sorf_HYYkNNN$Eh1oj3qj|l;_EV}2eVW+P@r&0X z(%kipmm+x&4Nd`Zvh3x>!*Z8yHfNX1(?_8C{QD}Xfvd}%|D{?BppE^_Qs)Ts*W_f& z6FJ##*H14S9Iat8h12CDic^adiql)@lwFa5mK&a%4fTZ<4&DsR}1P3Mm z#YPW-p935nmb}?+Qy;akA1~h2Hk8*6gkd~cS+2?>%;xAr4(SSHY0yD;#+?AAJkl+< zQyQ^Rs9mO3@Ti$-&mo3qNYmMT(az=!b0HU^KqE+7b;-ZWT9xM~_G$h8@EW;rb(2=u zahASjKox-C_icUJcWr7xi5Qb@*;t`&bTvY9Yx)(IB+6&o^5qf8xgni9uYw1lifJT~ z`me7pb3)3?e7wc(DSe(|fFQr^0?JUVg$7?o34cUgZ>RF$8qQks(umRHA8?Ml`?0tz zFDOq3;!AqH+w|gIPVqoS52P{T(pl;g#A@EowbVxyb!A=ea#WkPci4Bq!$FSUdln+C z_vhJBU!OLGX2b(-^VcDu9y3HwN`490os^{H4H>p3-rPSTKN&wW|8dGk2NTl`Sj%g$ zUpz^2crMz?y&YuUdfzJZ!Kj$ZhYhVn22R@^4oTi!XKasO=h75UZ)c*G%!tgq3kh=9 zpM1Vyw|Vbgu5_&7X)9{xS3~v@^EFvx)q^+-wrhf{Bn+o-;N4Jo+pI%waG;-JqB+fZ zIJ&wyH`DNT7~x5wXl8UVo?CePty@sV&yaNPJ^{SPpygMnLzvDkMXl|^gR-Frc(m^0 zhWVuJ?Ds!J6$<`paH-%I5%V0RD$?nY1q=}@-jK)lp*(k06eQgVga{|S0N}>20s+7& ze7-pRVP0;$*G6ec4SN-nHv@3BmfVFt!u0Cq%Ms>JjNdjZnL=C2%{McCm+5Nc_ZE!- zrl03LrSzPrULyw)cldVQ@wn@iu@(DZYSzc0^tXYV$Z2@Sg(jwR0PK~wt(Bvyw>r7NK<7O8;3Q2UaFyVZl z4mIO_VyAT1tH(TfM~b=$5ZA!^LJa>R99BF{=H-rt{#Z1 zOkd|nvn(t6uB2GJVQSbZMR7-|$R+j8ryT%40BolbsQ(zI=y@k00bDTiwBjk;Fu&EP z3BPIf`t<$g{=NCM3x~5TeWog}3m)1O4 zTE8zK*jQIL9C|+FW1+*%6^b^?I=AAaOj<;c3!dCR3*3Pxlb-K-zJFdh(&O*7=4YVx zHl{H1`9ZcyM6kFx&-&i|GbYLCcFOhiBZ7>$kN5rFON{=&dZwn7HT;DTE=?=-H)#1^ zL<1=%7;11ZV!c{9r?fyIe~(!+D}+#CEu<+k_9<{$7Bvvkt=bCE*g-q z1MT3$_4P%*vhVO;tWCs-v;7UVM*!CJve7^&pLc@*oecm=TzxORi!RO`2uaQ+JaX^w zRt?J400(g|u#l7OK(F@)zqQ%be(DozOJXU5;0IzqzLJ^u4{EMAm*-*MI(e8%L9UX_ zb@x}IL>~(_F_r$3=d5_p^E-+X=QY&L)de0|%NI{}C+!0My{EQEJXmim6ZnQr>?@P+>z<41x8hO8#CmO&-=R(N0TALSmij;9Q4Rt=~WU&Gvq$P3^)w&n|fZtuKh$)S0Yt3`Ivc8t)aARr& z130+=rNxy7Z-NQ#3q1ljbzW+g$$V+129esQ zl@=fHF-*Z`&rr{xpc2+{-1)Atk^MXI?Vn2TId4nc%^&G!;|ex~FCxem8uA|(fr2YG zsbIOSLK)ubTW%QbZ&C`&POnJG?(bP@D<&S&Aok6r0FpZ8KI`P|fc^rIkdy&Ac=-&> zUFdzuT*i9cTP7^VR|`zT=dNO(vbLW_XlC*NF72QAi=`YA_&5ct^tGf-ep6q|#>sbV zqIbWw@|O1T^`|cTB+ChP-W(Qisr%H)nucKW3268@Ry4Fwh*oHO=t`p;;bsq_wo z?(j+Ftw+gbPM3T+;E9FW$rNZ*_vM!}XJ_i{h!61OzIV@m22`Zlx&MrFjvt{%{-xGY zlmVnt?qE|1Q^6=u1%@`q~urZ!Qisufh=UJk#Z*b>02;eBu_9SVO2A)(;Ij z4{_+;p8fI!=(p7l+w=*0r zO1oVcG`E3Kk>kh3)unIeMfr4bex{~?r_BU$G|z(e zah}WJfIsmm#-8igybu#iOgq%$mJ>51Yf}?4hf2Z3&fK2PuJPG!9Y?Q;JRv=`DA09h zzJx(Lc83U_ngh8?l!IKk02ww+KJ(w&!J9m^f2M|uEMv`wdRqf#(|#R5{YIt9djN0h zPH{*>7BH(hKwC@xuB}CjQ$n1KYd2kujeSj{?Ho$bg6QpwNy{+RW5|gGh(X^+IppF= z1JJT8-4EET1Kl&HUiN#s`ut;X)t6V5v>w_z8DUx{*o*TpD(~ZMyz~}IqT5SIQ6W75 z2a7qq#Vys*$+z^0s58)8V$a2U4OQ?+ylwpaxE{-II$;+m zGhbJa2ZNvB?70V^gX6vT#qkau>Sp~1)PeRShGI~~>gvd-H?n5uDb$UD5pCu=^wV1c z$t|kr$%uhHTM4VnSQk+(LuZ4|3X>_D6rK`dfmAG7oco3&DlDt-7S)0e*@KY@+Eg9S;dmxb8h^-#Xh7uRESjZ z>DG8B1e~iY?a4POhk!?c^bMpcVK%a@btqAJJ_F>qjGEvn*7&-tu<$yQXMt;P(*R?z9N*pVg4-xy8xuBPag4*1V<^ zHdx&Dn9gS`hfhoj?oTCURt)fgj?2brUJ)~JbmnfyOLluMMVOqom+f5XTr>(cN%h9y z&0Dbu8n$Wgst2HzR1nE)N;BO2j@>|r1F3d0PpW>5!_Qlny{qnZlIC-WFwVj6Yt#z! zg@DhvK$61bC5iON9T~{y5pgR6CFZ+)43&R zYiOQl%LpwVBByG&YGmncMk-u874Wd7u8Y=2#~0v(Di5GN8-(8>ngM|_yOa01ksfk4 z6U=mFsOjQ~!Au<^T6;JxhJDwjQzVAj5lsdDs=HBE(2up(-%lTR+E@eRq@zgI_RivQ z>yD$bT{61c_RpwUmuUx%dp$EZKP$bxy*)&k4z2gyeab&60f;mL;2PZBo%o*q&`(i= zbSu#lEp68e?6;#

GatewayConfig -controllerName -
- -string - - - -(Optional) -

ControllerName is used to determine whether Contour should reconcile a -GatewayClass. The string takes the form of “projectcontour.io//contour”. -If unset, the gatewayclass controller will not be started. -Exactly one of ControllerName or GatewayRef must be set.

-

Deprecated: users should use GatewayRef, or the Gateway provisioner, -in place of this field. This field will be removed in a future release.

- - - - gatewayRef
@@ -7683,12 +7665,8 @@

GatewayConfig -(Optional) -

GatewayRef defines a specific Gateway that this Contour -instance corresponds to. If set, Contour will reconcile -only this gateway, and will not reconcile any gateway -classes. -Exactly one of ControllerName or GatewayRef must be set.

+

GatewayRef defines the specific Gateway that this Contour +instance corresponds to.

diff --git a/site/content/docs/main/config/gateway-api.md b/site/content/docs/main/config/gateway-api.md index af67fea4339..2fc129985cb 100644 --- a/site/content/docs/main/config/gateway-api.md +++ b/site/content/docs/main/config/gateway-api.md @@ -24,9 +24,7 @@ There are two ways to deploy Contour with Gateway API support: **static** provis In **static** provisioning, the platform operator defines a `Gateway` resource, and then manually deploys a Contour instance corresponding to that `Gateway` resource. It is up to the platform operator to ensure that all configuration matches between the `Gateway` and the Contour/Envoy resources. -With static provisioning, Contour can be configured with either a [controller name][8], or a specific gateway (see the [API documentation][7].) -If configured with a controller name, Contour will process the oldest `GatewayClass`, its oldest `Gateway`, and that `Gateway's` routes, for the given controller name. -If configured with a specific gateway, Contour will process that `Gateway` and its routes. +Contour will then process that `Gateway` and its routes. **Note:** configuring Contour with a controller name is deprecated and will be removed in a future release. Use a specific gateway reference or dynamic provisioning instead. diff --git a/site/content/docs/main/configuration.md b/site/content/docs/main/configuration.md index f145d67f09c..acc5810f278 100644 --- a/site/content/docs/main/configuration.md +++ b/site/content/docs/main/configuration.md @@ -214,8 +214,7 @@ The gateway configuration block is used to configure which gateway-api Gateway C | Field Name | Type | Default | Description | | -------------- | -------------- | ------- | ------------------------------------------------------------------------------ | -| controllerName | string | | **DEPRECATED**: Use `gatewayRef` or the Gateway provisioner instead. This field will be removed in a future release. Gateway Class controller name (i.e. projectcontour.io/gateway-controller). If set, Contour will reconcile the oldest GatewayClass, and its oldest Gateway, with this controller string. Only one of `controllerName` or `gatewayRef` must be set. | -| gatewayRef | NamespacedName | | [Gateway namespace and name](#gateway-ref). If set, Contour will reconcile this specific Gateway. Only one of `controllerName` or `gatewayRef` must be set. | +| gatewayRef | NamespacedName | | [Gateway namespace and name](#gateway-ref). | ### Gateway Ref @@ -321,7 +320,8 @@ data: # # specify the gateway-api Gateway Contour should configure # gateway: - # controllerName: projectcontour.io/gateway-controller + # namespace: projectcontour + # name: contour # # should contour expect to be running inside a k8s cluster # incluster: true diff --git a/site/content/docs/main/guides/gateway-api.md b/site/content/docs/main/guides/gateway-api.md index 0759696d3f6..4bcc3140c03 100644 --- a/site/content/docs/main/guides/gateway-api.md +++ b/site/content/docs/main/guides/gateway-api.md @@ -73,7 +73,7 @@ This command creates: - Envoy DaemonSet / Service - Contour ConfigMap -Update the Contour configmap to enable Gateway API processing by specifying a gateway controller name, and restart Contour to pick up the config change: +Update the Contour configmap to enable Gateway API processing by specifying a gateway, and restart Contour to pick up the config change: ```shell kubectl apply -f - < Date: Tue, 13 Feb 2024 13:48:24 -0700 Subject: [PATCH 30/83] site/content: minor Gateway API docs updates (#6192) Signed-off-by: Steve Kriss --- site/content/docs/main/config/gateway-api.md | 2 - site/content/getting-started/_index.md | 46 ++++++++++---------- 2 files changed, 23 insertions(+), 25 deletions(-) diff --git a/site/content/docs/main/config/gateway-api.md b/site/content/docs/main/config/gateway-api.md index 2fc129985cb..605103dc7e3 100644 --- a/site/content/docs/main/config/gateway-api.md +++ b/site/content/docs/main/config/gateway-api.md @@ -26,8 +26,6 @@ In **static** provisioning, the platform operator defines a `Gateway` resource, It is up to the platform operator to ensure that all configuration matches between the `Gateway` and the Contour/Envoy resources. Contour will then process that `Gateway` and its routes. -**Note:** configuring Contour with a controller name is deprecated and will be removed in a future release. Use a specific gateway reference or dynamic provisioning instead. - In **dynamic** provisioning, the platform operator first deploys Contour's Gateway provisioner. Then, the platform operator defines a `Gateway` resource, and the provisioner automatically deploys a Contour instance that corresponds to the `Gateway's` configuration and will process that `Gateway` and its routes. Static provisioning makes sense for users who: diff --git a/site/content/getting-started/_index.md b/site/content/getting-started/_index.md index e31ce4ccc52..0bf1394a5b4 100644 --- a/site/content/getting-started/_index.md +++ b/site/content/getting-started/_index.md @@ -9,7 +9,7 @@ id: getting-started This guide shows how to install Contour in three different ways: - using Contour's example YAML - using the Helm chart for Contour -- using the Contour gateway provisioner (beta) +- using the Contour gateway provisioner It then shows how to deploy a sample workload and route traffic to it via Contour. @@ -24,7 +24,7 @@ This guide is designed to work with: If you already have access to one of these Kubernetes environments, you're ready to move on to installing Contour. If not, you can [set up a local kind cluster][28] for testing purposes. - + ## Install Contour and Envoy ### Option 1: YAML @@ -34,45 +34,45 @@ Run the following to install Contour: $ kubectl apply -f https://projectcontour.io/quickstart/contour.yaml ``` -Verify the Contour pods are ready by running the following: +Verify the Contour pods are ready by running the following: ```bash $ kubectl get pods -n projectcontour -o wide ``` You should see the following: -- 2 Contour pods each with status **Running** and 1/1 **Ready** -- 1+ Envoy pod(s), each with the status **Running** and 2/2 **Ready** +- 2 Contour pods each with status **Running** and 1/1 **Ready** +- 1+ Envoy pod(s), each with the status **Running** and 2/2 **Ready** ### Option 2: Helm This option requires [Helm to be installed locally][29]. -Add the bitnami chart repository (which contains the Contour chart) by running the following: +Add the bitnami chart repository (which contains the Contour chart) by running the following: -```bash +```bash $ helm repo add bitnami https://charts.bitnami.com/bitnami ``` Install the Contour chart by running the following: -```bash +```bash $ helm install my-release bitnami/contour --namespace projectcontour --create-namespace -``` +``` Verify Contour is ready by running: ```bash $ kubectl -n projectcontour get po,svc -``` +``` You should see the following: -- 1 instance of pod/my-release-contour-contour with status **Running** and 1/1 **Ready** -- 1+ instance(s) of pod/my-release-contour-envoy with each status **Running** and 2/2 **Ready** -- 1 instance of service/my-release-contour +- 1 instance of pod/my-release-contour-contour with status **Running** and 1/1 **Ready** +- 1+ instance(s) of pod/my-release-contour-envoy with each status **Running** and 2/2 **Ready** +- 1 instance of service/my-release-contour - 1 instance of service/my-release-contour-envoy -### Option 3: Contour Gateway Provisioner (beta) +### Option 3: Contour Gateway Provisioner The Gateway provisioner watches for the creation of [Gateway API][31] `Gateway` resources, and dynamically provisions Contour+Envoy instances based on the `Gateway's` spec. Note that although the provisioning request itself is made via a Gateway API resource (`Gateway`), this method of installation still allows you to use *any* of the supported APIs for defining virtual hosts and routes: `Ingress`, `HTTPProxy`, or Gateway API's `HTTPRoute` and `TLSRoute`. @@ -134,15 +134,15 @@ NAME CLASS ADDRESS READY AGE contour contour True 27s ``` -Verify the Contour pods are ready by running the following: +Verify the Contour pods are ready by running the following: ```bash $ kubectl -n projectcontour get pods ``` You should see the following: -- 2 Contour pods each with status **Running** and 1/1 **Ready** -- 1+ Envoy pod(s), each with the status **Running** and 2/2 **Ready** +- 2 Contour pods each with status **Running** and 1/1 **Ready** +- 1+ Envoy pod(s), each with the status **Running** and 2/2 **Ready** ## Test it out! @@ -158,7 +158,7 @@ Verify the pods and service are ready by running: ```bash kubectl get po,svc,ing -l app=httpbin -``` +``` You should see the following: - 3 instances of pods/httpbin, each with status **Running** and 1/1 **Ready** @@ -193,7 +193,7 @@ You should see the `httpbin` home page. Congratulations, you have installed Contour, deployed a backend application, created an `Ingress` to route traffic to the application, and successfully accessed the app with Contour! -## Next Steps +## Next Steps Now that you have a basic Contour installation, where to go from here? - Explore [HTTPProxy][2], a cluster-wide reverse proxy @@ -202,18 +202,18 @@ Now that you have a basic Contour installation, where to go from here? Check out the following demo videos: - [Contour 101 - Kubernetes Ingress and Blue/Green Deployments][20] -- [HTTPProxy in Action][19] +- [HTTPProxy in Action][19] - [Contour Demos and Deep Dives videos][21] -Explore the documentation: +Explore the documentation: - [FAQ][4] - [Contour Architecture][18] - [Contour Configuration Reference][7] - + ## Connect with the Team Have questions? Send a Slack message on the Contour channel, an email on the mailing list, or join a Contour meeting. - Slack: kubernetes.slack.com [#contour][12] -- Join us in a [User Group][10] or [Office Hours][11] meeting +- Join us in a [User Group][10] or [Office Hours][11] meeting - Join the [mailing list][25] for the latest information ## Troubleshooting From 6e6d2f7a5989778c542afd479cee8ac4a9f9d44f Mon Sep 17 00:00:00 2001 From: Lubron Date: Wed, 14 Feb 2024 06:48:17 -0800 Subject: [PATCH 31/83] Replace ref package with k8s.io/utils/ptr (#6189) Closes #6163. Signed-off-by: lubronzhan --- .../v1alpha1/contourconfig_helpers_test.go | 6 +- cmd/contour/serve.go | 21 +- cmd/contour/serve_test.go | 6 +- cmd/contour/servecontext.go | 26 +- cmd/contour/servecontext_test.go | 72 +-- .../contourconfig/contourconfiguration.go | 20 +- .../contourconfiguration_test.go | 70 +-- internal/dag/accessors_test.go | 8 +- internal/dag/builder_test.go | 425 +++++++++--------- internal/dag/cache.go | 4 +- internal/dag/cache_test.go | 9 +- internal/dag/gatewayapi_processor.go | 27 +- internal/dag/gatewayapi_processor_test.go | 60 +-- internal/dag/httpproxy_processor_test.go | 22 +- internal/dag/ingress_processor.go | 4 +- internal/dag/policy.go | 6 +- internal/dag/status_test.go | 405 +++++++++-------- internal/envoy/v3/cluster_test.go | 8 +- internal/envoy/v3/listener_test.go | 10 +- .../v3/backendcavalidation_test.go | 4 +- .../featuretests/v3/backendclientauth_test.go | 6 +- internal/featuretests/v3/cluster_test.go | 4 +- .../featuretests/v3/extensionservice_test.go | 6 +- internal/featuretests/v3/externalname_test.go | 8 +- internal/featuretests/v3/httproute_test.go | 8 +- internal/featuretests/v3/ingressclass_test.go | 10 +- internal/featuretests/v3/listeners_test.go | 14 +- .../v3/redirectroutepolicy_test.go | 34 +- internal/featuretests/v3/routeweight_test.go | 14 +- internal/featuretests/v3/tcproute_test.go | 22 +- internal/featuretests/v3/tlsroute_test.go | 16 +- internal/featuretests/v3/tracing_test.go | 4 +- internal/featuretests/v3/upstreamtls_test.go | 6 +- internal/gatewayapi/helpers.go | 53 ++- internal/gatewayapi/listeners.go | 7 +- internal/gatewayapi/listeners_test.go | 67 ++- internal/ingressclass/ingressclass.go | 4 +- internal/ingressclass/ingressclass_test.go | 20 +- internal/k8s/statusaddress.go | 8 +- internal/k8s/statusaddress_test.go | 10 +- internal/metrics/metrics_test.go | 7 +- .../provisioner/controller/gateway_test.go | 48 +- .../controller/gatewayclass_test.go | 24 +- .../provisioner/equality/equality_test.go | 8 +- internal/provisioner/model/model.go | 10 +- .../objects/dataplane/dataplane.go | 20 +- .../objects/deployment/deployment.go | 12 +- .../provisioner/objects/service/service.go | 4 +- internal/ref/ref.go | 25 -- internal/status/gatewaystatus.go | 5 +- internal/status/gatewaystatus_test.go | 16 +- .../v3/endpointslicetranslator_test.go | 188 ++++---- internal/xdscache/v3/listener_test.go | 28 +- internal/xdscache/v3/route_test.go | 14 +- internal/xdscache/v3/runtime_test.go | 12 +- internal/xdscache/v3/server_test.go | 6 +- pkg/config/parameters_test.go | 79 ++-- test/e2e/deployment.go | 10 +- test/e2e/fixtures.go | 20 +- test/e2e/gateway/gateway_test.go | 22 +- test/e2e/gateway/host_rewrite_test.go | 6 +- test/e2e/gateway/request_redirect_test.go | 10 +- test/e2e/gateway/tcproute_test.go | 6 +- test/e2e/gateway/tls_gateway_test.go | 10 +- test/e2e/gateway/tls_wildcard_host_test.go | 6 +- test/e2e/httpproxy/cookie_rewrite_test.go | 24 +- test/e2e/httpproxy/external_name_test.go | 4 +- test/e2e/httpproxy/fqdn_test.go | 4 +- test/e2e/httpproxy/grpc_test.go | 6 +- test/e2e/httpproxy/httpproxy_test.go | 26 +- test/e2e/httpproxy/internal_redirect_test.go | 8 +- test/e2e/httpproxy/request_redirect_test.go | 22 +- test/e2e/incluster/leaderelection_test.go | 5 +- test/e2e/incluster/rbac_test.go | 4 +- test/e2e/ingress/backend_tls_test.go | 4 +- test/e2e/ingress/headers_policy_test.go | 4 +- test/e2e/ingress/ingress_class_test.go | 6 +- test/e2e/ingress/ingress_test.go | 6 +- test/e2e/ingress/long_path_match_test.go | 8 +- test/e2e/ingress/tls_wildcard_host_test.go | 4 +- test/e2e/provisioner/provisioner_test.go | 39 +- test/e2e/upgrade/upgrade_test.go | 6 +- 82 files changed, 1137 insertions(+), 1173 deletions(-) delete mode 100644 internal/ref/ref.go diff --git a/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go b/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go index c9b7279c2f6..1b6fdbcb116 100644 --- a/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go +++ b/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go @@ -19,9 +19,9 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "k8s.io/utils/ptr" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" ) func TestContourConfigurationSpecValidate(t *testing.T) { @@ -193,10 +193,10 @@ func TestContourConfigurationSpecValidate(t *testing.T) { } require.NoError(t, c.Validate()) - c.Tracing.OverallSampling = ref.To("number") + c.Tracing.OverallSampling = ptr.To("number") require.Error(t, c.Validate()) - c.Tracing.OverallSampling = ref.To("10") + c.Tracing.OverallSampling = ptr.To("10") require.NoError(t, c.Validate()) customTags := []*contour_v1alpha1.CustomTag{ diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index 4d5bb85ea66..06101fd3b15 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -36,6 +36,7 @@ import ( "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/cache" + "k8s.io/utils/ptr" ctrl_cache "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/manager" @@ -59,7 +60,6 @@ import ( "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/leadership" "github.com/projectcontour/contour/internal/metrics" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" "github.com/projectcontour/contour/internal/xds" contour_xds_v3 "github.com/projectcontour/contour/internal/xds/v3" @@ -804,7 +804,7 @@ func (s *Server) setupTracingService(tracingConfig *contour_v1alpha1.TracingConf var customTags []*xdscache_v3.CustomTag - if ref.Val(tracingConfig.IncludePodDetail, true) { + if ptr.Deref(tracingConfig.IncludePodDetail, true) { customTags = append(customTags, &xdscache_v3.CustomTag{ TagName: "podName", EnvironmentName: "HOSTNAME", @@ -822,16 +822,16 @@ func (s *Server) setupTracingService(tracingConfig *contour_v1alpha1.TracingConf }) } - overallSampling, err := strconv.ParseFloat(ref.Val(tracingConfig.OverallSampling, "100"), 64) + overallSampling, err := strconv.ParseFloat(ptr.Deref(tracingConfig.OverallSampling, "100"), 64) if err != nil || overallSampling == 0 { overallSampling = 100.0 } return &xdscache_v3.TracingConfig{ - ServiceName: ref.Val(tracingConfig.ServiceName, "contour"), + ServiceName: ptr.Deref(tracingConfig.ServiceName, "contour"), ExtensionServiceConfig: extensionSvcConfig, OverallSampling: overallSampling, - MaxPathTagLength: ref.Val(tracingConfig.MaxPathTagLength, 256), + MaxPathTagLength: ptr.Deref(tracingConfig.MaxPathTagLength, 256), CustomTags: customTags, }, nil } @@ -848,11 +848,12 @@ func (s *Server) setupRateLimitService(contourConfiguration contour_v1alpha1.Con } return &xdscache_v3.RateLimitConfig{ - ExtensionServiceConfig: extensionSvcConfig, - Domain: contourConfiguration.RateLimitService.Domain, - FailOpen: ref.Val(contourConfiguration.RateLimitService.FailOpen, false), - EnableXRateLimitHeaders: ref.Val(contourConfiguration.RateLimitService.EnableXRateLimitHeaders, false), - EnableResourceExhaustedCode: ref.Val(contourConfiguration.RateLimitService.EnableResourceExhaustedCode, false), + ExtensionServiceConfig: extensionSvcConfig, + Domain: contourConfiguration.RateLimitService.Domain, + + FailOpen: ptr.Deref(contourConfiguration.RateLimitService.FailOpen, false), + EnableXRateLimitHeaders: ptr.Deref(contourConfiguration.RateLimitService.EnableXRateLimitHeaders, false), + EnableResourceExhaustedCode: ptr.Deref(contourConfiguration.RateLimitService.EnableResourceExhaustedCode, false), }, nil } diff --git a/cmd/contour/serve_test.go b/cmd/contour/serve_test.go index 53113608ece..248e9bc17c4 100644 --- a/cmd/contour/serve_test.go +++ b/cmd/contour/serve_test.go @@ -20,10 +20,10 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/ref" ) func TestGetDAGBuilder(t *testing.T) { @@ -102,7 +102,7 @@ func TestGetDAGBuilder(t *testing.T) { }, Remove: []string{"res-remove-key-1", "res-remove-key-2"}, }, - ApplyToIngress: ref.To(false), + ApplyToIngress: ptr.To(false), } serve := &Server{ @@ -165,7 +165,7 @@ func TestGetDAGBuilder(t *testing.T) { }, Remove: []string{"res-remove-key-1", "res-remove-key-2"}, }, - ApplyToIngress: ref.To(true), + ApplyToIngress: ptr.To(true), } serve := &Server{ diff --git a/cmd/contour/servecontext.go b/cmd/contour/servecontext.go index 3fccce59512..3a1057b6479 100644 --- a/cmd/contour/servecontext.go +++ b/cmd/contour/servecontext.go @@ -27,12 +27,12 @@ import ( "google.golang.org/grpc" "google.golang.org/grpc/credentials" "google.golang.org/grpc/keepalive" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" "github.com/projectcontour/contour/pkg/config" ) @@ -167,7 +167,7 @@ func grpcOptions(log logrus.FieldLogger, contourXDSConfig *contour_v1alpha1.TLS) }), } - if !ref.Val(contourXDSConfig.Insecure, false) { + if !ptr.Deref(contourXDSConfig.Insecure, false) { tlsconfig := tlsconfig(log, contourXDSConfig) creds := credentials.NewTLS(tlsconfig) opts = append(opts, grpc.Creds(creds)) @@ -345,25 +345,25 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_v1alpha1.Co timeoutParams := &contour_v1alpha1.TimeoutParameters{} if len(ctx.Config.Timeouts.RequestTimeout) > 0 { - timeoutParams.RequestTimeout = ref.To(ctx.Config.Timeouts.RequestTimeout) + timeoutParams.RequestTimeout = ptr.To(ctx.Config.Timeouts.RequestTimeout) } if len(ctx.Config.Timeouts.ConnectionIdleTimeout) > 0 { - timeoutParams.ConnectionIdleTimeout = ref.To(ctx.Config.Timeouts.ConnectionIdleTimeout) + timeoutParams.ConnectionIdleTimeout = ptr.To(ctx.Config.Timeouts.ConnectionIdleTimeout) } if len(ctx.Config.Timeouts.StreamIdleTimeout) > 0 { - timeoutParams.StreamIdleTimeout = ref.To(ctx.Config.Timeouts.StreamIdleTimeout) + timeoutParams.StreamIdleTimeout = ptr.To(ctx.Config.Timeouts.StreamIdleTimeout) } if len(ctx.Config.Timeouts.MaxConnectionDuration) > 0 { - timeoutParams.MaxConnectionDuration = ref.To(ctx.Config.Timeouts.MaxConnectionDuration) + timeoutParams.MaxConnectionDuration = ptr.To(ctx.Config.Timeouts.MaxConnectionDuration) } if len(ctx.Config.Timeouts.DelayedCloseTimeout) > 0 { - timeoutParams.DelayedCloseTimeout = ref.To(ctx.Config.Timeouts.DelayedCloseTimeout) + timeoutParams.DelayedCloseTimeout = ptr.To(ctx.Config.Timeouts.DelayedCloseTimeout) } if len(ctx.Config.Timeouts.ConnectionShutdownGracePeriod) > 0 { - timeoutParams.ConnectionShutdownGracePeriod = ref.To(ctx.Config.Timeouts.ConnectionShutdownGracePeriod) + timeoutParams.ConnectionShutdownGracePeriod = ptr.To(ctx.Config.Timeouts.ConnectionShutdownGracePeriod) } if len(ctx.Config.Timeouts.ConnectTimeout) > 0 { - timeoutParams.ConnectTimeout = ref.To(ctx.Config.Timeouts.ConnectTimeout) + timeoutParams.ConnectTimeout = ptr.To(ctx.Config.Timeouts.ConnectTimeout) } var dnsLookupFamily contour_v1alpha1.ClusterDNSFamilyType @@ -412,9 +412,9 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_v1alpha1.Co Namespace: nsedName.Namespace, }, Domain: ctx.Config.RateLimitService.Domain, - FailOpen: ref.To(ctx.Config.RateLimitService.FailOpen), - EnableXRateLimitHeaders: ref.To(ctx.Config.RateLimitService.EnableXRateLimitHeaders), - EnableResourceExhaustedCode: ref.To(ctx.Config.RateLimitService.EnableResourceExhaustedCode), + FailOpen: ptr.To(ctx.Config.RateLimitService.FailOpen), + EnableXRateLimitHeaders: ptr.To(ctx.Config.RateLimitService.EnableXRateLimitHeaders), + EnableResourceExhaustedCode: ptr.To(ctx.Config.RateLimitService.EnableResourceExhaustedCode), DefaultGlobalRateLimitPolicy: ctx.Config.RateLimitService.DefaultGlobalRateLimitPolicy, } } @@ -466,7 +466,7 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_v1alpha1.Co Set: ctx.Config.Policy.ResponseHeadersPolicy.Set, Remove: ctx.Config.Policy.ResponseHeadersPolicy.Remove, }, - ApplyToIngress: ref.To(ctx.Config.Policy.ApplyToIngress), + ApplyToIngress: ptr.To(ctx.Config.Policy.ApplyToIngress), } var clientCertificate *contour_v1alpha1.NamespacedName diff --git a/cmd/contour/servecontext_test.go b/cmd/contour/servecontext_test.go index 67c1da51d94..641a3c0ff44 100644 --- a/cmd/contour/servecontext_test.go +++ b/cmd/contour/servecontext_test.go @@ -27,12 +27,12 @@ import ( "github.com/stretchr/testify/assert" "github.com/tsaarni/certyaml" "google.golang.org/grpc" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/pkg/config" ) @@ -93,7 +93,7 @@ func TestServeContextTLSParams(t *testing.T) { CAFile: "cacert.pem", CertFile: "contourcert.pem", KeyFile: "contourkey.pem", - Insecure: ref.To(false), + Insecure: ptr.To(false), }, expectError: false, }, @@ -101,7 +101,7 @@ func TestServeContextTLSParams(t *testing.T) { tls: &contour_v1alpha1.TLS{ CertFile: "contourcert.pem", KeyFile: "contourkey.pem", - Insecure: ref.To(false), + Insecure: ptr.To(false), }, expectError: true, }, @@ -191,7 +191,7 @@ func TestServeContextCertificateHandling(t *testing.T) { CAFile: filepath.Join(configDir, "CAcert.pem"), CertFile: filepath.Join(configDir, "contourcert.pem"), KeyFile: filepath.Join(configDir, "contourkey.pem"), - Insecure: ref.To(false), + Insecure: ptr.To(false), } // Initial set of credentials must be written into temp directory before @@ -257,7 +257,7 @@ func TestTlsVersionDeprecation(t *testing.T) { CAFile: filepath.Join(configDir, "CAcert.pem"), CertFile: filepath.Join(configDir, "contourcert.pem"), KeyFile: filepath.Join(configDir, "contourkey.pem"), - Insecure: ref.To(false), + Insecure: ptr.To(false), } err = caCert.WritePEM(contourTLS.CAFile, filepath.Join(configDir, "CAkey.pem")) @@ -386,7 +386,7 @@ func TestConvertServeContext(t *testing.T) { CAFile: "/certs/ca.crt", CertFile: "/certs/cert.crt", KeyFile: "/certs/cert.key", - Insecure: ref.To(false), + Insecure: ptr.To(false), }, }, Ingress: &contour_v1alpha1.IngressConfig{ @@ -407,9 +407,9 @@ func TestConvertServeContext(t *testing.T) { Namespace: "projectcontour", }, Listener: &contour_v1alpha1.EnvoyListenerConfig{ - UseProxyProto: ref.To(false), - DisableAllowChunkedLength: ref.To(false), - DisableMergeSlashes: ref.To(false), + UseProxyProto: ptr.To(false), + DisableAllowChunkedLength: ptr.To(false), + DisableMergeSlashes: ptr.To(false), ServerHeaderTransformation: contour_v1alpha1.OverwriteServerHeader, TLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: "", @@ -471,8 +471,8 @@ func TestConvertServeContext(t *testing.T) { }, DefaultHTTPVersions: nil, Timeouts: &contour_v1alpha1.TimeoutParameters{ - ConnectionIdleTimeout: ref.To("60s"), - ConnectTimeout: ref.To("2s"), + ConnectionIdleTimeout: ptr.To("60s"), + ConnectTimeout: ptr.To("2s"), }, Cluster: &contour_v1alpha1.ClusterParameters{ DNSLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, @@ -483,22 +483,22 @@ func TestConvertServeContext(t *testing.T) { }, }, Network: &contour_v1alpha1.NetworkParameters{ - EnvoyAdminPort: ref.To(9001), - XffNumTrustedHops: ref.To(uint32(0)), + EnvoyAdminPort: ptr.To(9001), + XffNumTrustedHops: ptr.To(uint32(0)), }, }, Gateway: nil, HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ - DisablePermitInsecure: ref.To(false), + DisablePermitInsecure: ptr.To(false), FallbackCertificate: nil, }, - EnableExternalNameService: ref.To(false), + EnableExternalNameService: ptr.To(false), RateLimitService: nil, GlobalExternalAuthorization: nil, Policy: &contour_v1alpha1.PolicyConfig{ RequestHeadersPolicy: &contour_v1alpha1.HeadersPolicy{}, ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{}, - ApplyToIngress: ref.To(false), + ApplyToIngress: ptr.To(false), }, Metrics: &contour_v1alpha1.MetricsConfig{ Address: "0.0.0.0", @@ -544,7 +544,7 @@ func TestConvertServeContext(t *testing.T) { Set: map[string]string{"custom-response-header-set": "foo-bar", "Host": "response-bar.com"}, Remove: []string{"custom-response-header-remove"}, }, - ApplyToIngress: ref.To(true), + ApplyToIngress: ptr.To(true), } return cfg }, @@ -610,7 +610,7 @@ func TestConvertServeContext(t *testing.T) { }, getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { cfg.HTTPProxy = &contour_v1alpha1.HTTPProxyConfig{ - DisablePermitInsecure: ref.To(true), + DisablePermitInsecure: ptr.To(true), FallbackCertificate: &contour_v1alpha1.NamespacedName{ Name: "fallbackname", Namespace: "fallbacknamespace", @@ -651,9 +651,9 @@ func TestConvertServeContext(t *testing.T) { Namespace: "ratens", }, Domain: "contour", - FailOpen: ref.To(true), - EnableXRateLimitHeaders: ref.To(true), - EnableResourceExhaustedCode: ref.To(true), + FailOpen: ptr.To(true), + EnableXRateLimitHeaders: ptr.To(true), + EnableResourceExhaustedCode: ptr.To(true), DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ Descriptors: []contour_v1.RateLimitDescriptor{ { @@ -751,7 +751,7 @@ func TestConvertServeContext(t *testing.T) { return ctx }, getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { - cfg.Envoy.Listener.DisableMergeSlashes = ref.To(true) + cfg.Envoy.Listener.DisableMergeSlashes = ptr.To(true) return cfg }, }, @@ -828,10 +828,10 @@ func TestConvertServeContext(t *testing.T) { "tracing config normal": { getServeContext: func(ctx *serveContext) *serveContext { ctx.Config.Tracing = &config.Tracing{ - IncludePodDetail: ref.To(false), - ServiceName: ref.To("contour"), - OverallSampling: ref.To("100"), - MaxPathTagLength: ref.To(uint32(256)), + IncludePodDetail: ptr.To(false), + ServiceName: ptr.To("contour"), + OverallSampling: ptr.To("100"), + MaxPathTagLength: ptr.To(uint32(256)), CustomTags: []config.CustomTag{ { TagName: "literal", @@ -848,10 +848,10 @@ func TestConvertServeContext(t *testing.T) { }, getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { cfg.Tracing = &contour_v1alpha1.TracingConfig{ - IncludePodDetail: ref.To(false), - ServiceName: ref.To("contour"), - OverallSampling: ref.To("100"), - MaxPathTagLength: ref.To(uint32(256)), + IncludePodDetail: ptr.To(false), + ServiceName: ptr.To("contour"), + OverallSampling: ptr.To("100"), + MaxPathTagLength: ptr.To(uint32(256)), CustomTags: []*contour_v1alpha1.CustomTag{ { TagName: "literal", @@ -889,15 +889,15 @@ func TestConvertServeContext(t *testing.T) { }, "envoy listener settings": { getServeContext: func(ctx *serveContext) *serveContext { - ctx.Config.Listener.MaxRequestsPerIOCycle = ref.To(uint32(10)) - ctx.Config.Listener.HTTP2MaxConcurrentStreams = ref.To(uint32(30)) - ctx.Config.Listener.MaxConnectionsPerListener = ref.To(uint32(50)) + ctx.Config.Listener.MaxRequestsPerIOCycle = ptr.To(uint32(10)) + ctx.Config.Listener.HTTP2MaxConcurrentStreams = ptr.To(uint32(30)) + ctx.Config.Listener.MaxConnectionsPerListener = ptr.To(uint32(50)) return ctx }, getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { - cfg.Envoy.Listener.MaxRequestsPerIOCycle = ref.To(uint32(10)) - cfg.Envoy.Listener.HTTP2MaxConcurrentStreams = ref.To(uint32(30)) - cfg.Envoy.Listener.MaxConnectionsPerListener = ref.To(uint32(50)) + cfg.Envoy.Listener.MaxRequestsPerIOCycle = ptr.To(uint32(10)) + cfg.Envoy.Listener.HTTP2MaxConcurrentStreams = ptr.To(uint32(30)) + cfg.Envoy.Listener.MaxConnectionsPerListener = ptr.To(uint32(50)) return cfg }, }, diff --git a/internal/contourconfig/contourconfiguration.go b/internal/contourconfig/contourconfiguration.go index 7b89ce8c8fb..2cd3ada80a5 100644 --- a/internal/contourconfig/contourconfiguration.go +++ b/internal/contourconfig/contourconfiguration.go @@ -18,9 +18,9 @@ import ( "time" "dario.cat/mergo" + "k8s.io/utils/ptr" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" ) @@ -48,7 +48,7 @@ func Defaults() contour_v1alpha1.ContourConfigurationSpec { CAFile: "/certs/ca.crt", CertFile: "/certs/tls.crt", KeyFile: "/certs/tls.key", - Insecure: ref.To(false), + Insecure: ptr.To(false), }, }, Ingress: &contour_v1alpha1.IngressConfig{ @@ -65,9 +65,9 @@ func Defaults() contour_v1alpha1.ContourConfigurationSpec { }, Envoy: &contour_v1alpha1.EnvoyConfig{ Listener: &contour_v1alpha1.EnvoyListenerConfig{ - UseProxyProto: ref.To(false), - DisableAllowChunkedLength: ref.To(false), - DisableMergeSlashes: ref.To(false), + UseProxyProto: ptr.To(false), + DisableAllowChunkedLength: ptr.To(false), + DisableMergeSlashes: ptr.To(false), ServerHeaderTransformation: contour_v1alpha1.OverwriteServerHeader, ConnectionBalancer: "", TLS: &contour_v1alpha1.EnvoyTLS{ @@ -128,22 +128,22 @@ func Defaults() contour_v1alpha1.ContourConfigurationSpec { }, }, Network: &contour_v1alpha1.NetworkParameters{ - XffNumTrustedHops: ref.To(uint32(0)), - EnvoyAdminPort: ref.To(9001), + XffNumTrustedHops: ptr.To(uint32(0)), + EnvoyAdminPort: ptr.To(9001), }, }, Gateway: nil, HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ - DisablePermitInsecure: ref.To(false), + DisablePermitInsecure: ptr.To(false), RootNamespaces: nil, FallbackCertificate: nil, }, - EnableExternalNameService: ref.To(false), + EnableExternalNameService: ptr.To(false), RateLimitService: nil, Policy: &contour_v1alpha1.PolicyConfig{ RequestHeadersPolicy: &contour_v1alpha1.HeadersPolicy{}, ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{}, - ApplyToIngress: ref.To(false), + ApplyToIngress: ptr.To(false), }, Metrics: &contour_v1alpha1.MetricsConfig{ Address: "0.0.0.0", diff --git a/internal/contourconfig/contourconfiguration_test.go b/internal/contourconfig/contourconfiguration_test.go index f78e21ab0a7..caaac35e8a2 100644 --- a/internal/contourconfig/contourconfiguration_test.go +++ b/internal/contourconfig/contourconfiguration_test.go @@ -19,11 +19,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/contourconfig" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" ) @@ -37,7 +37,7 @@ func TestOverlayOnDefaults(t *testing.T) { CAFile: "/foo/ca.crt", CertFile: "/foo/tls.crt", KeyFile: "/foo/tls.key", - Insecure: ref.To(true), + Insecure: ptr.To(true), }, }, Ingress: &contour_v1alpha1.IngressConfig{ @@ -54,11 +54,11 @@ func TestOverlayOnDefaults(t *testing.T) { }, Envoy: &contour_v1alpha1.EnvoyConfig{ Listener: &contour_v1alpha1.EnvoyListenerConfig{ - UseProxyProto: ref.To(true), - DisableAllowChunkedLength: ref.To(true), - DisableMergeSlashes: ref.To(true), - MaxRequestsPerConnection: ref.To(uint32(1)), - HTTP2MaxConcurrentStreams: ref.To(uint32(10)), + UseProxyProto: ptr.To(true), + DisableAllowChunkedLength: ptr.To(true), + DisableMergeSlashes: ptr.To(true), + MaxRequestsPerConnection: ptr.To(uint32(1)), + HTTP2MaxConcurrentStreams: ptr.To(uint32(10)), ServerHeaderTransformation: contour_v1alpha1.PassThroughServerHeader, ConnectionBalancer: "yesplease", TLS: &contour_v1alpha1.EnvoyTLS{ @@ -112,13 +112,13 @@ func TestOverlayOnDefaults(t *testing.T) { "HTTP/3", }, Timeouts: &contour_v1alpha1.TimeoutParameters{ - RequestTimeout: ref.To("1s"), - ConnectionIdleTimeout: ref.To("2s"), - StreamIdleTimeout: ref.To("3s"), - MaxConnectionDuration: ref.To("4s"), - DelayedCloseTimeout: ref.To("5s"), - ConnectionShutdownGracePeriod: ref.To("6s"), - ConnectTimeout: ref.To("7s"), + RequestTimeout: ptr.To("1s"), + ConnectionIdleTimeout: ptr.To("2s"), + StreamIdleTimeout: ptr.To("3s"), + MaxConnectionDuration: ptr.To("4s"), + DelayedCloseTimeout: ptr.To("5s"), + ConnectionShutdownGracePeriod: ptr.To("6s"), + ConnectTimeout: ptr.To("7s"), }, Cluster: &contour_v1alpha1.ClusterParameters{ DNSLookupFamily: contour_v1alpha1.IPv4ClusterDNSFamily, @@ -131,8 +131,8 @@ func TestOverlayOnDefaults(t *testing.T) { }, }, Network: &contour_v1alpha1.NetworkParameters{ - XffNumTrustedHops: ref.To(uint32(77)), - EnvoyAdminPort: ref.To(9997), + XffNumTrustedHops: ptr.To(uint32(77)), + EnvoyAdminPort: ptr.To(9997), }, }, Gateway: &contour_v1alpha1.GatewayConfig{ @@ -142,22 +142,22 @@ func TestOverlayOnDefaults(t *testing.T) { }, }, HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ - DisablePermitInsecure: ref.To(true), + DisablePermitInsecure: ptr.To(true), RootNamespaces: []string{"rootnamespace"}, FallbackCertificate: &contour_v1alpha1.NamespacedName{ Namespace: "fallbackcertificatenamespace", Name: "fallbackcertificatename", }, }, - EnableExternalNameService: ref.To(true), + EnableExternalNameService: ptr.To(true), RateLimitService: &contour_v1alpha1.RateLimitServiceConfig{ ExtensionService: contour_v1alpha1.NamespacedName{ Namespace: "ratelimitservicenamespace", Name: "ratelimitservicename", }, Domain: "ratelimitservicedomain", - FailOpen: ref.To(true), - EnableXRateLimitHeaders: ref.To(true), + FailOpen: ptr.To(true), + EnableXRateLimitHeaders: ptr.To(true), DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ Descriptors: []contour_v1.RateLimitDescriptor{ { @@ -182,7 +182,7 @@ func TestOverlayOnDefaults(t *testing.T) { Set: map[string]string{"set": "val"}, Remove: []string{"remove"}, }, - ApplyToIngress: ref.To(true), + ApplyToIngress: ptr.To(true), }, Metrics: &contour_v1alpha1.MetricsConfig{ Address: "9.8.7.6", @@ -264,13 +264,13 @@ func TestParseTimeoutPolicy(t *testing.T) { }, "timeouts all set": { config: &contour_v1alpha1.TimeoutParameters{ - RequestTimeout: ref.To("1s"), - ConnectionIdleTimeout: ref.To("2s"), - StreamIdleTimeout: ref.To("3s"), - MaxConnectionDuration: ref.To("infinity"), - DelayedCloseTimeout: ref.To("5s"), - ConnectionShutdownGracePeriod: ref.To("6s"), - ConnectTimeout: ref.To("8s"), + RequestTimeout: ptr.To("1s"), + ConnectionIdleTimeout: ptr.To("2s"), + StreamIdleTimeout: ptr.To("3s"), + MaxConnectionDuration: ptr.To("infinity"), + DelayedCloseTimeout: ptr.To("5s"), + ConnectionShutdownGracePeriod: ptr.To("6s"), + ConnectTimeout: ptr.To("8s"), }, expected: contourconfig.Timeouts{ Request: timeout.DurationSetting(time.Second), @@ -284,43 +284,43 @@ func TestParseTimeoutPolicy(t *testing.T) { }, "request timeout invalid": { config: &contour_v1alpha1.TimeoutParameters{ - RequestTimeout: ref.To("xxx"), + RequestTimeout: ptr.To("xxx"), }, errorMsg: "failed to parse request timeout", }, "connection idle timeout invalid": { config: &contour_v1alpha1.TimeoutParameters{ - ConnectionIdleTimeout: ref.To("a"), + ConnectionIdleTimeout: ptr.To("a"), }, errorMsg: "failed to parse connection idle timeout", }, "stream idle timeout invalid": { config: &contour_v1alpha1.TimeoutParameters{ - StreamIdleTimeout: ref.To("invalid"), + StreamIdleTimeout: ptr.To("invalid"), }, errorMsg: "failed to parse stream idle timeout", }, "max connection duration invalid": { config: &contour_v1alpha1.TimeoutParameters{ - MaxConnectionDuration: ref.To("xxx"), + MaxConnectionDuration: ptr.To("xxx"), }, errorMsg: "failed to parse max connection duration", }, "delayed close timeout invalid": { config: &contour_v1alpha1.TimeoutParameters{ - DelayedCloseTimeout: ref.To("xxx"), + DelayedCloseTimeout: ptr.To("xxx"), }, errorMsg: "failed to parse delayed close timeout", }, "connection shutdown grace period invalid": { config: &contour_v1alpha1.TimeoutParameters{ - ConnectionShutdownGracePeriod: ref.To("xxx"), + ConnectionShutdownGracePeriod: ptr.To("xxx"), }, errorMsg: "failed to parse connection shutdown grace period", }, "connect timeout invalid": { config: &contour_v1alpha1.TimeoutParameters{ - ConnectTimeout: ref.To("infinite"), + ConnectTimeout: ptr.To("infinite"), }, errorMsg: "failed to parse connect timeout", }, diff --git a/internal/dag/accessors_test.go b/internal/dag/accessors_test.go index 6e6b64bbedc..bc3e2b8692e 100644 --- a/internal/dag/accessors_test.go +++ b/internal/dag/accessors_test.go @@ -23,9 +23,9 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/ref" ) func makeServicePort(name string, protocol core_v1.Protocol, port int32, extras ...any) core_v1.ServicePort { @@ -40,7 +40,7 @@ func makeServicePort(name string, protocol core_v1.Protocol, port int32, extras } if len(extras) > 1 { - p.AppProtocol = ref.To(extras[1].(string)) + p.AppProtocol = ptr.To(extras[1].(string)) } return p @@ -118,13 +118,13 @@ func TestBuilderLookupService(t *testing.T) { { Name: "k8s-h2c", Protocol: "TCP", - AppProtocol: ref.To("kubernetes.io/h2c"), + AppProtocol: ptr.To("kubernetes.io/h2c"), Port: 8443, }, { Name: "k8s-wss", Protocol: "TCP", - AppProtocol: ref.To("kubernetes.io/wss"), + AppProtocol: ptr.To("kubernetes.io/wss"), Port: 8444, }, }, diff --git a/internal/dag/builder_test.go b/internal/dag/builder_test.go index 8715b6e9694..ffeced315ff 100644 --- a/internal/dag/builder_test.go +++ b/internal/dag/builder_test.go @@ -33,7 +33,6 @@ import ( contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/status" "github.com/projectcontour/contour/internal/timeout" ) @@ -143,7 +142,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -163,7 +162,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }}, @@ -182,7 +181,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ "app": "contour", @@ -215,7 +214,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -235,7 +234,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -251,7 +250,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), Addresses: []gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1.IPAddressType), + Type: ptr.To(gatewayapi_v1.IPAddressType), Value: "1.2.3.4", }, }, @@ -261,7 +260,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -279,11 +278,11 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -301,11 +300,11 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }}, @@ -323,11 +322,11 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"matching-label-key": "matching-label-value"}, }, @@ -398,14 +397,14 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef(sec2.Name, sec2.Namespace), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -429,7 +428,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -450,7 +449,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -465,7 +464,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -532,12 +531,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1.HTTPBackendRef{{ BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi_v1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, }}, }) @@ -899,14 +898,14 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Port: 80, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef(sec1.Name, sec1.Namespace), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -931,11 +930,11 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Port: 80, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -961,7 +960,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.TLSProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -985,11 +984,11 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -1042,11 +1041,11 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, Kinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: gatewayapi_v1.Kind("INVALID-KIND"), }, }, @@ -1073,11 +1072,11 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, Kinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group("invalid-group-name")), + Group: ptr.To(gatewayapi_v1.Group("invalid-group-name")), Kind: gatewayapi_v1.Kind("HTTPRoute"), }, }, @@ -1270,7 +1269,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi_v1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), Name: "kuard", }, }, @@ -1348,7 +1347,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Service", - Name: ref.To(gatewayapi_v1.ObjectName(kuardService.Name)), + Name: ptr.To(gatewayapi_v1.ObjectName(kuardService.Name)), }}, }, }, @@ -1467,7 +1466,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Service", - Name: ref.To(gatewayapi_v1.ObjectName("some-other-service")), // would need to be "kuard" to be valid. + Name: ptr.To(gatewayapi_v1.ObjectName("some-other-service")), // would need to be "kuard" to be valid. }}, }, }, @@ -1523,18 +1522,18 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gatewayapi_v1.HTTPRouteRule{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, }, { Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/blog"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/blog"), }, }, { Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/tech"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/tech"), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -1570,7 +1569,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -1608,7 +1607,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.HTTPSProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -1713,15 +1712,15 @@ func TestDAGInsertGatewayAPI(t *testing.T) { TLS: &gatewayapi_v1.GatewayTLSConfig{ CertificateRefs: []gatewayapi_v1.SecretObjectReference{ { - Group: ref.To(gatewayapi_v1.Group("custom")), - Kind: ref.To(gatewayapi_v1.Kind("shhhh")), + Group: ptr.To(gatewayapi_v1.Group("custom")), + Kind: ptr.To(gatewayapi_v1.Kind("shhhh")), Name: gatewayapi_v1.ObjectName(sec1.Name), }, }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -1748,7 +1747,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { TLS: &gatewayapi_v1.GatewayTLSConfig{}, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -1830,7 +1829,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", - Name: ref.To(gatewayapi_v1.ObjectName(sec2.Name)), + Name: ptr.To(gatewayapi_v1.ObjectName(sec2.Name)), }}, }, }, @@ -1974,7 +1973,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", - Name: ref.To(gatewayapi_v1.ObjectName("wrong-name")), + Name: ptr.To(gatewayapi_v1.ObjectName("wrong-name")), }}, }, }, @@ -2007,7 +2006,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.TCPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -2029,7 +2028,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: gatewayapi_v1.UDPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -2051,7 +2050,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Protocol: "projectcontour.io/HTTPUDP", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -2137,8 +2136,8 @@ func TestDAGInsertGatewayAPI(t *testing.T) { makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, Headers: gatewayapi.HTTPHeaderMatch(gatewayapi_v1.HeaderMatchExact, "foo", "bar"), }}, @@ -2169,13 +2168,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Matches: []gatewayapi_v1.HTTPRouteMatch{ { Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/blog"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/blog"), }, }, { Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/tech"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/tech"), }, Headers: gatewayapi.HTTPHeaderMatch(gatewayapi_v1.HeaderMatchExact, "foo", "bar"), }, @@ -2270,10 +2269,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, - Method: ref.To(gatewayapi_v1.HTTPMethodGet), + Method: ptr.To(gatewayapi_v1.HTTPMethodGet), }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }), @@ -2301,8 +2300,8 @@ func TestDAGInsertGatewayAPI(t *testing.T) { makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { @@ -2337,12 +2336,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { - Type: ref.To(gatewayapi_v1.QueryParamMatchExact), + Type: ptr.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-1", Value: "value-1", }, @@ -2374,27 +2373,27 @@ func TestDAGInsertGatewayAPI(t *testing.T) { makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { - Type: ref.To(gatewayapi_v1.QueryParamMatchExact), + Type: ptr.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-1", Value: "value-1", }, { - Type: ref.To(gatewayapi_v1.QueryParamMatchExact), + Type: ptr.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-2", Value: "value-2", }, { - Type: ref.To(gatewayapi_v1.QueryParamMatchExact), + Type: ptr.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-1", Value: "value-3", }, { - Type: ref.To(gatewayapi_v1.QueryParamMatchExact), + Type: ptr.To(gatewayapi_v1.QueryParamMatchExact), Name: "Param-1", Value: "value-4", }, @@ -2428,27 +2427,27 @@ func TestDAGInsertGatewayAPI(t *testing.T) { makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { - Type: ref.To(gatewayapi_v1.QueryParamMatchExact), + Type: ptr.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-1", Value: "value-1", }, { - Type: ref.To(gatewayapi_v1.QueryParamMatchExact), + Type: ptr.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-2", Value: "value-2", }, { - Type: ref.To(gatewayapi_v1.QueryParamMatchExact), + Type: ptr.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-1", Value: "value-3", }, { - Type: ref.To(gatewayapi_v1.QueryParamMatchRegularExpression), + Type: ptr.To(gatewayapi_v1.QueryParamMatchRegularExpression), Name: "Param-1", Value: "value-4", }, @@ -2484,17 +2483,17 @@ func TestDAGInsertGatewayAPI(t *testing.T) { makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { - Type: ref.To(gatewayapi_v1.QueryParamMatchExact), + Type: ptr.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-1", Value: "value-1", }, { - Type: ref.To(gatewayapi_v1.QueryParamMatchRegularExpression), + Type: ptr.To(gatewayapi_v1.QueryParamMatchRegularExpression), Name: "param-1", Value: "value-2", }, @@ -2528,12 +2527,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { - Type: ref.To(gatewayapi_v1.QueryParamMatchRegularExpression), + Type: ptr.To(gatewayapi_v1.QueryParamMatchRegularExpression), Name: "query-param-regex", Value: "value-%d-[a-zA-Z0-9]", }, @@ -2691,7 +2690,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, Filters: []gatewayapi_v1.HTTPRouteFilter{ { @@ -2749,7 +2748,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, Filters: []gatewayapi_v1.HTTPRouteFilter{ { @@ -2846,7 +2845,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, @@ -2887,7 +2886,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier, @@ -2927,10 +2926,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestRedirect, RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ - Scheme: ref.To("https"), - Hostname: ref.To(gatewayapi_v1.PreciseHostname("envoyproxy.io")), - Port: ref.To(gatewayapi_v1.PortNumber(443)), - StatusCode: ref.To(301), + Scheme: ptr.To("https"), + Hostname: ptr.To(gatewayapi_v1.PreciseHostname("envoyproxy.io")), + Port: ptr.To(gatewayapi_v1.PortNumber(443)), + StatusCode: ptr.To(301), }, }}, }), @@ -2965,10 +2964,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestRedirect, RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ - Scheme: ref.To("https"), - Hostname: ref.To(gatewayapi_v1.PreciseHostname("envoyproxy.io")), - Port: ref.To(gatewayapi_v1.PortNumber(443)), - StatusCode: ref.To(301), + Scheme: ptr.To("https"), + Hostname: ptr.To(gatewayapi_v1.PreciseHostname("envoyproxy.io")), + Port: ptr.To(gatewayapi_v1.PortNumber(443)), + StatusCode: ptr.To(301), }, }}, }), @@ -3011,7 +3010,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.PrefixMatchHTTPPathModifier, - ReplacePrefixMatch: ref.To("/replacement"), + ReplacePrefixMatch: ptr.To("/replacement"), }, }, }}, @@ -3046,7 +3045,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.PrefixMatchHTTPPathModifier, - ReplacePrefixMatch: ref.To("/"), + ReplacePrefixMatch: ptr.To("/"), }, }, }}, @@ -3081,7 +3080,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.FullPathHTTPPathModifier, - ReplaceFullPath: ref.To("/replacement"), + ReplaceFullPath: ptr.To("/replacement"), }, }, }}, @@ -3205,7 +3204,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.PrefixMatchHTTPPathModifier, - ReplacePrefixMatch: ref.To("/replacement"), + ReplacePrefixMatch: ptr.To("/replacement"), }, }, }}, @@ -3239,7 +3238,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.PrefixMatchHTTPPathModifier, - ReplacePrefixMatch: ref.To("/"), + ReplacePrefixMatch: ptr.To("/"), }, }, }}, @@ -3273,7 +3272,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.FullPathHTTPPathModifier, - ReplaceFullPath: ref.To("/replacement"), + ReplaceFullPath: ptr.To("/replacement"), }, }, }}, @@ -3305,7 +3304,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterURLRewrite, URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ - Hostname: ref.To(gatewayapi_v1.PreciseHostname("rewritten.com")), + Hostname: ptr.To(gatewayapi_v1.PreciseHostname("rewritten.com")), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -3346,7 +3345,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { Type: gatewayapi_v1.HTTPRouteFilterURLRewrite, URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ - Hostname: ref.To(gatewayapi_v1.PreciseHostname("url.rewritten.com")), + Hostname: ptr.To(gatewayapi_v1.PreciseHostname("url.rewritten.com")), }, }, }, @@ -4115,12 +4114,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, }, }}, @@ -4178,12 +4177,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, }, }}, @@ -4202,7 +4201,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Service", - Name: ref.To(gatewayapi_v1.ObjectName(kuardService.Name)), + Name: ptr.To(gatewayapi_v1.ObjectName(kuardService.Name)), }}, }, }, @@ -4242,12 +4241,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, }, }}, @@ -4291,12 +4290,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, }, }}, @@ -4340,12 +4339,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, }, }}, @@ -4389,12 +4388,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, }, }}, @@ -4413,7 +4412,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Service", - Name: ref.To(gatewayapi_v1.ObjectName("some-other-service")), // would have to be "kuard" to be valid + Name: ptr.To(gatewayapi_v1.ObjectName("some-other-service")), // would have to be "kuard" to be valid }}, }, }, @@ -4630,9 +4629,9 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Hostnames: []gatewayapi_v1alpha2.Hostname{"tcp.projectcontour.io"}, Rules: []gatewayapi_v1alpha2.TLSRouteRule{{ BackendRefs: gatewayapi.TLSRouteBackendRefs( - gatewayapi.TLSRouteBackendRef("kuard", 8080, ref.To(int32(1))), - gatewayapi.TLSRouteBackendRef("kuard2", 8080, ref.To(int32(2))), - gatewayapi.TLSRouteBackendRef("kuard3", 8080, ref.To(int32(3))), + gatewayapi.TLSRouteBackendRef("kuard", 8080, ptr.To(int32(1))), + gatewayapi.TLSRouteBackendRef("kuard2", 8080, ptr.To(int32(2))), + gatewayapi.TLSRouteBackendRef("kuard3", 8080, ptr.To(int32(3))), ), }}, }, @@ -4677,9 +4676,9 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Hostnames: []gatewayapi_v1alpha2.Hostname{"tcp.projectcontour.io"}, Rules: []gatewayapi_v1alpha2.TLSRouteRule{{ BackendRefs: gatewayapi.TLSRouteBackendRefs( - gatewayapi.TLSRouteBackendRef("kuard", 8080, ref.To(int32(1))), - gatewayapi.TLSRouteBackendRef("kuard2", 8080, ref.To(int32(0))), - gatewayapi.TLSRouteBackendRef("kuard3", 8080, ref.To(int32(3))), + gatewayapi.TLSRouteBackendRef("kuard", 8080, ptr.To(int32(1))), + gatewayapi.TLSRouteBackendRef("kuard2", 8080, ptr.To(int32(0))), + gatewayapi.TLSRouteBackendRef("kuard3", 8080, ptr.To(int32(3))), ), }}, }, @@ -5331,7 +5330,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { BackendRef: gatewayapi_v1alpha2.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, Filters: []gatewayapi_v1alpha2.GRPCRouteFilter{{ Type: gatewayapi_v1alpha2.GRPCRouteFilterResponseHeaderModifier, @@ -5477,12 +5476,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.GRPCBackendRef{{ BackendRef: gatewayapi_v1alpha2.BackendRef{ BackendObjectReference: gatewayapi_v1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1alpha2.Kind("Service")), - Namespace: ref.To(gatewayapi_v1alpha2.Namespace(kuardService.Namespace)), + Kind: ptr.To(gatewayapi_v1alpha2.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1alpha2.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1alpha2.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1alpha2.PortNumber(8080)), }, - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, }}, }}, @@ -6329,37 +6328,37 @@ func TestDAGInsert(t *testing.T) { HTTP: &networking_v1.HTTPIngressRuleValue{ Paths: []networking_v1.HTTPIngressPath{ { - PathType: (*networking_v1.PathType)(ref.To("Exact")), + PathType: (*networking_v1.PathType)(ptr.To("Exact")), Path: "/exact", Backend: *backendv1("kuard", intstr.FromString("http")), }, { - PathType: (*networking_v1.PathType)(ref.To("Exact")), + PathType: (*networking_v1.PathType)(ptr.To("Exact")), Path: "/exact_with_regex/.*", Backend: *backendv1("kuard", intstr.FromString("http")), }, { - PathType: (*networking_v1.PathType)(ref.To("Prefix")), + PathType: (*networking_v1.PathType)(ptr.To("Prefix")), Path: "/prefix", Backend: *backendv1("kuard", intstr.FromString("http")), }, { - PathType: (*networking_v1.PathType)(ref.To("Prefix")), + PathType: (*networking_v1.PathType)(ptr.To("Prefix")), Path: "/prefix_trailing_slash/", Backend: *backendv1("kuard", intstr.FromString("http")), }, { - PathType: (*networking_v1.PathType)(ref.To("Prefix")), + PathType: (*networking_v1.PathType)(ptr.To("Prefix")), Path: "/prefix_with_regex/.*", Backend: *backendv1("kuard", intstr.FromString("http")), }, { - PathType: (*networking_v1.PathType)(ref.To("ImplementationSpecific")), + PathType: (*networking_v1.PathType)(ptr.To("ImplementationSpecific")), Path: "/implementation_specific", Backend: *backendv1("kuard", intstr.FromString("http")), }, { - PathType: (*networking_v1.PathType)(ref.To("ImplementationSpecific")), + PathType: (*networking_v1.PathType)(ptr.To("ImplementationSpecific")), Path: "/implementation_specific_with_regex/.*", Backend: *backendv1("kuard", intstr.FromString("http")), }, @@ -9009,13 +9008,13 @@ func TestDAGInsert(t *testing.T) { DomainRewrite: &contour_v1.CookieDomainRewrite{ Value: "example.com", }, - Secure: ref.To(true), - SameSite: ref.To("Strict"), + Secure: ptr.To(true), + SameSite: ptr.To("Strict"), }, { Name: "some-other-cookie", - SameSite: ref.To("Lax"), - Secure: ref.To(false), + SameSite: ptr.To("Lax"), + Secure: ptr.To(false), }, }, Services: []contour_v1.Service{{ @@ -9051,12 +9050,12 @@ func TestDAGInsert(t *testing.T) { DomainRewrite: &contour_v1.CookieDomainRewrite{ Value: "example.com", }, - Secure: ref.To(true), - SameSite: ref.To("Strict"), + Secure: ptr.To(true), + SameSite: ptr.To("Strict"), }, { Name: "some-other-cookie", - SameSite: ref.To("Lax"), + SameSite: ptr.To("Lax"), }, }, }}, @@ -9080,11 +9079,11 @@ func TestDAGInsert(t *testing.T) { CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "some-cookie", - Secure: ref.To(true), + Secure: ptr.To(true), }, { Name: "some-cookie", - SameSite: ref.To("Lax"), + SameSite: ptr.To("Lax"), }, }, Services: []contour_v1.Service{{ @@ -9114,11 +9113,11 @@ func TestDAGInsert(t *testing.T) { CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "some-cookie", - Secure: ref.To(true), + Secure: ptr.To(true), }, { Name: "some-cookie", - SameSite: ref.To("Lax"), + SameSite: ptr.To("Lax"), }, }, }}, @@ -9257,7 +9256,7 @@ func TestDAGInsert(t *testing.T) { Services: []contour_v1.Service{{ Name: s14.GetName(), Port: 80, - Protocol: ref.To("tls"), + Protocol: ptr.To("tls"), }}, }, }, @@ -12279,10 +12278,10 @@ func TestDAGInsert(t *testing.T) { Prefix: "/", }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Scheme: ref.To("https"), - Hostname: ref.To("envoyproxy.io"), - Port: ref.To(int32(443)), - StatusCode: ref.To(301), + Scheme: ptr.To("https"), + Hostname: ptr.To("envoyproxy.io"), + Port: ptr.To(int32(443)), + StatusCode: ptr.To(301), }, }}, }, @@ -12322,10 +12321,10 @@ func TestDAGInsert(t *testing.T) { Prefix: "/", }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Scheme: ref.To("https"), - Hostname: ref.To("envoyproxy.io"), - Port: ref.To(int32(443)), - StatusCode: ref.To(301), + Scheme: ptr.To("https"), + Hostname: ptr.To("envoyproxy.io"), + Port: ptr.To(int32(443)), + StatusCode: ptr.To(301), }, }}, }, @@ -12374,10 +12373,10 @@ func TestDAGInsert(t *testing.T) { Prefix: "/blog", }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Scheme: ref.To("https"), - Hostname: ref.To("envoyproxy.io"), - Port: ref.To(int32(443)), - StatusCode: ref.To(301), + Scheme: ptr.To("https"), + Hostname: ptr.To("envoyproxy.io"), + Port: ptr.To(int32(443)), + StatusCode: ptr.To(301), }, }}, }, @@ -12527,10 +12526,10 @@ func TestDAGInsert(t *testing.T) { Prefix: "/redirect", }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Scheme: ref.To("https"), - Hostname: ref.To("envoyproxy.io"), - Port: ref.To(int32(443)), - StatusCode: ref.To(301), + Scheme: ptr.To("https"), + Hostname: ptr.To("envoyproxy.io"), + Port: ptr.To(int32(443)), + StatusCode: ptr.To(301), }, }, }, @@ -12984,14 +12983,14 @@ func TestDAGInsert(t *testing.T) { CookieRewritePolicies: []CookieRewritePolicy{ { Name: "some-cookie", - Path: ref.To("/foo"), - Domain: ref.To("example.com"), + Path: ptr.To("/foo"), + Domain: ptr.To("example.com"), Secure: 2, - SameSite: ref.To("Strict"), + SameSite: ptr.To("Strict"), }, { Name: "some-other-cookie", - SameSite: ref.To("Lax"), + SameSite: ptr.To("Lax"), Secure: 1, }, }, @@ -13018,14 +13017,14 @@ func TestDAGInsert(t *testing.T) { CookieRewritePolicies: []CookieRewritePolicy{ { Name: "some-cookie", - Path: ref.To("/foo"), - Domain: ref.To("example.com"), + Path: ptr.To("/foo"), + Domain: ptr.To("example.com"), Secure: 2, - SameSite: ref.To("Strict"), + SameSite: ptr.To("Strict"), }, { Name: "some-other-cookie", - SameSite: ref.To("Lax"), + SameSite: ptr.To("Lax"), }, }, }, @@ -13938,7 +13937,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -13998,7 +13997,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14008,7 +14007,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 81, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14061,7 +14060,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14071,11 +14070,11 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 443, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, }, }, @@ -14134,7 +14133,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14144,11 +14143,11 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 443, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, }, }, @@ -14217,7 +14216,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14227,7 +14226,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 443, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14297,7 +14296,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14355,7 +14354,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14411,7 +14410,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14421,7 +14420,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 81, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14470,7 +14469,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14480,11 +14479,11 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 443, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, }, }, @@ -14539,7 +14538,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14549,11 +14548,11 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 443, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, }, }, @@ -14621,7 +14620,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14631,7 +14630,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 443, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -14700,7 +14699,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -15994,10 +15993,10 @@ func makeHTTPRouteTimeouts(request, backendRequest string) *gatewayapi_v1.HTTPRo httpRouteTimeouts := &gatewayapi_v1.HTTPRouteTimeouts{} if request != "" { - httpRouteTimeouts.Request = ref.To(gatewayapi_v1.Duration(request)) + httpRouteTimeouts.Request = ptr.To(gatewayapi_v1.Duration(request)) } if backendRequest != "" { - httpRouteTimeouts.BackendRequest = ref.To(gatewayapi_v1.Duration(backendRequest)) + httpRouteTimeouts.BackendRequest = ptr.To(gatewayapi_v1.Duration(backendRequest)) } return httpRouteTimeouts diff --git a/internal/dag/cache.go b/internal/dag/cache.go index 59d4b4c2ec4..ac04f69ca9e 100644 --- a/internal/dag/cache.go +++ b/internal/dag/cache.go @@ -26,6 +26,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/tools/cache" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -38,7 +39,6 @@ import ( "github.com/projectcontour/contour/internal/ingressclass" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/metrics" - "github.com/projectcontour/contour/internal/ref" ) // A KubernetesCache holds Kubernetes objects and associated configuration and produces @@ -154,7 +154,7 @@ func (kc *KubernetesCache) Insert(obj any) bool { WithField("namespace", obj.GetNamespace()). WithField("kind", k8s.KindOf(obj)). WithField("ingress-class-annotation", annotation.IngressClass(obj)). - WithField("ingress-class-name", ref.Val(obj.Spec.IngressClassName, "")). + WithField("ingress-class-name", ptr.Deref(obj.Spec.IngressClassName, "")). WithField("target-ingress-classes", kc.IngressClassNames). Debug("ignoring Ingress with unmatched ingress class") return false, len(kc.ingresses) diff --git a/internal/dag/cache_test.go b/internal/dag/cache_test.go index 0a7556fd070..449ad672be6 100644 --- a/internal/dag/cache_test.go +++ b/internal/dag/cache_test.go @@ -36,7 +36,6 @@ import ( "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/ingressclass" - "github.com/projectcontour/contour/internal/ref" ) func TestKubernetesCacheInsert(t *testing.T) { @@ -465,7 +464,7 @@ func TestKubernetesCacheInsert(t *testing.T) { Namespace: "default", }, Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("nginx"), + IngressClassName: ptr.To("nginx"), }, }, want: false, @@ -477,7 +476,7 @@ func TestKubernetesCacheInsert(t *testing.T) { Namespace: "default", }, Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("contour"), + IngressClassName: ptr.To("contour"), }, }, want: true, @@ -566,7 +565,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("contour"), + IngressClassName: ptr.To("contour"), }, }, want: false, @@ -581,7 +580,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("nginx"), + IngressClassName: ptr.To("nginx"), }, }, want: true, diff --git a/internal/dag/gatewayapi_processor.go b/internal/dag/gatewayapi_processor.go index e37880dba27..58c4479b589 100644 --- a/internal/dag/gatewayapi_processor.go +++ b/internal/dag/gatewayapi_processor.go @@ -35,7 +35,6 @@ import ( contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/status" "github.com/projectcontour/contour/internal/timeout" ) @@ -243,7 +242,7 @@ func (p *GatewayAPIProcessor) processRoute( routeHostnames = route.Spec.Hostnames } - hosts, errs = p.computeHosts(routeHostnames, string(ref.Val(listener.listener.Hostname, ""))) + hosts, errs = p.computeHosts(routeHostnames, string(ptr.Deref(listener.listener.Hostname, ""))) for _, err := range errs { // The Gateway API spec does not indicate what to do if syntactically // invalid hostnames make it through, we're using our best judgment here. @@ -411,7 +410,7 @@ func isAddressAssigned(specAddresses []gatewayapi_v1.GatewayAddress, statusAddre for _, specAddress := range specAddresses { for _, statusAddress := range statusAddresses { // Types must match - if ref.Val(specAddress.Type, gatewayapi_v1.IPAddressType) != ref.Val(statusAddress.Type, gatewayapi_v1.IPAddressType) { + if ptr.Deref(specAddress.Type, gatewayapi_v1.IPAddressType) != ptr.Deref(statusAddress.Type, gatewayapi_v1.IPAddressType) { continue } @@ -1623,7 +1622,7 @@ func gatewayGRPCHeaderMatchConditions(matches []gatewayapi_v1alpha2.GRPCHeaderMa for _, match := range matches { // "Exact" and "RegularExpression" are the only supported match types. If match type is not specified, use "Exact" as default. var matchType string - switch ref.Val(match.Type, gatewayapi_v1.HeaderMatchExact) { + switch ptr.Deref(match.Type, gatewayapi_v1.HeaderMatchExact) { case gatewayapi_v1.HeaderMatchExact: matchType = HeaderMatchTypeExact case gatewayapi_v1.HeaderMatchRegularExpression: @@ -1769,19 +1768,19 @@ func (p *GatewayAPIProcessor) validateBackendObjectRef( routeNamespace string, ) (*Service, *meta_v1.Condition) { if !(backendObjectRef.Group == nil || *backendObjectRef.Group == "") { - return nil, ref.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonInvalidKind, fmt.Sprintf("%s.Group must be \"\"", field))) + return nil, ptr.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonInvalidKind, fmt.Sprintf("%s.Group must be \"\"", field))) } if !(backendObjectRef.Kind != nil && *backendObjectRef.Kind == "Service") { - return nil, ref.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonInvalidKind, fmt.Sprintf("%s.Kind must be 'Service'", field))) + return nil, ptr.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonInvalidKind, fmt.Sprintf("%s.Kind must be 'Service'", field))) } if backendObjectRef.Name == "" { - return nil, ref.To(resolvedRefsFalse(status.ReasonDegraded, fmt.Sprintf("%s.Name must be specified", field))) + return nil, ptr.To(resolvedRefsFalse(status.ReasonDegraded, fmt.Sprintf("%s.Name must be specified", field))) } if backendObjectRef.Port == nil { - return nil, ref.To(resolvedRefsFalse(status.ReasonDegraded, fmt.Sprintf("%s.Port must be specified", field))) + return nil, ptr.To(resolvedRefsFalse(status.ReasonDegraded, fmt.Sprintf("%s.Port must be specified", field))) } // If the backend is in a different namespace than the route, then we need to @@ -1800,7 +1799,7 @@ func (p *GatewayAPIProcessor) validateBackendObjectRef( name: string(backendObjectRef.Name), }, ) { - return nil, ref.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonRefNotPermitted, fmt.Sprintf("%s.Namespace must match the route's namespace or be covered by a ReferenceGrant", field))) + return nil, ptr.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonRefNotPermitted, fmt.Sprintf("%s.Namespace must match the route's namespace or be covered by a ReferenceGrant", field))) } } @@ -1813,12 +1812,12 @@ func (p *GatewayAPIProcessor) validateBackendObjectRef( service, err := p.dag.EnsureService(meta, int(*backendObjectRef.Port), int(*backendObjectRef.Port), p.source, p.EnableExternalNameService) if err != nil { - return nil, ref.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonBackendNotFound, fmt.Sprintf("service %q is invalid: %s", meta.Name, err))) + return nil, ptr.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonBackendNotFound, fmt.Sprintf("service %q is invalid: %s", meta.Name, err))) } service = serviceCircuitBreakerPolicy(service, p.GlobalCircuitBreakerDefaults) if err = validateAppProtocol(&service.Weighted.ServicePort); err != nil { - return nil, ref.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonUnsupportedProtocol, err.Error())) + return nil, ptr.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonUnsupportedProtocol, err.Error())) } return service, nil @@ -1839,7 +1838,7 @@ func gatewayPathMatchCondition(match *gatewayapi_v1.HTTPPathMatch, routeAccessor return &PrefixMatchCondition{Prefix: "/"} } - path := ref.Val(match.Value, "/") + path := ptr.Deref(match.Value, "/") // If path match type is not defined, default to 'PathPrefix'. if match.Type == nil || *match.Type == gatewayapi_v1.PathMatchPathPrefix { @@ -1897,7 +1896,7 @@ func gatewayHeaderMatchConditions(matches []gatewayapi_v1.HTTPHeaderMatch) ([]He for _, match := range matches { // "Exact" and "RegularExpression" are the only supported match types. If match type is not specified, use "Exact" as default. var matchType string - switch ref.Val(match.Type, gatewayapi_v1.HeaderMatchExact) { + switch ptr.Deref(match.Type, gatewayapi_v1.HeaderMatchExact) { case gatewayapi_v1.HeaderMatchExact: matchType = HeaderMatchTypeExact case gatewayapi_v1.HeaderMatchRegularExpression: @@ -1933,7 +1932,7 @@ func gatewayQueryParamMatchConditions(matches []gatewayapi_v1.HTTPQueryParamMatc for _, match := range matches { var matchType string - switch ref.Val(match.Type, gatewayapi_v1.QueryParamMatchExact) { + switch ptr.Deref(match.Type, gatewayapi_v1.QueryParamMatchExact) { case gatewayapi_v1.QueryParamMatchExact: matchType = HeaderMatchTypeExact case gatewayapi_v1.QueryParamMatchRegularExpression: diff --git a/internal/dag/gatewayapi_processor_test.go b/internal/dag/gatewayapi_processor_test.go index ccf5ed0adc2..bf7e5cf71f3 100644 --- a/internal/dag/gatewayapi_processor_test.go +++ b/internal/dag/gatewayapi_processor_test.go @@ -23,11 +23,11 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/status" ) @@ -263,28 +263,28 @@ func TestNamespaceMatches(t *testing.T) { }, "From.NamespacesFromAll matches all": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, namespace: "projectcontour", valid: true, }, "From.NamespacesFromSame matches": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, namespace: "projectcontour", valid: true, }, "From.NamespacesFromSame doesn't match": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, namespace: "custom", valid: false, }, "From.NamespacesFromSelector matches labels, same ns as gateway": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ "app": "production", @@ -296,7 +296,7 @@ func TestNamespaceMatches(t *testing.T) { }, "From.NamespacesFromSelector matches labels, different ns as gateway": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ "something": "special", @@ -308,7 +308,7 @@ func TestNamespaceMatches(t *testing.T) { }, "From.NamespacesFromSelector doesn't matches labels, different ns as gateway": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ "something": "special", @@ -320,7 +320,7 @@ func TestNamespaceMatches(t *testing.T) { }, "From.NamespacesFromSelector matches expression 'In', different ns as gateway": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "something", @@ -334,7 +334,7 @@ func TestNamespaceMatches(t *testing.T) { }, "From.NamespacesFromSelector matches expression 'DoesNotExist', different ns as gateway": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "notthere", @@ -347,7 +347,7 @@ func TestNamespaceMatches(t *testing.T) { }, "From.NamespacesFromSelector doesn't match expression 'DoesNotExist', different ns as gateway": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "something", @@ -360,7 +360,7 @@ func TestNamespaceMatches(t *testing.T) { }, "From.NamespacesFromSelector matches expression 'Exists', different ns as gateway": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "notthere", @@ -373,7 +373,7 @@ func TestNamespaceMatches(t *testing.T) { }, "From.NamespacesFromSelector doesn't match expression 'Exists', different ns as gateway": { namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "something", @@ -459,7 +459,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-1", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -471,7 +471,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-2", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -491,7 +491,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-1", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -502,7 +502,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-2", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -521,7 +521,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-1", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -533,7 +533,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-2", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -553,7 +553,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-1", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -564,7 +564,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-2", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -584,7 +584,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-1", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -596,7 +596,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-2", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -616,7 +616,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-1", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -628,7 +628,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-2", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -648,7 +648,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-1", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -659,7 +659,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-2", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -678,7 +678,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-1", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -690,7 +690,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-2", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -710,7 +710,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-1", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -722,7 +722,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { Name: "http-2", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, diff --git a/internal/dag/httpproxy_processor_test.go b/internal/dag/httpproxy_processor_test.go index a3a4c6c6d37..bda49fef6fb 100644 --- a/internal/dag/httpproxy_processor_test.go +++ b/internal/dag/httpproxy_processor_test.go @@ -21,10 +21,10 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" ) @@ -846,7 +846,7 @@ func TestDetermineExternalAuthTimeout(t *testing.T) { ResponseTimeout: timeout.DurationSetting(time.Second * 10), }, }, - want: ref.To(timeout.DurationSetting(time.Second * 10)), + want: ptr.To(timeout.DurationSetting(time.Second * 10)), wantBool: true, }, "success": { @@ -858,7 +858,7 @@ func TestDetermineExternalAuthTimeout(t *testing.T) { ResponseTimeout: timeout.DurationSetting(time.Second * 10), }, }, - want: ref.To(timeout.DurationSetting(time.Second * 20)), + want: ptr.To(timeout.DurationSetting(time.Second * 20)), wantBool: true, }, } @@ -1003,7 +1003,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { "no rate limit policy is set anywhere": { rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", - FailOpen: ref.To(true), + FailOpen: ptr.To(true), }, wantValidCond: &contour_v1.DetailedCondition{}, httpproxy: &contour_v1.HTTPProxy{ @@ -1020,7 +1020,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { "default global rate limit Policy is not set": { rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", - FailOpen: ref.To(true), + FailOpen: ptr.To(true), }, wantValidCond: &contour_v1.DetailedCondition{}, httpproxy: &contour_v1.HTTPProxy{ @@ -1069,7 +1069,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { "default global rate limit policy is set but HTTPProxy is opted out": { rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", - FailOpen: ref.To(true), + FailOpen: ptr.To(true), DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ Descriptors: []contour_v1.RateLimitDescriptor{ { @@ -1106,7 +1106,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { "default global rate limit policy is set but HTTPProxy defines its own global RateLimit policy": { rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", - FailOpen: ref.To(true), + FailOpen: ptr.To(true), DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ Descriptors: []contour_v1.RateLimitDescriptor{ { @@ -1169,7 +1169,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { "default rate limit policy is set": { rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", - FailOpen: ref.To(true), + FailOpen: ptr.To(true), DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ Descriptors: []contour_v1.RateLimitDescriptor{ { @@ -1215,7 +1215,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { "default rate limit policy is set and HTTPProxy's local rate limit should not change": { rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", - FailOpen: ref.To(true), + FailOpen: ptr.To(true), DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ Descriptors: []contour_v1.RateLimitDescriptor{ { @@ -1273,7 +1273,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { "default rate limit policy is set but it is invalid": { rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", - FailOpen: ref.To(true), + FailOpen: ptr.To(true), DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ Descriptors: []contour_v1.RateLimitDescriptor{ { @@ -1320,7 +1320,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { "global rate limit policy on HTTPProxy is invalid": { rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", - FailOpen: ref.To(true), + FailOpen: ptr.To(true), DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ Descriptors: []contour_v1.RateLimitDescriptor{ { diff --git a/internal/dag/ingress_processor.go b/internal/dag/ingress_processor.go index e207c1f56a7..d5dd05e5bed 100644 --- a/internal/dag/ingress_processor.go +++ b/internal/dag/ingress_processor.go @@ -22,11 +22,11 @@ import ( networking_v1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/annotation" "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" ) // IngressProcessor translates Ingresses into DAG @@ -194,7 +194,7 @@ func (p *IngressProcessor) computeIngressRule(ing *networking_v1.Ingress, rule n for _, httppath := range httppaths(rule) { path := stringOrDefault(httppath.Path, "/") // Default to implementation specific path matching if not set. - pathType := ref.Val(httppath.PathType, networking_v1.PathTypeImplementationSpecific) + pathType := ptr.Deref(httppath.PathType, networking_v1.PathTypeImplementationSpecific) be := httppath.Backend m := types.NamespacedName{Name: be.Service.Name, Namespace: ing.Namespace} diff --git a/internal/dag/policy.go b/internal/dag/policy.go index 9550a646416..1c1ea5ea6f2 100644 --- a/internal/dag/policy.go +++ b/internal/dag/policy.go @@ -26,13 +26,13 @@ import ( utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/annotation" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" ) @@ -356,12 +356,12 @@ func cookieRewritePolicies(policies []contour_v1.CookieRewritePolicy) ([]CookieR var path *string if p.PathRewrite != nil { policiesSet++ - path = ref.To(p.PathRewrite.Value) + path = ptr.To(p.PathRewrite.Value) } var domain *string if p.DomainRewrite != nil { policiesSet++ - domain = ref.To(p.DomainRewrite.Value) + domain = ptr.To(p.DomainRewrite.Value) } // We use a uint here since a pointer to bool cannot be // distingiuished when unset or false in golang text templates. diff --git a/internal/dag/status_test.go b/internal/dag/status_test.go index 79b9a066b12..4272f49b29e 100644 --- a/internal/dag/status_test.go +++ b/internal/dag/status_test.go @@ -34,7 +34,6 @@ import ( "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/status" ) @@ -3044,11 +3043,11 @@ func TestDAGStatus(t *testing.T) { CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "a-cookie", - Secure: ref.To(true), + Secure: ptr.To(true), }, { Name: "a-cookie", - SameSite: ref.To("Lax"), + SameSite: ptr.To("Lax"), }, }, }}, @@ -3080,11 +3079,11 @@ func TestDAGStatus(t *testing.T) { CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "a-cookie", - Secure: ref.To(true), + Secure: ptr.To(true), }, { Name: "a-cookie", - SameSite: ref.To("Lax"), + SameSite: ptr.To("Lax"), }, }, }, @@ -4769,7 +4768,7 @@ func TestDAGStatus(t *testing.T) { Port: 80, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -4779,7 +4778,7 @@ func TestDAGStatus(t *testing.T) { Port: 81, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -4848,11 +4847,11 @@ func TestDAGStatus(t *testing.T) { Port: 443, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, }, }, @@ -5174,29 +5173,29 @@ func validGatewayStatusUpdate(listenerName string, listenerProtocol gatewayapi_v case gatewayapi_v1.HTTPProtocolType, gatewayapi_v1.HTTPSProtocolType: supportedKinds = append(supportedKinds, gatewayapi_v1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: KindHTTPRoute, }, gatewayapi_v1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: KindGRPCRoute, }, ) case gatewayapi_v1.TLSProtocolType: supportedKinds = append(supportedKinds, gatewayapi_v1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: KindTLSRoute, }, gatewayapi_v1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: KindTCPRoute, }, ) case gatewayapi_v1.TCPProtocolType: supportedKinds = append(supportedKinds, gatewayapi_v1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: KindTCPRoute, }, ) @@ -5287,7 +5286,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -5451,12 +5450,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { { BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi_v1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, - Weight: ref.To(int32(1)), + Weight: ptr.To(int32(1)), }, }, }, @@ -5564,8 +5563,8 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("doesnt-start-with-slash"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("doesnt-start-with-slash"), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -5611,8 +5610,8 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchExact), - Value: ref.To("doesnt-start-with-slash"), + Type: ptr.To(gatewayapi_v1.PathMatchExact), + Value: ptr.To("doesnt-start-with-slash"), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -5702,8 +5701,8 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/foo///bar"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/foo///bar"), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -5750,8 +5749,8 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchExact), - Value: ref.To("//foo/bar"), + Type: ptr.To(gatewayapi_v1.PathMatchExact), + Value: ptr.To("//foo/bar"), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -5798,8 +5797,8 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchType("UNKNOWN")), // <---- unknown type to break the test - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchType("UNKNOWN")), // <---- unknown type to break the test + Value: ptr.To("/"), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -5840,12 +5839,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, Headers: []gatewayapi_v1.HTTPHeaderMatch{ { - Type: ref.To(gatewayapi_v1.HeaderMatchType("UNKNOWN")), // <---- unknown type to break the test + Type: ptr.To(gatewayapi_v1.HeaderMatchType("UNKNOWN")), // <---- unknown type to break the test Name: gatewayapi_v1.HTTPHeaderName("foo"), Value: "bar", }, @@ -5889,12 +5888,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, Headers: []gatewayapi_v1.HTTPHeaderMatch{ { - Type: ref.To(gatewayapi_v1.HeaderMatchRegularExpression), + Type: ptr.To(gatewayapi_v1.HeaderMatchRegularExpression), Name: gatewayapi_v1.HTTPHeaderName("foo"), Value: "invalid-regrex\\", }, @@ -5938,12 +5937,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { - Type: ref.To(gatewayapi_v1.QueryParamMatchRegularExpression), + Type: ptr.To(gatewayapi_v1.QueryParamMatchRegularExpression), Name: "param-1", Value: "valid-[a-z]?-[A-Za-z]+-[0=9]+-\\d+", }, @@ -5992,12 +5991,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { - Type: ref.To(gatewayapi_v1.QueryParamMatchRegularExpression), + Type: ptr.To(gatewayapi_v1.QueryParamMatchRegularExpression), Name: "param-1", Value: "invalid-regex????", }, @@ -6041,12 +6040,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { - Type: ref.To(gatewayapi_v1.QueryParamMatchType("Invalid")), + Type: ptr.To(gatewayapi_v1.QueryParamMatchType("Invalid")), Name: "param-1", Value: "invalid query param type", }, @@ -6093,8 +6092,8 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { { BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi_v1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, }, }, @@ -6136,16 +6135,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("invalid-one", 8080, 1), }, { Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/blog"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/blog"), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("invalid-two", 8080, 1), @@ -6190,7 +6189,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { { BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi_v1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), Name: "kuard", }, }, @@ -6273,10 +6272,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { { BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi_v1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1.Namespace("some-other-namespace")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1.Namespace("some-other-namespace")), Name: "service", - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, }, }, @@ -6317,14 +6316,14 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -6372,14 +6371,14 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -6411,11 +6410,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "https", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6452,14 +6451,14 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -6487,7 +6486,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", - Name: ref.To(gatewayapi_v1.ObjectName("secret")), + Name: ptr.To(gatewayapi_v1.ObjectName("secret")), }}, }, }, @@ -6508,14 +6507,14 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -6563,11 +6562,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "https", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6604,14 +6603,14 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -6659,11 +6658,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "https", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6700,14 +6699,14 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -6755,11 +6754,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "https", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6796,14 +6795,14 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -6851,11 +6850,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "https", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6892,14 +6891,14 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -6927,7 +6926,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", - Name: ref.To(gatewayapi_v1.ObjectName("wrong-name")), + Name: ptr.To(gatewayapi_v1.ObjectName("wrong-name")), }}, }, }, @@ -6948,11 +6947,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "https", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7138,10 +7137,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-2", @@ -7149,10 +7148,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1.Hostname("specific.hostname.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("specific.hostname.io")), }, }, }, @@ -7187,11 +7186,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { AttachedRoutes: int32(1), SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7202,11 +7201,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { AttachedRoutes: int32(1), SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7250,10 +7249,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-2", @@ -7261,10 +7260,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1.Hostname("specific.hostname.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("specific.hostname.io")), }, }, }, @@ -7304,11 +7303,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { AttachedRoutes: int32(1), SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7319,11 +7318,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { AttachedRoutes: int32(1), SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7367,10 +7366,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, }, }, @@ -7410,11 +7409,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { AttachedRoutes: int32(0), SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7458,10 +7457,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, }, }, @@ -7501,11 +7500,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { AttachedRoutes: int32(0), SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7581,10 +7580,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, }, }, @@ -7655,11 +7654,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { AttachedRoutes: int32(1), SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7703,10 +7702,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, }, }, @@ -7813,9 +7812,9 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi_v1.BackendObjectReference{ - Group: ref.To(gatewayapi_v1.Group("")), - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Group: ptr.To(gatewayapi_v1.Group("")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, }, }}, @@ -7862,8 +7861,8 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi_v1.BackendObjectReference{ - Group: ref.To(gatewayapi_v1.Group("")), - Kind: ref.To(gatewayapi_v1.Kind("Service")), + Group: ptr.To(gatewayapi_v1.Group("")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), Name: gatewayapi_v1.ObjectName("kuard2"), }, }, @@ -7907,8 +7906,8 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -7922,8 +7921,8 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { BackendRefs: gatewayapi.HTTPBackendRef("kuard2", 8080, 1), Matches: []gatewayapi_v1.HTTPRouteMatch{{ Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/blog"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/blog"), }, }}, Filters: []gatewayapi_v1.HTTPRouteFilter{{ @@ -7977,11 +7976,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi_v1.BackendObjectReference{ - Group: ref.To(gatewayapi_v1.Group("")), - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1.Namespace("some-other-namespace")), + Group: ptr.To(gatewayapi_v1.Group("")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Namespace: ptr.To(gatewayapi_v1.Namespace("some-other-namespace")), Name: gatewayapi_v1.ObjectName("kuard2"), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, }, }}, @@ -8360,7 +8359,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -8382,11 +8381,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "http", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -8411,12 +8410,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Kinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group("invalid-group")), + Group: ptr.To(gatewayapi_v1.Group("invalid-group")), Kind: "HTTPRoute", }, }, Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -8474,7 +8473,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { {Kind: "FooRoute"}, }, Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -8532,7 +8531,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { {Kind: "TLSRoute"}, }, Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -8587,14 +8586,14 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPSProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ CertificateRefs: []gatewayapi_v1.SecretObjectReference{ { - Group: ref.To(gatewayapi_v1.Group("invalid-group")), - Kind: ref.To(gatewayapi_v1.Kind("NotASecret")), + Group: ptr.To(gatewayapi_v1.Group("invalid-group")), + Kind: ptr.To(gatewayapi_v1.Kind("NotASecret")), Name: "foo", }, }, @@ -8618,11 +8617,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "https", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -8660,7 +8659,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPSProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ @@ -8687,11 +8686,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "https", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -8729,7 +8728,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: "invalid", AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -8784,7 +8783,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPSProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -8806,11 +8805,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "https", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -8843,7 +8842,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.TLSProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -8865,11 +8864,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "tls", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TCPRoute", }, }, @@ -8902,11 +8901,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.TLSProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", "projectcontour"), }, @@ -8930,11 +8929,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "tls", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TCPRoute", }, }, @@ -8967,11 +8966,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.TLSProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), }, }}, }, @@ -8992,11 +8991,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "tls", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TCPRoute", }, }, @@ -9029,11 +9028,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPSProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, }}, }, @@ -9054,11 +9053,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "https", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -9092,7 +9091,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: nil, }, }, @@ -9116,11 +9115,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "http", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -9154,7 +9153,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "something", @@ -9184,11 +9183,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "http", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -9222,7 +9221,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSelector), + From: ptr.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{}, }, }, @@ -9246,11 +9245,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Name: "http", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -9383,7 +9382,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { {Kind: "FooRoute"}, }, }, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, }, }, @@ -9462,8 +9461,8 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Timeouts: &gatewayapi_v1.HTTPRouteTimeouts{ - Request: ref.To(gatewayapi_v1.Duration("30s")), - BackendRequest: ref.To(gatewayapi_v1.Duration("30s")), + Request: ptr.To(gatewayapi_v1.Duration("30s")), + BackendRequest: ptr.To(gatewayapi_v1.Duration("30s")), }, }, }, @@ -9507,7 +9506,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Timeouts: &gatewayapi_v1.HTTPRouteTimeouts{ - BackendRequest: ref.To(gatewayapi_v1.Duration("30s")), + BackendRequest: ptr.To(gatewayapi_v1.Duration("30s")), }, }, }, @@ -9547,7 +9546,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1.HTTPRouteRule{{ BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Timeouts: &gatewayapi_v1.HTTPRouteTimeouts{ - Request: ref.To(gatewayapi_v1.Duration("invalid")), + Request: ptr.To(gatewayapi_v1.Duration("invalid")), }, }}, }, @@ -9672,11 +9671,11 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -9713,8 +9712,8 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, }, }, @@ -9806,7 +9805,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1.Kind("Service")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), Name: "kuard", }, }, @@ -10024,7 +10023,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, Hostnames: []gatewayapi_v1alpha2.Hostname{"test.projectcontour.io"}, Rules: []gatewayapi_v1alpha2.TLSRouteRule{{ - BackendRefs: gatewayapi.TLSRouteBackendRef(kuardService.Name, 8080, ref.To(int32(0))), + BackendRefs: gatewayapi.TLSRouteBackendRef(kuardService.Name, 8080, ptr.To(int32(0))), }}, }, }, @@ -10115,11 +10114,11 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeType("invalid-mode")), + Mode: ptr.To(gatewayapi_v1.TLSModeType("invalid-mode")), }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -10178,11 +10177,11 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { Name: "tls", SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute", }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TCPRoute", }, }, @@ -10264,7 +10263,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -10537,13 +10536,13 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ Matches: []gatewayapi_v1alpha2.GRPCRouteMatch{{ Method: &gatewayapi_v1alpha2.GRPCMethodMatch{ - Type: ref.To(gatewayapi_v1alpha2.GRPCMethodMatchExact), - Service: ref.To("come.example.service"), - Method: ref.To("Login"), + Type: ptr.To(gatewayapi_v1alpha2.GRPCMethodMatchExact), + Service: ptr.To("come.example.service"), + Method: ptr.To("Login"), }, Headers: []gatewayapi_v1alpha2.GRPCHeaderMatch{ { - Type: ref.To(gatewayapi_v1.HeaderMatchType("UNKNOWN")), // <---- unknown type to break the test + Type: ptr.To(gatewayapi_v1.HeaderMatchType("UNKNOWN")), // <---- unknown type to break the test Name: gatewayapi_v1alpha2.GRPCHeaderName("foo"), Value: "bar", }, @@ -10592,13 +10591,13 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ Matches: []gatewayapi_v1alpha2.GRPCRouteMatch{{ Method: &gatewayapi_v1alpha2.GRPCMethodMatch{ - Type: ref.To(gatewayapi_v1alpha2.GRPCMethodMatchExact), - Service: ref.To("come.example.service"), - Method: ref.To("Login"), + Type: ptr.To(gatewayapi_v1alpha2.GRPCMethodMatchExact), + Service: ptr.To("come.example.service"), + Method: ptr.To("Login"), }, Headers: []gatewayapi_v1alpha2.GRPCHeaderMatch{ { - Type: ref.To(gatewayapi_v1.HeaderMatchRegularExpression), + Type: ptr.To(gatewayapi_v1.HeaderMatchRegularExpression), Name: gatewayapi_v1alpha2.GRPCHeaderName("foo"), Value: "invalid(-)regex)", }, @@ -10807,9 +10806,9 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Type: gatewayapi_v1alpha2.GRPCRouteFilterRequestMirror, RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi_v1.BackendObjectReference{ - Group: ref.To(gatewayapi_v1.Group("")), - Kind: ref.To(gatewayapi_v1.Kind("Service")), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Group: ptr.To(gatewayapi_v1.Group("")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, }, }}, @@ -11149,7 +11148,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.TCPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -11239,7 +11238,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { {Kind: "TCPRoute"}, }, Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -11295,10 +11294,10 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { }, Rules: []gatewayapi_v1alpha2.TCPRouteRule{ { - BackendRefs: gatewayapi.TLSRouteBackendRef("kuard", 8080, ref.To(int32(1))), + BackendRefs: gatewayapi.TLSRouteBackendRef("kuard", 8080, ptr.To(int32(1))), }, { - BackendRefs: gatewayapi.TLSRouteBackendRef("kuard2", 8080, ref.To(int32(1))), + BackendRefs: gatewayapi.TLSRouteBackendRef("kuard2", 8080, ptr.To(int32(1))), }, }, }, @@ -11369,7 +11368,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { }, Rules: []gatewayapi_v1alpha2.TCPRouteRule{ { - BackendRefs: gatewayapi.TLSRouteBackendRef("nonexistent", 8080, ref.To(int32(1))), + BackendRefs: gatewayapi.TLSRouteBackendRef("nonexistent", 8080, ptr.To(int32(1))), }, }, }, @@ -11451,7 +11450,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index db421b658cf..d8b4670a7fe 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -31,11 +31,11 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" "github.com/projectcontour/contour/internal/xds" ) @@ -726,7 +726,7 @@ func TestCluster(t *testing.T) { "cluster with per connection buffer limit bytes set": { cluster: &dag.Cluster{ Upstream: service(s1), - PerConnectionBufferLimitBytes: ref.To(uint32(32768)), + PerConnectionBufferLimitBytes: ptr.To(uint32(32768)), }, want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", @@ -742,7 +742,7 @@ func TestCluster(t *testing.T) { "cluster with max requests per connection set": { cluster: &dag.Cluster{ Upstream: service(s1), - MaxRequestsPerConnection: ref.To(uint32(1)), + MaxRequestsPerConnection: ptr.To(uint32(1)), }, want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", @@ -771,7 +771,7 @@ func TestCluster(t *testing.T) { "cluster with max requests per connection and idle timeout set": { cluster: &dag.Cluster{ Upstream: service(s1), - MaxRequestsPerConnection: ref.To(uint32(1)), + MaxRequestsPerConnection: ptr.To(uint32(1)), TimeoutPolicy: dag.ClusterTimeoutPolicy{ IdleConnectionTimeout: timeout.DurationSetting(time.Second * 60), }, diff --git a/internal/envoy/v3/listener_test.go b/internal/envoy/v3/listener_test.go index 598c4e02e32..e2aa3a64fee 100644 --- a/internal/envoy/v3/listener_test.go +++ b/internal/envoy/v3/listener_test.go @@ -41,12 +41,12 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" ) @@ -162,7 +162,7 @@ func TestListener(t *testing.T) { name: "http", address: "0.0.0.0", port: 9000, - perConnectionBufferLimitBytes: ref.To(uint32(32768)), + perConnectionBufferLimitBytes: ptr.To(uint32(32768)), f: []*envoy_config_listener_v3.Filter{ HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), }, @@ -180,7 +180,7 @@ func TestListener(t *testing.T) { name: "https", address: "0.0.0.0", port: 9000, - perConnectionBufferLimitBytes: ref.To(uint32(32768)), + perConnectionBufferLimitBytes: ptr.To(uint32(32768)), lf: ListenerFilters( TLSInspector(), ), @@ -1362,7 +1362,7 @@ func TestHTTPConnectionManager(t *testing.T) { "maxRequestsPerConnection set to 1": { routename: "default/kuard", accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), - maxRequestsPerConnection: ref.To(uint32(1)), + maxRequestsPerConnection: ptr.To(uint32(1)), want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ @@ -1411,7 +1411,7 @@ func TestHTTPConnectionManager(t *testing.T) { "http2MaxConcurrentStreams set": { routename: "default/kuard", accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), - http2MaxConcurrentStreams: ref.To(uint32(50)), + http2MaxConcurrentStreams: ptr.To(uint32(50)), want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ diff --git a/internal/featuretests/v3/backendcavalidation_test.go b/internal/featuretests/v3/backendcavalidation_test.go index 2e5c7720e44..0a3a1fbe73d 100644 --- a/internal/featuretests/v3/backendcavalidation_test.go +++ b/internal/featuretests/v3/backendcavalidation_test.go @@ -19,11 +19,11 @@ import ( envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/ref" ) func TestClusterServiceTLSBackendCAValidation(t *testing.T) { @@ -185,7 +185,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, - Protocol: ref.To("tls"), + Protocol: ptr.To("tls"), UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", diff --git a/internal/featuretests/v3/backendclientauth_test.go b/internal/featuretests/v3/backendclientauth_test.go index 9326f76ad0f..0ee16ea7173 100644 --- a/internal/featuretests/v3/backendclientauth_test.go +++ b/internal/featuretests/v3/backendclientauth_test.go @@ -22,6 +22,7 @@ import ( core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -29,7 +30,6 @@ import ( envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/ref" ) func proxyClientCertificateOpt(t *testing.T) func(*dag.Builder) { @@ -87,7 +87,7 @@ func TestBackendClientAuthenticationWithHTTPProxy(t *testing.T) { Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, - Protocol: ref.To("tls"), + Protocol: ptr.To("tls"), UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", @@ -120,7 +120,7 @@ func TestBackendClientAuthenticationWithHTTPProxy(t *testing.T) { Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, - Protocol: ref.To("tls"), + Protocol: ptr.To("tls"), UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", diff --git a/internal/featuretests/v3/cluster_test.go b/internal/featuretests/v3/cluster_test.go index 40a22336ed7..aedeb82c842 100644 --- a/internal/featuretests/v3/cluster_test.go +++ b/internal/featuretests/v3/cluster_test.go @@ -25,6 +25,7 @@ import ( networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" @@ -34,7 +35,6 @@ import ( "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" ) // projectcontour/contour#186 @@ -721,7 +721,7 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, diff --git a/internal/featuretests/v3/extensionservice_test.go b/internal/featuretests/v3/extensionservice_test.go index 2d02676f5a1..93314db9505 100644 --- a/internal/featuretests/v3/extensionservice_test.go +++ b/internal/featuretests/v3/extensionservice_test.go @@ -24,13 +24,13 @@ import ( envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" core_v1 "k8s.io/api/core/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/ref" ) func extBasic(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { @@ -79,7 +79,7 @@ func extCleartext(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), Spec: contour_v1alpha1.ExtensionServiceSpec{ - Protocol: ref.To("h2c"), + Protocol: ptr.To("h2c"), Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, {Name: "svc2", Port: 8082}, @@ -317,7 +317,7 @@ func extInconsistentProto(_ *testing.T, rh ResourceEventHandlerWrapper, c *Conto Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, }, - Protocol: ref.To("h2c"), + Protocol: ptr.To("h2c"), UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "cacert", SubjectName: "ext.projectcontour.io", diff --git a/internal/featuretests/v3/externalname_test.go b/internal/featuretests/v3/externalname_test.go index 23e0678304f..2d3bbe43922 100644 --- a/internal/featuretests/v3/externalname_test.go +++ b/internal/featuretests/v3/externalname_test.go @@ -26,6 +26,7 @@ import ( networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" @@ -33,7 +34,6 @@ import ( "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" ) // Assert that services of type core_v1.ServiceTypeExternalName can be @@ -172,7 +172,7 @@ func TestExternalNameService(t *testing.T) { WithSpec(contour_v1.HTTPProxySpec{ Routes: []contour_v1.Route{{ Services: []contour_v1.Service{{ - Protocol: ref.To("h2"), + Protocol: ptr.To("h2"), Name: s1.Name, Port: 80, }}, @@ -236,7 +236,7 @@ func TestExternalNameService(t *testing.T) { WithSpec(contour_v1.HTTPProxySpec{ Routes: []contour_v1.Route{{ Services: []contour_v1.Service{{ - Protocol: ref.To("tls"), + Protocol: ptr.To("tls"), Name: s1.Name, Port: 80, }}, @@ -290,7 +290,7 @@ func TestExternalNameService(t *testing.T) { WithSpec(contour_v1.HTTPProxySpec{ TCPProxy: &contour_v1.TCPProxy{ Services: []contour_v1.Service{{ - Protocol: ref.To("tls"), + Protocol: ptr.To("tls"), Name: s1.Name, Port: 80, }}, diff --git a/internal/featuretests/v3/httproute_test.go b/internal/featuretests/v3/httproute_test.go index 949ee33346a..e87c4771588 100644 --- a/internal/featuretests/v3/httproute_test.go +++ b/internal/featuretests/v3/httproute_test.go @@ -22,13 +22,13 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" ) var ( @@ -63,7 +63,7 @@ var ( Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -72,14 +72,14 @@ var ( Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, diff --git a/internal/featuretests/v3/ingressclass_test.go b/internal/featuretests/v3/ingressclass_test.go index c05a2d480cc..f056ca88d1c 100644 --- a/internal/featuretests/v3/ingressclass_test.go +++ b/internal/featuretests/v3/ingressclass_test.go @@ -21,6 +21,7 @@ import ( core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/contour" @@ -28,7 +29,6 @@ import ( envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/ref" ) const ( @@ -568,7 +568,7 @@ func TestIngressClassResource_Configured(t *testing.T) { ingressValid := &networking_v1.Ingress{ ObjectMeta: fixture.ObjectMeta(IngressName), Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("testingressclass"), + IngressClassName: ptr.To("testingressclass"), DefaultBackend: featuretests.IngressBackend(svc), }, } @@ -593,7 +593,7 @@ func TestIngressClassResource_Configured(t *testing.T) { ingressWrongClass := &networking_v1.Ingress{ ObjectMeta: fixture.ObjectMeta(IngressName), Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("wrongingressclass"), + IngressClassName: ptr.To("wrongingressclass"), DefaultBackend: featuretests.IngressBackend(svc), }, } @@ -812,7 +812,7 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { ingressMatchingClass := &networking_v1.Ingress{ ObjectMeta: fixture.ObjectMeta(IngressName), Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("contour"), + IngressClassName: ptr.To("contour"), DefaultBackend: featuretests.IngressBackend(svc), }, } @@ -837,7 +837,7 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { ingressNonMatchingClass := &networking_v1.Ingress{ ObjectMeta: fixture.ObjectMeta(IngressName), Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("notcontour"), + IngressClassName: ptr.To("notcontour"), DefaultBackend: featuretests.IngressBackend(svc), }, } diff --git a/internal/featuretests/v3/listeners_test.go b/internal/featuretests/v3/listeners_test.go index 6b60ce72860..55ed7208cab 100644 --- a/internal/featuretests/v3/listeners_test.go +++ b/internal/featuretests/v3/listeners_test.go @@ -24,6 +24,7 @@ import ( networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -35,7 +36,6 @@ import ( "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" "github.com/projectcontour/contour/internal/xdscache" xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" @@ -1298,7 +1298,7 @@ func TestGatewayListenersSetAddress(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -1307,14 +1307,14 @@ func TestGatewayListenersSetAddress(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -1323,11 +1323,11 @@ func TestGatewayListenersSetAddress(t *testing.T) { Port: 8443, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -1337,7 +1337,7 @@ func TestGatewayListenersSetAddress(t *testing.T) { Protocol: gatewayapi_v1.TCPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, diff --git a/internal/featuretests/v3/redirectroutepolicy_test.go b/internal/featuretests/v3/redirectroutepolicy_test.go index 3d8b66eae16..5a7bc7645e1 100644 --- a/internal/featuretests/v3/redirectroutepolicy_test.go +++ b/internal/featuretests/v3/redirectroutepolicy_test.go @@ -20,11 +20,11 @@ import ( envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/ref" ) func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { @@ -40,11 +40,11 @@ func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, Routes: []contour_v1.Route{{ RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Scheme: ref.To("https"), - Hostname: ref.To("envoyproxy.io"), - Port: ref.To(int32(443)), - StatusCode: ref.To(301), - Path: ref.To("/blog"), + Scheme: ptr.To("https"), + Hostname: ptr.To("envoyproxy.io"), + Port: ptr.To(int32(443)), + StatusCode: ptr.To(301), + Path: ptr.To("/blog"), }, }}, }) @@ -84,11 +84,11 @@ func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, Routes: []contour_v1.Route{{ RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Scheme: ref.To("https"), - Hostname: ref.To("envoyproxy.io"), - Port: ref.To(int32(443)), - StatusCode: ref.To(301), - Prefix: ref.To("/blogprefix"), + Scheme: ptr.To("https"), + Hostname: ptr.To("envoyproxy.io"), + Port: ptr.To(int32(443)), + StatusCode: ptr.To(301), + Prefix: ptr.To("/blogprefix"), }, }}, }) @@ -132,12 +132,12 @@ func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { Port: 80, }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Scheme: ref.To("https"), - Hostname: ref.To("envoyproxy.io"), - Port: ref.To(int32(443)), - StatusCode: ref.To(301), - Prefix: ref.To("/blogprefix"), - Path: ref.To("/blogprefix"), + Scheme: ptr.To("https"), + Hostname: ptr.To("envoyproxy.io"), + Port: ptr.To(int32(443)), + StatusCode: ptr.To(301), + Prefix: ptr.To("/blogprefix"), + Path: ptr.To("/blogprefix"), }, }}, }) diff --git a/internal/featuretests/v3/routeweight_test.go b/internal/featuretests/v3/routeweight_test.go index c062a42a311..1e056950693 100644 --- a/internal/featuretests/v3/routeweight_test.go +++ b/internal/featuretests/v3/routeweight_test.go @@ -24,6 +24,7 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -31,7 +32,6 @@ import ( envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" ) func TestHTTPProxy_RouteWithAServiceWeight(t *testing.T) { @@ -368,7 +368,7 @@ func TestHTTPRoute_RouteWithAServiceWeight(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -484,11 +484,11 @@ func TestTLSRoute_RouteWithAServiceWeight(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -509,7 +509,7 @@ func TestTLSRoute_RouteWithAServiceWeight(t *testing.T) { }, Hostnames: []gatewayapi_v1alpha2.Hostname{"test.projectcontour.io"}, Rules: []gatewayapi_v1alpha2.TLSRouteRule{{ - BackendRefs: gatewayapi.TLSRouteBackendRef("svc1", 443, ref.To(int32(1))), + BackendRefs: gatewayapi.TLSRouteBackendRef("svc1", 443, ptr.To(int32(1))), }}, }, } @@ -557,8 +557,8 @@ func TestTLSRoute_RouteWithAServiceWeight(t *testing.T) { Hostnames: []gatewayapi_v1alpha2.Hostname{"test.projectcontour.io"}, Rules: []gatewayapi_v1alpha2.TLSRouteRule{{ BackendRefs: gatewayapi.TLSRouteBackendRefs( - gatewayapi.TLSRouteBackendRef("svc1", 443, ref.To(int32(1))), - gatewayapi.TLSRouteBackendRef("svc2", 443, ref.To(int32(7))), + gatewayapi.TLSRouteBackendRef("svc1", 443, ptr.To(int32(1))), + gatewayapi.TLSRouteBackendRef("svc2", 443, ptr.To(int32(7))), ), }}, }, diff --git a/internal/featuretests/v3/tcproute_test.go b/internal/featuretests/v3/tcproute_test.go index fce4cddd5f5..0682b5f4a5b 100644 --- a/internal/featuretests/v3/tcproute_test.go +++ b/internal/featuretests/v3/tcproute_test.go @@ -22,6 +22,7 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -29,7 +30,6 @@ import ( "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" ) func TestTCPRoute(t *testing.T) { @@ -70,7 +70,7 @@ func TestTCPRoute(t *testing.T) { Protocol: gatewayapi_v1.TCPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -84,9 +84,9 @@ func TestTCPRoute(t *testing.T) { CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1.ParentReference{ { - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), Name: gatewayapi_v1.ObjectName("contour"), - SectionName: ref.To(gatewayapi_v1.SectionName("tcp-1")), + SectionName: ptr.To(gatewayapi_v1.SectionName("tcp-1")), }, }, }, @@ -123,7 +123,7 @@ func TestTCPRoute(t *testing.T) { Protocol: gatewayapi_v1.TCPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }) @@ -135,9 +135,9 @@ func TestTCPRoute(t *testing.T) { CommonRouteSpec: gatewayapi_v1alpha2.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{ { - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), Name: gatewayapi_v1.ObjectName("contour"), - SectionName: ref.To(gatewayapi_v1.SectionName("tcp-2")), + SectionName: ptr.To(gatewayapi_v1.SectionName("tcp-2")), }, }, }, @@ -216,14 +216,14 @@ func TestTCPRoute_TLSTermination(t *testing.T) { Port: 5000, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -238,9 +238,9 @@ func TestTCPRoute_TLSTermination(t *testing.T) { CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1.ParentReference{ { - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), Name: gatewayapi_v1.ObjectName("contour"), - SectionName: ref.To(gatewayapi_v1.SectionName("tls")), + SectionName: ptr.To(gatewayapi_v1.SectionName("tls")), }, }, }, diff --git a/internal/featuretests/v3/tlsroute_test.go b/internal/featuretests/v3/tlsroute_test.go index 26a80bd0e85..ed59422e5f8 100644 --- a/internal/featuretests/v3/tlsroute_test.go +++ b/internal/featuretests/v3/tlsroute_test.go @@ -22,6 +22,7 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -29,7 +30,6 @@ import ( "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" ) func TestTLSRoute_TLSPassthrough(t *testing.T) { @@ -68,11 +68,11 @@ func TestTLSRoute_TLSPassthrough(t *testing.T) { Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModePassthrough), + Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, @@ -270,15 +270,15 @@ func TestTLSRoute_TLSTermination(t *testing.T) { Port: 5000, Protocol: gatewayapi_v1.TLSProtocolType, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -303,7 +303,7 @@ func TestTLSRoute_TLSTermination(t *testing.T) { "test1.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.TLSRouteRule{{ - BackendRefs: gatewayapi.TLSRouteBackendRef("svc1", 80, ref.To(int32(1))), + BackendRefs: gatewayapi.TLSRouteBackendRef("svc1", 80, ptr.To(int32(1))), }}, }, }) @@ -340,7 +340,7 @@ func TestTLSRoute_TLSTermination(t *testing.T) { "test2.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.TLSRouteRule{{ - BackendRefs: gatewayapi.TLSRouteBackendRef("svc2", 80, ref.To(int32(1))), + BackendRefs: gatewayapi.TLSRouteBackendRef("svc2", 80, ptr.To(int32(1))), }}, }, }) diff --git a/internal/featuretests/v3/tracing_test.go b/internal/featuretests/v3/tracing_test.go index 47565ab9047..68b148e2b5c 100644 --- a/internal/featuretests/v3/tracing_test.go +++ b/internal/featuretests/v3/tracing_test.go @@ -19,6 +19,7 @@ import ( envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -26,7 +27,6 @@ import ( "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" ) @@ -75,7 +75,7 @@ func TestTracing(t *testing.T) { Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "otel-collector", Port: 4317}, }, - Protocol: ref.To("h2c"), + Protocol: ptr.To("h2c"), TimeoutPolicy: &contour_v1.TimeoutPolicy{ Response: defaultResponseTimeout.String(), }, diff --git a/internal/featuretests/v3/upstreamtls_test.go b/internal/featuretests/v3/upstreamtls_test.go index c965fc72826..c1f3c468446 100644 --- a/internal/featuretests/v3/upstreamtls_test.go +++ b/internal/featuretests/v3/upstreamtls_test.go @@ -25,6 +25,7 @@ import ( networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -35,7 +36,6 @@ import ( "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" ) func TestUpstreamTLSWithHTTPProxy(t *testing.T) { @@ -69,7 +69,7 @@ func TestUpstreamTLSWithHTTPProxy(t *testing.T) { Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, - Protocol: ref.To("tls"), + Protocol: ptr.To("tls"), UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", @@ -269,7 +269,7 @@ func TestUpstreamTLSWithHTTPRoute(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }}, diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index ac73077b849..3e374429fdb 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -15,21 +15,20 @@ package gatewayapi import ( "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - - "github.com/projectcontour/contour/internal/ref" ) func CertificateRef(name, namespace string) gatewayapi_v1.SecretObjectReference { secretRef := gatewayapi_v1.SecretObjectReference{ - Group: ref.To(gatewayapi_v1.Group("")), - Kind: ref.To(gatewayapi_v1.Kind("Secret")), + Group: ptr.To(gatewayapi_v1.Group("")), + Kind: ptr.To(gatewayapi_v1.Kind("Secret")), Name: gatewayapi_v1.ObjectName(name), } if namespace != "" { - secretRef.Namespace = ref.To(gatewayapi_v1.Namespace(namespace)) + secretRef.Namespace = ptr.To(gatewayapi_v1.Namespace(namespace)) } return secretRef @@ -37,13 +36,13 @@ func CertificateRef(name, namespace string) gatewayapi_v1.SecretObjectReference func GatewayParentRef(namespace, name string) gatewayapi_v1.ParentReference { parentRef := gatewayapi_v1.ParentReference{ - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), - Kind: ref.To(gatewayapi_v1.Kind("Gateway")), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Kind: ptr.To(gatewayapi_v1.Kind("Gateway")), Name: gatewayapi_v1.ObjectName(name), } if namespace != "" { - parentRef.Namespace = ref.To(gatewayapi_v1.Namespace(namespace)) + parentRef.Namespace = ptr.To(gatewayapi_v1.Namespace(namespace)) } return parentRef @@ -53,11 +52,11 @@ func GatewayListenerParentRef(namespace, name, listener string, port int) gatewa parentRef := GatewayParentRef(namespace, name) if listener != "" { - parentRef.SectionName = ref.To(gatewayapi_v1.SectionName(listener)) + parentRef.SectionName = ptr.To(gatewayapi_v1.SectionName(listener)) } if port != 0 { - parentRef.Port = ref.To(gatewayapi_v1.PortNumber(port)) + parentRef.Port = ptr.To(gatewayapi_v1.PortNumber(port)) } return parentRef @@ -65,10 +64,10 @@ func GatewayListenerParentRef(namespace, name, listener string, port int) gatewa func ServiceBackendObjectRef(name string, port int) gatewayapi_v1.BackendObjectReference { return gatewayapi_v1.BackendObjectReference{ - Group: ref.To(gatewayapi_v1.Group("")), - Kind: ref.To(gatewayapi_v1.Kind("Service")), + Group: ptr.To(gatewayapi_v1.Group("")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), Name: gatewayapi_v1.ObjectName(name), - Port: ref.To(gatewayapi_v1.PortNumber(port)), + Port: ptr.To(gatewayapi_v1.PortNumber(port)), } } @@ -76,8 +75,8 @@ func HTTPRouteMatch(pathType gatewayapi_v1.PathMatchType, value string) []gatewa return []gatewayapi_v1.HTTPRouteMatch{ { Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(pathType), - Value: ref.To(value), + Type: ptr.To(pathType), + Value: ptr.To(value), }, }, } @@ -86,7 +85,7 @@ func HTTPRouteMatch(pathType gatewayapi_v1.PathMatchType, value string) []gatewa func HTTPHeaderMatch(matchType gatewayapi_v1.HeaderMatchType, name, value string) []gatewayapi_v1.HTTPHeaderMatch { return []gatewayapi_v1.HTTPHeaderMatch{ { - Type: ref.To(matchType), + Type: ptr.To(matchType), Name: gatewayapi_v1.HTTPHeaderName(name), Value: value, }, @@ -98,7 +97,7 @@ func HTTPQueryParamMatches(namesAndValues map[string]string) []gatewayapi_v1.HTT for name, val := range namesAndValues { matches = append(matches, gatewayapi_v1.HTTPQueryParamMatch{ - Type: ref.To(gatewayapi_v1.QueryParamMatchExact), + Type: ptr.To(gatewayapi_v1.QueryParamMatchExact), Name: gatewayapi_v1.HTTPHeaderName(name), Value: val, }) @@ -140,10 +139,10 @@ func TLSRouteBackendRef(serviceName string, port int, weight *int32) []gatewayap return []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Group: ref.To(gatewayapi_v1.Group("")), - Kind: ref.To(gatewayapi_v1.Kind("Service")), + Group: ptr.To(gatewayapi_v1.Group("")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), Name: gatewayapi_v1alpha2.ObjectName(serviceName), - Port: ref.To(gatewayapi_v1.PortNumber(port)), + Port: ptr.To(gatewayapi_v1.PortNumber(port)), }, Weight: weight, }, @@ -155,10 +154,10 @@ func GRPCRouteBackendRef(serviceName string, port int, weight int32) []gatewayap { BackendRef: gatewayapi_v1alpha2.BackendRef{ BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Group: ref.To(gatewayapi_v1.Group("")), - Kind: ref.To(gatewayapi_v1.Kind("Service")), + Group: ptr.To(gatewayapi_v1.Group("")), + Kind: ptr.To(gatewayapi_v1.Kind("Service")), Name: gatewayapi_v1alpha2.ObjectName(serviceName), - Port: ref.To(gatewayapi_v1.PortNumber(port)), + Port: ptr.To(gatewayapi_v1.PortNumber(port)), }, Weight: &weight, }, @@ -169,16 +168,16 @@ func GRPCRouteBackendRef(serviceName string, port int, weight int32) []gatewayap func GRPCMethodMatch(matchType gatewayapi_v1alpha2.GRPCMethodMatchType, service, method string) *gatewayapi_v1alpha2.GRPCMethodMatch { return &gatewayapi_v1alpha2.GRPCMethodMatch{ - Type: ref.To(matchType), - Service: ref.To(service), - Method: ref.To(method), + Type: ptr.To(matchType), + Service: ptr.To(service), + Method: ptr.To(method), } } func GRPCHeaderMatch(matchType gatewayapi_v1.HeaderMatchType, name, value string) []gatewayapi_v1alpha2.GRPCHeaderMatch { return []gatewayapi_v1alpha2.GRPCHeaderMatch{ { - Type: ref.To(matchType), + Type: ptr.To(matchType), Name: gatewayapi_v1alpha2.GRPCHeaderName(name), Value: value, }, diff --git a/internal/gatewayapi/listeners.go b/internal/gatewayapi/listeners.go index 1e5d34d0b07..0a3f6a186ec 100644 --- a/internal/gatewayapi/listeners.go +++ b/internal/gatewayapi/listeners.go @@ -21,9 +21,8 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - - "github.com/projectcontour/contour/internal/ref" ) // ContourHTTPSProtocolType is the protocol for an HTTPS Listener @@ -88,7 +87,7 @@ func ValidateListeners(listeners []gatewayapi_v1.Listener) ValidateListenersResu for i, listener := range listeners { // Check for a valid hostname. - if hostname := ref.Val(listener.Hostname, ""); len(hostname) > 0 { + if hostname := ptr.Deref(listener.Hostname, ""); len(hostname) > 0 { if err := IsValidHostname(string(hostname)); err != nil { result.InvalidListenerConditions[listener.Name] = meta_v1.Condition{ Type: string(gatewayapi_v1.ListenerConditionProgrammed), @@ -159,7 +158,7 @@ func ValidateListeners(listeners []gatewayapi_v1.Listener) ValidateListenersResu } // Hostname conflict - if ref.Val(listener.Hostname, "") == ref.Val(otherListener.Hostname, "") { + if ptr.Deref(listener.Hostname, "") == ptr.Deref(otherListener.Hostname, "") { result.InvalidListenerConditions[listener.Name] = conflictedCondition(gatewayapi_v1.ListenerReasonHostnameConflict, "All Listener hostnames for a given port must be unique") return true } diff --git a/internal/gatewayapi/listeners_test.go b/internal/gatewayapi/listeners_test.go index 422e0b37d2a..16d41973d12 100644 --- a/internal/gatewayapi/listeners_test.go +++ b/internal/gatewayapi/listeners_test.go @@ -18,9 +18,8 @@ import ( "github.com/stretchr/testify/assert" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - - "github.com/projectcontour/contour/internal/ref" ) func TestValidateListeners(t *testing.T) { @@ -35,25 +34,25 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-4", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "non-http-listener-1", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -76,25 +75,25 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-4", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 8080, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "non-http-listener-1", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -118,31 +117,31 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), // duplicate hostname + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), // duplicate hostname }, { Name: "listener-4", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "listener-5", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 8080, - Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "non-http-listener-1", Protocol: gatewayapi_v1.TLSProtocolType, // non-HTTP Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -173,25 +172,25 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-4", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "non-http-listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -214,25 +213,25 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-4", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 8443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "http-listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -256,31 +255,31 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), // duplicate hostname + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), // duplicate hostname }, { Name: "listener-4", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "listener-5", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 8443, - Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "http-listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -306,19 +305,19 @@ func TestValidateListeners(t *testing.T) { Name: "listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("192.168.1.1")), + Hostname: ptr.To(gatewayapi_v1.Hostname("192.168.1.1")), }, { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("*.*.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("*.*.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname(".invalid.$.")), + Hostname: ptr.To(gatewayapi_v1.Hostname(".invalid.$.")), }, } @@ -351,19 +350,19 @@ func TestValidateListeners(t *testing.T) { { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, - Hostname: ref.To(gatewayapi_v1.Hostname("https-1.gateway.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("https-1.gateway.projectcontour.io")), Port: 443, }, { Name: "https-2", Protocol: gatewayapi_v1.HTTPSProtocolType, - Hostname: ref.To(gatewayapi_v1.Hostname("https-2.gateway.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("https-2.gateway.projectcontour.io")), Port: 443, }, { Name: "https-3", Protocol: gatewayapi_v1.HTTPSProtocolType, - Hostname: ref.To(gatewayapi_v1.Hostname("https-3.gateway.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("https-3.gateway.projectcontour.io")), Port: 443, }, } diff --git a/internal/ingressclass/ingressclass.go b/internal/ingressclass/ingressclass.go index 4bf4d8f96e0..5ca3d448a85 100644 --- a/internal/ingressclass/ingressclass.go +++ b/internal/ingressclass/ingressclass.go @@ -15,10 +15,10 @@ package ingressclass import ( networking_v1 "k8s.io/api/networking/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/annotation" - "github.com/projectcontour/contour/internal/ref" ) // DefaultClassName is the default IngressClass name that Contour will match @@ -34,7 +34,7 @@ func MatchesIngress(obj *networking_v1.Ingress, ingressClassNames []string) bool return matches(annotationClass, ingressClassNames) } - return matches(ref.Val(obj.Spec.IngressClassName, ""), ingressClassNames) + return matches(ptr.Deref(obj.Spec.IngressClassName, ""), ingressClassNames) } // MatchesHTTPProxy returns true if the passed in HTTPProxy annotations diff --git a/internal/ingressclass/ingressclass_test.go b/internal/ingressclass/ingressclass_test.go index ab6ccf0edfe..08a9cbee9e4 100644 --- a/internal/ingressclass/ingressclass_test.go +++ b/internal/ingressclass/ingressclass_test.go @@ -19,9 +19,9 @@ import ( "github.com/stretchr/testify/assert" networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" ) func TestMatchesIngress(t *testing.T) { @@ -38,7 +38,7 @@ func TestMatchesIngress(t *testing.T) { // No annotation set, spec field set to default, class not configured assert.True(t, MatchesIngress(&networking_v1.Ingress{ Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("contour"), + IngressClassName: ptr.To("contour"), }, }, nil)) // Annotation set, no spec field set, class not configured @@ -52,7 +52,7 @@ func TestMatchesIngress(t *testing.T) { // No annotation set, spec field set, class not configured assert.False(t, MatchesIngress(&networking_v1.Ingress{ Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("aclass"), + IngressClassName: ptr.To("aclass"), }, }, nil)) // No annotation, no spec field set, class configured @@ -68,7 +68,7 @@ func TestMatchesIngress(t *testing.T) { // No annotation set, spec field set, class configured assert.True(t, MatchesIngress(&networking_v1.Ingress{ Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("something"), + IngressClassName: ptr.To("something"), }, }, []string{"something"})) // Annotation set, no spec field set, class configured @@ -82,7 +82,7 @@ func TestMatchesIngress(t *testing.T) { // No annotation set, spec field set, class configured assert.False(t, MatchesIngress(&networking_v1.Ingress{ Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("aclass"), + IngressClassName: ptr.To("aclass"), }, }, []string{"something"})) // Annotation set, spec field set, class configured @@ -93,7 +93,7 @@ func TestMatchesIngress(t *testing.T) { }, }, Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("aclass"), + IngressClassName: ptr.To("aclass"), }, }, []string{"something"})) // Annotation set, spec field set, class configured @@ -104,7 +104,7 @@ func TestMatchesIngress(t *testing.T) { }, }, Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("something"), + IngressClassName: ptr.To("something"), }, }, []string{"something"})) // Multiple classes: Annotation set, no spec field set, class configured @@ -118,7 +118,7 @@ func TestMatchesIngress(t *testing.T) { // Multiple classes: No annotation set, spec field set, class configured assert.False(t, MatchesIngress(&networking_v1.Ingress{ Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("aclass"), + IngressClassName: ptr.To("aclass"), }, }, []string{"something", "somethingelse"})) // Multiple classes: Annotation set, spec field set, class configured @@ -129,7 +129,7 @@ func TestMatchesIngress(t *testing.T) { }, }, Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("aclass"), + IngressClassName: ptr.To("aclass"), }, }, []string{"somethingelse", "something"})) // Multiple classes: Annotation set, spec field set, class configured @@ -140,7 +140,7 @@ func TestMatchesIngress(t *testing.T) { }, }, Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To("something"), + IngressClassName: ptr.To("something"), }, }, []string{"something", "somethingelse"})) } diff --git a/internal/k8s/statusaddress.go b/internal/k8s/statusaddress.go index 7c30d1913d3..0cb5cc1daa2 100644 --- a/internal/k8s/statusaddress.go +++ b/internal/k8s/statusaddress.go @@ -22,6 +22,7 @@ import ( networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" @@ -29,7 +30,6 @@ import ( contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/annotation" "github.com/projectcontour/contour/internal/ingressclass" - "github.com/projectcontour/contour/internal/ref" ) // StatusAddressUpdater observes informer OnAdd and OnUpdate events and @@ -84,7 +84,7 @@ func (s *StatusAddressUpdater) OnAdd(obj any, _ bool) { switch o := obj.(type) { case *networking_v1.Ingress: if !ingressclass.MatchesIngress(o, s.IngressClassNames) { - logNoMatch(s.Logger.WithField("ingress-class-name", ref.Val(o.Spec.IngressClassName, "")), o) + logNoMatch(s.Logger.WithField("ingress-class-name", ptr.Deref(o.Spec.IngressClassName, "")), o) return } @@ -266,13 +266,13 @@ func lbStatusToGatewayAddresses(lbs core_v1.LoadBalancerStatus) []gatewayapi_v1. for _, lbi := range lbs.Ingress { if len(lbi.IP) > 0 { addrs = append(addrs, gatewayapi_v1.GatewayStatusAddress{ - Type: ref.To(gatewayapi_v1.IPAddressType), + Type: ptr.To(gatewayapi_v1.IPAddressType), Value: lbi.IP, }) } if len(lbi.Hostname) > 0 { addrs = append(addrs, gatewayapi_v1.GatewayStatusAddress{ - Type: ref.To(gatewayapi_v1.HostnameAddressType), + Type: ptr.To(gatewayapi_v1.HostnameAddressType), Value: lbi.Hostname, }) } diff --git a/internal/k8s/statusaddress_test.go b/internal/k8s/statusaddress_test.go index 7988c20b4cb..db2553407cb 100644 --- a/internal/k8s/statusaddress_test.go +++ b/internal/k8s/statusaddress_test.go @@ -23,6 +23,7 @@ import ( networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" @@ -30,7 +31,6 @@ import ( "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/ingressclass" "github.com/projectcontour/contour/internal/k8s/mocks" - "github.com/projectcontour/contour/internal/ref" ) func TestServiceStatusLoadBalancerWatcherOnAdd(t *testing.T) { @@ -416,11 +416,11 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, Addresses: []gatewayapi_v1.GatewayStatusAddress{ { - Type: ref.To(gatewayapi_v1.IPAddressType), + Type: ptr.To(gatewayapi_v1.IPAddressType), Value: ipLBStatus.Ingress[0].IP, }, { - Type: ref.To(gatewayapi_v1.IPAddressType), + Type: ptr.To(gatewayapi_v1.IPAddressType), Value: ipLBStatus.Ingress[1].IP, }, }, @@ -464,7 +464,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, Addresses: []gatewayapi_v1.GatewayStatusAddress{ { - Type: ref.To(gatewayapi_v1.HostnameAddressType), + Type: ptr.To(gatewayapi_v1.HostnameAddressType), Value: hostnameLBStatus.Ingress[0].Hostname, }, }, @@ -567,7 +567,7 @@ func simpleIngressGenerator(name, ingressClassAnnotation, ingressClassSpec strin } var ingressClassName *string if ingressClassSpec != "" { - ingressClassName = ref.To(ingressClassSpec) + ingressClassName = ptr.To(ingressClassSpec) } return &networking_v1.Ingress{ TypeMeta: meta_v1.TypeMeta{ diff --git a/internal/metrics/metrics_test.go b/internal/metrics/metrics_test.go index f0d158dd4a4..eb7db51e8cd 100644 --- a/internal/metrics/metrics_test.go +++ b/internal/metrics/metrics_test.go @@ -20,8 +20,7 @@ import ( "github.com/prometheus/client_golang/prometheus" io_prometheus_client "github.com/prometheus/client_model/go" "github.com/stretchr/testify/assert" - - "github.com/projectcontour/contour/internal/ref" + "k8s.io/utils/ptr" ) type testMetric struct { @@ -708,8 +707,8 @@ func TestSetDAGCacheObjectMetric(t *testing.T) { { Label: []*io_prometheus_client.LabelPair{ { - Name: ref.To("kind"), - Value: ref.To("test"), + Name: ptr.To("kind"), + Value: ptr.To("test"), }, }, Gauge: &io_prometheus_client.Gauge{ diff --git a/internal/provisioner/controller/gateway_test.go b/internal/provisioner/controller/gateway_test.go index c95f9a59238..ca516d95772 100644 --- a/internal/provisioner/controller/gateway_test.go +++ b/internal/provisioner/controller/gateway_test.go @@ -26,6 +26,7 @@ import ( "k8s.io/apimachinery/pkg/api/errors" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" @@ -34,7 +35,6 @@ import ( contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/provisioner" "github.com/projectcontour/contour/internal/provisioner/model" - "github.com/projectcontour/contour/internal/ref" ) func TestGatewayReconcile(t *testing.T) { @@ -66,7 +66,7 @@ func TestGatewayReconcile(t *testing.T) { gc.Spec.ParametersRef = &gatewayapi_v1.ParametersReference{ Group: gatewayapi_v1.Group(contour_v1alpha1.GroupVersion.Group), Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), Name: name + "-params", } return gc @@ -77,7 +77,7 @@ func TestGatewayReconcile(t *testing.T) { gc.Spec.ParametersRef = &gatewayapi_v1.ParametersReference{ Group: gatewayapi_v1.Group(contour_v1alpha1.GroupVersion.Group), Kind: "InvalidKind", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), Name: name + "-params", } return gc @@ -222,7 +222,7 @@ func TestGatewayReconcile(t *testing.T) { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGatewayWithAddrs([]gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1.IPAddressType), + Type: ptr.To(gatewayapi_v1.IPAddressType), Value: "172.18.255.207", }, }), @@ -236,11 +236,11 @@ func TestGatewayReconcile(t *testing.T) { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGatewayWithAddrs([]gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1.IPAddressType), + Type: ptr.To(gatewayapi_v1.IPAddressType), Value: "172.18.255.207", }, { - Type: ref.To(gatewayapi_v1.IPAddressType), + Type: ptr.To(gatewayapi_v1.IPAddressType), Value: "172.18.255.999", }, }), @@ -253,7 +253,7 @@ func TestGatewayReconcile(t *testing.T) { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGatewayWithAddrs([]gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1.HostnameAddressType), + Type: ptr.To(gatewayapi_v1.HostnameAddressType), Value: "projectcontour.io", }, }), @@ -266,11 +266,11 @@ func TestGatewayReconcile(t *testing.T) { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGatewayWithAddrs([]gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1.HostnameAddressType), + Type: ptr.To(gatewayapi_v1.HostnameAddressType), Value: "projectcontour.io", }, { - Type: ref.To(gatewayapi_v1.HostnameAddressType), + Type: ptr.To(gatewayapi_v1.HostnameAddressType), Value: "anotherhost.io", }, }), @@ -283,7 +283,7 @@ func TestGatewayReconcile(t *testing.T) { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGatewayWithAddrs([]gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1.AddressType("acme.io/CustomAddressType")), + Type: ptr.To(gatewayapi_v1.AddressType("acme.io/CustomAddressType")), Value: "custom-address-types-are-not-supported", }, }), @@ -301,10 +301,10 @@ func TestGatewayReconcile(t *testing.T) { }, Spec: contour_v1alpha1.ContourDeploymentSpec{ RuntimeSettings: &contour_v1alpha1.ContourConfigurationSpec{ - EnableExternalNameService: ref.To(true), + EnableExternalNameService: ptr.To(true), Envoy: &contour_v1alpha1.EnvoyConfig{ Listener: &contour_v1alpha1.EnvoyListenerConfig{ - DisableMergeSlashes: ref.To(true), + DisableMergeSlashes: ptr.To(true), }, Metrics: &contour_v1alpha1.MetricsConfig{ Port: 8003, @@ -333,7 +333,7 @@ func TestGatewayReconcile(t *testing.T) { require.NoError(t, r.client.Get(context.Background(), keyFor(contourConfig), contourConfig)) want := contour_v1alpha1.ContourConfigurationSpec{ - EnableExternalNameService: ref.To(true), + EnableExternalNameService: ptr.To(true), Gateway: &contour_v1alpha1.GatewayConfig{ GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: gw.Name, @@ -342,7 +342,7 @@ func TestGatewayReconcile(t *testing.T) { }, Envoy: &contour_v1alpha1.EnvoyConfig{ Listener: &contour_v1alpha1.EnvoyListenerConfig{ - DisableMergeSlashes: ref.To(true), + DisableMergeSlashes: ptr.To(true), }, Service: &contour_v1alpha1.NamespacedName{ Namespace: gw.Namespace, @@ -427,10 +427,10 @@ func TestGatewayReconcile(t *testing.T) { }, Spec: contour_v1alpha1.ContourDeploymentSpec{ RuntimeSettings: &contour_v1alpha1.ContourConfigurationSpec{ - EnableExternalNameService: ref.To(true), + EnableExternalNameService: ptr.To(true), Envoy: &contour_v1alpha1.EnvoyConfig{ Listener: &contour_v1alpha1.EnvoyListenerConfig{ - DisableMergeSlashes: ref.To(true), + DisableMergeSlashes: ptr.To(true), }, }, }, @@ -485,7 +485,7 @@ func TestGatewayReconcile(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("foo.bar")), + Hostname: ptr.To(gatewayapi_v1.Hostname("foo.bar")), }, { Name: "listener-3", @@ -507,13 +507,13 @@ func TestGatewayReconcile(t *testing.T) { Name: "listener-6", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("foo.bar")), + Hostname: ptr.To(gatewayapi_v1.Hostname("foo.bar")), }, { Name: "listener-7", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 8443, - Hostname: ref.To(gatewayapi_v1.Hostname("foo.baz")), + Hostname: ptr.To(gatewayapi_v1.Hostname("foo.baz")), }, }), @@ -567,7 +567,7 @@ func TestGatewayReconcile(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("foo.bar")), + Hostname: ptr.To(gatewayapi_v1.Hostname("foo.bar")), }, { Name: "listener-3", @@ -911,7 +911,7 @@ func TestGatewayReconcile(t *testing.T) { Protocol: gatewayapi_v1.HTTPProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, Name: gatewayapi_v1.SectionName("http"), @@ -923,11 +923,11 @@ func TestGatewayReconcile(t *testing.T) { Protocol: gatewayapi_v1.HTTPSProtocolType, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), }, }, }), @@ -949,7 +949,7 @@ func TestGatewayReconcile(t *testing.T) { } require.NoError(t, r.client.Get(context.Background(), keyFor(svc), svc)) assert.Equal(t, core_v1.ServiceExternalTrafficPolicyTypeCluster, svc.Spec.ExternalTrafficPolicy) - assert.Equal(t, ref.To(core_v1.IPFamilyPolicyPreferDualStack), svc.Spec.IPFamilyPolicy) + assert.Equal(t, ptr.To(core_v1.IPFamilyPolicyPreferDualStack), svc.Spec.IPFamilyPolicy) assert.Equal(t, core_v1.ServiceTypeNodePort, svc.Spec.Type) require.Len(t, svc.Annotations, 2) assert.Equal(t, "val-1", svc.Annotations["key-1"]) diff --git a/internal/provisioner/controller/gatewayclass_test.go b/internal/provisioner/controller/gatewayclass_test.go index 419fe06cb43..484ed0b8576 100644 --- a/internal/provisioner/controller/gatewayclass_test.go +++ b/internal/provisioner/controller/gatewayclass_test.go @@ -25,6 +25,7 @@ import ( apiextensions_v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -35,7 +36,6 @@ import ( contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/provisioner" - "github.com/projectcontour/contour/internal/ref" ) func TestGatewayClassReconcile(t *testing.T) { @@ -110,7 +110,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -138,7 +138,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "invalidgroup.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -172,7 +172,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "projectcontour.io", Kind: "InvalidKind", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -206,7 +206,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "projectcontour.io", Kind: "ContourDeployment", Name: "invalid-name", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -240,7 +240,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1.Namespace("invalid-namespace")), + Namespace: ptr.To(gatewayapi_v1.Namespace("invalid-namespace")), }, }, }, @@ -274,7 +274,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -308,7 +308,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -350,7 +350,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -398,7 +398,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -437,7 +437,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -478,7 +478,7 @@ func TestGatewayClassReconcile(t *testing.T) { Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Namespace: ptr.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, diff --git a/internal/provisioner/equality/equality_test.go b/internal/provisioner/equality/equality_test.go index 131b9228f8c..856121b3a8c 100644 --- a/internal/provisioner/equality/equality_test.go +++ b/internal/provisioner/equality/equality_test.go @@ -20,13 +20,13 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects/dataplane" "github.com/projectcontour/contour/internal/provisioner/objects/deployment" "github.com/projectcontour/contour/internal/provisioner/objects/service" - "github.com/projectcontour/contour/internal/ref" ) var ( @@ -308,7 +308,7 @@ func TestClusterIpServiceChanged(t *testing.T) { { description: "if ip family policy changed", mutate: func(svc *core_v1.Service) { - svc.Spec.IPFamilyPolicy = ref.To(core_v1.IPFamilyPolicyRequireDualStack) + svc.Spec.IPFamilyPolicy = ptr.To(core_v1.IPFamilyPolicyRequireDualStack) }, expect: true, }, @@ -441,7 +441,7 @@ func TestLoadBalancerServiceChanged(t *testing.T) { { description: "if ip family policy changed", mutate: func(svc *core_v1.Service) { - svc.Spec.IPFamilyPolicy = ref.To(core_v1.IPFamilyPolicyRequireDualStack) + svc.Spec.IPFamilyPolicy = ptr.To(core_v1.IPFamilyPolicyRequireDualStack) }, expect: true, }, @@ -539,7 +539,7 @@ func TestNodePortServiceChanged(t *testing.T) { { description: "if ip family policy changed", mutate: func(svc *core_v1.Service) { - svc.Spec.IPFamilyPolicy = ref.To(core_v1.IPFamilyPolicyRequireDualStack) + svc.Spec.IPFamilyPolicy = ptr.To(core_v1.IPFamilyPolicyRequireDualStack) }, expect: true, }, diff --git a/internal/provisioner/model/model.go b/internal/provisioner/model/model.go index a141182f92a..74105f8c5c0 100644 --- a/internal/provisioner/model/model.go +++ b/internal/provisioner/model/model.go @@ -18,10 +18,10 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" ) const ( @@ -59,20 +59,20 @@ func Default(namespace, name string) *Contour { EnvoyDaemonSetUpdateStrategy: apps_v1.DaemonSetUpdateStrategy{ Type: apps_v1.RollingUpdateDaemonSetStrategyType, RollingUpdate: &apps_v1.RollingUpdateDaemonSet{ - MaxUnavailable: ref.To(intstr.FromString("10%")), + MaxUnavailable: ptr.To(intstr.FromString("10%")), }, }, EnvoyDeploymentStrategy: apps_v1.DeploymentStrategy{ Type: apps_v1.RollingUpdateDeploymentStrategyType, RollingUpdate: &apps_v1.RollingUpdateDeployment{ - MaxSurge: ref.To(intstr.FromString("10%")), + MaxSurge: ptr.To(intstr.FromString("10%")), }, }, ContourDeploymentStrategy: apps_v1.DeploymentStrategy{ Type: apps_v1.RollingUpdateDeploymentStrategyType, RollingUpdate: &apps_v1.RollingUpdateDeployment{ - MaxSurge: ref.To(intstr.FromString("50%")), - MaxUnavailable: ref.To(intstr.FromString("25%")), + MaxSurge: ptr.To(intstr.FromString("50%")), + MaxUnavailable: ptr.To(intstr.FromString("25%")), }, }, ResourceLabels: map[string]string{}, diff --git a/internal/provisioner/objects/dataplane/dataplane.go b/internal/provisioner/objects/dataplane/dataplane.go index b4892f65128..19d9d1d184e 100644 --- a/internal/provisioner/objects/dataplane/dataplane.go +++ b/internal/provisioner/objects/dataplane/dataplane.go @@ -23,13 +23,13 @@ import ( "k8s.io/apimachinery/pkg/api/resource" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/labels" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" - "github.com/projectcontour/contour/internal/ref" ) const ( @@ -345,7 +345,7 @@ func DesiredDaemonSet(contour *model.Contour, contourImage, envoyImage string) * Annotations: contour.CommonAnnotations(), }, Spec: apps_v1.DaemonSetSpec{ - RevisionHistoryLimit: ref.To(int32(10)), + RevisionHistoryLimit: ptr.To(int32(10)), // Ensure the deamonset adopts only its own pods. Selector: EnvoyPodSelector(contour), UpdateStrategy: contour.Spec.EnvoyDaemonSetUpdateStrategy, @@ -364,7 +364,7 @@ func DesiredDaemonSet(contour *model.Contour, contourImage, envoyImage string) * Name: envoyCertsVolName, VolumeSource: core_v1.VolumeSource{ Secret: &core_v1.SecretVolumeSource{ - DefaultMode: ref.To(int32(420)), + DefaultMode: ptr.To(int32(420)), SecretName: contour.EnvoyCertsSecretName(), }, }, @@ -383,8 +383,8 @@ func DesiredDaemonSet(contour *model.Contour, contourImage, envoyImage string) * }, }, ServiceAccountName: contour.EnvoyRBACNames().ServiceAccount, - AutomountServiceAccountToken: ref.To(false), - TerminationGracePeriodSeconds: ref.To(int64(300)), + AutomountServiceAccountToken: ptr.To(false), + TerminationGracePeriodSeconds: ptr.To(int64(300)), SecurityContext: objects.NewUnprivilegedPodSecurity(), DNSPolicy: core_v1.DNSClusterFirst, RestartPolicy: core_v1.RestartPolicyAlways, @@ -418,8 +418,8 @@ func desiredDeployment(contour *model.Contour, contourImage, envoyImage string) Annotations: contour.CommonAnnotations(), }, Spec: apps_v1.DeploymentSpec{ - Replicas: ref.To(contour.Spec.EnvoyReplicas), - RevisionHistoryLimit: ref.To(int32(10)), + Replicas: ptr.To(contour.Spec.EnvoyReplicas), + RevisionHistoryLimit: ptr.To(int32(10)), // Ensure the deamonset adopts only its own pods. Selector: EnvoyPodSelector(contour), Strategy: contour.Spec.EnvoyDeploymentStrategy, @@ -451,7 +451,7 @@ func desiredDeployment(contour *model.Contour, contourImage, envoyImage string) Name: envoyCertsVolName, VolumeSource: core_v1.VolumeSource{ Secret: &core_v1.SecretVolumeSource{ - DefaultMode: ref.To(int32(420)), + DefaultMode: ptr.To(int32(420)), SecretName: contour.EnvoyCertsSecretName(), }, }, @@ -470,8 +470,8 @@ func desiredDeployment(contour *model.Contour, contourImage, envoyImage string) }, }, ServiceAccountName: contour.EnvoyRBACNames().ServiceAccount, - AutomountServiceAccountToken: ref.To(false), - TerminationGracePeriodSeconds: ref.To(int64(300)), + AutomountServiceAccountToken: ptr.To(false), + TerminationGracePeriodSeconds: ptr.To(int64(300)), SecurityContext: objects.NewUnprivilegedPodSecurity(), DNSPolicy: core_v1.DNSClusterFirst, RestartPolicy: core_v1.RestartPolicyAlways, diff --git a/internal/provisioner/objects/deployment/deployment.go b/internal/provisioner/objects/deployment/deployment.go index 523c35e6580..237e91867c6 100644 --- a/internal/provisioner/objects/deployment/deployment.go +++ b/internal/provisioner/objects/deployment/deployment.go @@ -24,6 +24,7 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -31,7 +32,6 @@ import ( "github.com/projectcontour/contour/internal/provisioner/labels" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" - "github.com/projectcontour/contour/internal/ref" ) const ( @@ -214,9 +214,9 @@ func DesiredDeployment(contour *model.Contour, image string) *apps_v1.Deployment Annotations: contour.CommonAnnotations(), }, Spec: apps_v1.DeploymentSpec{ - ProgressDeadlineSeconds: ref.To(int32(600)), - Replicas: ref.To(contour.Spec.ContourReplicas), - RevisionHistoryLimit: ref.To(int32(10)), + ProgressDeadlineSeconds: ptr.To(int32(600)), + Replicas: ptr.To(contour.Spec.ContourReplicas), + RevisionHistoryLimit: ptr.To(int32(10)), // Ensure the deployment adopts only its own pods. Selector: ContourDeploymentPodSelector(contour), Strategy: contour.Spec.ContourDeploymentStrategy, @@ -251,7 +251,7 @@ func DesiredDeployment(contour *model.Contour, image string) *apps_v1.Deployment Name: contourCertsVolName, VolumeSource: core_v1.VolumeSource{ Secret: &core_v1.SecretVolumeSource{ - DefaultMode: ref.To(int32(420)), + DefaultMode: ptr.To(int32(420)), SecretName: contour.ContourCertsSecretName(), }, }, @@ -262,7 +262,7 @@ func DesiredDeployment(contour *model.Contour, image string) *apps_v1.Deployment RestartPolicy: core_v1.RestartPolicyAlways, SchedulerName: "default-scheduler", SecurityContext: objects.NewUnprivilegedPodSecurity(), - TerminationGracePeriodSeconds: ref.To(int64(30)), + TerminationGracePeriodSeconds: ptr.To(int64(30)), }, }, }, diff --git a/internal/provisioner/objects/service/service.go b/internal/provisioner/objects/service/service.go index 439ab00f338..bd4ed821dc3 100644 --- a/internal/provisioner/objects/service/service.go +++ b/internal/provisioner/objects/service/service.go @@ -21,6 +21,7 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" "github.com/projectcontour/contour/internal/provisioner/equality" @@ -29,7 +30,6 @@ import ( "github.com/projectcontour/contour/internal/provisioner/objects" "github.com/projectcontour/contour/internal/provisioner/objects/dataplane" "github.com/projectcontour/contour/internal/provisioner/objects/deployment" - "github.com/projectcontour/contour/internal/ref" ) const ( @@ -251,7 +251,7 @@ func DesiredEnvoyService(contour *model.Contour) *core_v1.Service { } if contour.Spec.NetworkPublishing.Envoy.IPFamilyPolicy != "" { - svc.Spec.IPFamilyPolicy = ref.To(contour.Spec.NetworkPublishing.Envoy.IPFamilyPolicy) + svc.Spec.IPFamilyPolicy = ptr.To(contour.Spec.NetworkPublishing.Envoy.IPFamilyPolicy) } epType := contour.Spec.NetworkPublishing.Envoy.Type diff --git a/internal/ref/ref.go b/internal/ref/ref.go deleted file mode 100644 index d2f4798c18b..00000000000 --- a/internal/ref/ref.go +++ /dev/null @@ -1,25 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package ref - -func To[T any](v T) *T { - return &v -} - -func Val[T any](v *T, def T) T { - if v != nil { - return *v - } - return def -} diff --git a/internal/status/gatewaystatus.go b/internal/status/gatewaystatus.go index a97bda782eb..8b261e9ea1d 100644 --- a/internal/status/gatewaystatus.go +++ b/internal/status/gatewaystatus.go @@ -19,10 +19,9 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - - "github.com/projectcontour/contour/internal/ref" ) const MessageValidGateway = "Valid Gateway" @@ -73,7 +72,7 @@ func (gatewayUpdate *GatewayStatusUpdate) SetListenerSupportedKinds(listenerName for _, kind := range kinds { groupKind := gatewayapi_v1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: kind, } diff --git a/internal/status/gatewaystatus_test.go b/internal/status/gatewaystatus_test.go index 70e6196d17c..3de0ff7c836 100644 --- a/internal/status/gatewaystatus_test.go +++ b/internal/status/gatewaystatus_test.go @@ -19,10 +19,10 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" ) func TestGatewayAddCondition(t *testing.T) { @@ -71,15 +71,15 @@ func TestGatewaySetListenerSupportedKinds(t *testing.T) { assert.ElementsMatch(t, []gatewayapi_v1.RouteGroupKind{ - {Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute"}, + {Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute"}, }, gsu.ListenerStatus["http"].SupportedKinds, ) assert.ElementsMatch(t, []gatewayapi_v1.RouteGroupKind{ - {Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute"}, - {Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute"}, + {Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute"}, + {Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute"}, }, gsu.ListenerStatus["https"].SupportedKinds, ) @@ -109,11 +109,11 @@ func TestGatewayMutate(t *testing.T) { AttachedRoutes: 7, SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: gatewayapi_v1.Kind("FooRoute"), }, { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: gatewayapi_v1.Kind("BarRoute"), }, }, @@ -124,7 +124,7 @@ func TestGatewayMutate(t *testing.T) { AttachedRoutes: 77, SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: gatewayapi_v1.Kind("TLSRoute"), }, }, @@ -140,7 +140,7 @@ func TestGatewayMutate(t *testing.T) { AttachedRoutes: 3, SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Group: ptr.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: gatewayapi_v1.Kind("HTTPRoute"), }, }, diff --git a/internal/xdscache/v3/endpointslicetranslator_test.go b/internal/xdscache/v3/endpointslicetranslator_test.go index 56aa36a4cb2..70250a02f6a 100644 --- a/internal/xdscache/v3/endpointslicetranslator_test.go +++ b/internal/xdscache/v3/endpointslicetranslator_test.go @@ -21,12 +21,12 @@ import ( "google.golang.org/protobuf/proto" core_v1 "k8s.io/api/core/v1" discovery_v1 "k8s.io/api/discovery/v1" + "k8s.io/utils/ptr" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" ) func TestEndpointSliceTranslatorContents(t *testing.T) { @@ -179,8 +179,8 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -202,8 +202,8 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -219,8 +219,8 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](80), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](80), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -261,8 +261,8 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](80), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](80), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -291,14 +291,14 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Name: ref.To[string]("a"), - Port: ref.To[int32](8675), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("a"), + Port: ptr.To[int32](8675), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, { - Name: ref.To[string]("b"), - Port: ref.To[int32](309), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("b"), + Port: ptr.To[int32](309), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -331,14 +331,14 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Name: ref.To[string]("a"), - Port: ref.To[int32](8675), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("a"), + Port: ptr.To[int32](8675), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, { - Name: ref.To[string]("b"), - Port: ref.To[int32](309), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("b"), + Port: ptr.To[int32](309), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -369,7 +369,7 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { "10.10.1.1", }, Conditions: discovery_v1.EndpointConditions{ - Ready: ref.To[bool](false), + Ready: ptr.To[bool](false), }, }, { @@ -377,19 +377,19 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { "10.10.2.2", }, Conditions: discovery_v1.EndpointConditions{ - Ready: ref.To[bool](true), + Ready: ptr.To[bool](true), }, }, }, []discovery_v1.EndpointPort{ { - Name: ref.To[string]("a"), - Port: ref.To[int32](8675), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("a"), + Port: ptr.To[int32](8675), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, { - Name: ref.To[string]("b"), - Port: ref.To[int32](309), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("b"), + Port: ptr.To[int32](309), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -420,14 +420,14 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Name: ref.To[string]("health"), - Port: ref.To[int32](8998), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("health"), + Port: ptr.To[int32](8998), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, { - Name: ref.To[string]("a"), - Port: ref.To[int32](309), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("a"), + Port: ptr.To[int32](309), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -512,8 +512,8 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), false) @@ -524,8 +524,8 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -544,8 +544,8 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), false) @@ -556,8 +556,8 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -579,8 +579,8 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -606,14 +606,14 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Name: ref.To[string]("http"), - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("http"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, { - Name: ref.To[string]("https"), - Port: ref.To[int32](8443), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("https"), + Port: ptr.To[int32](8443), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ) @@ -632,14 +632,14 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Name: ref.To[string]("http"), - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("http"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, { - Name: ref.To[string]("https"), - Port: ref.To[int32](8443), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("https"), + Port: ptr.To[int32](8443), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -701,8 +701,8 @@ func TestEndpointSliceTranslatorUpdateEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), false) @@ -713,8 +713,8 @@ func TestEndpointSliceTranslatorUpdateEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -724,8 +724,8 @@ func TestEndpointSliceTranslatorUpdateEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8081), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8081), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -745,8 +745,8 @@ func TestEndpointSliceTranslatorUpdateEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), false) @@ -757,8 +757,8 @@ func TestEndpointSliceTranslatorUpdateEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -768,8 +768,8 @@ func TestEndpointSliceTranslatorUpdateEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8081), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8081), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -824,8 +824,8 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -861,8 +861,8 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](80), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](80), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ), @@ -894,9 +894,9 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8443), - Protocol: ref.To[core_v1.Protocol]("TCP"), - Name: ref.To[string]("https"), + Port: ptr.To[int32](8443), + Protocol: ptr.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("https"), }, }, ), @@ -934,14 +934,14 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](80), - Protocol: ref.To[core_v1.Protocol]("TCP"), - Name: ref.To[string]("a"), + Port: ptr.To[int32](80), + Protocol: ptr.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("a"), }, { - Port: ref.To[int32](8998), - Protocol: ref.To[core_v1.Protocol]("TCP"), - Name: ref.To[string]("health"), + Port: ptr.To[int32](8998), + Protocol: ptr.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("health"), }, }, ), @@ -983,14 +983,14 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](80), - Protocol: ref.To[core_v1.Protocol]("TCP"), - Name: ref.To[string]("a"), + Port: ptr.To[int32](80), + Protocol: ptr.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("a"), }, { - Port: ref.To[int32](8998), - Protocol: ref.To[core_v1.Protocol]("TCP"), - Name: ref.To[string]("health"), + Port: ptr.To[int32](8998), + Protocol: ptr.To[core_v1.Protocol]("TCP"), + Name: ptr.To[string]("health"), }, }, ), @@ -1041,8 +1041,8 @@ func TestEndpointSliceTranslatorScaleToZeroEndpoints(t *testing.T) { }, }, []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, }, ) @@ -1108,8 +1108,8 @@ func TestEndpointSliceTranslatorWeightedService(t *testing.T) { ports := []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, } @@ -1171,8 +1171,8 @@ func TestEndpointSliceTranslatorDefaultWeightedService(t *testing.T) { ports := []discovery_v1.EndpointPort{ { - Port: ref.To[int32](8080), - Protocol: ref.To[core_v1.Protocol]("TCP"), + Port: ptr.To[int32](8080), + Protocol: ptr.To[core_v1.Protocol]("TCP"), }, } diff --git a/internal/xdscache/v3/listener_test.go b/internal/xdscache/v3/listener_test.go index d5d0cdc5ee8..095f248210a 100644 --- a/internal/xdscache/v3/listener_test.go +++ b/internal/xdscache/v3/listener_test.go @@ -33,6 +33,7 @@ import ( networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -41,7 +42,6 @@ import ( envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" ) @@ -2824,7 +2824,7 @@ func TestListenerVisit(t *testing.T) { }, "httpproxy with MaxRequestsPerConnection set in listener config": { ListenerConfig: ListenerConfig{ - MaxRequestsPerConnection: ref.To(uint32(1)), + MaxRequestsPerConnection: ptr.To(uint32(1)), }, objs: []any{ &contour_v1.HTTPProxy{ @@ -2858,7 +2858,7 @@ func TestListenerVisit(t *testing.T) { MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). - MaxRequestsPerConnection(ref.To(uint32(1))). + MaxRequestsPerConnection(ptr.To(uint32(1))). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -2866,7 +2866,7 @@ func TestListenerVisit(t *testing.T) { }, "httpsproxy with MaxRequestsPerConnection set in listener config": { ListenerConfig: ListenerConfig{ - MaxRequestsPerConnection: ref.To(uint32(1)), + MaxRequestsPerConnection: ptr.To(uint32(1)), }, objs: []any{ &contour_v1.HTTPProxy{ @@ -2900,7 +2900,7 @@ func TestListenerVisit(t *testing.T) { MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). - MaxRequestsPerConnection(ref.To(uint32(1))). + MaxRequestsPerConnection(ptr.To(uint32(1))). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -2918,7 +2918,7 @@ func TestListenerVisit(t *testing.T) { MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). - MaxRequestsPerConnection(ref.To(uint32(1))). + MaxRequestsPerConnection(ptr.To(uint32(1))). Get()), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -2929,7 +2929,7 @@ func TestListenerVisit(t *testing.T) { }, "httpproxy with HTTP2MaxConcurrentStreams set in listener config": { ListenerConfig: ListenerConfig{ - HTTP2MaxConcurrentStreams: ref.To(uint32(100)), + HTTP2MaxConcurrentStreams: ptr.To(uint32(100)), }, objs: []any{ &contour_v1.HTTPProxy{ @@ -2963,7 +2963,7 @@ func TestListenerVisit(t *testing.T) { MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). - HTTP2MaxConcurrentStreams(ref.To(uint32(100))). + HTTP2MaxConcurrentStreams(ptr.To(uint32(100))). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -2971,7 +2971,7 @@ func TestListenerVisit(t *testing.T) { }, "httpsproxy with HTTP2MaxConcurrentStreams set in listener config": { ListenerConfig: ListenerConfig{ - HTTP2MaxConcurrentStreams: ref.To(uint32(101)), + HTTP2MaxConcurrentStreams: ptr.To(uint32(101)), }, objs: []any{ &contour_v1.HTTPProxy{ @@ -3005,7 +3005,7 @@ func TestListenerVisit(t *testing.T) { MetricsPrefix(ENVOY_HTTP_LISTENER). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). - HTTP2MaxConcurrentStreams(ref.To(uint32(101))). + HTTP2MaxConcurrentStreams(ptr.To(uint32(101))). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -3023,7 +3023,7 @@ func TestListenerVisit(t *testing.T) { MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). - HTTP2MaxConcurrentStreams(ref.To(uint32(101))). + HTTP2MaxConcurrentStreams(ptr.To(uint32(101))). Get()), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -3034,7 +3034,7 @@ func TestListenerVisit(t *testing.T) { }, "httpproxy with PerConnectionBufferLimitBytes set in listener config": { ListenerConfig: ListenerConfig{ - PerConnectionBufferLimitBytes: ref.To(uint32(32768)), + PerConnectionBufferLimitBytes: ptr.To(uint32(32768)), }, objs: []any{ &contour_v1.HTTPProxy{ @@ -3076,7 +3076,7 @@ func TestListenerVisit(t *testing.T) { }, "httpsproxy with PerConnectionBufferLimitBytes set in listener config": { ListenerConfig: ListenerConfig{ - PerConnectionBufferLimitBytes: ref.To(uint32(32768)), + PerConnectionBufferLimitBytes: ptr.To(uint32(32768)), }, objs: []any{ &contour_v1.HTTPProxy{ @@ -3140,7 +3140,7 @@ func TestListenerVisit(t *testing.T) { "httpproxy with authZ the authN": { ListenerConfig: ListenerConfig{ - PerConnectionBufferLimitBytes: ref.To(uint32(32768)), + PerConnectionBufferLimitBytes: ptr.To(uint32(32768)), }, objs: []any{ &contour_v1alpha1.ExtensionService{ diff --git a/internal/xdscache/v3/route_test.go b/internal/xdscache/v3/route_test.go index 6a1d1ec0a24..b043c4a5a98 100644 --- a/internal/xdscache/v3/route_test.go +++ b/internal/xdscache/v3/route_test.go @@ -34,6 +34,7 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -41,7 +42,6 @@ import ( envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" ) func TestRouteCacheContents(t *testing.T) { @@ -817,32 +817,32 @@ func TestRouteVisit(t *testing.T) { Paths: []networking_v1.HTTPIngressPath{ { Path: "/", - PathType: (*networking_v1.PathType)(ref.To("Prefix")), + PathType: (*networking_v1.PathType)(ptr.To("Prefix")), Backend: *backend("kuard", 8080), }, { Path: "/foo", - PathType: (*networking_v1.PathType)(ref.To("Prefix")), + PathType: (*networking_v1.PathType)(ptr.To("Prefix")), Backend: *backend("kuard", 8080), }, { Path: "/foo", - PathType: (*networking_v1.PathType)(ref.To("ImplementationSpecific")), + PathType: (*networking_v1.PathType)(ptr.To("ImplementationSpecific")), Backend: *backend("kuard", 8080), }, { Path: "/foo2", - PathType: (*networking_v1.PathType)(ref.To("ImplementationSpecific")), + PathType: (*networking_v1.PathType)(ptr.To("ImplementationSpecific")), Backend: *backend("kuard", 8080), }, { Path: "/foo3[a|b]?", - PathType: (*networking_v1.PathType)(ref.To("ImplementationSpecific")), + PathType: (*networking_v1.PathType)(ptr.To("ImplementationSpecific")), Backend: *backend("kuard", 8080), }, { Path: "/foo4", - PathType: (*networking_v1.PathType)(ref.To("Exact")), + PathType: (*networking_v1.PathType)(ptr.To("Exact")), Backend: *backend("kuard", 8080), }, }, diff --git a/internal/xdscache/v3/runtime_test.go b/internal/xdscache/v3/runtime_test.go index 70c1185af3b..da68821341f 100644 --- a/internal/xdscache/v3/runtime_test.go +++ b/internal/xdscache/v3/runtime_test.go @@ -22,10 +22,10 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" ) func TestRuntimeCacheContents(t *testing.T) { @@ -38,7 +38,7 @@ func TestRuntimeCacheContents(t *testing.T) { }, "http max requests per io cycle set": { runtimeSettings: ConfigurableRuntimeSettings{ - MaxRequestsPerIOCycle: ref.To(uint32(1)), + MaxRequestsPerIOCycle: ptr.To(uint32(1)), }, additionalFields: map[string]*structpb.Value{ "http.max_requests_per_io_cycle": structpb.NewNumberValue(1), @@ -46,7 +46,7 @@ func TestRuntimeCacheContents(t *testing.T) { }, "http max requests per io cycle set invalid": { runtimeSettings: ConfigurableRuntimeSettings{ - MaxRequestsPerIOCycle: ref.To(uint32(0)), + MaxRequestsPerIOCycle: ptr.To(uint32(0)), }, }, "http max requests per io cycle set nil": { @@ -158,7 +158,7 @@ func TestRuntimeVisit(t *testing.T) { }, "configure max connection per listener for one listener": { ConfigurableRuntimeSettings: ConfigurableRuntimeSettings{ - MaxConnectionsPerListener: ref.To(uint32(100)), + MaxConnectionsPerListener: ptr.To(uint32(100)), }, objs: []any{ &contour_v1.HTTPProxy{ @@ -198,7 +198,7 @@ func TestRuntimeVisit(t *testing.T) { }, "configure max connection per listener for two listeners": { ConfigurableRuntimeSettings: ConfigurableRuntimeSettings{ - MaxConnectionsPerListener: ref.To(uint32(100)), + MaxConnectionsPerListener: ptr.To(uint32(100)), }, objs: []any{ &contour_v1.HTTPProxy{ @@ -254,7 +254,7 @@ func TestRuntimeVisit(t *testing.T) { func TestRuntimeCacheOnChangeDelete(t *testing.T) { configurableRuntimeSettings := ConfigurableRuntimeSettings{ - MaxConnectionsPerListener: ref.To(uint32(100)), + MaxConnectionsPerListener: ptr.To(uint32(100)), } objs := []any{ &contour_v1.HTTPProxy{ diff --git a/internal/xdscache/v3/server_test.go b/internal/xdscache/v3/server_test.go index 7472e17bfb3..a98490723e2 100644 --- a/internal/xdscache/v3/server_test.go +++ b/internal/xdscache/v3/server_test.go @@ -37,11 +37,11 @@ import ( networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/xds" contour_xds_v3 "github.com/projectcontour/contour/internal/xds/v3" "github.com/projectcontour/contour/internal/xdscache" @@ -124,10 +124,10 @@ func TestGRPC(t *testing.T) { }, Ports: []discovery_v1.EndpointPort{ { - Port: ref.To[int32](80), + Port: ptr.To[int32](80), }, { - Port: ref.To[int32](80), + Port: ptr.To[int32](80), }, }, }, false) diff --git a/pkg/config/parameters_test.go b/pkg/config/parameters_test.go index 8341906daff..a6f8526081a 100644 --- a/pkg/config/parameters_test.go +++ b/pkg/config/parameters_test.go @@ -21,8 +21,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gopkg.in/yaml.v3" - - "github.com/projectcontour/contour/internal/ref" + "k8s.io/utils/ptr" ) func TestGetenvOr(t *testing.T) { @@ -462,42 +461,42 @@ network: `) check(func(t *testing.T, conf *Parameters) { - assert.Equal(t, ref.To(uint32(1)), conf.Listener.MaxRequestsPerConnection) + assert.Equal(t, ptr.To(uint32(1)), conf.Listener.MaxRequestsPerConnection) }, ` listener: max-requests-per-connection: 1 `) check(func(t *testing.T, conf *Parameters) { - assert.Equal(t, ref.To(uint32(10)), conf.Listener.HTTP2MaxConcurrentStreams) + assert.Equal(t, ptr.To(uint32(10)), conf.Listener.HTTP2MaxConcurrentStreams) }, ` listener: http2-max-concurrent-streams: 10 `) check(func(t *testing.T, conf *Parameters) { - assert.Equal(t, ref.To(uint32(1)), conf.Listener.PerConnectionBufferLimitBytes) + assert.Equal(t, ptr.To(uint32(1)), conf.Listener.PerConnectionBufferLimitBytes) }, ` listener: per-connection-buffer-limit-bytes: 1 `) check(func(t *testing.T, conf *Parameters) { - assert.Equal(t, ref.To(uint32(1)), conf.Listener.MaxRequestsPerIOCycle) + assert.Equal(t, ptr.To(uint32(1)), conf.Listener.MaxRequestsPerIOCycle) }, ` listener: max-requests-per-io-cycle: 1 `) check(func(t *testing.T, conf *Parameters) { - assert.Equal(t, ref.To(uint32(1)), conf.Listener.MaxConnectionsPerListener) + assert.Equal(t, ptr.To(uint32(1)), conf.Listener.MaxConnectionsPerListener) }, ` listener: max-connections-per-listener: 1 `) check(func(t *testing.T, conf *Parameters) { - assert.Equal(t, ref.To(uint32(1)), conf.Cluster.MaxRequestsPerConnection) + assert.Equal(t, ptr.To(uint32(1)), conf.Cluster.MaxRequestsPerConnection) }, ` cluster: max-requests-per-connection: 1 @@ -589,35 +588,35 @@ func TestListenerValidation(t *testing.T) { } require.Error(t, l.Validate()) l = &ListenerParameters{ - MaxRequestsPerConnection: ref.To(uint32(1)), + MaxRequestsPerConnection: ptr.To(uint32(1)), } require.NoError(t, l.Validate()) l = &ListenerParameters{ - MaxRequestsPerConnection: ref.To(uint32(0)), + MaxRequestsPerConnection: ptr.To(uint32(0)), } require.Error(t, l.Validate()) l = &ListenerParameters{ - PerConnectionBufferLimitBytes: ref.To(uint32(1)), + PerConnectionBufferLimitBytes: ptr.To(uint32(1)), } require.NoError(t, l.Validate()) l = &ListenerParameters{ - PerConnectionBufferLimitBytes: ref.To(uint32(0)), + PerConnectionBufferLimitBytes: ptr.To(uint32(0)), } require.Error(t, l.Validate()) l = &ListenerParameters{ - MaxRequestsPerIOCycle: ref.To(uint32(1)), + MaxRequestsPerIOCycle: ptr.To(uint32(1)), } require.NoError(t, l.Validate()) l = &ListenerParameters{ - MaxRequestsPerIOCycle: ref.To(uint32(0)), + MaxRequestsPerIOCycle: ptr.To(uint32(0)), } require.Error(t, l.Validate()) l = &ListenerParameters{ - HTTP2MaxConcurrentStreams: ref.To(uint32(1)), + HTTP2MaxConcurrentStreams: ptr.To(uint32(1)), } require.NoError(t, l.Validate()) l = &ListenerParameters{ - HTTP2MaxConcurrentStreams: ref.To(uint32(0)), + HTTP2MaxConcurrentStreams: ptr.To(uint32(0)), } require.Error(t, l.Validate()) l = &ListenerParameters{ @@ -637,11 +636,11 @@ func TestListenerValidation(t *testing.T) { require.Error(t, l.Validate()) l = &ListenerParameters{ - MaxConnectionsPerListener: ref.To(uint32(1)), + MaxConnectionsPerListener: ptr.To(uint32(1)), } require.NoError(t, l.Validate()) l = &ListenerParameters{ - MaxConnectionsPerListener: ref.To(uint32(0)), + MaxConnectionsPerListener: ptr.To(uint32(0)), } require.Error(t, l.Validate()) } @@ -649,15 +648,15 @@ func TestListenerValidation(t *testing.T) { func TestClusterParametersValidation(t *testing.T) { var l *ClusterParameters l = &ClusterParameters{ - MaxRequestsPerConnection: ref.To(uint32(0)), + MaxRequestsPerConnection: ptr.To(uint32(0)), } require.Error(t, l.Validate()) l = &ClusterParameters{ - MaxRequestsPerConnection: ref.To(uint32(1)), + MaxRequestsPerConnection: ptr.To(uint32(1)), } require.NoError(t, l.Validate()) l = &ClusterParameters{ - PerConnectionBufferLimitBytes: ref.To(uint32(0)), + PerConnectionBufferLimitBytes: ptr.To(uint32(0)), } require.Error(t, l.Validate()) l = &ClusterParameters{ @@ -667,7 +666,7 @@ func TestClusterParametersValidation(t *testing.T) { } require.Error(t, l.Validate()) l = &ClusterParameters{ - PerConnectionBufferLimitBytes: ref.To(uint32(1)), + PerConnectionBufferLimitBytes: ptr.To(uint32(1)), } require.NoError(t, l.Validate()) } @@ -677,36 +676,36 @@ func TestTracingConfigValidation(t *testing.T) { require.NoError(t, trace.Validate()) trace = &Tracing{ - IncludePodDetail: ref.To(false), - ServiceName: ref.To("contour"), - OverallSampling: ref.To("100"), - MaxPathTagLength: ref.To(uint32(256)), + IncludePodDetail: ptr.To(false), + ServiceName: ptr.To("contour"), + OverallSampling: ptr.To("100"), + MaxPathTagLength: ptr.To(uint32(256)), CustomTags: nil, ExtensionService: "projectcontour/otel-collector", } require.NoError(t, trace.Validate()) trace = &Tracing{ - IncludePodDetail: ref.To(false), - ServiceName: ref.To("contour"), - OverallSampling: ref.To("100"), - MaxPathTagLength: ref.To(uint32(256)), + IncludePodDetail: ptr.To(false), + ServiceName: ptr.To("contour"), + OverallSampling: ptr.To("100"), + MaxPathTagLength: ptr.To(uint32(256)), CustomTags: nil, } require.Error(t, trace.Validate()) trace = &Tracing{ - IncludePodDetail: ref.To(false), - OverallSampling: ref.To("100"), - MaxPathTagLength: ref.To(uint32(256)), + IncludePodDetail: ptr.To(false), + OverallSampling: ptr.To("100"), + MaxPathTagLength: ptr.To(uint32(256)), CustomTags: nil, ExtensionService: "projectcontour/otel-collector", } require.NoError(t, trace.Validate()) trace = &Tracing{ - OverallSampling: ref.To("100"), - MaxPathTagLength: ref.To(uint32(256)), + OverallSampling: ptr.To("100"), + MaxPathTagLength: ptr.To(uint32(256)), CustomTags: []CustomTag{ { TagName: "first", @@ -719,8 +718,8 @@ func TestTracingConfigValidation(t *testing.T) { require.Error(t, trace.Validate()) trace = &Tracing{ - OverallSampling: ref.To("100"), - MaxPathTagLength: ref.To(uint32(256)), + OverallSampling: ptr.To("100"), + MaxPathTagLength: ptr.To(uint32(256)), CustomTags: []CustomTag{ { Literal: "literal", @@ -731,9 +730,9 @@ func TestTracingConfigValidation(t *testing.T) { require.Error(t, trace.Validate()) trace = &Tracing{ - IncludePodDetail: ref.To(true), - OverallSampling: ref.To("100"), - MaxPathTagLength: ref.To(uint32(256)), + IncludePodDetail: ptr.To(true), + OverallSampling: ptr.To("100"), + MaxPathTagLength: ptr.To(uint32(256)), CustomTags: []CustomTag{ { TagName: "first", diff --git a/test/e2e/deployment.go b/test/e2e/deployment.go index fd73f1f69d7..beb56df0170 100644 --- a/test/e2e/deployment.go +++ b/test/e2e/deployment.go @@ -45,10 +45,10 @@ import ( apimachinery_util_yaml "k8s.io/apimachinery/pkg/util/yaml" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/pkg/config" ) @@ -523,7 +523,7 @@ func (d *Deployment) EnsureResourcesForLocalContour() error { // The envoy deployment uses host ports, so can have at most // one replica per node, and our cluster only has one worker // node, so scale the deployment to 1. - d.EnvoyDeployment.Spec.Replicas = ref.To(int32(1)) + d.EnvoyDeployment.Spec.Replicas = ptr.To(int32(1)) return d.EnsureEnvoyDeployment() } @@ -623,7 +623,7 @@ func (d *Deployment) StartLocalContour(config *config.Parameters, contourConfigu contourConfiguration.Spec.XDSServer.Port = port contourConfiguration.Spec.XDSServer.Address = listenAllAddress() contourConfiguration.Spec.XDSServer.TLS = &contour_v1alpha1.TLS{ - Insecure: ref.To(true), + Insecure: ptr.To(true), } if err := d.client.Create(context.TODO(), contourConfiguration); err != nil { @@ -832,7 +832,7 @@ func (d *Deployment) EnsureResourcesForInclusterContour(startContourDeployment b // The envoy deployment uses host ports, so can have at most // one replica per node, and our cluster only has one worker // node, so scale the deployment to 1. - d.EnvoyDeployment.Spec.Replicas = ref.To(int32(1)) + d.EnvoyDeployment.Spec.Replicas = ptr.To(int32(1)) if err := d.EnsureEnvoyDeployment(); err != nil { return err @@ -949,7 +949,7 @@ func (d *Deployment) DumpContourLogs() error { func (d *Deployment) EnsureDeleted(obj client.Object) error { // Delete the object; if it already doesn't exist, // then we're done. - err := d.client.Delete(context.Background(), obj, &client.DeleteOptions{PropagationPolicy: ref.To(meta_v1.DeletePropagationBackground)}) + err := d.client.Delete(context.Background(), obj, &client.DeleteOptions{PropagationPolicy: ptr.To(meta_v1.DeletePropagationBackground)}) if api_errors.IsNotFound(err) { return nil } diff --git a/test/e2e/fixtures.go b/test/e2e/fixtures.go index 3f1d1273927..07ef45d6baf 100644 --- a/test/e2e/fixtures.go +++ b/test/e2e/fixtures.go @@ -30,10 +30,10 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/pkg/config" ) @@ -88,7 +88,7 @@ func (e *Echo) DeployN(ns, name string, replicas int32) (func(), *apps_v1.Deploy Name: name, }, Spec: apps_v1.DeploymentSpec{ - Replicas: ref.To(replicas), + Replicas: ptr.To(replicas), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"app.kubernetes.io/name": name}, }, @@ -194,7 +194,7 @@ func (e *Echo) ScaleAndWaitDeployment(name, ns string, replicas int32) { updateAndWaitFor(e.t, e.client, deployment, func(d *apps_v1.Deployment) { - d.Spec.Replicas = ref.To(replicas) + d.Spec.Replicas = ptr.To(replicas) }, func(d *apps_v1.Deployment) bool { if d.Status.Replicas == replicas && d.Status.ReadyReplicas == replicas { @@ -443,7 +443,7 @@ func (g *GRPC) Deploy(ns, name string) func() { Name: name, }, Spec: apps_v1.DeploymentSpec{ - Replicas: ref.To(int32(1)), + Replicas: ptr.To(int32(1)), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"app.kubernetes.io/name": name}, }, @@ -565,7 +565,7 @@ func DefaultContourConfiguration() *contour_v1alpha1.ContourConfiguration { CAFile: "/certs/ca.crt", CertFile: "/certs/tls.crt", KeyFile: "/certs/tls.key", - Insecure: ref.To(false), + Insecure: ptr.To(false), }, }, Debug: &contour_v1alpha1.DebugConfig{ @@ -582,8 +582,8 @@ func DefaultContourConfiguration() *contour_v1alpha1.ContourConfiguration { "HTTP/1.1", "HTTP/2", }, Listener: &contour_v1alpha1.EnvoyListenerConfig{ - UseProxyProto: ref.To(false), - DisableAllowChunkedLength: ref.To(false), + UseProxyProto: ptr.To(false), + DisableAllowChunkedLength: ptr.To(false), ConnectionBalancer: "", TLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: "1.2", @@ -624,13 +624,13 @@ func DefaultContourConfiguration() *contour_v1alpha1.ContourConfiguration { DNSLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, }, Network: &contour_v1alpha1.NetworkParameters{ - EnvoyAdminPort: ref.To(9001), + EnvoyAdminPort: ptr.To(9001), }, }, HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ - DisablePermitInsecure: ref.To(false), + DisablePermitInsecure: ptr.To(false), }, - EnableExternalNameService: ref.To(false), + EnableExternalNameService: ptr.To(false), Metrics: &contour_v1alpha1.MetricsConfig{ Address: listenAllAddress(), Port: 8000, diff --git a/test/e2e/gateway/gateway_test.go b/test/e2e/gateway/gateway_test.go index dfdadbb55e6..9ffa6d4de59 100644 --- a/test/e2e/gateway/gateway_test.go +++ b/test/e2e/gateway/gateway_test.go @@ -27,11 +27,11 @@ import ( "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/pkg/config" "github.com/projectcontour/contour/test/e2e" ) @@ -159,7 +159,7 @@ var _ = Describe("Gateway API", func() { Port: gatewayapi_v1.PortNumber(80), AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -203,7 +203,7 @@ var _ = Describe("Gateway API", func() { {Kind: "HTTPRoute"}, }, Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -221,7 +221,7 @@ var _ = Describe("Gateway API", func() { {Kind: "HTTPRoute"}, }, Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -258,7 +258,7 @@ var _ = Describe("Gateway API", func() { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: gatewayapi_v1.PortNumber(443), - Hostname: ref.To(gatewayapi_v1.Hostname("https-1.gateway.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("https-1.gateway.projectcontour.io")), TLS: &gatewayapi_v1.GatewayTLSConfig{ CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert-1", ""), @@ -269,7 +269,7 @@ var _ = Describe("Gateway API", func() { {Kind: "HTTPRoute"}, }, Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -277,7 +277,7 @@ var _ = Describe("Gateway API", func() { Name: "https-2", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: gatewayapi_v1.PortNumber(443), - Hostname: ref.To(gatewayapi_v1.Hostname("https-2.gateway.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("https-2.gateway.projectcontour.io")), TLS: &gatewayapi_v1.GatewayTLSConfig{ CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert-2", ""), @@ -288,7 +288,7 @@ var _ = Describe("Gateway API", func() { {Kind: "HTTPRoute"}, }, Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -296,7 +296,7 @@ var _ = Describe("Gateway API", func() { Name: "https-3", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: gatewayapi_v1.PortNumber(443), - Hostname: ref.To(gatewayapi_v1.Hostname("https-3.gateway.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("https-3.gateway.projectcontour.io")), TLS: &gatewayapi_v1.GatewayTLSConfig{ CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert-3", ""), @@ -307,7 +307,7 @@ var _ = Describe("Gateway API", func() { {Kind: "HTTPRoute"}, }, Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -345,7 +345,7 @@ var _ = Describe("Gateway API", func() { Port: gatewayapi_v1.PortNumber(80), AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, diff --git a/test/e2e/gateway/host_rewrite_test.go b/test/e2e/gateway/host_rewrite_test.go index 721b381403d..545c9e5c6a2 100644 --- a/test/e2e/gateway/host_rewrite_test.go +++ b/test/e2e/gateway/host_rewrite_test.go @@ -21,10 +21,10 @@ import ( "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -51,8 +51,8 @@ func testHostRewrite(namespace string, gateway types.NamespacedName) { Matches: []gatewayapi_v1.HTTPRouteMatch{ { Path: &gatewayapi_v1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), - Value: ref.To("/"), + Type: ptr.To(gatewayapi_v1.PathMatchPathPrefix), + Value: ptr.To("/"), }, }, }, diff --git a/test/e2e/gateway/request_redirect_test.go b/test/e2e/gateway/request_redirect_test.go index 1e111251eae..803d2577c02 100644 --- a/test/e2e/gateway/request_redirect_test.go +++ b/test/e2e/gateway/request_redirect_test.go @@ -23,10 +23,10 @@ import ( "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -55,10 +55,10 @@ func testRequestRedirectRule(namespace string, gateway types.NamespacedName) { { Type: gatewayapi_v1.HTTPRouteFilterRequestRedirect, RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ - Hostname: ref.To(gatewayapi_v1.PreciseHostname("envoyproxy.io")), - StatusCode: ref.To(301), - Scheme: ref.To("https"), - Port: ref.To(gatewayapi_v1.PortNumber(8080)), + Hostname: ptr.To(gatewayapi_v1.PreciseHostname("envoyproxy.io")), + StatusCode: ptr.To(301), + Scheme: ptr.To("https"), + Port: ptr.To(gatewayapi_v1.PortNumber(8080)), }, }, }, diff --git a/test/e2e/gateway/tcproute_test.go b/test/e2e/gateway/tcproute_test.go index 7eb8429bc17..4e3d4ea05f9 100644 --- a/test/e2e/gateway/tcproute_test.go +++ b/test/e2e/gateway/tcproute_test.go @@ -21,11 +21,11 @@ import ( "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -44,14 +44,14 @@ func testTCPRoute(namespace string, gateway types.NamespacedName) { CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{ { - Namespace: ref.To(gatewayapi_v1.Namespace(gateway.Namespace)), + Namespace: ptr.To(gatewayapi_v1.Namespace(gateway.Namespace)), Name: gatewayapi_v1.ObjectName(gateway.Name), }, }, }, Rules: []gatewayapi_v1alpha2.TCPRouteRule{ { - BackendRefs: gatewayapi.TLSRouteBackendRef("echo", 80, ref.To(int32(1))), + BackendRefs: gatewayapi.TLSRouteBackendRef("echo", 80, ptr.To(int32(1))), }, }, }, diff --git a/test/e2e/gateway/tls_gateway_test.go b/test/e2e/gateway/tls_gateway_test.go index f2d2aff9f91..34883d0902e 100644 --- a/test/e2e/gateway/tls_gateway_test.go +++ b/test/e2e/gateway/tls_gateway_test.go @@ -21,10 +21,10 @@ import ( "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -45,9 +45,9 @@ func testTLSGateway(namespace string, gateway types.NamespacedName) { CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1.ParentReference{ { - Namespace: ref.To(gatewayapi_v1.Namespace(gateway.Namespace)), + Namespace: ptr.To(gatewayapi_v1.Namespace(gateway.Namespace)), Name: gatewayapi_v1.ObjectName(gateway.Name), - SectionName: ref.To(gatewayapi_v1.SectionName("insecure")), + SectionName: ptr.To(gatewayapi_v1.SectionName("insecure")), }, }, }, @@ -71,9 +71,9 @@ func testTLSGateway(namespace string, gateway types.NamespacedName) { CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1.ParentReference{ { - Namespace: ref.To(gatewayapi_v1.Namespace(gateway.Namespace)), + Namespace: ptr.To(gatewayapi_v1.Namespace(gateway.Namespace)), Name: gatewayapi_v1.ObjectName(gateway.Name), - SectionName: ref.To(gatewayapi_v1.SectionName("secure")), + SectionName: ptr.To(gatewayapi_v1.SectionName("secure")), }, }, }, diff --git a/test/e2e/gateway/tls_wildcard_host_test.go b/test/e2e/gateway/tls_wildcard_host_test.go index ccb765a4913..54137abe33f 100644 --- a/test/e2e/gateway/tls_wildcard_host_test.go +++ b/test/e2e/gateway/tls_wildcard_host_test.go @@ -22,10 +22,10 @@ import ( "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -46,9 +46,9 @@ func testTLSWildcardHost(namespace string, gateway types.NamespacedName) { CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1.ParentReference{ { - Namespace: ref.To(gatewayapi_v1.Namespace(gateway.Namespace)), + Namespace: ptr.To(gatewayapi_v1.Namespace(gateway.Namespace)), Name: gatewayapi_v1.ObjectName(gateway.Name), - SectionName: ref.To(gatewayapi_v1.SectionName("secure")), + SectionName: ptr.To(gatewayapi_v1.SectionName("secure")), }, }, }, diff --git a/test/e2e/httpproxy/cookie_rewrite_test.go b/test/e2e/httpproxy/cookie_rewrite_test.go index 9d3bfccc2c0..daa0f33436d 100644 --- a/test/e2e/httpproxy/cookie_rewrite_test.go +++ b/test/e2e/httpproxy/cookie_rewrite_test.go @@ -29,10 +29,10 @@ import ( core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -162,7 +162,7 @@ func testInvalidCookieRewriteFields(namespace string) { CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "invalid-samesite", - SameSite: ref.To("Invalid"), + SameSite: ptr.To("Invalid"), }, }, Services: []contour_v1.Service{ @@ -214,8 +214,8 @@ func testAppCookieRewrite(namespace string) { Name: "no-attributes", PathRewrite: &contour_v1.CookiePathRewrite{Value: "/foo"}, DomainRewrite: &contour_v1.CookieDomainRewrite{Value: "foo.com"}, - Secure: ref.To(true), - SameSite: ref.To("Strict"), + Secure: ptr.To(true), + SameSite: ptr.To("Strict"), }, }, Services: []contour_v1.Service{ @@ -234,8 +234,8 @@ func testAppCookieRewrite(namespace string) { Name: "rewrite-all", PathRewrite: &contour_v1.CookiePathRewrite{Value: "/ra"}, DomainRewrite: &contour_v1.CookieDomainRewrite{Value: "ra.com"}, - Secure: ref.To(false), - SameSite: ref.To("Lax"), + Secure: ptr.To(false), + SameSite: ptr.To("Lax"), }, }, Services: []contour_v1.Service{ @@ -333,8 +333,8 @@ func testAppCookieRewrite(namespace string) { { Name: "route-service", PathRewrite: &contour_v1.CookiePathRewrite{Value: "/service"}, - Secure: ref.To(true), - SameSite: ref.To("Lax"), + Secure: ptr.To(true), + SameSite: ptr.To("Lax"), }, { Name: "service", @@ -506,8 +506,8 @@ func testHeaderRewriteCookieRewrite(namespace string) { CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "X-Contour-Session-Affinity", - Secure: ref.To(true), - SameSite: ref.To("Strict"), + Secure: ptr.To(true), + SameSite: ptr.To("Strict"), }, }, Services: []contour_v1.Service{ @@ -681,8 +681,8 @@ func testCookieRewriteTLS(namespace string) { Name: "a-cookie", PathRewrite: &contour_v1.CookiePathRewrite{Value: "/"}, DomainRewrite: &contour_v1.CookieDomainRewrite{Value: "cookie-rewrite-tls.projectcontour.io"}, - Secure: ref.To(true), - SameSite: ref.To("Strict"), + Secure: ptr.To(true), + SameSite: ptr.To("Strict"), }, }, Services: []contour_v1.Service{ diff --git a/test/e2e/httpproxy/external_name_test.go b/test/e2e/httpproxy/external_name_test.go index 3f322e08052..20baf86a355 100644 --- a/test/e2e/httpproxy/external_name_test.go +++ b/test/e2e/httpproxy/external_name_test.go @@ -23,9 +23,9 @@ import ( "github.com/stretchr/testify/require" core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -138,7 +138,7 @@ func testExternalNameServiceTLS(namespace string) { { Name: externalNameService.Name, Port: 443, - Protocol: ref.To("tls"), + Protocol: ptr.To("tls"), }, }, RequestHeadersPolicy: &contour_v1.HeadersPolicy{ diff --git a/test/e2e/httpproxy/fqdn_test.go b/test/e2e/httpproxy/fqdn_test.go index b113a48921e..4057928f3b2 100644 --- a/test/e2e/httpproxy/fqdn_test.go +++ b/test/e2e/httpproxy/fqdn_test.go @@ -23,9 +23,9 @@ import ( "github.com/stretchr/testify/require" networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -201,7 +201,7 @@ func testIngressWildcardSubdomainFQDN(namespace string) { HTTP: &networking_v1.HTTPIngressRuleValue{ Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networking_v1.PathTypePrefix), + PathType: ptr.To(networking_v1.PathTypePrefix), Path: "/", Backend: networking_v1.IngressBackend{ Service: &networking_v1.IngressServiceBackend{ diff --git a/test/e2e/httpproxy/grpc_test.go b/test/e2e/httpproxy/grpc_test.go index 28088948158..a0f5264390d 100644 --- a/test/e2e/httpproxy/grpc_test.go +++ b/test/e2e/httpproxy/grpc_test.go @@ -34,9 +34,9 @@ import ( "google.golang.org/grpc/status" "google.golang.org/protobuf/proto" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -67,7 +67,7 @@ func testGRPCServicePlaintext(namespace string) { { Name: "grpc-echo", Port: 9000, - Protocol: ref.To("h2c"), + Protocol: ptr.To("h2c"), }, }, Conditions: []contour_v1.MatchCondition{ @@ -151,7 +151,7 @@ func testGRPCWeb(namespace string) { { Name: "grpc-echo", Port: 9000, - Protocol: ref.To("h2c"), + Protocol: ptr.To("h2c"), }, }, }, diff --git a/test/e2e/httpproxy/httpproxy_test.go b/test/e2e/httpproxy/httpproxy_test.go index e5e9a87c6f9..ff01a0af897 100644 --- a/test/e2e/httpproxy/httpproxy_test.go +++ b/test/e2e/httpproxy/httpproxy_test.go @@ -28,10 +28,10 @@ import ( "github.com/onsi/gomega/gexec" "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/pkg/config" "github.com/projectcontour/contour/test/e2e" ) @@ -117,7 +117,7 @@ var _ = Describe("HTTPProxy", func() { Context("with ExternalName Services enabled", func() { BeforeEach(func() { contourConfig.EnableExternalNameService = true - contourConfiguration.Spec.EnableExternalNameService = ref.To(true) + contourConfiguration.Spec.EnableExternalNameService = ptr.To(true) }) testInternalRedirectPolicy(namespace) }) @@ -145,7 +145,7 @@ var _ = Describe("HTTPProxy", func() { Context("set to true", func() { BeforeEach(func() { contourConfig.DisableMergeSlashes = true - contourConfiguration.Spec.Envoy.Listener.DisableMergeSlashes = ref.To(true) + contourConfiguration.Spec.Envoy.Listener.DisableMergeSlashes = ptr.To(true) }) f.NamespacedTest("httpproxy-disable-merge-slashes", testDisableMergeSlashes(true)) @@ -404,7 +404,7 @@ var _ = Describe("HTTPProxy", func() { Context("with ExternalName Services enabled", func() { BeforeEach(func() { contourConfig.EnableExternalNameService = true - contourConfiguration.Spec.EnableExternalNameService = ref.To(true) + contourConfiguration.Spec.EnableExternalNameService = ptr.To(true) }) testHostRewriteHeaderExternalNameService(namespace) }) @@ -415,7 +415,7 @@ var _ = Describe("HTTPProxy", func() { Context("with trusted xff hops", func() { BeforeEach(func() { contourConfig.Network.XffNumTrustedHops = 1 - contourConfiguration.Spec.Envoy.Network.XffNumTrustedHops = ref.To(uint32(1)) + contourConfiguration.Spec.Envoy.Network.XffNumTrustedHops = ptr.To(uint32(1)) }) testIPFilterPolicy(namespace) @@ -453,7 +453,7 @@ var _ = Describe("HTTPProxy", func() { Context("with ExternalName Services enabled", func() { BeforeEach(func() { contourConfig.EnableExternalNameService = true - contourConfiguration.Spec.EnableExternalNameService = ref.To(true) + contourConfiguration.Spec.EnableExternalNameService = ptr.To(true) }) testExternalNameServiceInsecure(namespace) }) @@ -463,7 +463,7 @@ var _ = Describe("HTTPProxy", func() { Context("with ExternalName Services enabled", func() { BeforeEach(func() { contourConfig.EnableExternalNameService = true - contourConfiguration.Spec.EnableExternalNameService = ref.To(true) + contourConfiguration.Spec.EnableExternalNameService = ptr.To(true) }) testExternalNameServiceTLS(namespace) }) @@ -473,7 +473,7 @@ var _ = Describe("HTTPProxy", func() { Context("with ExternalName Services enabled", func() { BeforeEach(func() { contourConfig.EnableExternalNameService = true - contourConfiguration.Spec.EnableExternalNameService = ref.To(true) + contourConfiguration.Spec.EnableExternalNameService = ptr.To(true) }) testExternalNameServiceLocalhostInvalid(namespace) }) @@ -498,8 +498,8 @@ var _ = Describe("HTTPProxy", func() { Namespace: namespace, }, Domain: "contour", - FailOpen: ref.To(false), - EnableXRateLimitHeaders: ref.To(false), + FailOpen: ptr.To(false), + EnableXRateLimitHeaders: ptr.To(false), } require.NoError(f.T(), f.Deployment.EnsureRateLimitResources( @@ -590,8 +590,8 @@ descriptors: Namespace: namespace, }, Domain: "contour-default-global-rate-limit", - FailOpen: ref.To(false), - EnableXRateLimitHeaders: ref.To(false), + FailOpen: ptr.To(false), + EnableXRateLimitHeaders: ptr.To(false), DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ Descriptors: []contour_v1.RateLimitDescriptor{ { @@ -635,7 +635,7 @@ descriptors: - key: customHeader rate_limit: unit: hour - requests_per_unit: 1 + requests_per_unit: 1 - key: anotherHeader rate_limit: unit: hour diff --git a/test/e2e/httpproxy/internal_redirect_test.go b/test/e2e/httpproxy/internal_redirect_test.go index 68d29259589..d16920e8617 100644 --- a/test/e2e/httpproxy/internal_redirect_test.go +++ b/test/e2e/httpproxy/internal_redirect_test.go @@ -25,9 +25,9 @@ import ( "github.com/stretchr/testify/require" core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -192,9 +192,9 @@ func getInternalRedirectHTTPProxy(namespace string) *contour_v1.HTTPProxy { }}, Services: []contour_v1.Service{}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Hostname: ref.To(fqdn), - StatusCode: ref.To(302), - Path: ref.To("/echo"), + Hostname: ptr.To(fqdn), + StatusCode: ptr.To(302), + Path: ptr.To("/echo"), }, }, { diff --git a/test/e2e/httpproxy/request_redirect_test.go b/test/e2e/httpproxy/request_redirect_test.go index df8569f33de..972f9eacd21 100644 --- a/test/e2e/httpproxy/request_redirect_test.go +++ b/test/e2e/httpproxy/request_redirect_test.go @@ -22,9 +22,9 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -110,7 +110,7 @@ func getRedirectHTTPProxy(namespace string, removeServices bool) *contour_v1.HTT Port: 80, }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Hostname: ref.To("projectcontour.io"), + Hostname: ptr.To("projectcontour.io"), }, }, { Conditions: []contour_v1.MatchCondition{{ @@ -121,10 +121,10 @@ func getRedirectHTTPProxy(namespace string, removeServices bool) *contour_v1.HTT Port: 80, }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Scheme: ref.To("https"), - Hostname: ref.To("envoyproxy.io"), - Port: ref.To(int32(8080)), - StatusCode: ref.To(301), + Scheme: ptr.To("https"), + Hostname: ptr.To("envoyproxy.io"), + Port: ptr.To(int32(8080)), + StatusCode: ptr.To(301), }, }, { Conditions: []contour_v1.MatchCondition{{ @@ -135,7 +135,7 @@ func getRedirectHTTPProxy(namespace string, removeServices bool) *contour_v1.HTT Port: 80, }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Path: ref.To("/path"), + Path: ptr.To("/path"), }, }, { Conditions: []contour_v1.MatchCondition{{ @@ -146,7 +146,7 @@ func getRedirectHTTPProxy(namespace string, removeServices bool) *contour_v1.HTT Port: 80, }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Prefix: ref.To("/v2"), + Prefix: ptr.To("/v2"), }, }, { Conditions: []contour_v1.MatchCondition{{ @@ -157,7 +157,7 @@ func getRedirectHTTPProxy(namespace string, removeServices bool) *contour_v1.HTT Port: 80, }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Prefix: ref.To("/v2"), + Prefix: ptr.To("/v2"), }, }}, }, @@ -192,8 +192,8 @@ func getRedirectHTTPProxyInvalid(namespace string) *contour_v1.HTTPProxy { Port: 80, }}, RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ - Path: ref.To("/path"), - Prefix: ref.To("/path"), + Path: ptr.To("/path"), + Prefix: ptr.To("/path"), }, }}, }, diff --git a/test/e2e/incluster/leaderelection_test.go b/test/e2e/incluster/leaderelection_test.go index 70b8d060bb5..a45c976d5e2 100644 --- a/test/e2e/incluster/leaderelection_test.go +++ b/test/e2e/incluster/leaderelection_test.go @@ -26,9 +26,8 @@ import ( coordination_v1 "k8s.io/api/coordination/v1" core_v1 "k8s.io/api/core/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" - - "github.com/projectcontour/contour/internal/ref" ) func testLeaderElection() { @@ -50,7 +49,7 @@ func testLeaderElection() { return "", err } - leaseHolder := ref.Val(leaderElectionLease.Spec.HolderIdentity, "") + leaseHolder := ptr.Deref(leaderElectionLease.Spec.HolderIdentity, "") if !strings.HasPrefix(leaseHolder, "contour-") { return "", fmt.Errorf("invalid leader name: %q", leaseHolder) } diff --git a/test/e2e/incluster/rbac_test.go b/test/e2e/incluster/rbac_test.go index d3e0d68a738..cc4f0cc24f4 100644 --- a/test/e2e/incluster/rbac_test.go +++ b/test/e2e/incluster/rbac_test.go @@ -25,11 +25,11 @@ import ( networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -146,7 +146,7 @@ func testIngressResourceRBAC(namespace string) { HTTP: &networking_v1.HTTPIngressRuleValue{ Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networking_v1.PathTypePrefix), + PathType: ptr.To(networking_v1.PathTypePrefix), Path: "/", Backend: networking_v1.IngressBackend{ Service: &networking_v1.IngressServiceBackend{ diff --git a/test/e2e/ingress/backend_tls_test.go b/test/e2e/ingress/backend_tls_test.go index be0517e92ea..b37b45769fe 100644 --- a/test/e2e/ingress/backend_tls_test.go +++ b/test/e2e/ingress/backend_tls_test.go @@ -27,9 +27,9 @@ import ( core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -69,7 +69,7 @@ func testBackendTLS(namespace string) { HTTP: &networking_v1.HTTPIngressRuleValue{ Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networking_v1.PathTypePrefix), + PathType: ptr.To(networking_v1.PathTypePrefix), Path: "/", Backend: networking_v1.IngressBackend{ Service: &networking_v1.IngressServiceBackend{ diff --git a/test/e2e/ingress/headers_policy_test.go b/test/e2e/ingress/headers_policy_test.go index 8126c3ac5e3..6820ce8ca8f 100644 --- a/test/e2e/ingress/headers_policy_test.go +++ b/test/e2e/ingress/headers_policy_test.go @@ -23,8 +23,8 @@ import ( "github.com/stretchr/testify/require" networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -62,7 +62,7 @@ func testGlobalHeadersPolicy(applyToIngress bool) e2e.NamespacedTestBody { HTTP: &networking_v1.HTTPIngressRuleValue{ Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networking_v1.PathTypePrefix), + PathType: ptr.To(networking_v1.PathTypePrefix), Path: "/", Backend: networking_v1.IngressBackend{ Service: &networking_v1.IngressServiceBackend{ diff --git a/test/e2e/ingress/ingress_class_test.go b/test/e2e/ingress/ingress_class_test.go index df16f298be9..faf65116fd3 100644 --- a/test/e2e/ingress/ingress_class_test.go +++ b/test/e2e/ingress/ingress_class_test.go @@ -22,8 +22,8 @@ import ( "github.com/stretchr/testify/require" networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -40,7 +40,7 @@ func testIngressClass(namespace, class string) { Name: name, }, Spec: networking_v1.IngressSpec{ - IngressClassName: ref.To(class), + IngressClassName: ptr.To(class), Rules: []networking_v1.IngressRule{ { Host: name + ".projectcontour.io", @@ -48,7 +48,7 @@ func testIngressClass(namespace, class string) { HTTP: &networking_v1.HTTPIngressRuleValue{ Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networking_v1.PathTypePrefix), + PathType: ptr.To(networking_v1.PathTypePrefix), Path: "/", Backend: networking_v1.IngressBackend{ Service: &networking_v1.IngressServiceBackend{ diff --git a/test/e2e/ingress/ingress_test.go b/test/e2e/ingress/ingress_test.go index a27db459b3d..0e48a3cf481 100644 --- a/test/e2e/ingress/ingress_test.go +++ b/test/e2e/ingress/ingress_test.go @@ -26,9 +26,9 @@ import ( "github.com/onsi/gomega/gexec" "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/pkg/config" "github.com/projectcontour/contour/test/e2e" ) @@ -237,7 +237,7 @@ var _ = Describe("Ingress", func() { Context("when ApplyToIngress is false", func() { BeforeEach(func() { contourConfig.Policy.ApplyToIngress = false - contourConfiguration.Spec.Policy.ApplyToIngress = ref.To(false) + contourConfiguration.Spec.Policy.ApplyToIngress = ptr.To(false) }) f.NamespacedTest("global-headers-policy-apply-to-ingress-false", testGlobalHeadersPolicy(false)) @@ -246,7 +246,7 @@ var _ = Describe("Ingress", func() { Context("when ApplyToIngress is true", func() { BeforeEach(func() { contourConfig.Policy.ApplyToIngress = true - contourConfiguration.Spec.Policy.ApplyToIngress = ref.To(true) + contourConfiguration.Spec.Policy.ApplyToIngress = ptr.To(true) }) f.NamespacedTest("global-headers-policy-apply-to-ingress-true", testGlobalHeadersPolicy(true)) diff --git a/test/e2e/ingress/long_path_match_test.go b/test/e2e/ingress/long_path_match_test.go index d945d69b371..9c9687e1d27 100644 --- a/test/e2e/ingress/long_path_match_test.go +++ b/test/e2e/ingress/long_path_match_test.go @@ -24,8 +24,8 @@ import ( "github.com/stretchr/testify/require" networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -51,7 +51,7 @@ func testLongPathMatch(namespace string) { HTTP: &networking_v1.HTTPIngressRuleValue{ Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networking_v1.PathTypePrefix), + PathType: ptr.To(networking_v1.PathTypePrefix), Path: longPrefixMatch, Backend: networking_v1.IngressBackend{ Service: &networking_v1.IngressServiceBackend{ @@ -63,7 +63,7 @@ func testLongPathMatch(namespace string) { }, }, { - PathType: ref.To(networking_v1.PathTypePrefix), + PathType: ptr.To(networking_v1.PathTypePrefix), Path: reallyLongPrefixMatch, Backend: networking_v1.IngressBackend{ Service: &networking_v1.IngressServiceBackend{ @@ -75,7 +75,7 @@ func testLongPathMatch(namespace string) { }, }, { - PathType: ref.To(networking_v1.PathTypeImplementationSpecific), + PathType: ptr.To(networking_v1.PathTypeImplementationSpecific), Path: longRegexMatch, Backend: networking_v1.IngressBackend{ Service: &networking_v1.IngressServiceBackend{ diff --git a/test/e2e/ingress/tls_wildcard_host_test.go b/test/e2e/ingress/tls_wildcard_host_test.go index f0c7223582a..12d1cedf365 100644 --- a/test/e2e/ingress/tls_wildcard_host_test.go +++ b/test/e2e/ingress/tls_wildcard_host_test.go @@ -23,8 +23,8 @@ import ( "github.com/stretchr/testify/require" networking_v1 "k8s.io/api/networking/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -55,7 +55,7 @@ func testTLSWildcardHost(namespace string) { HTTP: &networking_v1.HTTPIngressRuleValue{ Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networking_v1.PathTypePrefix), + PathType: ptr.To(networking_v1.PathTypePrefix), Path: "/", Backend: networking_v1.IngressBackend{ Service: &networking_v1.IngressServiceBackend{ diff --git a/test/e2e/provisioner/provisioner_test.go b/test/e2e/provisioner/provisioner_test.go index c553b0745b1..0847189c68c 100644 --- a/test/e2e/provisioner/provisioner_test.go +++ b/test/e2e/provisioner/provisioner_test.go @@ -37,7 +37,6 @@ import ( contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -81,7 +80,7 @@ var _ = BeforeSuite(func() { gc.Spec.ParametersRef = &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1.Namespace(params.Namespace)), + Namespace: ptr.To(gatewayapi_v1.Namespace(params.Namespace)), Name: params.Name, } } @@ -112,7 +111,7 @@ var _ = BeforeSuite(func() { ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1.Namespace(paramsEnvoyDeployment.Namespace)), + Namespace: ptr.To(gatewayapi_v1.Namespace(paramsEnvoyDeployment.Namespace)), Name: paramsEnvoyDeployment.Name, }, }, @@ -176,7 +175,7 @@ var _ = Describe("Gateway provisioner", func() { ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1.Namespace(namespace)), + Namespace: ptr.To(gatewayapi_v1.Namespace(namespace)), Name: "contour-params", }, }, @@ -200,7 +199,7 @@ var _ = Describe("Gateway provisioner", func() { Port: gatewayapi_v1.PortNumber(80), AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -270,7 +269,7 @@ var _ = Describe("Gateway provisioner", func() { Port: gatewayapi_v1.PortNumber(80), AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -340,21 +339,21 @@ var _ = Describe("Gateway provisioner", func() { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1.Hostname("http-1.provisioner.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("http-1.provisioner.projectcontour.io")), }, { Name: "http-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 81, - Hostname: ref.To(gatewayapi_v1.Hostname("http-2.provisioner.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("http-2.provisioner.projectcontour.io")), }, { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1.Hostname("https-1.provisioner.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("https-1.provisioner.projectcontour.io")), TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ {Name: "https-1-cert"}, }, @@ -364,9 +363,9 @@ var _ = Describe("Gateway provisioner", func() { Name: "https-2", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 444, - Hostname: ref.To(gatewayapi_v1.Hostname("https-2.provisioner.projectcontour.io")), + Hostname: ptr.To(gatewayapi_v1.Hostname("https-2.provisioner.projectcontour.io")), TLS: &gatewayapi_v1.GatewayTLSConfig{ - Mode: ref.To(gatewayapi_v1.TLSModeTerminate), + Mode: ptr.To(gatewayapi_v1.TLSModeTerminate), CertificateRefs: []gatewayapi_v1.SecretObjectReference{ {Name: "https-2-cert"}, }, @@ -474,14 +473,14 @@ var _ = Describe("Gateway provisioner", func() { CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{ { - Namespace: ref.To(gatewayapi_v1.Namespace(gateway.Namespace)), + Namespace: ptr.To(gatewayapi_v1.Namespace(gateway.Namespace)), Name: gatewayapi_v1.ObjectName(gateway.Name), }, }, }, Rules: []gatewayapi_v1alpha2.TCPRouteRule{ { - BackendRefs: gatewayapi.TLSRouteBackendRef("echo", 80, ref.To(int32(1))), + BackendRefs: gatewayapi.TLSRouteBackendRef("echo", 80, ptr.To(int32(1))), }, }, }, @@ -529,7 +528,7 @@ var _ = Describe("Gateway provisioner", func() { ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1.Namespace(namespace)), + Namespace: ptr.To(gatewayapi_v1.Namespace(namespace)), Name: objectTestName, }, }, @@ -588,7 +587,7 @@ var _ = Describe("Gateway provisioner", func() { Namespaces: &gatewayapi_v1.RouteNamespaces{ // TODO: set to from all for now // The correct way would be label the testns-1, testns-2, testns-3, then select by label - From: ref.To(gatewayapi_v1.NamespacesFromAll), + From: ptr.To(gatewayapi_v1.NamespacesFromAll), }, }, }, @@ -697,7 +696,7 @@ var _ = Describe("Gateway provisioner", func() { ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1.Namespace(namespace)), + Namespace: ptr.To(gatewayapi_v1.Namespace(namespace)), Name: objectTestName, }, }, @@ -756,7 +755,7 @@ var _ = Describe("Gateway provisioner", func() { }, AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ Namespaces: &gatewayapi_v1.RouteNamespaces{ - From: ref.To(gatewayapi_v1.NamespacesFromSame), + From: ptr.To(gatewayapi_v1.NamespacesFromSame), }, }, }, @@ -781,14 +780,14 @@ var _ = Describe("Gateway provisioner", func() { CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{ { - Namespace: ref.To(gatewayapi_v1alpha2.Namespace(gateway.Namespace)), + Namespace: ptr.To(gatewayapi_v1alpha2.Namespace(gateway.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(gateway.Name), }, }, }, Rules: []gatewayapi_v1alpha2.TLSRouteRule{ { - BackendRefs: gatewayapi.TLSRouteBackendRef("echo-secure", 443, ref.To(int32(1))), + BackendRefs: gatewayapi.TLSRouteBackendRef("echo-secure", 443, ptr.To(int32(1))), }, }, }, diff --git a/test/e2e/upgrade/upgrade_test.go b/test/e2e/upgrade/upgrade_test.go index 7088743c5df..f9c86d03e9b 100644 --- a/test/e2e/upgrade/upgrade_test.go +++ b/test/e2e/upgrade/upgrade_test.go @@ -29,12 +29,12 @@ import ( "github.com/stretchr/testify/require" apps_v1 "k8s.io/api/apps/v1" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" ) @@ -190,7 +190,7 @@ var _ = Describe("When upgrading", func() { Name: "http", Port: gatewayapi_v1.PortNumber(80), Protocol: gatewayapi_v1.HTTPProtocolType, - Hostname: ref.To(gatewayapi_v1.Hostname(appHost)), + Hostname: ptr.To(gatewayapi_v1.Hostname(appHost)), }, }, }, @@ -222,7 +222,7 @@ var _ = Describe("When upgrading", func() { BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi_v1.BackendObjectReference{ Name: gatewayapi_v1.ObjectName("echo"), - Port: ref.To(gatewayapi_v1.PortNumber(80)), + Port: ptr.To(gatewayapi_v1.PortNumber(80)), }, }, }, From d03b6d70758050d8313ad68b7d34effe4e70408d Mon Sep 17 00:00:00 2001 From: Christian Ang Date: Thu, 15 Feb 2024 17:50:46 -0800 Subject: [PATCH 32/83] Add test demonstrating backendtlspolicy precedence (#6194) BackendTLSPolicy takes precedence over the upstream-protocol annotation if both are specified. Signed-off-by: Christian Ang --- internal/featuretests/v3/upstreamtls_test.go | 114 +++++++++++++++++++ 1 file changed, 114 insertions(+) diff --git a/internal/featuretests/v3/upstreamtls_test.go b/internal/featuretests/v3/upstreamtls_test.go index c1f3c468446..88c84c2c710 100644 --- a/internal/featuretests/v3/upstreamtls_test.go +++ b/internal/featuretests/v3/upstreamtls_test.go @@ -340,3 +340,117 @@ func TestUpstreamTLSWithHTTPRoute(t *testing.T) { TypeUrl: clusterType, }) } + +func TestBackendTLSPolicyPrecedenceOverUpstreamProtocolAnnotationWithHTTPRoute(t *testing.T) { + rh, c, done := setup(t, func(b *dag.Builder) { + for _, processor := range b.Processors { + if gatewayAPIProcessor, ok := processor.(*dag.GatewayAPIProcessor); ok { + gatewayAPIProcessor.UpstreamTLS = &dag.UpstreamTLS{ + MinimumProtocolVersion: "1.2", + MaximumProtocolVersion: "1.2", + } + } + } + }) + defer done() + + sec1 := featuretests.CASecret(t, "sec1", &featuretests.CACertificate) + rh.OnAdd(sec1) + + rh.OnAdd(&gatewayapi_v1.GatewayClass{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: fixture.ObjectMeta("test-gc"), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: "projectcontour.io/contour", + }, + Status: gatewayapi_v1.GatewayClassStatus{ + Conditions: []meta_v1.Condition{ + { + Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), + Status: meta_v1.ConditionTrue, + }, + }, + }, + }) + + gateway := &gatewayapi_v1.Gateway{ + ObjectMeta: fixture.ObjectMeta("projectcontour/contour"), + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ + Name: "http", + Port: 80, + Protocol: gatewayapi_v1.HTTPProtocolType, + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ + From: ptr.To(gatewayapi_v1.NamespacesFromAll), + }, + }, + }}, + }, + } + rh.OnAdd(gateway) + + svc := fixture.NewService("backend"). + Annotate("projectcontour.io/upstream-protocol.h2", "443"). + WithPorts(core_v1.ServicePort{Name: "http", Port: 443}) + rh.OnAdd(svc) + + rh.OnAdd(&gatewayapi_v1.HTTPRoute{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "authenticated", + Namespace: "default", + }, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ + gatewayapi.GatewayParentRef("projectcontour", "contour"), + }, + }, + Hostnames: []gatewayapi_v1.Hostname{ + "test.projectcontour.io", + }, + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), + BackendRefs: gatewayapi.HTTPBackendRef("backend", 443, 1), + }}, + }, + }) + + rh.OnAdd(&gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "authenticated", + Namespace: "default", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "backend", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{{ + Kind: "Secret", + Name: gatewayapi_v1.ObjectName(sec1.Name), + }}, + Hostname: "subjname", + }, + }, + }) + + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ + Resources: resources(t, + tlsCluster( + cluster("default/backend/443/242c9163af", "default/backend/http", "default_backend_443"), + sec1, + "subjname", + "", + nil, + &dag.UpstreamTLS{ + MinimumProtocolVersion: "1.2", + MaximumProtocolVersion: "1.2", + }), + ), + TypeUrl: clusterType, + }) +} From 171e94f0c434985667b15962596a5de658356ef8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 09:19:20 -0500 Subject: [PATCH 33/83] build(deps): bump the k8s-dependencies group with 4 updates (#6197) Bumps the k8s-dependencies group with 4 updates: [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver), [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [k8s.io/client-go](https://github.com/kubernetes/client-go). Updates `k8s.io/api` from 0.29.1 to 0.29.2 - [Commits](https://github.com/kubernetes/api/compare/v0.29.1...v0.29.2) Updates `k8s.io/apiextensions-apiserver` from 0.29.1 to 0.29.2 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.29.1...v0.29.2) Updates `k8s.io/apimachinery` from 0.29.1 to 0.29.2 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.1...v0.29.2) Updates `k8s.io/client-go` from 0.29.1 to 0.29.2 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.29.1...v0.29.2) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 10 +++++----- go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/go.mod b/go.mod index 22be05bb11c..8eaad738456 100644 --- a/go.mod +++ b/go.mod @@ -35,10 +35,10 @@ require ( google.golang.org/grpc v1.61.0 google.golang.org/protobuf v1.32.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.29.1 - k8s.io/apiextensions-apiserver v0.29.1 - k8s.io/apimachinery v0.29.1 - k8s.io/client-go v0.29.1 + k8s.io/api v0.29.2 + k8s.io/apiextensions-apiserver v0.29.2 + k8s.io/apimachinery v0.29.2 + k8s.io/client-go v0.29.2 k8s.io/klog/v2 v2.120.1 k8s.io/utils v0.0.0-20240102154912-e7106e64919e sigs.k8s.io/controller-runtime v0.17.1 @@ -136,7 +136,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/component-base v0.29.1 // indirect + k8s.io/component-base v0.29.2 // indirect k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect k8s.io/klog v1.0.0 // indirect k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 // indirect diff --git a/go.sum b/go.sum index 479bad3f806..1384916089f 100644 --- a/go.sum +++ b/go.sum @@ -783,16 +783,16 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= -k8s.io/api v0.29.1 h1:DAjwWX/9YT7NQD4INu49ROJuZAAAP/Ijki48GUPzxqw= -k8s.io/api v0.29.1/go.mod h1:7Kl10vBRUXhnQQI8YR/R327zXC8eJ7887/+Ybta+RoQ= -k8s.io/apiextensions-apiserver v0.29.1 h1:S9xOtyk9M3Sk1tIpQMu9wXHm5O2MX6Y1kIpPMimZBZw= -k8s.io/apiextensions-apiserver v0.29.1/go.mod h1:zZECpujY5yTW58co8V2EQR4BD6A9pktVgHhvc0uLfeU= -k8s.io/apimachinery v0.29.1 h1:KY4/E6km/wLBguvCZv8cKTeOwwOBqFNjwJIdMkMbbRc= -k8s.io/apimachinery v0.29.1/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/client-go v0.29.1 h1:19B/+2NGEwnFLzt0uB5kNJnfTsbV8w6TgQRz9l7ti7A= -k8s.io/client-go v0.29.1/go.mod h1:TDG/psL9hdet0TI9mGyHJSgRkW3H9JZk2dNEUS7bRks= -k8s.io/component-base v0.29.1 h1:MUimqJPCRnnHsskTTjKD+IC1EHBbRCVyi37IoFBrkYw= -k8s.io/component-base v0.29.1/go.mod h1:fP9GFjxYrLERq1GcWWZAE3bqbNcDKDytn2srWuHTtKc= +k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= +k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= +k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= +k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= +k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= +k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= +k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= +k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= +k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= +k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= From 40ab309367cb30b4eb156b990efd5d7cd6a2c8e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 09:22:57 -0500 Subject: [PATCH 34/83] build(deps): bump github.com/prometheus/common from 0.46.0 to 0.47.0 (#6198) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.46.0 to 0.47.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.46.0...v0.47.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 8eaad738456..2babe66ca95 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/projectcontour/yages v0.1.0 github.com/prometheus/client_golang v1.18.0 github.com/prometheus/client_model v0.5.0 - github.com/prometheus/common v0.46.0 + github.com/prometheus/common v0.47.0 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.8.4 github.com/tsaarni/certyaml v0.9.3 diff --git a/go.sum b/go.sum index 1384916089f..a3516ef524b 100644 --- a/go.sum +++ b/go.sum @@ -328,8 +328,8 @@ github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlk github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= -github.com/prometheus/common v0.46.0 h1:doXzt5ybi1HBKpsZOL0sSkaNHJJqkyfEWZGGqqScV0Y= -github.com/prometheus/common v0.46.0/go.mod h1:Tp0qkxpb9Jsg54QMe+EAmqXkSV7Evdy1BTn+g2pa/hQ= +github.com/prometheus/common v0.47.0 h1:p5Cz0FNHo7SnWOmWmoRozVcjEp0bIVU8cV7OShpjL1k= +github.com/prometheus/common v0.47.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= From c76f2bc8cb81fa2f33229fecfc0e8999641715d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 14:54:23 +0000 Subject: [PATCH 35/83] build(deps): bump sigs.k8s.io/controller-runtime from 0.17.1 to 0.17.2 (#6199) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.1 to 0.17.2. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.1...v0.17.2) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 2babe66ca95..fc360f86077 100644 --- a/go.mod +++ b/go.mod @@ -41,7 +41,7 @@ require ( k8s.io/client-go v0.29.2 k8s.io/klog/v2 v2.120.1 k8s.io/utils v0.0.0-20240102154912-e7106e64919e - sigs.k8s.io/controller-runtime v0.17.1 + sigs.k8s.io/controller-runtime v0.17.2 sigs.k8s.io/controller-tools v0.14.0 sigs.k8s.io/gateway-api v1.0.0 sigs.k8s.io/kustomize/kyaml v0.16.0 diff --git a/go.sum b/go.sum index a3516ef524b..fb413adf70b 100644 --- a/go.sum +++ b/go.sum @@ -811,8 +811,8 @@ rsc.io/pdf v0.1.1 h1:k1MczvYDUvJBe93bYd7wrZLLUEcLZAuF824/I4e5Xr4= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.17.1 h1:V1dQELMGVk46YVXXQUbTFujU7u4DQj6YUj9Rb6cuzz8= -sigs.k8s.io/controller-runtime v0.17.1/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= +sigs.k8s.io/controller-runtime v0.17.2 h1:FwHwD1CTUemg0pW2otk7/U5/i5m2ymzvOXdbeGOUvw0= +sigs.k8s.io/controller-runtime v0.17.2/go.mod h1:+MngTvIQQQhfXtwfdGw/UOQ/aIaqsYywfCINOtwMO/s= sigs.k8s.io/controller-tools v0.14.0 h1:rnNoCC5wSXlrNoBKKzL70LNJKIQKEzT6lloG6/LF73A= sigs.k8s.io/controller-tools v0.14.0/go.mod h1:TV7uOtNNnnR72SpzhStvPkoS/U5ir0nMudrkrC4M9Sc= sigs.k8s.io/gateway-api v1.0.0 h1:iPTStSv41+d9p0xFydll6d7f7MOBGuqXM6p2/zVYMAs= From 6d2859f742d0d43f86b8fcf6d4caab55d4ddbe0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 14:59:35 +0000 Subject: [PATCH 36/83] build(deps): bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 (#6200) Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.5.0 to 0.6.0. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](https://github.com/prometheus/client_model/compare/v0.5.0...v0.6.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index fc360f86077..f5db7f90b79 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/onsi/gomega v1.31.1 github.com/projectcontour/yages v0.1.0 github.com/prometheus/client_golang v1.18.0 - github.com/prometheus/client_model v0.5.0 + github.com/prometheus/client_model v0.6.0 github.com/prometheus/common v0.47.0 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.8.4 diff --git a/go.sum b/go.sum index fb413adf70b..99c852aa8e8 100644 --- a/go.sum +++ b/go.sum @@ -326,8 +326,8 @@ github.com/projectcontour/yages v0.1.0/go.mod h1:pcJrPa3dP17HwGj2YOfBZ4w5WmC1rSp github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= +github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.47.0 h1:p5Cz0FNHo7SnWOmWmoRozVcjEp0bIVU8cV7OShpjL1k= github.com/prometheus/common v0.47.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= From 841c9f6b023cefc5a57cc783a7a6a8cd2e7e65a7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 15:41:09 +0000 Subject: [PATCH 37/83] build(deps): bump google.golang.org/grpc from 1.61.0 to 1.61.1 (#6201) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.61.0 to 1.61.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.61.0...v1.61.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index f5db7f90b79..33a5dcf0c4c 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( golang.org/x/oauth2 v0.17.0 gonum.org/v1/plot v0.14.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 - google.golang.org/grpc v1.61.0 + google.golang.org/grpc v1.61.1 google.golang.org/protobuf v1.32.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.29.2 diff --git a/go.sum b/go.sum index 99c852aa8e8..ffaf47b129a 100644 --- a/go.sum +++ b/go.sum @@ -739,8 +739,8 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= -google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= +google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 583310ba0125443a1ed49ddc7d1fbadb3a310bb1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Feb 2024 15:43:32 +0000 Subject: [PATCH 38/83] build(deps): bump github/codeql-action from 3.24.0 to 3.24.3 (#6210) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.0 to 3.24.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/e8893c57a1f3a2b659b6b55564fdfdbbd2982911...379614612a29c9e28f31f39a59013eb8012a51f0) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/openssf-scorecard.yaml | 2 +- .github/workflows/trivy-scan.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 5c682d12a76..c9494791583 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,11 +41,11 @@ jobs: cache: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/init@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 with: languages: go # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - name: Autobuild - uses: github/codeql-action/autobuild@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/autobuild@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/analyze@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 diff --git a/.github/workflows/openssf-scorecard.yaml b/.github/workflows/openssf-scorecard.yaml index d32a0a5dbc7..cfd9bc82ed4 100644 --- a/.github/workflows/openssf-scorecard.yaml +++ b/.github/workflows/openssf-scorecard.yaml @@ -37,6 +37,6 @@ jobs: name: SARIF file path: results.sarif - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 with: sarif_file: results.sarif diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml index 6f907cb33b8..ba8971bc312 100644 --- a/.github/workflows/trivy-scan.yaml +++ b/.github/workflows/trivy-scan.yaml @@ -35,6 +35,6 @@ jobs: output: 'trivy-results.sarif' ignore-unfixed: true severity: 'HIGH,CRITICAL' - - uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0 + - uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 with: sarif_file: 'trivy-results.sarif' From 94e591fc8fab76c74a83d367b03e256062834ca5 Mon Sep 17 00:00:00 2001 From: Lubron Date: Tue, 20 Feb 2024 09:59:46 -0800 Subject: [PATCH 39/83] Bump kind/kubectl and node images (#6211) Kind release note: https://github.com/kubernetes-sigs/kind/releases/tag/v0.22.0 Signed-off-by: lubronzhan --- .github/workflows/prbuild.yaml | 12 ++++++------ hack/actions/install-kubernetes-toolchain.sh | 4 ++-- test/scripts/make-kind-cluster.sh | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 2e4d757838f..27695e2193d 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -140,11 +140,11 @@ jobs: # image to use) for each kubernetes_version value. include: - kubernetes_version: "kubernetes:latest" - node_image: "docker.io/kindest/node:v1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144" + node_image: "docker.io/kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245" - kubernetes_version: "kubernetes:n-1" - node_image: "docker.io/kindest/node:v1.28.6@sha256:b7e1cf6b2b729f604133c667a6be8aab6f4dde5bb042c1891ae248d9154f665b" + node_image: "docker.io/kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58" - kubernetes_version: "kubernetes:n-2" - node_image: "docker.io/kindest/node:v1.27.10@sha256:3700c811144e24a6c6181065265f69b9bf0b437c45741017182d7c82b908918f" + node_image: "docker.io/kindest/node:v1.27.11@sha256:681253009e68069b8e01aad36a1e0fa8cf18bb0ab3e5c4069b2e65cafdd70843" - config_type: "ConfigmapConfiguration" use_config_crd: "false" - config_type: "ContourConfiguration" @@ -205,11 +205,11 @@ jobs: # image to use) for each kubernetes_version value. include: - kubernetes_version: "kubernetes:latest" - node_image: "docker.io/kindest/node:v1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144" + node_image: "docker.io/kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245" - kubernetes_version: "kubernetes:n-1" - node_image: "docker.io/kindest/node:v1.28.6@sha256:b7e1cf6b2b729f604133c667a6be8aab6f4dde5bb042c1891ae248d9154f665b" + node_image: "docker.io/kindest/node:v1.28.7@sha256:9bc6c451a289cf96ad0bbaf33d416901de6fd632415b076ab05f5fa7e4f65c58" - kubernetes_version: "kubernetes:n-2" - node_image: "docker.io/kindest/node:v1.27.10@sha256:3700c811144e24a6c6181065265f69b9bf0b437c45741017182d7c82b908918f" + node_image: "docker.io/kindest/node:v1.27.11@sha256:681253009e68069b8e01aad36a1e0fa8cf18bb0ab3e5c4069b2e65cafdd70843" steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: diff --git a/hack/actions/install-kubernetes-toolchain.sh b/hack/actions/install-kubernetes-toolchain.sh index d909a004286..a1c4ac7e18f 100755 --- a/hack/actions/install-kubernetes-toolchain.sh +++ b/hack/actions/install-kubernetes-toolchain.sh @@ -4,8 +4,8 @@ set -o errexit set -o nounset set -o pipefail -readonly KUBECTL_VERS="v1.29.1" -readonly KIND_VERS="v0.21.0" +readonly KUBECTL_VERS="v1.29.2" +readonly KIND_VERS="v0.22.0" readonly PROGNAME=$(basename $0) readonly CURL=${CURL:-curl} diff --git a/test/scripts/make-kind-cluster.sh b/test/scripts/make-kind-cluster.sh index d6fb9f9d80b..e08da8cbee2 100755 --- a/test/scripts/make-kind-cluster.sh +++ b/test/scripts/make-kind-cluster.sh @@ -27,7 +27,7 @@ readonly KUBECTL=${KUBECTL:-kubectl} readonly MULTINODE_CLUSTER=${MULTINODE_CLUSTER:-"false"} readonly IPV6_CLUSTER=${IPV6_CLUSTER:-"false"} readonly SKIP_GATEWAY_API_INSTALL=${SKIP_GATEWAY_API_INSTALL:-"false"} -readonly NODEIMAGE=${NODEIMAGE:-"kindest/node:v1.29.1@sha256:a0cc28af37cf39b019e2b448c54d1a3f789de32536cb5a5db61a49623e527144"} +readonly NODEIMAGE=${NODEIMAGE:-"kindest/node:v1.29.2@sha256:51a1434a5397193442f0be2a297b488b6c919ce8a3931be0ce822606ea5ca245"} readonly CLUSTERNAME=${CLUSTERNAME:-contour-e2e} readonly WAITTIME=${WAITTIME:-5m} From 9d7f9dd0ea2adcd896975a140b03b41df5474c0d Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Thu, 22 Feb 2024 15:55:32 -0500 Subject: [PATCH 40/83] Bump golang to 1.22.0 (#6181) * Bump golang to 1.22.0 See release notes: https://go.dev/doc/go1.22 * Add GOEXPERIMENT=nocoverageredesign to unit test CI runs There seems to be an issue with go test -cover failing when run against packages not part of -coverpkg Signed-off-by: Sunjay Bhatia --- .github/workflows/build_daily.yaml | 2 +- .github/workflows/build_tag.yaml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/prbuild.yaml | 8 +++++++- Makefile | 2 +- changelogs/unreleased/6181-sunjayBhatia-small.md | 1 + 6 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 changelogs/unreleased/6181-sunjayBhatia-small.md diff --git a/.github/workflows/build_daily.yaml b/.github/workflows/build_daily.yaml index 630ca6df47b..bbe56506efc 100644 --- a/.github/workflows/build_daily.yaml +++ b/.github/workflows/build_daily.yaml @@ -13,7 +13,7 @@ permissions: env: GOPROXY: https://proxy.golang.org/ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GO_VERSION: 1.21.6 + GO_VERSION: 1.22.0 jobs: e2e-envoy-xds: diff --git a/.github/workflows/build_tag.yaml b/.github/workflows/build_tag.yaml index f4e250ed0f1..c53f4fd0991 100644 --- a/.github/workflows/build_tag.yaml +++ b/.github/workflows/build_tag.yaml @@ -19,7 +19,7 @@ permissions: env: GOPROXY: https://proxy.golang.org/ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GO_VERSION: 1.21.6 + GO_VERSION: 1.22.0 jobs: build: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c9494791583..1b7450385b1 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -14,7 +14,7 @@ permissions: env: GOPROXY: https://proxy.golang.org/ - GO_VERSION: 1.21.6 + GO_VERSION: 1.22.0 jobs: CodeQL-Build: diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 27695e2193d..85ac5f4a1c7 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -14,7 +14,7 @@ permissions: env: GOPROXY: https://proxy.golang.org/ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GO_VERSION: 1.21.6 + GO_VERSION: 1.22.0 jobs: lint: runs-on: ubuntu-latest @@ -284,6 +284,9 @@ jobs: ./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH - name: test + env: + # TODO: remove once https://github.com/golang/go/issues/65653 is fixed + GOEXPERIMENT: nocoverageredesign run: | make install make check-coverage @@ -328,6 +331,9 @@ jobs: ./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH - name: test + env: + # TODO: remove once https://github.com/golang/go/issues/65653 is fixed + GOEXPERIMENT: nocoverageredesign run: | make install make check-coverage diff --git a/Makefile b/Makefile index d655e9245bf..89c903169e4 100644 --- a/Makefile +++ b/Makefile @@ -44,7 +44,7 @@ endif IMAGE_PLATFORMS ?= linux/amd64,linux/arm64 # Base build image to use. -BUILD_BASE_IMAGE ?= golang:1.21.6@sha256:acab8ef05990e50fe0bc8446398d93d91fa89b3608661529dbd6744b77fcea90 +BUILD_BASE_IMAGE ?= golang:1.22.0@sha256:53048e8f87cb42d5dfb620423479e1acf2d178038c77c61b97ed5d4165e574dc # Enable build with CGO. BUILD_CGO_ENABLED ?= 0 diff --git a/changelogs/unreleased/6181-sunjayBhatia-small.md b/changelogs/unreleased/6181-sunjayBhatia-small.md new file mode 100644 index 00000000000..40389a1bd86 --- /dev/null +++ b/changelogs/unreleased/6181-sunjayBhatia-small.md @@ -0,0 +1 @@ +Updates to Go 1.22.0. See the [Go release notes](https://go.dev/doc/go1.22) for more information. From c6ae46ee5a721dfcdc1c19f5dff9421427865e48 Mon Sep 17 00:00:00 2001 From: Christian Ang Date: Fri, 23 Feb 2024 12:07:37 -0800 Subject: [PATCH 41/83] Add test validating cluster name generation is unique in HTTPRoute with BackendTLSPolicy vs HTTPProxy (#6195) add a test to ensure that two clusters with different tls settings due to one being created with HTTPRoute and BackendTLSPolicy vs HTTPProxy have different cluster names Also adds type to statusupdatercache - to differentiate resources with the same name Signed-off-by: Christian Ang --- .../featuretests/v3/backendclientauth_test.go | 3 + internal/featuretests/v3/upstreamtls_test.go | 153 ++++++++++++++++++ internal/k8s/statusaddress_test.go | 9 +- internal/k8s/statuscache.go | 18 +-- 4 files changed, 170 insertions(+), 13 deletions(-) diff --git a/internal/featuretests/v3/backendclientauth_test.go b/internal/featuretests/v3/backendclientauth_test.go index 0ee16ea7173..cac489eb8cc 100644 --- a/internal/featuretests/v3/backendclientauth_test.go +++ b/internal/featuretests/v3/backendclientauth_test.go @@ -55,6 +55,9 @@ func proxyClientCertificateOpt(t *testing.T) func(*dag.Builder) { ClientCertificate: &secret, FieldLogger: log.WithField("context", "ExtensionServiceProcessor"), }, + &dag.GatewayAPIProcessor{ + FieldLogger: log.WithField("context", "GatewayAPIProcessor"), + }, } b.Source.ConfiguredSecretRefs = []*types.NamespacedName{ diff --git a/internal/featuretests/v3/upstreamtls_test.go b/internal/featuretests/v3/upstreamtls_test.go index 88c84c2c710..76ca2408ce6 100644 --- a/internal/featuretests/v3/upstreamtls_test.go +++ b/internal/featuretests/v3/upstreamtls_test.go @@ -454,3 +454,156 @@ func TestBackendTLSPolicyPrecedenceOverUpstreamProtocolAnnotationWithHTTPRoute(t TypeUrl: clusterType, }) } + +// Test that a unique cluster name is generated when there is an HTTPProxy with upstream TLS settings +// and an HTTPRoute with a BackendTLSPolicy, configured with unique TLS settings, targeting the same service. +func TestUpstreamTLSWithHTTPRouteANDHTTPProxy(t *testing.T) { + rh, c, done := setup(t, func(b *dag.Builder) { + for _, processor := range b.Processors { + if httpProxyProcessor, ok := processor.(*dag.HTTPProxyProcessor); ok { + httpProxyProcessor.UpstreamTLS = &dag.UpstreamTLS{ + MinimumProtocolVersion: "1.2", + MaximumProtocolVersion: "1.2", + } + } + if gatewayAPIProcessor, ok := processor.(*dag.GatewayAPIProcessor); ok { + gatewayAPIProcessor.UpstreamTLS = &dag.UpstreamTLS{ + MinimumProtocolVersion: "1.2", + MaximumProtocolVersion: "1.2", + } + } + } + }) + defer done() + + caSecret := featuretests.CASecret(t, "backendcacert", &featuretests.CACertificate) + rh.OnAdd(caSecret) + + sec1 := featuretests.CASecret(t, "sec1", &featuretests.CACertificate) + rh.OnAdd(sec1) + + svc := fixture.NewService("backend"). + WithPorts(core_v1.ServicePort{Name: "http", Port: 443}) + rh.OnAdd(svc) + + proxy := fixture.NewProxy("authenticated").WithSpec( + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + Fqdn: "www.example.com", + }, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ + Name: svc.Name, + Port: 443, + Protocol: ptr.To("tls"), + UpstreamValidation: &contour_v1.UpstreamValidation{ + CACertificate: caSecret.Name, + SubjectName: "subjname", + }, + }}, + }}, + }) + rh.OnAdd(proxy) + + rh.OnAdd(&gatewayapi_v1.GatewayClass{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: fixture.ObjectMeta("test-gc"), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: "projectcontour.io/contour", + }, + Status: gatewayapi_v1.GatewayClassStatus{ + Conditions: []meta_v1.Condition{ + { + Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), + Status: meta_v1.ConditionTrue, + }, + }, + }, + }) + + gateway := &gatewayapi_v1.Gateway{ + ObjectMeta: fixture.ObjectMeta("projectcontour/contour"), + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ + Name: "http", + Port: 80, + Protocol: gatewayapi_v1.HTTPProtocolType, + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ + From: ptr.To(gatewayapi_v1.NamespacesFromAll), + }, + }, + }}, + }, + } + rh.OnAdd(gateway) + + rh.OnAdd(&gatewayapi_v1.HTTPRoute{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "authenticated", + Namespace: "default", + }, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ + gatewayapi.GatewayParentRef("projectcontour", "contour"), + }, + }, + Hostnames: []gatewayapi_v1.Hostname{ + "test.projectcontour.io", + }, + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), + BackendRefs: gatewayapi.HTTPBackendRef("backend", 443, 1), + }}, + }, + }) + + rh.OnAdd(&gatewayapi_v1alpha2.BackendTLSPolicy{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "authenticated", + Namespace: "default", + }, + Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ + TargetRef: gatewayapi_v1alpha2.PolicyTargetReferenceWithSectionName{ + PolicyTargetReference: gatewayapi_v1alpha2.PolicyTargetReference{ + Kind: "Service", + Name: "backend", + }, + }, + TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ + CACertRefs: []gatewayapi_v1alpha2.LocalObjectReference{{ + Kind: "Secret", + Name: gatewayapi_v1.ObjectName(sec1.Name), + }}, + Hostname: "subjname", + }, + }, + }) + + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ + Resources: resources(t, + tlsCluster( + cluster("default/backend/443/242c9163af", "default/backend/http", "default_backend_443"), + sec1, + "subjname", + "", + nil, + &dag.UpstreamTLS{ + MinimumProtocolVersion: "1.2", + MaximumProtocolVersion: "1.2", + }), + tlsCluster( + cluster("default/backend/443/950c17581f", "default/backend/http", "default_backend_443"), + caSecret, + "subjname", + "", + nil, + &dag.UpstreamTLS{ + MinimumProtocolVersion: "1.2", + MaximumProtocolVersion: "1.2", + }), + ), + TypeUrl: clusterType, + }) +} diff --git a/internal/k8s/statusaddress_test.go b/internal/k8s/statusaddress_test.go index db2553407cb..e8bbf88cf18 100644 --- a/internal/k8s/statusaddress_test.go +++ b/internal/k8s/statusaddress_test.go @@ -14,6 +14,7 @@ package k8s import ( + "fmt" "testing" "github.com/sirupsen/logrus" @@ -325,7 +326,7 @@ func TestStatusAddressUpdater(t *testing.T) { isu.OnAdd(tc.preop, false) - newObj := suc.Get(objName, objName) + newObj := suc.Get(fmt.Sprintf("%T", tc.preop), objName, objName) assert.Equal(t, tc.postop, newObj) }) @@ -344,7 +345,7 @@ func TestStatusAddressUpdater(t *testing.T) { isu.OnUpdate(tc.preop, tc.preop) - newObj := suc.Get(objName, objName) + newObj := suc.Get(fmt.Sprintf("%T", tc.preop), objName, objName) assert.Equal(t, tc.postop, newObj) }) } @@ -531,7 +532,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { isu.OnAdd(tc.preop, false) - newObj := suc.Get(tc.preop.Name, tc.preop.Namespace) + newObj := suc.Get(fmt.Sprintf("%T", tc.preop), tc.preop.Name, tc.preop.Namespace) assert.Equal(t, tc.postop, newObj) }) @@ -554,7 +555,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { isu.OnUpdate(tc.preop, tc.preop) - newObj := suc.Get(tc.preop.Name, tc.preop.Namespace) + newObj := suc.Get(fmt.Sprintf("%T", tc.preop), tc.preop.Name, tc.preop.Namespace) assert.Equal(t, tc.postop, newObj) }) } diff --git a/internal/k8s/statuscache.go b/internal/k8s/statuscache.go index d51a7158d47..7be3a9d0ad5 100644 --- a/internal/k8s/statuscache.go +++ b/internal/k8s/statuscache.go @@ -42,7 +42,7 @@ func (suc *StatusUpdateCacher) OnDelete(obj any) { if suc.objectCache != nil { switch o := obj.(type) { case *contour_v1.HTTPProxy: - delete(suc.objectCache, suc.objKey(o.Name, o.Namespace)) + delete(suc.objectCache, suc.objKey(fmt.Sprintf("%T", o), o.Name, o.Namespace)) default: panic(fmt.Sprintf("status caching not supported for object type %T", obj)) } @@ -57,19 +57,19 @@ func (suc *StatusUpdateCacher) OnAdd(obj any) { switch o := obj.(type) { case *contour_v1.HTTPProxy: - suc.objectCache[suc.objKey(o.Name, o.Namespace)] = o + suc.objectCache[suc.objKey(fmt.Sprintf("%T", o), o.Name, o.Namespace)] = o default: panic(fmt.Sprintf("status caching not supported for object type %T", obj)) } } // Get allows retrieval of objects from the cache. -func (suc *StatusUpdateCacher) Get(name, namespace string) any { +func (suc *StatusUpdateCacher) Get(objType, name, namespace string) any { if suc.objectCache == nil { suc.objectCache = make(map[string]client.Object) } - obj, ok := suc.objectCache[suc.objKey(name, namespace)] + obj, ok := suc.objectCache[suc.objKey(objType, name, namespace)] if ok { return obj } @@ -81,7 +81,7 @@ func (suc *StatusUpdateCacher) Add(name, namespace string, obj client.Object) bo suc.objectCache = make(map[string]client.Object) } - prefix := suc.objKey(name, namespace) + prefix := suc.objKey(fmt.Sprintf("%T", obj), name, namespace) _, ok := suc.objectCache[prefix] if ok { return false @@ -95,7 +95,7 @@ func (suc *StatusUpdateCacher) Add(name, namespace string, obj client.Object) bo func (suc *StatusUpdateCacher) GetStatus(obj any) (*contour_v1.HTTPProxyStatus, error) { switch o := obj.(type) { case *contour_v1.HTTPProxy: - objectKey := suc.objKey(o.Name, o.Namespace) + objectKey := suc.objKey(fmt.Sprintf("%T", o), o.Name, o.Namespace) cachedObj, ok := suc.objectCache[objectKey] if ok { if c, ok := cachedObj.(*contour_v1.HTTPProxy); ok { @@ -108,8 +108,8 @@ func (suc *StatusUpdateCacher) GetStatus(obj any) (*contour_v1.HTTPProxyStatus, } } -func (suc *StatusUpdateCacher) objKey(name, namespace string) string { - return fmt.Sprintf("%s/%s", namespace, name) +func (suc *StatusUpdateCacher) objKey(objType, name, namespace string) string { + return fmt.Sprintf("%s/%s/%s", objType, namespace, name) } func (suc *StatusUpdateCacher) Send(su StatusUpdate) { @@ -117,7 +117,7 @@ func (suc *StatusUpdateCacher) Send(su StatusUpdate) { suc.objectCache = make(map[string]client.Object) } - objKey := suc.objKey(su.NamespacedName.Name, su.NamespacedName.Namespace) + objKey := suc.objKey(fmt.Sprintf("%T", su.Resource), su.NamespacedName.Name, su.NamespacedName.Namespace) obj, ok := suc.objectCache[objKey] if ok { suc.objectCache[objKey] = su.Mutator.Mutate(obj) From e6a5bfc7b06b148ff8cd52e3d384747b57ddbb1e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 23 Feb 2024 13:11:40 -0700 Subject: [PATCH 42/83] build(deps): bump github.com/vektra/mockery/v2 from 2.40.3 to 2.42.0 (#6212) * build(deps): bump github.com/vektra/mockery/v2 from 2.40.3 to 2.42.0 Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.40.3 to 2.42.0. - [Release notes](https://github.com/vektra/mockery/releases) - [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md) - [Commits](https://github.com/vektra/mockery/compare/v2.40.3...v2.42.0) --- updated-dependencies: - dependency-name: github.com/vektra/mockery/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] * update go directive Signed-off-by: Sunjay Bhatia --------- Signed-off-by: dependabot[bot] Signed-off-by: Sunjay Bhatia Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sunjay Bhatia --- go.mod | 4 ++-- go.sum | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/go.mod b/go.mod index 33a5dcf0c4c..0176f09a078 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/projectcontour/contour -go 1.21 +go 1.22.0 require ( dario.cat/mergo v1.0.0 @@ -27,7 +27,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.8.4 github.com/tsaarni/certyaml v0.9.3 - github.com/vektra/mockery/v2 v2.40.3 + github.com/vektra/mockery/v2 v2.42.0 go.uber.org/automaxprocs v1.5.3 golang.org/x/oauth2 v0.17.0 gonum.org/v1/plot v0.14.0 diff --git a/go.sum b/go.sum index ffaf47b129a..3ad44b43332 100644 --- a/go.sum +++ b/go.sum @@ -381,8 +381,8 @@ github.com/tsaarni/certyaml v0.9.3 h1:m8HHbuUzWVUOmv8IQU9HgVZZ8r5ICExKm++54DJKCs github.com/tsaarni/certyaml v0.9.3/go.mod h1:hhuU1qYr5re488geArUP4gZWqMUMqGlj4HA2qUyGYLk= github.com/tsaarni/x500dn v1.0.0 h1:LvaWTkqRpse4VHBhB5uwf3wytokK4vF9IOyNAEyiA+U= github.com/tsaarni/x500dn v1.0.0/go.mod h1:QaHa3EcUKC4dfCAZmj8+ZRGLKukWgpGv9H3oOCsAbcE= -github.com/vektra/mockery/v2 v2.40.3 h1:IZ2lydSDFsY0khnEsbSu13VLcqSsa6UYSS/8F+uOJmo= -github.com/vektra/mockery/v2 v2.40.3/go.mod h1:KYBZF/7sqOa86BaOZPYsoCZWEWLS90a5oBLg2pVudxY= +github.com/vektra/mockery/v2 v2.42.0 h1:xnP1KXjpcc1GD8jHRjgdpRIW4LDK5MdSMrhbJizAmaI= +github.com/vektra/mockery/v2 v2.42.0/go.mod h1:XNTE9RIu3deGAGQRVjP1VZxGpQNm0YedZx4oDs3prr8= github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc= github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From f8c285481a7df5499aaf62d753e18e5653680f9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 10:10:58 -0500 Subject: [PATCH 43/83] build(deps): bump google.golang.org/grpc from 1.61.1 to 1.62.0 (#6220) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.61.1 to 1.62.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.61.1...v1.62.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 16 ++++++++-------- go.sum | 37 ++++++++++++++++++++----------------- 2 files changed, 28 insertions(+), 25 deletions(-) diff --git a/go.mod b/go.mod index 0176f09a078..0bad355d952 100644 --- a/go.mod +++ b/go.mod @@ -31,8 +31,8 @@ require ( go.uber.org/automaxprocs v1.5.3 golang.org/x/oauth2 v0.17.0 gonum.org/v1/plot v0.14.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 - google.golang.org/grpc v1.61.1 + google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 + google.golang.org/grpc v1.62.0 google.golang.org/protobuf v1.32.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.29.2 @@ -57,9 +57,9 @@ require ( github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chigopher/pathlib v0.19.1 // indirect - github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 // indirect + github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa // indirect github.com/emicklei/go-restful/v3 v3.11.0 // indirect - github.com/envoyproxy/protoc-gen-validate v1.0.2 // indirect + github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect github.com/evanphx/json-patch v5.7.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.8.0 // indirect github.com/fatih/color v1.16.0 // indirect @@ -85,7 +85,7 @@ require ( github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect github.com/huandu/xstrings v1.4.0 // indirect - github.com/iancoleman/strcase v0.2.0 // indirect + github.com/iancoleman/strcase v0.3.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jinzhu/copier v0.3.5 // indirect @@ -109,7 +109,7 @@ require ( github.com/prometheus/procfs v0.12.0 // indirect github.com/rs/zerolog v1.29.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect - github.com/spf13/afero v1.9.3 // indirect + github.com/spf13/afero v1.10.0 // indirect github.com/spf13/cast v1.5.0 // indirect github.com/spf13/cobra v1.8.0 // indirect github.com/spf13/jwalterweatherman v1.1.0 // indirect @@ -131,8 +131,8 @@ require ( golang.org/x/tools v0.17.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect + google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 3ad44b43332..48b11148478 100644 --- a/go.sum +++ b/go.sum @@ -81,8 +81,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ= +github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/coreos/go-systemd/v22 v22.3.3-0.20220203105225-a9a7ef127534/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -101,8 +101,8 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.m github.com/envoyproxy/go-control-plane v0.12.1-0.20240111020705-5401a878d8bb h1:1BlzJS6JUqCF+HY7RLLafmZdZPmpHLvUWZSw8Jz+GcM= github.com/envoyproxy/go-control-plane v0.12.1-0.20240111020705-5401a878d8bb/go.mod h1:ZBTaoJ23lqITozF0M6G4/IragXCQKCnYbmlmtHvwRG0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= +github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= +github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI= github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.8.0 h1:lRj6N9Nci7MvzrXuX6HFzU8XjmhPiXPlsKEy1u0KQro= @@ -245,8 +245,8 @@ github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31 github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/iancoleman/strcase v0.2.0 h1:05I4QRnGpI0m37iZQRuskXh+w77mr6Z41lwQzuHLwW0= -github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= +github.com/iancoleman/strcase v0.3.0 h1:nTXanmYxhfFAMjZL34Ov6gkzEsSJZ5DbhxWjvSASxEI= +github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= @@ -345,8 +345,8 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/spf13/afero v1.9.3 h1:41FoI0fD7OR7mGcKE/aOiLkGreyf8ifIOQmJANWogMk= -github.com/spf13/afero v1.9.3/go.mod h1:iUV7ddyEEZPO5gA3zD4fJt6iStLlL+Lg4m2cihcDf8Y= +github.com/spf13/afero v1.10.0 h1:EaGW2JJh15aKOejeuJ+wpFSHnbd7GE6Wvp3TsNhb6LY= +github.com/spf13/afero v1.10.0/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ= github.com/spf13/cast v1.5.0 h1:rj3WzYc11XZaIZMPKmwP96zkFEnnAmV8s6XbB2aY32w= github.com/spf13/cast v1.5.0/go.mod h1:SpXXQ5YoyJw6s3/6cMTQuxvgRl3PCJiyaX9p6b155UU= github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= @@ -415,7 +415,7 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211108221036-ceb1ce70b4fa/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -490,6 +490,7 @@ golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= @@ -552,6 +553,7 @@ golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -576,6 +578,7 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= +golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= @@ -717,12 +720,12 @@ google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 h1:nz5NESFLZbJGPFxDT/HCn+V1mZ8JGNoY4nUpmW/Y2eg= -google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917/go.mod h1:pZqR+glSb11aJ+JQcczCvgf47+duRuzNSKqE8YAQnV0= -google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 h1:rcS6EyEaoCO52hQDupoSfrxI3R6C2Tq741is7X8OvnM= -google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917/go.mod h1:CmlNWB9lSezaYELKS5Ym1r44VrrbPUa7JTvw+6MbpJ0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917 h1:6G8oQ016D88m1xAKljMlBOOGWDZkes4kMhgGFlf8WcQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240102182953-50ed04b92917/go.mod h1:xtjpI3tXFPP051KaWnhvxkiubL/6dJ18vLVf7q2pTOU= +google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80 h1:KAeGQVN3M9nD0/bQXnr/ClcEMJ968gUXJQ9pwfSynuQ= +google.golang.org/genproto v0.0.0-20240123012728-ef4313101c80/go.mod h1:cc8bqMqtv9gMOr0zHg2Vzff5ULhhL2IXP4sbcn32Dro= +google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 h1:Lj5rbfG876hIAYFjqiJnPHfhXbv+nzTWfm04Fg/XSVU= +google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80/go.mod h1:4jWUdICTdgc3Ibxmr8nAJiiLHwQBY0UI0XZcEMaFKaA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 h1:AjyfHzEPEFp/NpvfN5g+KDla3EMojjhRVZc1i7cj+oM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80/go.mod h1:PAREbraiVEVGVdTZsVWjSbbTtSyGbAgIIvni8a8CD5s= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -739,8 +742,8 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= -google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk= +google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 0dbc1f3ddf04ba3b9fae17393123400b5411b3ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 10:12:10 -0500 Subject: [PATCH 44/83] build(deps): bump github.com/cert-manager/cert-manager (#6219) Bumps [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) from 1.14.2 to 1.14.3. - [Release notes](https://github.com/cert-manager/cert-manager/releases) - [Commits](https://github.com/cert-manager/cert-manager/compare/v1.14.2...v1.14.3) --- updated-dependencies: - dependency-name: github.com/cert-manager/cert-manager dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 0bad355d952..ed58ebd2988 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/alecthomas/kingpin/v2 v2.4.0 github.com/bombsimon/logrusr/v4 v4.1.0 - github.com/cert-manager/cert-manager v1.14.2 + github.com/cert-manager/cert-manager v1.14.3 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc github.com/distribution/reference v0.5.0 github.com/envoyproxy/go-control-plane v0.12.1-0.20240111020705-5401a878d8bb diff --git a/go.sum b/go.sum index 48b11148478..46aefa473fe 100644 --- a/go.sum +++ b/go.sum @@ -68,8 +68,8 @@ github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= -github.com/cert-manager/cert-manager v1.14.2 h1:C/uci6yxiCRO04PWomBbSX+T4JT58FIIpDj5SZ6Ks6I= -github.com/cert-manager/cert-manager v1.14.2/go.mod h1:pik7K6jXfgh++lfVJ/i1HzEnDluSUtTVLXSHikj8Lho= +github.com/cert-manager/cert-manager v1.14.3 h1:u1TVd/bD4NnAFjttzOyZYV0iOcoMGGoNfrLvSdx7a70= +github.com/cert-manager/cert-manager v1.14.3/go.mod h1:pik7K6jXfgh++lfVJ/i1HzEnDluSUtTVLXSHikj8Lho= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chigopher/pathlib v0.19.1 h1:RoLlUJc0CqBGwq239cilyhxPNLXTK+HXoASGyGznx5A= From e49b92de1f3584264c74acbb2f98a87447ff5698 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 10:16:32 -0500 Subject: [PATCH 45/83] build(deps): bump codecov/codecov-action from 4.0.1 to 4.0.2 (#6215) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/e0b68c6749509c5f83f984dd99a76a1c1a231044...0cfda1dd0a4ad9efc75517f399d859cd1ea4ced1) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/prbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 85ac5f4a1c7..3d048c6b418 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -292,7 +292,7 @@ jobs: make check-coverage - name: codeCoverage if: ${{ success() }} - uses: codecov/codecov-action@e0b68c6749509c5f83f984dd99a76a1c1a231044 # v4.0.1 + uses: codecov/codecov-action@0cfda1dd0a4ad9efc75517f399d859cd1ea4ced1 # v4.0.2 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.out From afaca6464817aeb9ca46266d5ca62db960fd719f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 15:41:47 +0000 Subject: [PATCH 46/83] build(deps): bump github/codeql-action from 3.24.3 to 3.24.5 (#6216) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.24.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/379614612a29c9e28f31f39a59013eb8012a51f0...47b3d888fe66b639e431abf22ebca059152f1eea) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/openssf-scorecard.yaml | 2 +- .github/workflows/trivy-scan.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1b7450385b1..3d45c5b8c8c 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,11 +41,11 @@ jobs: cache: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 + uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: languages: go # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - name: Autobuild - uses: github/codeql-action/autobuild@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 + uses: github/codeql-action/autobuild@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 + uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 diff --git a/.github/workflows/openssf-scorecard.yaml b/.github/workflows/openssf-scorecard.yaml index cfd9bc82ed4..3b6182af84c 100644 --- a/.github/workflows/openssf-scorecard.yaml +++ b/.github/workflows/openssf-scorecard.yaml @@ -37,6 +37,6 @@ jobs: name: SARIF file path: results.sarif - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 + uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: sarif_file: results.sarif diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml index ba8971bc312..6e43359f979 100644 --- a/.github/workflows/trivy-scan.yaml +++ b/.github/workflows/trivy-scan.yaml @@ -35,6 +35,6 @@ jobs: output: 'trivy-results.sarif' ignore-unfixed: true severity: 'HIGH,CRITICAL' - - uses: github/codeql-action/upload-sarif@379614612a29c9e28f31f39a59013eb8012a51f0 # v3.24.3 + - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 with: sarif_file: 'trivy-results.sarif' From 41ecbaa3a9e56e1fc392fbca24b9ea71fe8623f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 28 Feb 2024 17:19:01 +0000 Subject: [PATCH 47/83] build(deps): bump github.com/prometheus/client_golang (#6226) Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.18.0 to 1.19.0. - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/v1.19.0/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.18.0...v1.19.0) --- updated-dependencies: - dependency-name: github.com/prometheus/client_golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index ed58ebd2988..6d46f9d314f 100644 --- a/go.mod +++ b/go.mod @@ -21,9 +21,9 @@ require ( github.com/onsi/ginkgo/v2 v2.15.0 github.com/onsi/gomega v1.31.1 github.com/projectcontour/yages v0.1.0 - github.com/prometheus/client_golang v1.18.0 + github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.47.0 + github.com/prometheus/common v0.48.0 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.8.4 github.com/tsaarni/certyaml v0.9.3 diff --git a/go.sum b/go.sum index 46aefa473fe..791fd734f60 100644 --- a/go.sum +++ b/go.sum @@ -323,13 +323,13 @@ github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4 github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U= github.com/projectcontour/yages v0.1.0 h1:vcFpregOq5TVF0/AXLive1MY4CVMDkgL7/+qbUeIbDs= github.com/projectcontour/yages v0.1.0/go.mod h1:pcJrPa3dP17HwGj2YOfBZ4w5WmC1rSpv/X/sV4wauSw= -github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= -github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= +github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= -github.com/prometheus/common v0.47.0 h1:p5Cz0FNHo7SnWOmWmoRozVcjEp0bIVU8cV7OShpjL1k= -github.com/prometheus/common v0.47.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= +github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= From c4ec1a4cf7b472de55c1ebae0a5deb7e18c898d1 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Wed, 28 Feb 2024 16:16:03 -0500 Subject: [PATCH 48/83] Bump golangci-lint to 1.56.2 (#6182) Signed-off-by: Sunjay Bhatia --- .github/workflows/prbuild.yaml | 2 +- .golangci.yml | 5 ++++- cmd/contour/certgen_test.go | 2 +- cmd/contour/serve.go | 2 +- cmd/contour/servecontext_test.go | 2 +- cmd/contour/shutdownmanager.go | 2 +- hack/golangci-lint | 2 +- internal/dag/httpproxy_processor_test.go | 6 +++--- internal/debug/debug.go | 2 +- internal/featuretests/v3/ingressclass_test.go | 5 ++--- internal/featuretests/v3/mirrorpolicy_test.go | 5 ++--- internal/featuretests/v3/timeoutpolicy_test.go | 7 +++---- internal/health/health.go | 2 +- internal/httpsvc/http_test.go | 4 ++-- internal/provisioner/controller/gateway_test.go | 6 +++--- internal/provisioner/controller/gatewayclass_test.go | 8 ++++---- .../provisioner/objects/contourconfig/contourconfig.go | 2 +- internal/provisioner/objects/object_test.go | 4 ++-- internal/sorter/sorter_test.go | 2 +- internal/xds/v3/callbacks.go | 4 ++-- internal/xds/v3/contour_test.go | 6 +++--- test/e2e/gateway/backend_tls_policy_test.go | 2 +- test/e2e/gateway/gateway_test.go | 2 +- test/e2e/http.go | 2 +- 24 files changed, 43 insertions(+), 43 deletions(-) diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 3d048c6b418..15a26cb7932 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -29,7 +29,7 @@ jobs: - name: golangci-lint uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 with: - version: v1.55.2 + version: v1.56.2 # TODO: re-enable linting tools package once https://github.com/projectcontour/contour/issues/5077 # is resolved args: --build-tags=e2e,conformance,gcp,oidc,none --out-format=colored-line-number diff --git a/.golangci.yml b/.golangci.yml index 2f26c14b874..28e4143e019 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -112,4 +112,7 @@ issues: linters: ["bodyclose"] - path: test/e2e linters: ["revive"] - text: "should not use dot imports" \ No newline at end of file + text: "should not use dot imports" + - path: test/e2e + linters: ["testifylint"] + text: "require must only be used in the goroutine running the test function" diff --git a/cmd/contour/certgen_test.go b/cmd/contour/certgen_test.go index 51da72778c1..4fc7be36921 100644 --- a/cmd/contour/certgen_test.go +++ b/cmd/contour/certgen_test.go @@ -274,7 +274,7 @@ func TestOutputFileMode(t *testing.T) { require.NoError(t, OutputCerts(tc.cc, nil, generatedCerts)) - err = filepath.Walk(outputDir, func(path string, info os.FileInfo, err error) error { + err = filepath.Walk(outputDir, func(path string, info os.FileInfo, _ error) error { if !info.IsDir() { assert.Equal(t, os.FileMode(0o600), info.Mode(), "incorrect mode for file "+path) } diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index 06101fd3b15..1e34abb8083 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -918,7 +918,7 @@ func (x *xdsServer) Start(ctx context.Context) error { log := x.log.WithField("context", "xds") log.Info("waiting for the initial dag to be built") - if err := wait.PollUntilContextCancel(ctx, initialDagBuildPollPeriod, true, func(ctx context.Context) (done bool, err error) { + if err := wait.PollUntilContextCancel(ctx, initialDagBuildPollPeriod, true, func(context.Context) (done bool, err error) { return x.initialDagBuilt(), nil }); err != nil { return fmt.Errorf("failed to wait for initial dag build, %w", err) diff --git a/cmd/contour/servecontext_test.go b/cmd/contour/servecontext_test.go index 641a3c0ff44..ead418fec96 100644 --- a/cmd/contour/servecontext_test.go +++ b/cmd/contour/servecontext_test.go @@ -232,7 +232,7 @@ func TestServeContextCertificateHandling(t *testing.T) { } if err == nil { expectedCert, _ := tc.serverCredentials.X509Certificate() - assert.Equal(t, receivedCert, &expectedCert) + assert.Equal(t, &expectedCert, receivedCert) } }) } diff --git a/cmd/contour/shutdownmanager.go b/cmd/contour/shutdownmanager.go index 4677523bd67..305a5303903 100644 --- a/cmd/contour/shutdownmanager.go +++ b/cmd/contour/shutdownmanager.go @@ -154,7 +154,7 @@ func (s *shutdownContext) shutdownHandler() { Duration: 200 * time.Millisecond, Factor: 5.0, Jitter: 0.1, - }, func(err error) bool { + }, func(error) bool { // Always retry any error. return true }, func() error { diff --git a/hack/golangci-lint b/hack/golangci-lint index 41cab2c0ee1..7f42f661bb4 100755 --- a/hack/golangci-lint +++ b/hack/golangci-lint @@ -1,3 +1,3 @@ #! /usr/bin/env bash -go run github.com/golangci/golangci-lint/cmd/golangci-lint@v1.55.2 "$@" +go run github.com/golangci/golangci-lint/cmd/golangci-lint@v1.56.2 "$@" diff --git a/internal/dag/httpproxy_processor_test.go b/internal/dag/httpproxy_processor_test.go index bda49fef6fb..d1f30a17c82 100644 --- a/internal/dag/httpproxy_processor_test.go +++ b/internal/dag/httpproxy_processor_test.go @@ -737,7 +737,7 @@ func TestValidateExternalAuthExtensionService(t *testing.T) { }, }, want: nil, - getExtensionCluster: func(name string) *ExtensionCluster { + getExtensionCluster: func(string) *ExtensionCluster { return &ExtensionCluster{ Name: "test", } @@ -770,7 +770,7 @@ func TestValidateExternalAuthExtensionService(t *testing.T) { Namespace: "ns", }, }, - getExtensionCluster: func(name string) *ExtensionCluster { + getExtensionCluster: func(string) *ExtensionCluster { return nil }, want: nil, @@ -788,7 +788,7 @@ func TestValidateExternalAuthExtensionService(t *testing.T) { Namespace: "ns", }, }, - getExtensionCluster: func(name string) *ExtensionCluster { + getExtensionCluster: func(string) *ExtensionCluster { return &ExtensionCluster{ Name: "test", } diff --git a/internal/debug/debug.go b/internal/debug/debug.go index da6d1cffcdb..67fcfd619fc 100644 --- a/internal/debug/debug.go +++ b/internal/debug/debug.go @@ -56,7 +56,7 @@ func registerProfile(mux *http.ServeMux) { } func registerDotWriter(mux *http.ServeMux, builder *dag.Builder) { - mux.HandleFunc("/debug/dag", func(w http.ResponseWriter, r *http.Request) { + mux.HandleFunc("/debug/dag", func(w http.ResponseWriter, _ *http.Request) { dw := &dotWriter{ Builder: builder, } diff --git a/internal/featuretests/v3/ingressclass_test.go b/internal/featuretests/v3/ingressclass_test.go index f056ca88d1c..b26758d73eb 100644 --- a/internal/featuretests/v3/ingressclass_test.go +++ b/internal/featuretests/v3/ingressclass_test.go @@ -24,7 +24,6 @@ import ( "k8s.io/utils/ptr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" @@ -254,7 +253,7 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { // no configured ingress.class, anything else on object - fail func TestIngressClassAnnotation_NotConfigured(t *testing.T) { - rh, c, done := setup(t, func(reh *contour.EventHandler) {}) + rh, c, done := setup(t) defer done() svc := fixture.NewService("kuard"). @@ -766,7 +765,7 @@ func TestIngressClassResource_Configured(t *testing.T) { } func TestIngressClassResource_NotConfigured(t *testing.T) { - rh, c, done := setup(t, func(reh *contour.EventHandler) {}) + rh, c, done := setup(t) defer done() svc := fixture.NewService("kuard"). diff --git a/internal/featuretests/v3/mirrorpolicy_test.go b/internal/featuretests/v3/mirrorpolicy_test.go index 31cdcd763e3..5bea114cd3a 100644 --- a/internal/featuretests/v3/mirrorpolicy_test.go +++ b/internal/featuretests/v3/mirrorpolicy_test.go @@ -23,13 +23,12 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/contour" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" ) func TestMirrorPolicy(t *testing.T) { - rh, c, done := setup(t, func(reh *contour.EventHandler) {}) + rh, c, done := setup(t) defer done() svc1 := fixture.NewService("kuard"). @@ -87,7 +86,7 @@ func TestMirrorPolicy(t *testing.T) { } func TestFractionalMirrorPolicy(t *testing.T) { - rh, c, done := setup(t, func(reh *contour.EventHandler) {}) + rh, c, done := setup(t) defer done() svc1 := fixture.NewService("kuard"). diff --git a/internal/featuretests/v3/timeoutpolicy_test.go b/internal/featuretests/v3/timeoutpolicy_test.go index 30406748d5d..a19bcb9f6c9 100644 --- a/internal/featuretests/v3/timeoutpolicy_test.go +++ b/internal/featuretests/v3/timeoutpolicy_test.go @@ -24,14 +24,13 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/contour" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" ) func TestTimeoutPolicyRequestTimeout(t *testing.T) { - rh, c, done := setup(t, func(reh *contour.EventHandler) {}) + rh, c, done := setup(t) defer done() svc := fixture.NewService("kuard"). @@ -183,7 +182,7 @@ func TestTimeoutPolicyRequestTimeout(t *testing.T) { } func TestTimeoutPolicyIdleStreamTimeout(t *testing.T) { - rh, c, done := setup(t, func(reh *contour.EventHandler) {}) + rh, c, done := setup(t) defer done() svc := fixture.NewService("kuard"). @@ -238,7 +237,7 @@ func TestTimeoutPolicyIdleStreamTimeout(t *testing.T) { } func TestTimeoutPolicyIdleConnectionTimeout(t *testing.T) { - rh, c, done := setup(t, func(reh *contour.EventHandler) {}) + rh, c, done := setup(t) defer done() svc := fixture.NewService("kuard").WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) diff --git a/internal/health/health.go b/internal/health/health.go index 18b4b14b206..3b4ce4e2a94 100644 --- a/internal/health/health.go +++ b/internal/health/health.go @@ -23,7 +23,7 @@ import ( // Handler returns a http Handler for a health endpoint. func Handler(client *kubernetes.Clientset) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + return http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) { // Try and lookup Kubernetes server version as a quick and dirty check _, err := client.ServerVersion() if err != nil { diff --git a/internal/httpsvc/http_test.go b/internal/httpsvc/http_test.go index 8a7241316a2..89aa70eb2d5 100644 --- a/internal/httpsvc/http_test.go +++ b/internal/httpsvc/http_test.go @@ -39,7 +39,7 @@ func TestHTTPService(t *testing.T) { Port: 8001, FieldLogger: fixture.NewTestLogger(t), } - svc.ServeMux.HandleFunc("/test", func(w http.ResponseWriter, r *http.Request) { + svc.ServeMux.HandleFunc("/test", func(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(http.StatusOK) }) @@ -118,7 +118,7 @@ func TestHTTPSService(t *testing.T) { err = contourCertBeforeRotation.WritePEM(svc.Cert, svc.Key) checkFatalErr(t, err) - svc.ServeMux.HandleFunc("/test", func(w http.ResponseWriter, r *http.Request) { + svc.ServeMux.HandleFunc("/test", func(w http.ResponseWriter, _ *http.Request) { w.WriteHeader(http.StatusOK) }) ctx, cancel := context.WithCancel(context.Background()) diff --git a/internal/provisioner/controller/gateway_test.go b/internal/provisioner/controller/gateway_test.go index ca516d95772..4df131b9486 100644 --- a/internal/provisioner/controller/gateway_test.go +++ b/internal/provisioner/controller/gateway_test.go @@ -1116,7 +1116,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, _ *gatewayapi_v1.Gateway, _ error) { ds := &apps_v1.DaemonSet{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", @@ -1142,7 +1142,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, _ *gatewayapi_v1.Gateway, _ error) { ds := &apps_v1.DaemonSet{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", @@ -1166,7 +1166,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, _ *gatewayapi_v1.Gateway, _ error) { ds := &apps_v1.DaemonSet{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", diff --git a/internal/provisioner/controller/gatewayclass_test.go b/internal/provisioner/controller/gatewayclass_test.go index 484ed0b8576..261a6b01892 100644 --- a/internal/provisioner/controller/gatewayclass_test.go +++ b/internal/provisioner/controller/gatewayclass_test.go @@ -51,7 +51,7 @@ func TestGatewayClassReconcile(t *testing.T) { req: &reconcile.Request{ NamespacedName: types.NamespacedName{Name: "nonexistent"}, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, _ *gatewayapi_v1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) gatewayClasses := &gatewayapi_v1.GatewayClassList{} @@ -537,7 +537,7 @@ func TestGatewayClassReconcile(t *testing.T) { Reason: string(gatewayapi_v1.GatewayClassReasonUnsupportedVersion), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, _ *gatewayClassReconciler, _ *gatewayapi_v1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) }, }, @@ -572,7 +572,7 @@ func TestGatewayClassReconcile(t *testing.T) { Reason: string(gatewayapi_v1.GatewayClassReasonUnsupportedVersion), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, _ *gatewayClassReconciler, _ *gatewayapi_v1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) }, }, @@ -605,7 +605,7 @@ func TestGatewayClassReconcile(t *testing.T) { Reason: string(gatewayapi_v1.GatewayClassReasonUnsupportedVersion), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, _ *gatewayClassReconciler, _ *gatewayapi_v1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) }, }, diff --git a/internal/provisioner/objects/contourconfig/contourconfig.go b/internal/provisioner/objects/contourconfig/contourconfig.go index b2f7b99a97c..1591125851e 100644 --- a/internal/provisioner/objects/contourconfig/contourconfig.go +++ b/internal/provisioner/objects/contourconfig/contourconfig.go @@ -45,7 +45,7 @@ func EnsureContourConfig(ctx context.Context, cli client.Client, contour *model. // being configured correctly for the Gateway being provisioned. setGatewayConfig(desired, contour) - updater := func(ctx context.Context, cli client.Client, current, desired *contour_v1alpha1.ContourConfiguration) error { + updater := func(ctx context.Context, cli client.Client, current, _ *contour_v1alpha1.ContourConfiguration) error { maybeUpdated := current.DeepCopy() setGatewayConfig(maybeUpdated, contour) diff --git a/internal/provisioner/objects/object_test.go b/internal/provisioner/objects/object_test.go index 44317a9b5ad..f5935f9cb63 100644 --- a/internal/provisioner/objects/object_test.go +++ b/internal/provisioner/objects/object_test.go @@ -106,7 +106,7 @@ func TestEnsureObject_ExistingObjectIsUpdated(t *testing.T) { }, } - updater := func(ctx context.Context, client pkgclient.Client, current, desired *core_v1.Service) error { + updater := func(ctx context.Context, client pkgclient.Client, _, desired *core_v1.Service) error { // Set another annotation on "desired" so we can validate that // updater is actually being called. desired = desired.DeepCopy() @@ -157,7 +157,7 @@ func TestEnsureObject_ErrorUpdatingObject(t *testing.T) { }, } - updater := func(ctx context.Context, client pkgclient.Client, current, desired *core_v1.Service) error { + updater := func(_ context.Context, _ pkgclient.Client, _, _ *core_v1.Service) error { return errors.New("update error") } diff --git a/internal/sorter/sorter_test.go b/internal/sorter/sorter_test.go index e86b08b127b..07af161cbbc 100644 --- a/internal/sorter/sorter_test.go +++ b/internal/sorter/sorter_test.go @@ -41,7 +41,7 @@ func shuffleSlice[T any](original []T) []T { } func TestInvalidSorter(t *testing.T) { - assert.Equal(t, nil, For([]string{"invalid"})) + assert.Nil(t, For([]string{"invalid"})) } func TestSortRouteConfiguration(t *testing.T) { diff --git a/internal/xds/v3/callbacks.go b/internal/xds/v3/callbacks.go index 8ada4603ee3..546105afba7 100644 --- a/internal/xds/v3/callbacks.go +++ b/internal/xds/v3/callbacks.go @@ -29,14 +29,14 @@ import ( // OnStreamRequest is implemented. func NewRequestLoggingCallbacks(log logrus.FieldLogger) envoy_server_v3.Callbacks { return &envoy_server_v3.CallbackFuncs{ - StreamOpenFunc: func(ctx context.Context, streamID int64, typeURL string) error { + StreamOpenFunc: func(_ context.Context, streamID int64, typeURL string) error { logStreamOpenDetails(log, streamID, typeURL) return nil }, StreamClosedFunc: func(streamID int64, node *envoy_config_core_v3.Node) { logStreamClosedDetails(log, streamID, node) }, - StreamRequestFunc: func(streamID int64, req *envoy_service_discovery_v3.DiscoveryRequest) error { + StreamRequestFunc: func(_ int64, req *envoy_service_discovery_v3.DiscoveryRequest) error { logDiscoveryRequestDetails(log, req) return nil }, diff --git a/internal/xds/v3/contour_test.go b/internal/xds/v3/contour_test.go index 0000eece017..d2587b6dfa1 100644 --- a/internal/xds/v3/contour_test.go +++ b/internal/xds/v3/contour_test.go @@ -111,7 +111,7 @@ func TestXDSHandlerStream(t *testing.T) { TypeUrl: "io.projectcontour.potato", }, nil }, - send: func(resp *envoy_service_discovery_v3.DiscoveryResponse) error { + send: func(*envoy_service_discovery_v3.DiscoveryResponse) error { return io.EOF }, }, @@ -122,7 +122,7 @@ func TestXDSHandlerStream(t *testing.T) { FieldLogger: log, resources: map[string]xds.Resource{ "io.projectcontour.potato": &mockResource{ - register: func(ch chan int, i int) { + register: func(chan int, int) { // do nothing }, typeurl: func() string { return "io.projectcontour.potato" }, @@ -141,7 +141,7 @@ func TestXDSHandlerStream(t *testing.T) { TypeUrl: "io.projectcontour.potato", }, nil }, - send: func(resp *envoy_service_discovery_v3.DiscoveryResponse) error { + send: func(*envoy_service_discovery_v3.DiscoveryResponse) error { return io.EOF }, }, diff --git a/test/e2e/gateway/backend_tls_policy_test.go b/test/e2e/gateway/backend_tls_policy_test.go index 6193aca3653..40ea54f2cae 100644 --- a/test/e2e/gateway/backend_tls_policy_test.go +++ b/test/e2e/gateway/backend_tls_policy_test.go @@ -111,7 +111,7 @@ func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { } require.NoError(f.T(), f.Client.Create(context.TODO(), backendServerCert)) - f.Fixtures.EchoSecure.Deploy(namespace, "echo-secure", func(deployment *apps_v1.Deployment, service *core_v1.Service) { + f.Fixtures.EchoSecure.Deploy(namespace, "echo-secure", func(_ *apps_v1.Deployment, service *core_v1.Service) { delete(service.Annotations, "projectcontour.io/upstream-protocol.tls") }) diff --git a/test/e2e/gateway/gateway_test.go b/test/e2e/gateway/gateway_test.go index 9ffa6d4de59..c0287e53279 100644 --- a/test/e2e/gateway/gateway_test.go +++ b/test/e2e/gateway/gateway_test.go @@ -315,7 +315,7 @@ var _ = Describe("Gateway API", func() { }, } - return testWithGateway(gateway, gatewayClass, func(namespace string, gateway types.NamespacedName) { + return testWithGateway(gateway, gatewayClass, func(namespace string, _ types.NamespacedName) { BeforeEach(func() { f.Certs.CreateSelfSignedCert(namespace, "tlscert-1", "tlscert-1", "https-1.gateway.projectcontour.io") f.Certs.CreateSelfSignedCert(namespace, "tlscert-2", "tlscert-2", "https-2.gateway.projectcontour.io") diff --git a/test/e2e/http.go b/test/e2e/http.go index 04c147afbec..520c16cccf9 100644 --- a/test/e2e/http.go +++ b/test/e2e/http.go @@ -288,7 +288,7 @@ func (h *HTTP) SecureRequest(opts *HTTPSRequestOpts) (*HTTPResponse, error) { func (h *HTTP) requestUntil(makeRequest func() (*http.Response, error), condition func(*HTTPResponse) bool) (*HTTPResponse, bool) { var res *HTTPResponse - if err := wait.PollUntilContextTimeout(context.Background(), h.RetryInterval, h.RetryTimeout, true, func(ctx context.Context) (bool, error) { + if err := wait.PollUntilContextTimeout(context.Background(), h.RetryInterval, h.RetryTimeout, true, func(context.Context) (bool, error) { r, err := makeRequest() if err != nil { h.t.Logf("request error: %s", err) From a16e749d9278ad4ec24f1ff4fddc883c0fa77559 Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Wed, 28 Feb 2024 14:50:34 -0700 Subject: [PATCH 49/83] use Go 1.22 range over integers syntax (#6214) See https://go.dev/doc/go1.22#language. Signed-off-by: Steve Kriss --- internal/featuretests/v3/route_test.go | 2 +- internal/gatewayapi/listeners.go | 2 +- internal/sorter/sorter.go | 4 ++-- internal/sorter/sorter_test.go | 2 +- test/e2e/bench/bench_test.go | 2 +- test/e2e/deployment.go | 2 +- test/e2e/gateway/response_header_modifier_test.go | 2 +- test/e2e/httpproxy/cookie_rewrite_test.go | 2 +- test/e2e/incluster/memory_usage_test.go | 2 +- test/e2e/incluster/smoke_test.go | 2 +- 10 files changed, 11 insertions(+), 11 deletions(-) diff --git a/internal/featuretests/v3/route_test.go b/internal/featuretests/v3/route_test.go index c5047b74c6c..719737dbae9 100644 --- a/internal/featuretests/v3/route_test.go +++ b/internal/featuretests/v3/route_test.go @@ -988,7 +988,7 @@ func TestRDSAssertNoDataRaceDuringInsertAndStream(t *testing.T) { rh.OnAdd(s1) go func() { - for i := 0; i < 100; i++ { + for i := range 100 { rh.OnAdd(&contour_v1.HTTPProxy{ ObjectMeta: meta_v1.ObjectMeta{ Name: fmt.Sprintf("simple-%d", i), diff --git a/internal/gatewayapi/listeners.go b/internal/gatewayapi/listeners.go index 0a3f6a186ec..c1a7d8b9cc1 100644 --- a/internal/gatewayapi/listeners.go +++ b/internal/gatewayapi/listeners.go @@ -117,7 +117,7 @@ func ValidateListeners(listeners []gatewayapi_v1.Listener) ValidateListenersResu // This allows Listeners that appear first in list // order to take precedence, i.e. to be accepted and // programmed, when there is a conflict. - for j := 0; j < i; j++ { + for j := range i { otherListener := listeners[j] if listener.Port != otherListener.Port { diff --git a/internal/sorter/sorter.go b/internal/sorter/sorter.go index 71e0550e704..fb400a43895 100644 --- a/internal/sorter/sorter.go +++ b/internal/sorter/sorter.go @@ -261,7 +261,7 @@ func compareRoutesByMethodHeaderQueryParams(lhs, rhs *dag.Route) bool { // HeaderMatchConditions are equal length: compare item by item. pair := make([]dag.HeaderMatchCondition, 2) - for i := 0; i < len(lhsHeaderMatchConditions); i++ { + for i := range len(lhsHeaderMatchConditions) { pair[0] = lhsHeaderMatchConditions[i] pair[1] = rhsHeaderMatchConditions[i] @@ -271,7 +271,7 @@ func compareRoutesByMethodHeaderQueryParams(lhs, rhs *dag.Route) bool { } // QueryParamMatchConditions are equal length: compare item by item. - for i := 0; i < len(lhs.QueryParamMatchConditions); i++ { + for i := range len(lhs.QueryParamMatchConditions) { qPair := make([]dag.QueryParamMatchCondition, 2) qPair[0] = lhs.QueryParamMatchConditions[i] qPair[1] = rhs.QueryParamMatchConditions[i] diff --git a/internal/sorter/sorter_test.go b/internal/sorter/sorter_test.go index 07af161cbbc..ccd73616f1b 100644 --- a/internal/sorter/sorter_test.go +++ b/internal/sorter/sorter_test.go @@ -720,7 +720,7 @@ func shuffleAndCheckSort[T any](t *testing.T, want []T) { t.Helper() // Run multiple trials so we catch any ordering/stability errors. - for i := 0; i < 10; i++ { + for range 10 { have := shuffleSlice(want) sort.Stable(For(have)) diff --git a/test/e2e/bench/bench_test.go b/test/e2e/bench/bench_test.go index 57f52095eda..052914962c4 100644 --- a/test/e2e/bench/bench_test.go +++ b/test/e2e/bench/bench_test.go @@ -290,7 +290,7 @@ var _ = Describe("Benchmark", func() { client := &http.Client{ Timeout: time.Millisecond * 500, } - for i := 0; i < numServices; i++ { + for i := range numServices { appName := fmt.Sprintf("echo-%d", i) deployApp(appName) req, err := http.NewRequest(http.MethodGet, "http://"+lbExternalIP, nil) diff --git a/test/e2e/deployment.go b/test/e2e/deployment.go index beb56df0170..6383c78e8f9 100644 --- a/test/e2e/deployment.go +++ b/test/e2e/deployment.go @@ -985,7 +985,7 @@ func (d *Deployment) EnvoyResourceAndName() string { func randomString(n int) string { const letters = "abcdefghijklmnopqrstuvwxyz0123456789" ret := make([]byte, n) - for i := 0; i < n; i++ { + for i := range n { num, err := rand.Int(rand.Reader, big.NewInt(int64(len(letters)))) if err != nil { return "" diff --git a/test/e2e/gateway/response_header_modifier_test.go b/test/e2e/gateway/response_header_modifier_test.go index 0dbb7e1a9ad..c01a9fe5cee 100644 --- a/test/e2e/gateway/response_header_modifier_test.go +++ b/test/e2e/gateway/response_header_modifier_test.go @@ -94,7 +94,7 @@ func testResponseHeaderModifierBackendRef(namespace string, gateway types.Namesp seenBackends := map[string]struct{}{} // Retry a bunch of times to make sure we get to both backends. - for i := 0; i < 20; i++ { + for range 20 { res, ok := f.HTTP.RequestUntil(&e2e.HTTPRequestOpts{ Host: string(route.Spec.Hostnames[0]), Path: "/filter", diff --git a/test/e2e/httpproxy/cookie_rewrite_test.go b/test/e2e/httpproxy/cookie_rewrite_test.go index daa0f33436d..46cfb966d00 100644 --- a/test/e2e/httpproxy/cookie_rewrite_test.go +++ b/test/e2e/httpproxy/cookie_rewrite_test.go @@ -390,7 +390,7 @@ func testAppCookieRewrite(namespace string) { // Rewrite on a service, balancing to multiple services. services := map[string]struct{}{} // Use a few attempts to make sure we hit both services. - for i := 0; i < 20; i++ { + for range 20 { headers = requestSetCookieHeader(false, p.Spec.VirtualHost.Fqdn, "/service", "service=baz; Path=/svc") for headerName, values := range headers { if headerName != "Set-Cookie" { diff --git a/test/e2e/incluster/memory_usage_test.go b/test/e2e/incluster/memory_usage_test.go index ccc6a137e0f..a81aa32b798 100644 --- a/test/e2e/incluster/memory_usage_test.go +++ b/test/e2e/incluster/memory_usage_test.go @@ -53,7 +53,7 @@ func testHeaderMatchIncludesMemoryUsage(namespace string) { numHeaderMatches = 5 ) - for i := 0; i < numChildren; i++ { + for i := range numChildren { include := contour_v1.Include{ Name: fmt.Sprintf("child-%d", i), } diff --git a/test/e2e/incluster/smoke_test.go b/test/e2e/incluster/smoke_test.go index 86042d4189c..4ab72d216b6 100644 --- a/test/e2e/incluster/smoke_test.go +++ b/test/e2e/incluster/smoke_test.go @@ -33,7 +33,7 @@ func testSimpleSmoke(namespace string) { // This test may become flaky and should be investigated if there // are changes that cause differences between the leader and // non-leader contour instances. - for i := 0; i < 20; i++ { + for i := range 20 { f.Fixtures.Echo.Deploy(namespace, fmt.Sprintf("echo-%d", i)) p := &contour_v1.HTTPProxy{ From 5d41cfb4bbae35684d56da962b1c2373d84124ad Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Thu, 29 Feb 2024 07:53:11 -0700 Subject: [PATCH 50/83] test/e2e: add flake attempts for gRPC plaintext E2E (#6228) Updates #6092. Signed-off-by: Steve Kriss --- test/e2e/httpproxy/grpc_test.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/test/e2e/httpproxy/grpc_test.go b/test/e2e/httpproxy/grpc_test.go index a0f5264390d..dbac88b887f 100644 --- a/test/e2e/httpproxy/grpc_test.go +++ b/test/e2e/httpproxy/grpc_test.go @@ -41,7 +41,8 @@ import ( ) func testGRPCServicePlaintext(namespace string) { - Specify("requests to a gRPC service configured with plaintext work as expected", func() { + // Flake tracking issue: https://github.com/projectcontour/contour/issues/6092 + Specify("requests to a gRPC service configured with plaintext work as expected", FlakeAttempts(3), func() { t := f.T() f.Fixtures.GRPC.Deploy(namespace, "grpc-echo") From 67911584e1d6261e43c7c90f8be02041fe46b464 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:25:44 -0500 Subject: [PATCH 51/83] build(deps): bump github.com/prometheus/common from 0.48.0 to 0.49.0 (#6233) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.49.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.49.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6d46f9d314f..f9a02e02852 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/projectcontour/yages v0.1.0 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.48.0 + github.com/prometheus/common v0.49.0 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.8.4 github.com/tsaarni/certyaml v0.9.3 diff --git a/go.sum b/go.sum index 791fd734f60..165b459ce4e 100644 --- a/go.sum +++ b/go.sum @@ -328,8 +328,8 @@ github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdU github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= -github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= -github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= +github.com/prometheus/common v0.49.0 h1:ToNTdK4zSnPVJmh698mGFkDor9wBI/iGaJy5dbH1EgI= +github.com/prometheus/common v0.49.0/go.mod h1:Kxm+EULxRbUkjGU6WFsQqo3ORzB4tyKvlWFOE9mB2sE= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= From 9b5dbe6df2f257886111bdbde56dcf42dd3c14c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:30:02 -0500 Subject: [PATCH 52/83] build(deps): bump the artifact-actions group with 1 update (#6235) Bumps the artifact-actions group with 1 update: [actions/download-artifact](https://github.com/actions/download-artifact). Updates `actions/download-artifact` from 4.1.2 to 4.1.4 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/eaceaf801fd36c7dee90939fad912460b18a1ffe...c850b930e6ba138125429b7e5c93fc707a7f8427) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-patch dependency-group: artifact-actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/prbuild.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 15a26cb7932..348fb5044ca 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -155,7 +155,7 @@ jobs: with: persist-credentials: false - name: Download image - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: image path: image @@ -218,7 +218,7 @@ jobs: # recent release tag. fetch-depth: 0 - name: Download image - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: image path: image @@ -351,7 +351,7 @@ jobs: with: persist-credentials: false - name: Download image - uses: actions/download-artifact@eaceaf801fd36c7dee90939fad912460b18a1ffe # v4.1.2 + uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 with: name: image path: image From a700dafd9ebdb125f38227486e4df55b6bc72c8c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:30:54 -0500 Subject: [PATCH 53/83] build(deps): bump docker/setup-buildx-action from 3.0.0 to 3.1.0 (#6236) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/f95db51fddba0c2d1ec667646a06c2ce06100226...0d103c3126aa41d772a8362f6aa67afac040f80c) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build_main.yaml | 2 +- .github/workflows/build_tag.yaml | 2 +- .github/workflows/prbuild.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_main.yaml b/.github/workflows/build_main.yaml index afcfe6dbea9..0dda1d9e227 100644 --- a/.github/workflows/build_main.yaml +++ b/.github/workflows/build_main.yaml @@ -21,7 +21,7 @@ jobs: with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 with: version: latest - name: Log in to GHCR diff --git a/.github/workflows/build_tag.yaml b/.github/workflows/build_tag.yaml index c53f4fd0991..31a57edd4a7 100644 --- a/.github/workflows/build_tag.yaml +++ b/.github/workflows/build_tag.yaml @@ -31,7 +31,7 @@ jobs: with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 with: version: latest - name: Log in to GHCR diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 348fb5044ca..1bb4583378f 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -105,7 +105,7 @@ jobs: with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0 + uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 with: version: latest - name: Build image From f0c613b74f34de8e34838ecd40d4fde5ce22b439 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:33:09 -0500 Subject: [PATCH 54/83] build(deps): bump codecov/codecov-action from 4.0.2 to 4.1.0 (#6237) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.0.2 to 4.1.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/0cfda1dd0a4ad9efc75517f399d859cd1ea4ced1...54bcd8715eee62d40e33596ef5e8f0f48dbbccab) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/prbuild.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 1bb4583378f..0b2cc935ec6 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -292,7 +292,7 @@ jobs: make check-coverage - name: codeCoverage if: ${{ success() }} - uses: codecov/codecov-action@0cfda1dd0a4ad9efc75517f399d859cd1ea4ced1 # v4.0.2 + uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 with: token: ${{ secrets.CODECOV_TOKEN }} files: coverage.out From 157fb67727416962fffcc1430ece82fd166dfe3e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:34:09 -0500 Subject: [PATCH 55/83] build(deps): bump github/codeql-action from 3.24.5 to 3.24.6 (#6238) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.5 to 3.24.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/47b3d888fe66b639e431abf22ebca059152f1eea...8a470fddafa5cbb6266ee11b37ef4d8aae19c571) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/openssf-scorecard.yaml | 2 +- .github/workflows/trivy-scan.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 3d45c5b8c8c..909b5ff6db3 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,11 +41,11 @@ jobs: cache: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + uses: github/codeql-action/init@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 with: languages: go # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - name: Autobuild - uses: github/codeql-action/autobuild@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + uses: github/codeql-action/autobuild@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + uses: github/codeql-action/analyze@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 diff --git a/.github/workflows/openssf-scorecard.yaml b/.github/workflows/openssf-scorecard.yaml index 3b6182af84c..9162186b312 100644 --- a/.github/workflows/openssf-scorecard.yaml +++ b/.github/workflows/openssf-scorecard.yaml @@ -37,6 +37,6 @@ jobs: name: SARIF file path: results.sarif - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 with: sarif_file: results.sarif diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml index 6e43359f979..142a2dbefd9 100644 --- a/.github/workflows/trivy-scan.yaml +++ b/.github/workflows/trivy-scan.yaml @@ -35,6 +35,6 @@ jobs: output: 'trivy-results.sarif' ignore-unfixed: true severity: 'HIGH,CRITICAL' - - uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5 + - uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 with: sarif_file: 'trivy-results.sarif' From 4e543e3f99d2ea7373641d8e88b4ee61aa0acc67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 10:35:48 -0500 Subject: [PATCH 56/83] build(deps): bump actions/cache from 4.0.0 to 4.0.1 (#6239) Bumps [actions/cache](https://github.com/actions/cache) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/13aacd865c20de90d75de3b17ebe84f7a17d57d2...ab5e6d0c87105b4c9c2047343972218f562e4319) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build_daily.yaml | 8 ++++---- .github/workflows/build_tag.yaml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/label_check.yaml | 2 +- .github/workflows/prbuild.yaml | 12 ++++++------ 5 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/build_daily.yaml b/.github/workflows/build_daily.yaml index bbe56506efc..4f7467b3c3a 100644 --- a/.github/workflows/build_daily.yaml +++ b/.github/workflows/build_daily.yaml @@ -22,7 +22,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) @@ -58,7 +58,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) @@ -94,7 +94,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) @@ -133,7 +133,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) diff --git a/.github/workflows/build_tag.yaml b/.github/workflows/build_tag.yaml index 31a57edd4a7..936b5022a05 100644 --- a/.github/workflows/build_tag.yaml +++ b/.github/workflows/build_tag.yaml @@ -59,7 +59,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 909b5ff6db3..e00b1d2651e 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -25,7 +25,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) diff --git a/.github/workflows/label_check.yaml b/.github/workflows/label_check.yaml index 43cb9dbb48d..de5e80b6c2c 100644 --- a/.github/workflows/label_check.yaml +++ b/.github/workflows/label_check.yaml @@ -47,7 +47,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 0b2cc935ec6..8c92797260d 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -66,7 +66,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) @@ -159,7 +159,7 @@ jobs: with: name: image path: image - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) @@ -222,7 +222,7 @@ jobs: with: name: image path: image - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) @@ -265,7 +265,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) @@ -312,7 +312,7 @@ jobs: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 with: persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Windows) @@ -355,7 +355,7 @@ jobs: with: name: image path: image - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 + - uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1 with: # * Module download cache # * Build cache (Linux) From 5081138fa4277a47ba4fefbf22d6e1dfa313ccc1 Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Mon, 4 Mar 2024 09:33:41 -0700 Subject: [PATCH 57/83] use multi-arch golang base image (#6243) Allows builds on multiple architectures. Signed-off-by: Steve Kriss --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 89c903169e4..3b5476bfeff 100644 --- a/Makefile +++ b/Makefile @@ -44,7 +44,7 @@ endif IMAGE_PLATFORMS ?= linux/amd64,linux/arm64 # Base build image to use. -BUILD_BASE_IMAGE ?= golang:1.22.0@sha256:53048e8f87cb42d5dfb620423479e1acf2d178038c77c61b97ed5d4165e574dc +BUILD_BASE_IMAGE ?= golang:1.22.0@sha256:7b297d9abee021bab9046e492506b3c2da8a3722cbf301653186545ecc1e00bb # Enable build with CGO. BUILD_CGO_ENABLED ?= 0 From b08ab87d46d324465f2d4cb47fb70fb1e8def810 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Mar 2024 16:44:51 +0000 Subject: [PATCH 58/83] build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#6234) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 4 ++-- go.sum | 9 ++++----- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/go.mod b/go.mod index f9a02e02852..4407933794c 100644 --- a/go.mod +++ b/go.mod @@ -25,7 +25,7 @@ require ( github.com/prometheus/client_model v0.6.0 github.com/prometheus/common v0.49.0 github.com/sirupsen/logrus v1.9.3 - github.com/stretchr/testify v1.8.4 + github.com/stretchr/testify v1.9.0 github.com/tsaarni/certyaml v0.9.3 github.com/vektra/mockery/v2 v2.42.0 go.uber.org/automaxprocs v1.5.3 @@ -115,7 +115,7 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/viper v1.15.0 // indirect - github.com/stretchr/objx v0.5.1 // indirect + github.com/stretchr/objx v0.5.2 // indirect github.com/subosito/gotenv v1.4.2 // indirect github.com/tsaarni/x500dn v1.0.0 // indirect github.com/xhit/go-str2duration/v2 v2.1.0 // indirect diff --git a/go.sum b/go.sum index 165b459ce4e..d1396516a4c 100644 --- a/go.sum +++ b/go.sum @@ -361,8 +361,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= -github.com/stretchr/objx v0.5.1 h1:4VhoImhV/Bm0ToFkXFi8hXNXwpDRZ/ynw3amt82mzq0= -github.com/stretchr/objx v0.5.1/go.mod h1:/iHQpkQwBD6DLUmQ4pE+s1TXdob1mORJ4/UFdrifcy0= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -372,9 +372,8 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= -github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= github.com/tsaarni/certyaml v0.9.3 h1:m8HHbuUzWVUOmv8IQU9HgVZZ8r5ICExKm++54DJKCs0= From 53e9159f9c9abde3aad7d87a77dc49e7c45ff2d5 Mon Sep 17 00:00:00 2001 From: yangyang Date: Tue, 5 Mar 2024 01:14:46 +0800 Subject: [PATCH 59/83] Fix for specifying a health check port with an ExternalName Service (#6230) Signed-off-by: yangyang --- changelogs/unreleased/6230-yangyy93-small.md | 1 + internal/envoy/v3/cluster_test.go | 47 ++++++++++++ internal/envoy/v3/endpoint.go | 6 +- internal/envoy/v3/endpoint_test.go | 76 ++++++++++++++++++++ 4 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 changelogs/unreleased/6230-yangyy93-small.md diff --git a/changelogs/unreleased/6230-yangyy93-small.md b/changelogs/unreleased/6230-yangyy93-small.md new file mode 100644 index 00000000000..bc07a9b327f --- /dev/null +++ b/changelogs/unreleased/6230-yangyy93-small.md @@ -0,0 +1 @@ +Fix for specifying a health check port with an ExternalName Service. diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index d8b4670a7fe..79ea1525873 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -72,6 +72,29 @@ func TestCluster(t *testing.T) { }, } + s3 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ + Name: "kuard", + Namespace: "default", + }, + Spec: core_v1.ServiceSpec{ + ExternalName: "foo.io", + Ports: []core_v1.ServicePort{ + { + Name: "http", + Protocol: "TCP", + Port: 443, + TargetPort: intstr.FromInt(8080), + }, { + Name: "health-check", + Protocol: "TCP", + Port: 8998, + TargetPort: intstr.FromInt(8998), + }, + }, + }, + } + svcExternal := &core_v1.Service{ ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", @@ -196,6 +219,17 @@ func TestCluster(t *testing.T) { LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), }, }, + "externalName service healthcheckport": { + cluster: &dag.Cluster{ + Upstream: healthcheckService(s3), + }, + want: &envoy_config_cluster_v3.Cluster{ + Name: "default/kuard/443/da39a3ee5e", + AltStatName: "default_kuard_443", + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), + LoadAssignment: ExternalNameClusterLoadAssignment(healthcheckService(s3)), + }, + }, "externalName service - dns-lookup-family v4": { cluster: &dag.Cluster{ Upstream: service(s2), @@ -1192,3 +1226,16 @@ func service(s *core_v1.Service, protocols ...string) *dag.Service { Protocol: protocol, } } + +func healthcheckService(s *core_v1.Service) *dag.Service { + return &dag.Service{ + Weighted: dag.WeightedService{ + Weight: 1, + ServiceName: s.Name, + ServiceNamespace: s.Namespace, + ServicePort: s.Spec.Ports[0], + HealthPort: s.Spec.Ports[1], + }, + ExternalName: s.Spec.ExternalName, + } +} diff --git a/internal/envoy/v3/endpoint.go b/internal/envoy/v3/endpoint.go index 823a36204bd..395c067442d 100644 --- a/internal/envoy/v3/endpoint.go +++ b/internal/envoy/v3/endpoint.go @@ -77,11 +77,15 @@ func ClusterLoadAssignment(name string, addrs ...*envoy_config_core_v3.Address) // ExternalNameClusterLoadAssignment creates a *envoy_config_endpoint_v3.ClusterLoadAssignment pointing to service's ExternalName DNS address. func ExternalNameClusterLoadAssignment(service *dag.Service) *envoy_config_endpoint_v3.ClusterLoadAssignment { - return ClusterLoadAssignment( + cla := ClusterLoadAssignment( xds.ClusterLoadAssignmentName( types.NamespacedName{Name: service.Weighted.ServiceName, Namespace: service.Weighted.ServiceNamespace}, service.Weighted.ServicePort.Name, ), SocketAddress(service.ExternalName, int(service.Weighted.ServicePort.Port)), ) + if service.Weighted.ServicePort.Port != service.Weighted.HealthPort.Port { + cla.Endpoints[0].LbEndpoints[0].GetEndpoint().HealthCheckConfig = HealthCheckConfig(service.Weighted.HealthPort.Port) + } + return cla } diff --git a/internal/envoy/v3/endpoint_test.go b/internal/envoy/v3/endpoint_test.go index a1de3f2598a..1bb8f3a2ad6 100644 --- a/internal/envoy/v3/endpoint_test.go +++ b/internal/envoy/v3/endpoint_test.go @@ -18,7 +18,10 @@ import ( envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" "github.com/stretchr/testify/require" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/protobuf" ) @@ -97,3 +100,76 @@ func TestClusterLoadAssignment(t *testing.T) { protobuf.RequireEqual(t, want, got) } + +func TestExternalNameClusterLoadAssignment(t *testing.T) { + s1 := &dag.Service{ + Weighted: dag.WeightedService{ + Weight: 1, + ServiceName: "kuard", + ServiceNamespace: "default", + ServicePort: core_v1.ServicePort{ + Name: "http", + Protocol: "TCP", + Port: 80, + TargetPort: intstr.FromInt32(8080), + }, + HealthPort: core_v1.ServicePort{ + Name: "http", + Protocol: "TCP", + Port: 80, + TargetPort: intstr.FromInt32(8080), + }, + }, + ExternalName: "foo.io", + } + + s2 := &dag.Service{ + Weighted: dag.WeightedService{ + Weight: 1, + ServiceName: "kuard", + ServiceNamespace: "default", + ServicePort: core_v1.ServicePort{ + Name: "http", + Protocol: "TCP", + Port: 80, + TargetPort: intstr.FromInt32(8080), + }, + HealthPort: core_v1.ServicePort{ + Name: "http", + Protocol: "TCP", + Port: 8998, + TargetPort: intstr.FromInt32(8998), + }, + }, + ExternalName: "foo.io", + } + + got := ExternalNameClusterLoadAssignment(s1) + want := &envoy_config_endpoint_v3.ClusterLoadAssignment{ + ClusterName: "default/kuard/http", + Endpoints: Endpoints( + SocketAddress("foo.io", 80), + ), + } + protobuf.RequireEqual(t, want, got) + + got = ExternalNameClusterLoadAssignment(s2) + want = &envoy_config_endpoint_v3.ClusterLoadAssignment{ + ClusterName: "default/kuard/http", + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ + { + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ + { + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ + Address: SocketAddress("foo.io", 80), + HealthCheckConfig: HealthCheckConfig(8998), + }, + }, + }, + }, + }, + }, + } + protobuf.RequireEqual(t, want, got) +} From e64a50a9b16158cd598746ed7465061a3366ab6c Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Tue, 5 Mar 2024 12:10:45 -0700 Subject: [PATCH 60/83] examples: update envoy/ratelimit image tag (#6246) Updates to 19f2079f tag (the latest). Signed-off-by: Steve Kriss --- changelogs/unreleased/6246-skriss-small.md | 1 + examples/ratelimit/02-ratelimit.yaml | 4 ++-- .../docs/main/guides/global-rate-limiting.md | 16 ++++++++-------- 3 files changed, 11 insertions(+), 10 deletions(-) create mode 100644 changelogs/unreleased/6246-skriss-small.md diff --git a/changelogs/unreleased/6246-skriss-small.md b/changelogs/unreleased/6246-skriss-small.md new file mode 100644 index 00000000000..be0bf9fa7d1 --- /dev/null +++ b/changelogs/unreleased/6246-skriss-small.md @@ -0,0 +1 @@ +Updates the example `envoyproxy/ratelimit` image tag to `19f2079f`, for multi-arch support and other improvements. \ No newline at end of file diff --git a/examples/ratelimit/02-ratelimit.yaml b/examples/ratelimit/02-ratelimit.yaml index dc1ccc99ab7..d66be0db608 100644 --- a/examples/ratelimit/02-ratelimit.yaml +++ b/examples/ratelimit/02-ratelimit.yaml @@ -44,7 +44,7 @@ spec: - name: REDIS_URL value: redis:6379 - name: ratelimit - image: docker.io/envoyproxy/ratelimit:8d6488ea # latest a/o Mar 24 2022 + image: docker.io/envoyproxy/ratelimit:19f2079f # latest a/o Mar 5 2024 ports: - containerPort: 8080 name: http @@ -83,7 +83,7 @@ spec: initialDelaySeconds: 5 periodSeconds: 5 volumes: - - name: ratelimit-config + - name: ratelimit-config configMap: name: ratelimit-config diff --git a/site/content/docs/main/guides/global-rate-limiting.md b/site/content/docs/main/guides/global-rate-limiting.md index c2ff23edd27..99a3c45d1bc 100644 --- a/site/content/docs/main/guides/global-rate-limiting.md +++ b/site/content/docs/main/guides/global-rate-limiting.md @@ -44,7 +44,7 @@ data: ratelimit-config.yaml: | domain: contour descriptors: - + # requests with a descriptor of ["generic_key": "foo"] # are limited to one per minute. - key: generic_key @@ -52,7 +52,7 @@ data: rate_limit: unit: minute requests_per_unit: 1 - + # each unique remote address (i.e. client IP) # is limited to three requests per minute. - key: remote_address @@ -90,7 +90,7 @@ spec: - name: REDIS_URL value: redis:6379 - name: ratelimit - image: docker.io/envoyproxy/ratelimit:6f5de117 + image: docker.io/envoyproxy/ratelimit:19f2079f ports: - containerPort: 8080 name: http @@ -129,7 +129,7 @@ spec: initialDelaySeconds: 5 periodSeconds: 5 volumes: - - name: ratelimit-config + - name: ratelimit-config configMap: name: ratelimit-config ``` @@ -155,7 +155,7 @@ spec: Check the progress of the deployment: ```bash -$ kubectl -n projectcontour get pods -l app=ratelimit +$ kubectl -n projectcontour get pods -l app=ratelimit NAME READY STATUS RESTARTS AGE ratelimit-658f4b8f6b-2hnrf 2/2 Running 0 12s ``` @@ -181,7 +181,7 @@ spec: - name: ratelimit port: 8081 timeoutPolicy: - response: 100ms + response: 100ms ``` Update the Contour configmap to have the following RLS configuration: @@ -332,7 +332,7 @@ spec: ## Default Global rate limit policy Contour supports defining a default global rate limit policy in the `rateLimitService` configuration -which is applied to all virtual hosts unless the host is opted-out by +which is applied to all virtual hosts unless the host is opted-out by explicitly setting `disabled` to `true`. This is useful for a single-tenant setup use-case. This means you don't have to edit all HTTPProxy objects with the same rate limit policies, instead you can define the policies in the `rateLimitService` configuration like this: @@ -413,7 +413,7 @@ descriptors: rate_limit: unit: minute requests_per_unit: 1 - + # each unique remote address (i.e. client IP) # is limited to three total requests per minute. - key: remote_address From 7ab17487df2927b3f5327430d74f50310b706248 Mon Sep 17 00:00:00 2001 From: Seth Epps <18355267+seth-epps@users.noreply.github.com> Date: Wed, 6 Mar 2024 17:02:20 -0500 Subject: [PATCH 61/83] Ignore all loopback IPs in local ip grep (#6245) Signed-off-by: Seth Epps --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 3b5476bfeff..294ebac80ed 100644 --- a/Makefile +++ b/Makefile @@ -12,7 +12,7 @@ GATEWAY_API_VERSION ?= $(shell grep "sigs.k8s.io/gateway-api" go.mod | awk '{pri # Used to supply a local Envoy docker container an IP to connect to that is running # 'contour serve'. On MacOS this will work, but may not on other OSes. Defining # LOCALIP as an env var before running 'make local' will solve that. -LOCALIP ?= $(shell ifconfig | grep inet | grep -v '::' | grep -v 127.0.0.1 | head -n1 | awk '{print $$2}') +LOCALIP ?= $(shell ifconfig | grep inet | grep -v '::' | grep -v 'inet 127.' | head -n1 | awk '{print $$2}') # Variables needed for running e2e tests. CONTOUR_E2E_LOCAL_HOST ?= $(LOCALIP) From 31ad9bae3a46f86517659dccf5219f16c2536efd Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Wed, 6 Mar 2024 17:38:51 -0700 Subject: [PATCH 62/83] test/e2e/gateway: check service as part of request condition (#6251) For the RequestHeaderModifierBackendRef test, check the service reached by the request as part of the eventual consistency condition to avoid issues with test pollution. Signed-off-by: Steve Kriss --- .../gateway/request_header_modifier_test.go | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/test/e2e/gateway/request_header_modifier_test.go b/test/e2e/gateway/request_header_modifier_test.go index 8d8814ac552..f3a824d6711 100644 --- a/test/e2e/gateway/request_header_modifier_test.go +++ b/test/e2e/gateway/request_header_modifier_test.go @@ -92,13 +92,18 @@ func testRequestHeaderModifierBackendRef(namespace string, gateway types.Namespa "Replace-Header": "Tobe-Replaced", }), }, - Condition: e2e.HasStatusCode(200), + Condition: func(h *e2e.HTTPResponse) bool { + if !e2e.HasStatusCode(200)(h) { + return false + } + body := f.GetEchoResponseBody(h.Body) + return body.Namespace == namespace && body.Service == "echo-header-filter" + }, }) require.NotNil(t, res, "request never succeeded") require.Truef(t, ok, "expected 200 response code, got %d", res.StatusCode) - body := f.GetEchoResponseBody(res.Body) - assert.Equal(t, "echo-header-filter", body.Service) + body := f.GetEchoResponseBody(res.Body) assert.Equal(t, "Foo", body.RequestHeaders.Get("My-Header")) assert.Equal(t, "Bar", body.RequestHeaders.Get("Replace-Header")) @@ -114,13 +119,17 @@ func testRequestHeaderModifierBackendRef(namespace string, gateway types.Namespa "Other-Header": "Exist", }), }, - Condition: e2e.HasStatusCode(200), + Condition: func(h *e2e.HTTPResponse) bool { + if !e2e.HasStatusCode(200)(h) { + return false + } + body := f.GetEchoResponseBody(h.Body) + return body.Namespace == namespace && body.Service == "echo-header-nofilter" + }, }) require.NotNil(t, res, "request never succeeded") require.Truef(t, ok, "expected 200 response code, got %d", res.StatusCode) body = f.GetEchoResponseBody(res.Body) - assert.Equal(t, "echo-header-nofilter", body.Service) - assert.Equal(t, "Exist", body.RequestHeaders.Get("Other-Header")) _, found = body.RequestHeaders["My-Header"] From a740314e158df13683afddeab24cb1ae8c79ea0c Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Thu, 7 Mar 2024 09:42:05 -0700 Subject: [PATCH 63/83] use a separate snapshot cache for EDS (#6250) - Triggers only EDS updates when endpoints change - Does not trigger EDS updates when only non-endpoints change Updates #2134. Signed-off-by: Steve Kriss --- changelogs/unreleased/6250-skriss-small.md | 1 + cmd/contour/serve.go | 9 +- internal/protobuf/helpers.go | 17 +-- internal/protobuf/helpers_test.go | 19 ++++ .../xdscache/v3/endpointslicetranslator.go | 3 + internal/xdscache/v3/endpointstranslator.go | 3 + internal/xdscache/v3/snapshot.go | 107 +++++++++++++----- 7 files changed, 110 insertions(+), 49 deletions(-) create mode 100644 changelogs/unreleased/6250-skriss-small.md diff --git a/changelogs/unreleased/6250-skriss-small.md b/changelogs/unreleased/6250-skriss-small.md new file mode 100644 index 00000000000..9a93efe2d60 --- /dev/null +++ b/changelogs/unreleased/6250-skriss-small.md @@ -0,0 +1 @@ +In the `envoy` go-control-plane xDS server, use a separate snapshot cache for Endpoints, to minimize the amount of unnecessary xDS traffic generated. \ No newline at end of file diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index 1e34abb8083..0697b45a2f8 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -23,7 +23,6 @@ import ( "time" "github.com/alecthomas/kingpin/v2" - envoy_cache_v3 "github.com/envoyproxy/go-control-plane/pkg/cache/v3" envoy_server_v3 "github.com/envoyproxy/go-control-plane/pkg/server/v3" "github.com/prometheus/client_golang/prometheus" "github.com/sirupsen/logrus" @@ -510,11 +509,7 @@ func (s *Server) doServe() error { var snapshotHandler *xdscache_v3.SnapshotHandler if contourConfiguration.XDSServer.Type == contour_v1alpha1.EnvoyServerType { - snapshotHandler = xdscache_v3.NewSnapshotHandler( - resources, - envoy_cache_v3.NewSnapshotCache(false, &contour_xds_v3.Hash, s.log.WithField("context", "snapshotCache")), - s.log.WithField("context", "snapshotHandler"), - ) + snapshotHandler = xdscache_v3.NewSnapshotHandler(resources, s.log.WithField("context", "snapshotHandler")) // register observer for endpoints updates. endpointHandler.SetObserver(contour.ComposeObservers(snapshotHandler)) @@ -929,7 +924,7 @@ func (x *xdsServer) Start(ctx context.Context) error { switch x.config.Type { case contour_v1alpha1.EnvoyServerType: - contour_xds_v3.RegisterServer(envoy_server_v3.NewServer(ctx, x.snapshotHandler.SnapshotCache, contour_xds_v3.NewRequestLoggingCallbacks(log)), grpcServer) + contour_xds_v3.RegisterServer(envoy_server_v3.NewServer(ctx, x.snapshotHandler.GetCache(), contour_xds_v3.NewRequestLoggingCallbacks(log)), grpcServer) case contour_v1alpha1.ContourServerType: contour_xds_v3.RegisterServer(contour_xds_v3.NewContourServer(log, xdscache.ResourcesOf(x.resources)...), grpcServer) default: diff --git a/internal/protobuf/helpers.go b/internal/protobuf/helpers.go index eda795c7322..560d11d2017 100644 --- a/internal/protobuf/helpers.go +++ b/internal/protobuf/helpers.go @@ -15,8 +15,6 @@ package protobuf import ( - "reflect" - "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/wrapperspb" @@ -42,21 +40,18 @@ func UInt32OrNil(val uint32) *wrapperspb.UInt32Value { } } -// AsMessages casts the given slice of values (that implement the proto.Message +// AsMessages converts the given slice of values (that implement the proto.Message // interface) to a slice of proto.Message. If the length of the slice is 0, it // returns nil. -func AsMessages(messages any) []proto.Message { - v := reflect.ValueOf(messages) - if v.Len() == 0 { +func AsMessages[T proto.Message](messages []T) []proto.Message { + if len(messages) == 0 { return nil } - protos := make([]proto.Message, v.Len()) - - for i := range protos { - protos[i] = v.Index(i).Interface().(proto.Message) + protos := make([]proto.Message, len(messages)) + for i, message := range messages { + protos[i] = message } - return protos } diff --git a/internal/protobuf/helpers_test.go b/internal/protobuf/helpers_test.go index 6e7331c9f3d..c02d852b0fc 100644 --- a/internal/protobuf/helpers_test.go +++ b/internal/protobuf/helpers_test.go @@ -16,7 +16,9 @@ package protobuf import ( "testing" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "google.golang.org/protobuf/types/known/wrapperspb" ) @@ -29,3 +31,20 @@ func TestU32Default(t *testing.T) { assert.Equal(t, wrapperspb.UInt32(99), UInt32OrDefault(0, 99)) assert.Equal(t, wrapperspb.UInt32(1), UInt32OrDefault(1, 99)) } + +func TestAsMessages(t *testing.T) { + assert.Nil(t, AsMessages([]*envoy_config_cluster_v3.Cluster{})) + + in := []*envoy_config_cluster_v3.Cluster{ + {Name: "cluster-1"}, + {Name: "cluster-2"}, + {Name: "cluster-3"}, + {Name: "cluster-4"}, + } + out := AsMessages(in) + + require.Len(t, out, len(in)) + for i := range in { + assert.EqualValues(t, in[i], out[i]) + } +} diff --git a/internal/xdscache/v3/endpointslicetranslator.go b/internal/xdscache/v3/endpointslicetranslator.go index 65fa809e149..a4266ea7f9b 100644 --- a/internal/xdscache/v3/endpointslicetranslator.go +++ b/internal/xdscache/v3/endpointslicetranslator.go @@ -351,6 +351,9 @@ func (e *EndpointSliceTranslator) OnChange(root *dag.DAG) { if changed { e.Debug("cluster load assignments changed, notifying waiters") e.Notify() + if e.Observer != nil { + e.Observer.Refresh() + } } else { e.Debug("cluster load assignments did not change") } diff --git a/internal/xdscache/v3/endpointstranslator.go b/internal/xdscache/v3/endpointstranslator.go index 240a927ebb9..5095dc84ce3 100644 --- a/internal/xdscache/v3/endpointstranslator.go +++ b/internal/xdscache/v3/endpointstranslator.go @@ -326,6 +326,9 @@ func (e *EndpointsTranslator) OnChange(root *dag.DAG) { if changed { e.Debug("cluster load assignments changed, notifying waiters") e.Notify() + if e.Observer != nil { + e.Observer.Refresh() + } } else { e.Debug("cluster load assignments did not change") } diff --git a/internal/xdscache/v3/snapshot.go b/internal/xdscache/v3/snapshot.go index 7842dbd884b..0c806a6fe88 100644 --- a/internal/xdscache/v3/snapshot.go +++ b/internal/xdscache/v3/snapshot.go @@ -15,13 +15,14 @@ package v3 import ( "context" - "reflect" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" envoy_types "github.com/envoyproxy/go-control-plane/pkg/cache/types" envoy_cache_v3 "github.com/envoyproxy/go-control-plane/pkg/cache/v3" envoy_resource_v3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/google/uuid" "github.com/sirupsen/logrus" + "google.golang.org/protobuf/proto" "github.com/projectcontour/contour/internal/dag" contour_xds_v3 "github.com/projectcontour/contour/internal/xds/v3" @@ -29,46 +30,91 @@ import ( ) // SnapshotHandler responds to DAG builds via the OnChange() -// event and generates and caches go-control-plane Snapshots. +// event and Endpoint updates via the Refresh() event and +// generates and caches go-control-plane Snapshots. type SnapshotHandler struct { - // SnapshotCache contains go-control-plane Snapshots - // and is used by the go-control-plane xDS server. - SnapshotCache envoy_cache_v3.SnapshotCache - - // resources contains the Contour xDS resource caches. - resources map[envoy_resource_v3.Type]xdscache.ResourceCache - log logrus.FieldLogger + resources map[envoy_resource_v3.Type]xdscache.ResourceCache + defaultCache envoy_cache_v3.SnapshotCache + edsCache envoy_cache_v3.SnapshotCache + mux *envoy_cache_v3.MuxCache + log logrus.FieldLogger } // NewSnapshotHandler returns an instance of SnapshotHandler. -func NewSnapshotHandler(resources []xdscache.ResourceCache, snapshotCache envoy_cache_v3.SnapshotCache, logger logrus.FieldLogger) *SnapshotHandler { - return &SnapshotHandler{ - resources: parseResources(resources), - SnapshotCache: snapshotCache, - log: logger, +func NewSnapshotHandler(resources []xdscache.ResourceCache, log logrus.FieldLogger) *SnapshotHandler { + var ( + defaultCache = envoy_cache_v3.NewSnapshotCache(false, &contour_xds_v3.Hash, log.WithField("context", "defaultCache")) + edsCache = envoy_cache_v3.NewSnapshotCache(false, &contour_xds_v3.Hash, log.WithField("context", "edsCache")) + + mux = &envoy_cache_v3.MuxCache{ + Caches: map[string]envoy_cache_v3.Cache{ + envoy_resource_v3.ListenerType: defaultCache, + envoy_resource_v3.ClusterType: defaultCache, + envoy_resource_v3.RouteType: defaultCache, + envoy_resource_v3.SecretType: defaultCache, + envoy_resource_v3.RuntimeType: defaultCache, + envoy_resource_v3.EndpointType: edsCache, + }, + Classify: func(req *envoy_service_discovery_v3.DiscoveryRequest) string { + return req.GetTypeUrl() + }, + ClassifyDelta: func(dr *envoy_cache_v3.DeltaRequest) string { + return dr.GetTypeUrl() + }, + } + ) + + sh := &SnapshotHandler{ + resources: parseResources(resources), + defaultCache: defaultCache, + edsCache: edsCache, + mux: mux, + log: log, } + + // Trigger an initial snapshot, based on any static values + // present in the resource caches. + sh.OnChange(nil) + + return sh +} + +// GetCache returns the MuxCache, which multiplexes requests across +// underlying caches. +func (s *SnapshotHandler) GetCache() envoy_cache_v3.Cache { + return s.mux } // Refresh is called when the EndpointsTranslator updates values -// in its cache. +// in its cache. It updates the EDS cache. func (s *SnapshotHandler) Refresh() { - s.generateNewSnapshot() + version := uuid.NewString() + + resources := map[envoy_resource_v3.Type][]envoy_types.Resource{ + envoy_resource_v3.EndpointType: asResources(s.resources[envoy_resource_v3.EndpointType].Contents()), + } + + snapshot, err := envoy_cache_v3.NewSnapshot(version, resources) + if err != nil { + s.log.Errorf("failed to generate snapshot version %q: %s", version, err) + return + } + + if err := s.edsCache.SetSnapshot(context.Background(), contour_xds_v3.Hash.String(), snapshot); err != nil { + s.log.Errorf("failed to store snapshot version %q: %s", version, err) + return + } } // OnChange is called when the DAG is rebuilt and a new snapshot is needed. +// It creates and caches a new go-control-plane Snapshot based on the +// contents of the Contour xDS resource caches. func (s *SnapshotHandler) OnChange(*dag.DAG) { - s.generateNewSnapshot() -} - -// generateNewSnapshot creates and caches a new go-control-plane -// Snapshot based on the contents of the Contour xDS resource caches. -func (s *SnapshotHandler) generateNewSnapshot() { // Generate new snapshot version. version := uuid.NewString() // Convert caches to envoy xDS Resources. resources := map[envoy_resource_v3.Type][]envoy_types.Resource{ - envoy_resource_v3.EndpointType: asResources(s.resources[envoy_resource_v3.EndpointType].Contents()), envoy_resource_v3.ClusterType: asResources(s.resources[envoy_resource_v3.ClusterType].Contents()), envoy_resource_v3.RouteType: asResources(s.resources[envoy_resource_v3.RouteType].Contents()), envoy_resource_v3.ListenerType: asResources(s.resources[envoy_resource_v3.ListenerType].Contents()), @@ -82,25 +128,24 @@ func (s *SnapshotHandler) generateNewSnapshot() { return } - if err := s.SnapshotCache.SetSnapshot(context.Background(), contour_xds_v3.Hash.String(), snapshot); err != nil { + if err := s.defaultCache.SetSnapshot(context.Background(), contour_xds_v3.Hash.String(), snapshot); err != nil { s.log.Errorf("failed to store snapshot version %q: %s", version, err) return } } -// asResources casts the given slice of values (that implement the envoy_types.Resource +// asResources converts the given slice of values (that implement the envoy_types.Resource // interface) to a slice of envoy_types.Resource. If the length of the slice is 0, it // returns nil. -func asResources(messages any) []envoy_types.Resource { - v := reflect.ValueOf(messages) - if v.Len() == 0 { +func asResources[T proto.Message](messages []T) []envoy_types.Resource { + if len(messages) == 0 { return nil } - protos := make([]envoy_types.Resource, v.Len()) + protos := make([]envoy_types.Resource, len(messages)) - for i := range protos { - protos[i] = v.Index(i).Interface().(envoy_types.Resource) + for i, resource := range messages { + protos[i] = resource } return protos From 85cc0b70e83ec41bb825baa72c65a0e362bde346 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Thu, 7 Mar 2024 14:33:08 -0500 Subject: [PATCH 64/83] test/e2e/gateway: prevent tcproute test causing pollution (#6252) use a less generic name for echo backend Service so we can see if this test is causing pollution issues also ensure tcproute is deleted in test and route no longer functions to prevent the effective wildcard host from affecting other tests Signed-off-by: Sunjay Bhatia --- test/e2e/gateway/tcproute_test.go | 21 ++++++++++++++++--- test/e2e/http.go | 34 +++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 3 deletions(-) diff --git a/test/e2e/gateway/tcproute_test.go b/test/e2e/gateway/tcproute_test.go index 4e3d4ea05f9..033928d0501 100644 --- a/test/e2e/gateway/tcproute_test.go +++ b/test/e2e/gateway/tcproute_test.go @@ -16,6 +16,8 @@ package gateway import ( + "context" + . "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -33,7 +35,7 @@ func testTCPRoute(namespace string, gateway types.NamespacedName) { Specify("A TCPRoute does L4 TCP proxying of traffic for its Listener port", func() { t := f.T() - f.Fixtures.Echo.Deploy(namespace, "echo") + f.Fixtures.Echo.Deploy(namespace, "echo-tcproute-backend") route := &gatewayapi_v1alpha2.TCPRoute{ ObjectMeta: meta_v1.ObjectMeta{ @@ -51,7 +53,7 @@ func testTCPRoute(namespace string, gateway types.NamespacedName) { }, Rules: []gatewayapi_v1alpha2.TCPRouteRule{ { - BackendRefs: gatewayapi.TLSRouteBackendRef("echo", 80, ptr.To(int32(1))), + BackendRefs: gatewayapi.TLSRouteBackendRef("echo-tcproute-backend", 80, ptr.To(int32(1))), }, }, }, @@ -64,12 +66,25 @@ func testTCPRoute(namespace string, gateway types.NamespacedName) { Condition: e2e.HasStatusCode(200), }) assert.Truef(t, ok, "expected 200 response code, got %d", res.StatusCode) - assert.Equal(t, "echo", f.GetEchoResponseBody(res.Body).Service) + assert.Equal(t, "echo-tcproute-backend", f.GetEchoResponseBody(res.Body).Service) // Envoy is expected to add the "server: envoy" and // "x-envoy-upstream-service-time" HTTP headers when // proxying HTTP; this ensures we are proxying TCP only. assert.Equal(t, "", res.Headers.Get("server")) assert.Equal(t, "", res.Headers.Get("x-envoy-upstream-service-time")) + + // Delete route and wait for config to no longer be present so this + // test doesn't pollute others. This route effectively matches all + // hostnames so it can affect other tests. + require.NoError(t, f.Client.Delete(context.Background(), route)) + require.Eventually(t, func() bool { + _, err := f.HTTP.Request(&e2e.HTTPRequestOpts{}) + return err != nil + }, f.RetryTimeout, f.RetryInterval, "expected request to eventually fail") + require.Never(t, func() bool { + _, err := f.HTTP.Request(&e2e.HTTPRequestOpts{}) + return err == nil + }, f.RetryTimeout, f.RetryInterval, "expected request to never succeed after failing") }) } diff --git a/test/e2e/http.go b/test/e2e/http.go index 520c16cccf9..c5b35d11a0a 100644 --- a/test/e2e/http.go +++ b/test/e2e/http.go @@ -134,6 +134,40 @@ func (h *HTTP) RequestUntil(opts *HTTPRequestOpts) (*HTTPResponse, bool) { return h.requestUntil(makeRequest, opts.Condition) } +// Request makes a single HTTP request with the provided parameters +// and returns the HTTP response or an error. Note that opts.Condition is +// ignored by this method. +// +// In general, E2E's should use RequestUntil instead of this method since +// RequestUntil will retry requests to account for eventual consistency and +// other ephemeral issues. +func (h *HTTP) Request(opts *HTTPRequestOpts) (*HTTPResponse, error) { + req, err := http.NewRequest(http.MethodGet, opts.requestURLBase(h.HTTPURLBase)+opts.Path, nil) + require.NoError(h.t, err, "error creating HTTP request") + + req.Host = opts.Host + for _, opt := range opts.RequestOpts { + opt(req) + } + + client := httpClient(opts.ClientOpts...) + + r, err := client.Do(req) + if err != nil { + return nil, err + } + defer r.Body.Close() + + bodyBytes, err := io.ReadAll(r.Body) + require.NoError(h.t, err) + + return &HTTPResponse{ + StatusCode: r.StatusCode, + Headers: r.Header, + Body: bodyBytes, + }, nil +} + func OptDontFollowRedirects(c *http.Client) { // Per CheckRedirect godoc: "As a special case, if // CheckRedirect returns ErrUseLastResponse, then From fe9e9d79dc26e59918f742eba386606f6e74d358 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 10 Mar 2024 19:17:56 -0400 Subject: [PATCH 65/83] build(deps): bump github.com/prometheus/common from 0.49.0 to 0.50.0 (#6259) Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.49.0 to 0.50.0. - [Release notes](https://github.com/prometheus/common/releases) - [Commits](https://github.com/prometheus/common/compare/v0.49.0...v0.50.0) --- updated-dependencies: - dependency-name: github.com/prometheus/common dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 14 +++++++------- go.sum | 28 ++++++++++++++-------------- 2 files changed, 21 insertions(+), 21 deletions(-) diff --git a/go.mod b/go.mod index 4407933794c..4d2b6266302 100644 --- a/go.mod +++ b/go.mod @@ -23,17 +23,17 @@ require ( github.com/projectcontour/yages v0.1.0 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 - github.com/prometheus/common v0.49.0 + github.com/prometheus/common v0.50.0 github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.9.0 github.com/tsaarni/certyaml v0.9.3 github.com/vektra/mockery/v2 v2.42.0 go.uber.org/automaxprocs v1.5.3 - golang.org/x/oauth2 v0.17.0 + golang.org/x/oauth2 v0.18.0 gonum.org/v1/plot v0.14.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 google.golang.org/grpc v1.62.0 - google.golang.org/protobuf v1.32.0 + google.golang.org/protobuf v1.33.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.29.2 k8s.io/apiextensions-apiserver v0.29.2 @@ -119,13 +119,13 @@ require ( github.com/subosito/gotenv v1.4.2 // indirect github.com/tsaarni/x500dn v1.0.0 // indirect github.com/xhit/go-str2duration/v2 v2.1.0 // indirect - golang.org/x/crypto v0.19.0 // indirect + golang.org/x/crypto v0.21.0 // indirect golang.org/x/exp v0.0.0-20231226003508-02704c960a9b // indirect golang.org/x/image v0.11.0 // indirect golang.org/x/mod v0.14.0 // indirect - golang.org/x/net v0.21.0 // indirect - golang.org/x/sys v0.17.0 // indirect - golang.org/x/term v0.17.0 // indirect + golang.org/x/net v0.22.0 // indirect + golang.org/x/sys v0.18.0 // indirect + golang.org/x/term v0.18.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.17.0 // indirect diff --git a/go.sum b/go.sum index d1396516a4c..2cabdf2364b 100644 --- a/go.sum +++ b/go.sum @@ -328,8 +328,8 @@ github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdU github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= -github.com/prometheus/common v0.49.0 h1:ToNTdK4zSnPVJmh698mGFkDor9wBI/iGaJy5dbH1EgI= -github.com/prometheus/common v0.49.0/go.mod h1:Kxm+EULxRbUkjGU6WFsQqo3ORzB4tyKvlWFOE9mB2sE= +github.com/prometheus/common v0.50.0 h1:YSZE6aa9+luNa2da6/Tik0q0A5AbR+U003TItK57CPQ= +github.com/prometheus/common v0.50.0/go.mod h1:wHFBCEVWVmHMUpg7pYcOm2QUR/ocQdYSJVQJKnHc3xQ= github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo= github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -415,8 +415,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -492,8 +492,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4= -golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -503,8 +503,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.17.0 h1:6m3ZPmLEFdVxKKWnKq4VqZ60gutO35zm+zrAHVmHyDQ= -golang.org/x/oauth2 v0.17.0/go.mod h1:OzPDGQiuQMguemayvdylqddI7qcD9lnSDb+1FiwQ5HA= +golang.org/x/oauth2 v0.18.0 h1:09qnuIAgzdx1XplqJvW6CQqMCtGZykZWcXzPMPUusvI= +golang.org/x/oauth2 v0.18.0/go.mod h1:Wf7knwG0MPoWIMMBgFlEaSUDaKskp0dCfrlJRJXbBi8= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -564,13 +564,13 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -755,8 +755,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.32.0 h1:pPC6BG5ex8PDFnkbrGU3EixyhKcQ2aDuBS36lqK/C7I= -google.golang.org/protobuf v1.32.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= +google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= From e164532362d159f2441ed87f285e291e8a20396d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 10 Mar 2024 19:44:03 -0400 Subject: [PATCH 66/83] build(deps): bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#6256) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.17.0 to 0.18.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/84384bd6e777ef152729993b8145ea352e9dd3ef...062f2592684a31eb3aa050cc61e7ca1451cecd3d) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/trivy-scan.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml index 142a2dbefd9..b6baeec38d7 100644 --- a/.github/workflows/trivy-scan.yaml +++ b/.github/workflows/trivy-scan.yaml @@ -27,7 +27,7 @@ jobs: with: persist-credentials: false ref: ${{ matrix.branch }} - - uses: aquasecurity/trivy-action@84384bd6e777ef152729993b8145ea352e9dd3ef # 0.17.0 + - uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0 with: scanners: vuln scan-type: 'fs' From 4c08b6175464e631e534e8ca256f0819f1917289 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Mar 2024 08:29:48 -0600 Subject: [PATCH 67/83] build(deps): bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0 (#6261) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.15.0 to 2.16.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.15.0...v2.16.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4d2b6266302..3a7e3881eef 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/google/uuid v1.6.0 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 - github.com/onsi/ginkgo/v2 v2.15.0 + github.com/onsi/ginkgo/v2 v2.16.0 github.com/onsi/gomega v1.31.1 github.com/projectcontour/yages v0.1.0 github.com/prometheus/client_golang v1.19.0 diff --git a/go.sum b/go.sum index 2cabdf2364b..02ecb414b1b 100644 --- a/go.sum +++ b/go.sum @@ -303,8 +303,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY= -github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM= +github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM= +github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= From fee514619ce40d3bc02713bafeec30965a69a20b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Mar 2024 08:30:11 -0600 Subject: [PATCH 68/83] build(deps): bump github.com/cert-manager/cert-manager (#6260) Bumps [github.com/cert-manager/cert-manager](https://github.com/cert-manager/cert-manager) from 1.14.3 to 1.14.4. - [Release notes](https://github.com/cert-manager/cert-manager/releases) - [Commits](https://github.com/cert-manager/cert-manager/compare/v1.14.3...v1.14.4) --- updated-dependencies: - dependency-name: github.com/cert-manager/cert-manager dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 3a7e3881eef..d0724d93e26 100644 --- a/go.mod +++ b/go.mod @@ -8,7 +8,7 @@ require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/alecthomas/kingpin/v2 v2.4.0 github.com/bombsimon/logrusr/v4 v4.1.0 - github.com/cert-manager/cert-manager v1.14.3 + github.com/cert-manager/cert-manager v1.14.4 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc github.com/distribution/reference v0.5.0 github.com/envoyproxy/go-control-plane v0.12.1-0.20240111020705-5401a878d8bb diff --git a/go.sum b/go.sum index 02ecb414b1b..38f38977148 100644 --- a/go.sum +++ b/go.sum @@ -68,8 +68,8 @@ github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.4.1 h1:iKLQ0xPNFxR/2hzXZMrBo8f1j86j5WHzznCCQxV/b8g= github.com/census-instrumentation/opencensus-proto v0.4.1/go.mod h1:4T9NM4+4Vw91VeyqjLS6ao50K5bOcLKN6Q42XnYaRYw= -github.com/cert-manager/cert-manager v1.14.3 h1:u1TVd/bD4NnAFjttzOyZYV0iOcoMGGoNfrLvSdx7a70= -github.com/cert-manager/cert-manager v1.14.3/go.mod h1:pik7K6jXfgh++lfVJ/i1HzEnDluSUtTVLXSHikj8Lho= +github.com/cert-manager/cert-manager v1.14.4 h1:DLXIZHx3jhkViYfobXo+N7/od/oj4YgG6AJw4ORJnYs= +github.com/cert-manager/cert-manager v1.14.4/go.mod h1:d+CBeRu5MbpHTfXkkiiamUhnfdvhbThoOPwilU4UM98= github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chigopher/pathlib v0.19.1 h1:RoLlUJc0CqBGwq239cilyhxPNLXTK+HXoASGyGznx5A= From 19b303628b2a483594f2c1921ede179f88b54bd9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 11 Mar 2024 08:30:54 -0600 Subject: [PATCH 69/83] build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1 (#6263) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.62.0 to 1.62.1. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](https://github.com/grpc/grpc-go/compare/v1.62.0...v1.62.1) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index d0724d93e26..301b91bd3c8 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( golang.org/x/oauth2 v0.18.0 gonum.org/v1/plot v0.14.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 - google.golang.org/grpc v1.62.0 + google.golang.org/grpc v1.62.1 google.golang.org/protobuf v1.33.0 gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.29.2 diff --git a/go.sum b/go.sum index 38f38977148..65681ebb7dc 100644 --- a/go.sum +++ b/go.sum @@ -741,8 +741,8 @@ google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= -google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk= -google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= +google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk= +google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 035fa05b23b5b3704557e1baa11d2976b03f7566 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Mon, 11 Mar 2024 13:41:54 -0400 Subject: [PATCH 70/83] Bump golang to 1.22.1 for CVEs (#6265) See release notes: https://go.dev/doc/devel/release#go1.22.0 https://github.com/golang/go/issues/65831 is the most relevant CVE backport for Contour Signed-off-by: Sunjay Bhatia --- .github/workflows/build_daily.yaml | 2 +- .github/workflows/build_tag.yaml | 2 +- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/prbuild.yaml | 2 +- Makefile | 2 +- changelogs/unreleased/6181-sunjayBhatia-small.md | 1 - changelogs/unreleased/6265-sunjayBhatia-small.md | 1 + 7 files changed, 6 insertions(+), 6 deletions(-) delete mode 100644 changelogs/unreleased/6181-sunjayBhatia-small.md create mode 100644 changelogs/unreleased/6265-sunjayBhatia-small.md diff --git a/.github/workflows/build_daily.yaml b/.github/workflows/build_daily.yaml index 4f7467b3c3a..4e9455c762b 100644 --- a/.github/workflows/build_daily.yaml +++ b/.github/workflows/build_daily.yaml @@ -13,7 +13,7 @@ permissions: env: GOPROXY: https://proxy.golang.org/ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GO_VERSION: 1.22.0 + GO_VERSION: 1.22.1 jobs: e2e-envoy-xds: diff --git a/.github/workflows/build_tag.yaml b/.github/workflows/build_tag.yaml index 936b5022a05..41a86b32447 100644 --- a/.github/workflows/build_tag.yaml +++ b/.github/workflows/build_tag.yaml @@ -19,7 +19,7 @@ permissions: env: GOPROXY: https://proxy.golang.org/ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GO_VERSION: 1.22.0 + GO_VERSION: 1.22.1 jobs: build: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index e00b1d2651e..c4bc6ec2d03 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -14,7 +14,7 @@ permissions: env: GOPROXY: https://proxy.golang.org/ - GO_VERSION: 1.22.0 + GO_VERSION: 1.22.1 jobs: CodeQL-Build: diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 8c92797260d..98de343aab6 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -14,7 +14,7 @@ permissions: env: GOPROXY: https://proxy.golang.org/ SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - GO_VERSION: 1.22.0 + GO_VERSION: 1.22.1 jobs: lint: runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 294ebac80ed..c4a6f750f54 100644 --- a/Makefile +++ b/Makefile @@ -44,7 +44,7 @@ endif IMAGE_PLATFORMS ?= linux/amd64,linux/arm64 # Base build image to use. -BUILD_BASE_IMAGE ?= golang:1.22.0@sha256:7b297d9abee021bab9046e492506b3c2da8a3722cbf301653186545ecc1e00bb +BUILD_BASE_IMAGE ?= golang:1.22.1@sha256:34ce21a9696a017249614876638ea37ceca13cdd88f582caad06f87a8aa45bf3 # Enable build with CGO. BUILD_CGO_ENABLED ?= 0 diff --git a/changelogs/unreleased/6181-sunjayBhatia-small.md b/changelogs/unreleased/6181-sunjayBhatia-small.md deleted file mode 100644 index 40389a1bd86..00000000000 --- a/changelogs/unreleased/6181-sunjayBhatia-small.md +++ /dev/null @@ -1 +0,0 @@ -Updates to Go 1.22.0. See the [Go release notes](https://go.dev/doc/go1.22) for more information. diff --git a/changelogs/unreleased/6265-sunjayBhatia-small.md b/changelogs/unreleased/6265-sunjayBhatia-small.md new file mode 100644 index 00000000000..4da8bf71353 --- /dev/null +++ b/changelogs/unreleased/6265-sunjayBhatia-small.md @@ -0,0 +1 @@ +Updates to Go 1.22.1. See the [Go release notes](https://go.dev/doc/devel/release#go1.22.minor) for more information. From bc301a1ec58081e3f2a10be37b4389a8148130eb Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Tue, 12 Mar 2024 10:59:26 -0600 Subject: [PATCH 71/83] use envoy xDS server for featuretests (#6255) Updates #2134. Signed-off-by: Steve Kriss --- internal/featuretests/v3/cluster_test.go | 14 +++++----- internal/featuretests/v3/endpoints_test.go | 8 ++---- internal/featuretests/v3/featuretests.go | 19 ++++++------- internal/featuretests/v3/secrets_test.go | 18 ++++-------- internal/xdscache/v3/snapshot.go | 32 ++++++++++++---------- 5 files changed, 41 insertions(+), 50 deletions(-) diff --git a/internal/featuretests/v3/cluster_test.go b/internal/featuretests/v3/cluster_test.go index aedeb82c842..6569461cf04 100644 --- a/internal/featuretests/v3/cluster_test.go +++ b/internal/featuretests/v3/cluster_test.go @@ -20,6 +20,7 @@ import ( envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/sirupsen/logrus" + "github.com/stretchr/testify/assert" "google.golang.org/protobuf/types/known/wrapperspb" core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" @@ -1097,9 +1098,6 @@ func TestUnreferencedService(t *testing.T) { rh, c, done := setup(t) defer done() - // Equals(...) only checks resources, so explicitly - // check version & nonce here and subsequently. - // This service which is added should cause a DAG rebuild s1 := fixture.NewService("kuard"). WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) @@ -1141,7 +1139,8 @@ func TestUnreferencedService(t *testing.T) { ), TypeUrl: clusterType, }) - res.assertEqualVersion(t, "1") + vers := res.VersionInfo + // This service which is added should not cause a DAG rebuild s2 := fixture.NewService("kuard-notreferenced"). WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) @@ -1154,7 +1153,8 @@ func TestUnreferencedService(t *testing.T) { ), TypeUrl: clusterType, }) - res.assertEqualVersion(t, "1") + assert.Equal(t, vers, res.VersionInfo) + // verifying that deleting a Service that is not referenced by an HTTPProxy, // does not trigger a rebuild rh.OnDelete(s2) @@ -1165,11 +1165,11 @@ func TestUnreferencedService(t *testing.T) { ), TypeUrl: clusterType, }) - res.assertEqualVersion(t, "1") + assert.Equal(t, vers, res.VersionInfo) // verifying that deleting a Service that is referenced by an HTTPProxy, // triggers a rebuild rh.OnDelete(s1) res = c.Request(clusterType) - res.assertEqualVersion(t, "2") + assert.NotEqual(t, vers, res.VersionInfo) } diff --git a/internal/featuretests/v3/endpoints_test.go b/internal/featuretests/v3/endpoints_test.go index 4a1ee075aaa..e05298c0e04 100644 --- a/internal/featuretests/v3/endpoints_test.go +++ b/internal/featuretests/v3/endpoints_test.go @@ -242,12 +242,8 @@ func TestEndpointFilter(t *testing.T) { ), }) - c.Request(endpointType, "default/kuard/bar").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ - TypeUrl: endpointType, - Resources: resources(t, - envoy_v3.ClusterLoadAssignment("default/kuard/bar"), - ), - }) + // Nonexistent endpoint shouldn't return anything. + c.Request(endpointType, "default/kuard/bar").Equals(&envoy_service_discovery_v3.DiscoveryResponse{}) } // issue 602, test that an update from N endpoints diff --git a/internal/featuretests/v3/featuretests.go b/internal/featuretests/v3/featuretests.go index deb22209c04..67e0f428890 100644 --- a/internal/featuretests/v3/featuretests.go +++ b/internal/featuretests/v3/featuretests.go @@ -32,6 +32,7 @@ import ( envoy_service_route_v3 "github.com/envoyproxy/go-control-plane/envoy/service/route/v3" envoy_service_secret_v3 "github.com/envoyproxy/go-control-plane/envoy/service/secret/v3" resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" + envoy_server_v3 "github.com/envoyproxy/go-control-plane/pkg/server/v3" "github.com/prometheus/client_golang/prometheus" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" @@ -109,6 +110,9 @@ func setup(t *testing.T, opts ...any) (ResourceEventHandlerWrapper, *Contour, fu } } + snapshotHandler := xdscache_v3.NewSnapshotHandler(resources, log) + et.SetObserver(snapshotHandler) + registry := prometheus.NewRegistry() builder := &dag.Builder{ @@ -150,7 +154,7 @@ func setup(t *testing.T, opts ...any) (ResourceEventHandlerWrapper, *Contour, fu HoldoffMaxDelay: time.Duration(rand.Intn(500)) * time.Millisecond, Observer: contour.NewRebuildMetricsObserver( metrics.NewMetrics(registry), - dag.ComposeObservers(xdscache.ObserversOf(resources)...), + dag.ComposeObservers(append(xdscache.ObserversOf(resources), snapshotHandler)...), ), Builder: builder, }, func() bool { return true }) @@ -159,7 +163,7 @@ func setup(t *testing.T, opts ...any) (ResourceEventHandlerWrapper, *Contour, fu require.NoError(t, err) srv := xds.NewServer(registry) - contour_xds_v3.RegisterServer(contour_xds_v3.NewContourServer(log, xdscache.ResourcesOf(resources)...), srv) + contour_xds_v3.RegisterServer(envoy_server_v3.NewServer(context.Background(), snapshotHandler.GetCache(), contour_xds_v3.NewRequestLoggingCallbacks(log)), srv) var wg sync.WaitGroup ctx, cancel := context.WithCancel(context.Background()) @@ -478,15 +482,10 @@ type Response struct { func (r *Response) Equals(want *envoy_service_discovery_v3.DiscoveryResponse) *Contour { r.Helper() + sort.Slice(want.Resources, func(i, j int) bool { return string(want.Resources[i].Value) < string(want.Resources[j].Value) }) + sort.Slice(r.Resources, func(i, j int) bool { return string(r.Resources[i].Value) < string(r.Resources[j].Value) }) + protobuf.RequireEqual(r.T, want.Resources, r.DiscoveryResponse.Resources) return r.Contour } - -// Equals(...) only checks resources, so explicitly -// check version & nonce here and subsequently. -func (r *Response) assertEqualVersion(t *testing.T, expected string) { - t.Helper() - assert.Equal(t, expected, r.VersionInfo, "got unexpected VersionInfo") - assert.Equal(t, expected, r.Nonce, "got unexpected Nonce") -} diff --git a/internal/featuretests/v3/secrets_test.go b/internal/featuretests/v3/secrets_test.go index 37b5ad84137..17867af29c4 100644 --- a/internal/featuretests/v3/secrets_test.go +++ b/internal/featuretests/v3/secrets_test.go @@ -88,12 +88,6 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { rh, c, done := setup(t) defer done() - assertEqualVersion := func(t *testing.T, expected string, r *Response) { - t.Helper() - assert.Equal(t, expected, r.VersionInfo, "got unexpected VersionInfo") - assert.Equal(t, expected, r.Nonce, "got unexpected Nonce") - } - svc1 := fixture.NewService("backend"). WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) @@ -131,9 +125,7 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, secret(s1)), }) - // Equals(...) only checks resources, so explicitly - // check version & nonce here and subsequently. - assertEqualVersion(t, "2", res) + vers := res.VersionInfo // verify that requesting the same resource without change // does not bump the current version_info. @@ -141,7 +133,7 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, secret(s1)), }) - assertEqualVersion(t, "2", res) + assert.Equal(t, vers, res.VersionInfo) // s2 is not referenced by any active ingress object. s2 := &core_v1.Secret{ @@ -158,7 +150,7 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, secret(s1)), }) - assertEqualVersion(t, "2", res) + assert.Equal(t, vers, res.VersionInfo) // Verify that deleting an unreferenced secret does not // bump the current version_info. @@ -167,14 +159,14 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, secret(s1)), }) - assertEqualVersion(t, "2", res) + assert.Equal(t, vers, res.VersionInfo) // Verify that deleting a referenced secret does // bump the current version_info. rh.OnDelete(s1) res = c.Request(secretType) res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{}) - assertEqualVersion(t, "3", res) + assert.NotEqual(t, vers, res.VersionInfo) } // issue 1169, an invalid certificate should not be diff --git a/internal/xdscache/v3/snapshot.go b/internal/xdscache/v3/snapshot.go index 0c806a6fe88..7fe84b95faa 100644 --- a/internal/xdscache/v3/snapshot.go +++ b/internal/xdscache/v3/snapshot.go @@ -47,14 +47,7 @@ func NewSnapshotHandler(resources []xdscache.ResourceCache, log logrus.FieldLogg edsCache = envoy_cache_v3.NewSnapshotCache(false, &contour_xds_v3.Hash, log.WithField("context", "edsCache")) mux = &envoy_cache_v3.MuxCache{ - Caches: map[string]envoy_cache_v3.Cache{ - envoy_resource_v3.ListenerType: defaultCache, - envoy_resource_v3.ClusterType: defaultCache, - envoy_resource_v3.RouteType: defaultCache, - envoy_resource_v3.SecretType: defaultCache, - envoy_resource_v3.RuntimeType: defaultCache, - envoy_resource_v3.EndpointType: edsCache, - }, + Caches: map[string]envoy_cache_v3.Cache{}, Classify: func(req *envoy_service_discovery_v3.DiscoveryRequest) string { return req.GetTypeUrl() }, @@ -64,6 +57,14 @@ func NewSnapshotHandler(resources []xdscache.ResourceCache, log logrus.FieldLogg } ) + for _, resourceCache := range resources { + if typeURL := resourceCache.TypeURL(); typeURL == envoy_resource_v3.EndpointType { + mux.Caches[typeURL] = edsCache + } else { + mux.Caches[typeURL] = defaultCache + } + } + sh := &SnapshotHandler{ resources: parseResources(resources), defaultCache: defaultCache, @@ -114,12 +115,15 @@ func (s *SnapshotHandler) OnChange(*dag.DAG) { version := uuid.NewString() // Convert caches to envoy xDS Resources. - resources := map[envoy_resource_v3.Type][]envoy_types.Resource{ - envoy_resource_v3.ClusterType: asResources(s.resources[envoy_resource_v3.ClusterType].Contents()), - envoy_resource_v3.RouteType: asResources(s.resources[envoy_resource_v3.RouteType].Contents()), - envoy_resource_v3.ListenerType: asResources(s.resources[envoy_resource_v3.ListenerType].Contents()), - envoy_resource_v3.SecretType: asResources(s.resources[envoy_resource_v3.SecretType].Contents()), - envoy_resource_v3.RuntimeType: asResources(s.resources[envoy_resource_v3.RuntimeType].Contents()), + resources := map[envoy_resource_v3.Type][]envoy_types.Resource{} + + for resourceType, resourceCache := range s.resources { + // Endpoints use their own cache. + if resourceType == envoy_resource_v3.EndpointType { + continue + } + + resources[resourceType] = asResources(resourceCache.Contents()) } snapshot, err := envoy_cache_v3.NewSnapshot(version, resources) From 23a02979a57880980d0e092a5171ccf506fbb5da Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Tue, 12 Mar 2024 10:59:54 -0600 Subject: [PATCH 72/83] change default xDS server to envoy (#6146) The default xDS server implementation is now `envoy`, i.e. the go-control-plane implementation. Updates #2134. Signed-off-by: Steve Kriss --- .github/workflows/build_daily.yaml | 4 +-- apis/projectcontour/v1alpha1/contourconfig.go | 4 +-- .../unreleased/6146-skriss-deprecation.md | 5 ++++ changelogs/unreleased/6146-skriss-major.md | 25 +++++++++++++++++++ cmd/contour/servecontext_test.go | 2 +- examples/contour/01-contour-config.yaml | 2 +- examples/contour/01-crds.yaml | 4 +-- examples/render/contour-deployment.yaml | 6 ++--- .../render/contour-gateway-provisioner.yaml | 4 +-- examples/render/contour-gateway.yaml | 4 +-- examples/render/contour.yaml | 6 ++--- .../contourconfig/contourconfiguration.go | 2 +- pkg/config/parameters.go | 4 +-- pkg/config/parameters_test.go | 2 +- .../docs/main/config/api-reference.html | 4 +-- site/content/docs/main/configuration.md | 4 +-- test/e2e/fixtures.go | 4 +-- 17 files changed, 58 insertions(+), 28 deletions(-) create mode 100644 changelogs/unreleased/6146-skriss-deprecation.md create mode 100644 changelogs/unreleased/6146-skriss-major.md diff --git a/.github/workflows/build_daily.yaml b/.github/workflows/build_daily.yaml index 4e9455c762b..3822c5c1839 100644 --- a/.github/workflows/build_daily.yaml +++ b/.github/workflows/build_daily.yaml @@ -16,7 +16,7 @@ env: GO_VERSION: 1.22.1 jobs: - e2e-envoy-xds: + e2e-contour-xds: runs-on: ubuntu-latest steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -43,7 +43,7 @@ jobs: - name: e2e tests env: CONTOUR_E2E_IMAGE: ghcr.io/projectcontour/contour:main - CONTOUR_E2E_XDS_SERVER_TYPE: envoy + CONTOUR_E2E_XDS_SERVER_TYPE: contour run: | make setup-kind-cluster run-e2e cleanup-kind - uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 diff --git a/apis/projectcontour/v1alpha1/contourconfig.go b/apis/projectcontour/v1alpha1/contourconfig.go index f7b896bc693..e967051d7dc 100644 --- a/apis/projectcontour/v1alpha1/contourconfig.go +++ b/apis/projectcontour/v1alpha1/contourconfig.go @@ -101,7 +101,7 @@ type FeatureFlags []string type XDSServerType string const ( - // Use Contour's xDS server. + // Use Contour's xDS server (deprecated). ContourServerType XDSServerType = "contour" // Use the upstream `go-control-plane`-based xDS server. EnvoyServerType XDSServerType = "envoy" @@ -126,7 +126,7 @@ type GlobalCircuitBreakerDefaults struct { type XDSServerConfig struct { // Defines the XDSServer to use for `contour serve`. // - // Values: `contour` (default), `envoy`. + // Values: `envoy` (default), `contour (deprecated)`. // // Other values will produce an error. // +optional diff --git a/changelogs/unreleased/6146-skriss-deprecation.md b/changelogs/unreleased/6146-skriss-deprecation.md new file mode 100644 index 00000000000..3390cab7e85 --- /dev/null +++ b/changelogs/unreleased/6146-skriss-deprecation.md @@ -0,0 +1,5 @@ +## Contour xDS server implementation is now deprecated + +As of this release, the `contour` xDS server implementation is now deprecated. +Once the go-control-plane based `envoy` xDS server has had sufficient production bake time, the `contour` implementation will be removed from Contour. +Notification of removal will occur at least one release in advance. diff --git a/changelogs/unreleased/6146-skriss-major.md b/changelogs/unreleased/6146-skriss-major.md new file mode 100644 index 00000000000..5340d272fc7 --- /dev/null +++ b/changelogs/unreleased/6146-skriss-major.md @@ -0,0 +1,25 @@ +## Default xDS Server Implementation is now Envoy + +As of this release, Contour now uses the `envoy` xDS server implementation by default. +This xDS server implementation is based on Envoy's [go-control-plane project](https://github.com/envoyproxy/go-control-plane) and will eventually be the only supported xDS server implementation in Contour. +This change is expected to be transparent to users. + +### I'm seeing issues after upgrading, how to I revert to the contour xDS server? + +If you encounter any issues, you can easily revert to the `contour` xDS server with the following configuration: + +(if using Contour config file) +```yaml +server: + xds-server-type: contour +``` + +(if using ContourConfiguration CRD +```yaml +... +spec: + xdsServer: + type: contour +``` + +You will need to restart Contour for the changes to take effect. diff --git a/cmd/contour/servecontext_test.go b/cmd/contour/servecontext_test.go index ead418fec96..766a2f0af83 100644 --- a/cmd/contour/servecontext_test.go +++ b/cmd/contour/servecontext_test.go @@ -379,7 +379,7 @@ func TestConvertServeContext(t *testing.T) { defaultContourConfiguration := func() contour_v1alpha1.ContourConfigurationSpec { return contour_v1alpha1.ContourConfigurationSpec{ XDSServer: &contour_v1alpha1.XDSServerConfig{ - Type: contour_v1alpha1.ContourServerType, + Type: contour_v1alpha1.EnvoyServerType, Address: "127.0.0.1", Port: 8001, TLS: &contour_v1alpha1.TLS{ diff --git a/examples/contour/01-contour-config.yaml b/examples/contour/01-contour-config.yaml index a2273e9f33a..6eb7720b92b 100644 --- a/examples/contour/01-contour-config.yaml +++ b/examples/contour/01-contour-config.yaml @@ -9,7 +9,7 @@ data: # # server: # determine which XDS Server implementation to utilize in Contour. - # xds-server-type: contour + # xds-server-type: envoy # # Specify the Gateway API configuration. # gateway: diff --git a/examples/contour/01-crds.yaml b/examples/contour/01-crds.yaml index e722f3952f5..0666bd83e57 100644 --- a/examples/contour/01-crds.yaml +++ b/examples/contour/01-crds.yaml @@ -1141,7 +1141,7 @@ spec: type: description: |- Defines the XDSServer to use for `contour serve`. - Values: `contour` (default), `envoy`. + Values: `envoy` (default), `contour (deprecated)`. Other values will produce an error. type: string type: object @@ -4828,7 +4828,7 @@ spec: type: description: |- Defines the XDSServer to use for `contour serve`. - Values: `contour` (default), `envoy`. + Values: `envoy` (default), `contour (deprecated)`. Other values will produce an error. type: string type: object diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index 8e55222cf8b..e266a9d6a6e 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -42,7 +42,7 @@ data: # # server: # determine which XDS Server implementation to utilize in Contour. - # xds-server-type: contour + # xds-server-type: envoy # # Specify the Gateway API configuration. # gateway: @@ -1361,7 +1361,7 @@ spec: type: description: |- Defines the XDSServer to use for `contour serve`. - Values: `contour` (default), `envoy`. + Values: `envoy` (default), `contour (deprecated)`. Other values will produce an error. type: string type: object @@ -5048,7 +5048,7 @@ spec: type: description: |- Defines the XDSServer to use for `contour serve`. - Values: `contour` (default), `envoy`. + Values: `envoy` (default), `contour (deprecated)`. Other values will produce an error. type: string type: object diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml index 46a3eea4987..396d8c87dc7 100644 --- a/examples/render/contour-gateway-provisioner.yaml +++ b/examples/render/contour-gateway-provisioner.yaml @@ -1152,7 +1152,7 @@ spec: type: description: |- Defines the XDSServer to use for `contour serve`. - Values: `contour` (default), `envoy`. + Values: `envoy` (default), `contour (deprecated)`. Other values will produce an error. type: string type: object @@ -4839,7 +4839,7 @@ spec: type: description: |- Defines the XDSServer to use for `contour serve`. - Values: `contour` (default), `envoy`. + Values: `envoy` (default), `contour (deprecated)`. Other values will produce an error. type: string type: object diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index 2489a481d34..8573b06321b 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -1177,7 +1177,7 @@ spec: type: description: |- Defines the XDSServer to use for `contour serve`. - Values: `contour` (default), `envoy`. + Values: `envoy` (default), `contour (deprecated)`. Other values will produce an error. type: string type: object @@ -4864,7 +4864,7 @@ spec: type: description: |- Defines the XDSServer to use for `contour serve`. - Values: `contour` (default), `envoy`. + Values: `envoy` (default), `contour (deprecated)`. Other values will produce an error. type: string type: object diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml index aa7c4c33bbe..fadab0c761b 100644 --- a/examples/render/contour.yaml +++ b/examples/render/contour.yaml @@ -42,7 +42,7 @@ data: # # server: # determine which XDS Server implementation to utilize in Contour. - # xds-server-type: contour + # xds-server-type: envoy # # Specify the Gateway API configuration. # gateway: @@ -1361,7 +1361,7 @@ spec: type: description: |- Defines the XDSServer to use for `contour serve`. - Values: `contour` (default), `envoy`. + Values: `envoy` (default), `contour (deprecated)`. Other values will produce an error. type: string type: object @@ -5048,7 +5048,7 @@ spec: type: description: |- Defines the XDSServer to use for `contour serve`. - Values: `contour` (default), `envoy`. + Values: `envoy` (default), `contour (deprecated)`. Other values will produce an error. type: string type: object diff --git a/internal/contourconfig/contourconfiguration.go b/internal/contourconfig/contourconfiguration.go index 2cd3ada80a5..0c369f170cb 100644 --- a/internal/contourconfig/contourconfiguration.go +++ b/internal/contourconfig/contourconfiguration.go @@ -41,7 +41,7 @@ func OverlayOnDefaults(spec contour_v1alpha1.ContourConfigurationSpec) (contour_ func Defaults() contour_v1alpha1.ContourConfigurationSpec { return contour_v1alpha1.ContourConfigurationSpec{ XDSServer: &contour_v1alpha1.XDSServerConfig{ - Type: contour_v1alpha1.ContourServerType, + Type: contour_v1alpha1.EnvoyServerType, Address: "0.0.0.0", Port: 8001, TLS: &contour_v1alpha1.TLS{ diff --git a/pkg/config/parameters.go b/pkg/config/parameters.go index a79158549eb..e1bafe249f9 100644 --- a/pkg/config/parameters.go +++ b/pkg/config/parameters.go @@ -241,7 +241,7 @@ func (t ProtocolParameters) Validate() error { // ServerParameters holds the configuration for the Contour xDS server. type ServerParameters struct { // Defines the XDSServer to use for `contour serve`. - // Defaults to "contour" + // Defaults to "envoy" XDSServerType ServerType `yaml:"xds-server-type,omitempty"` } @@ -1036,7 +1036,7 @@ func Defaults() Parameters { InCluster: false, Kubeconfig: filepath.Join(os.Getenv("HOME"), ".kube", "config"), Server: ServerParameters{ - XDSServerType: ContourServerType, + XDSServerType: EnvoyServerType, }, IngressStatusAddress: "", AccessLogFormat: DEFAULT_ACCESS_LOG_TYPE, diff --git a/pkg/config/parameters_test.go b/pkg/config/parameters_test.go index a6f8526081a..7f6ad7a7dcd 100644 --- a/pkg/config/parameters_test.go +++ b/pkg/config/parameters_test.go @@ -48,7 +48,7 @@ func TestParseDefaults(t *testing.T) { debug: false kubeconfig: TestParseDefaults/.kube/config server: - xds-server-type: contour + xds-server-type: envoy accesslog-format: envoy json-fields: - '@timestamp' diff --git a/site/content/docs/main/config/api-reference.html b/site/content/docs/main/config/api-reference.html index 82e03f685da..e2f957d50b4 100644 --- a/site/content/docs/main/config/api-reference.html +++ b/site/content/docs/main/config/api-reference.html @@ -9029,7 +9029,7 @@

XDSServerConfig (Optional)

Defines the XDSServer to use for contour serve.

-

Values: contour (default), envoy.

+

Values: envoy (default), contour (deprecated).

Other values will produce an error.

@@ -9096,7 +9096,7 @@

XDSServerType

"contour"

-

Use Contour’s xDS server.

+

Use Contour’s xDS server (deprecated).

"envoy"

Use the upstream go-control-plane-based xDS server.

diff --git a/site/content/docs/main/configuration.md b/site/content/docs/main/configuration.md index acc5810f278..74eb7fc29cb 100644 --- a/site/content/docs/main/configuration.md +++ b/site/content/docs/main/configuration.md @@ -206,7 +206,7 @@ The server configuration block can be used to configure various settings for the | Field Name | Type | Default | Description | | --------------- | ------ | ------- | ----------------------------------------------------------------------------- | -| xds-server-type | string | contour | This field specifies the xDS Server to use. Options are `contour` or `envoy`. | +| xds-server-type | string | envoy | This field specifies the xDS Server to use. Options are `envoy` or `contour` (deprecated). | ### Gateway Configuration @@ -316,7 +316,7 @@ data: # # server: # determine which XDS Server implementation to utilize in Contour. - # xds-server-type: contour + # xds-server-type: envoy # # specify the gateway-api Gateway Contour should configure # gateway: diff --git a/test/e2e/fixtures.go b/test/e2e/fixtures.go index 07ef45d6baf..bb8e9bfc0ea 100644 --- a/test/e2e/fixtures.go +++ b/test/e2e/fixtures.go @@ -640,8 +640,8 @@ func DefaultContourConfiguration() *contour_v1alpha1.ContourConfiguration { } func XDSServerTypeFromEnv() contour_v1alpha1.XDSServerType { - // Default to contour if not provided. - serverType := contour_v1alpha1.ContourServerType + // Default to envoy if not provided. + serverType := contour_v1alpha1.EnvoyServerType typeFromEnv, found := os.LookupEnv("CONTOUR_E2E_XDS_SERVER_TYPE") if found { serverType = contour_v1alpha1.XDSServerType(typeFromEnv) From ba23d35a0729cd2fb0bdebea2ac3d6f53c35ba74 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 10:02:52 -0400 Subject: [PATCH 73/83] build(deps): bump the k8s-dependencies group with 4 updates (#6273) Bumps the k8s-dependencies group with 4 updates: [k8s.io/api](https://github.com/kubernetes/api), [k8s.io/apiextensions-apiserver](https://github.com/kubernetes/apiextensions-apiserver), [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [k8s.io/client-go](https://github.com/kubernetes/client-go). Updates `k8s.io/api` from 0.29.2 to 0.29.3 - [Commits](https://github.com/kubernetes/api/compare/v0.29.2...v0.29.3) Updates `k8s.io/apiextensions-apiserver` from 0.29.2 to 0.29.3 - [Release notes](https://github.com/kubernetes/apiextensions-apiserver/releases) - [Commits](https://github.com/kubernetes/apiextensions-apiserver/compare/v0.29.2...v0.29.3) Updates `k8s.io/apimachinery` from 0.29.2 to 0.29.3 - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.2...v0.29.3) Updates `k8s.io/client-go` from 0.29.2 to 0.29.3 - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.29.2...v0.29.3) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/apiextensions-apiserver dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch dependency-group: k8s-dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 12 ++++++------ go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/go.mod b/go.mod index 301b91bd3c8..dcb198b954d 100644 --- a/go.mod +++ b/go.mod @@ -35,10 +35,10 @@ require ( google.golang.org/grpc v1.62.1 google.golang.org/protobuf v1.33.0 gopkg.in/yaml.v3 v3.0.1 - k8s.io/api v0.29.2 - k8s.io/apiextensions-apiserver v0.29.2 - k8s.io/apimachinery v0.29.2 - k8s.io/client-go v0.29.2 + k8s.io/api v0.29.3 + k8s.io/apiextensions-apiserver v0.29.3 + k8s.io/apimachinery v0.29.3 + k8s.io/client-go v0.29.3 k8s.io/klog/v2 v2.120.1 k8s.io/utils v0.0.0-20240102154912-e7106e64919e sigs.k8s.io/controller-runtime v0.17.2 @@ -77,7 +77,7 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect - github.com/golang/protobuf v1.5.3 // indirect + github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect @@ -136,7 +136,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/component-base v0.29.2 // indirect + k8s.io/component-base v0.29.3 // indirect k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 // indirect k8s.io/klog v1.0.0 // indirect k8s.io/kube-openapi v0.0.0-20240103051144-eec4567ac022 // indirect diff --git a/go.sum b/go.sum index 65681ebb7dc..fdb4af036cc 100644 --- a/go.sum +++ b/go.sum @@ -183,8 +183,8 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI= github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk= github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= -github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= @@ -785,16 +785,16 @@ honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.1.3/go.mod h1:NgwopIslSNH47DimFoV78dnkksY2EFtX0ajyb3K/las= -k8s.io/api v0.29.2 h1:hBC7B9+MU+ptchxEqTNW2DkUosJpp1P+Wn6YncZ474A= -k8s.io/api v0.29.2/go.mod h1:sdIaaKuU7P44aoyyLlikSLayT6Vb7bvJNCX105xZXY0= -k8s.io/apiextensions-apiserver v0.29.2 h1:UK3xB5lOWSnhaCk0RFZ0LUacPZz9RY4wi/yt2Iu+btg= -k8s.io/apiextensions-apiserver v0.29.2/go.mod h1:aLfYjpA5p3OwtqNXQFkhJ56TB+spV8Gc4wfMhUA3/b8= -k8s.io/apimachinery v0.29.2 h1:EWGpfJ856oj11C52NRCHuU7rFDwxev48z+6DSlGNsV8= -k8s.io/apimachinery v0.29.2/go.mod h1:6HVkd1FwxIagpYrHSwJlQqZI3G9LfYWRPAkUvLnXTKU= -k8s.io/client-go v0.29.2 h1:FEg85el1TeZp+/vYJM7hkDlSTFZ+c5nnK44DJ4FyoRg= -k8s.io/client-go v0.29.2/go.mod h1:knlvFZE58VpqbQpJNbCbctTVXcd35mMyAAwBdpt4jrA= -k8s.io/component-base v0.29.2 h1:lpiLyuvPA9yV1aQwGLENYyK7n/8t6l3nn3zAtFTJYe8= -k8s.io/component-base v0.29.2/go.mod h1:BfB3SLrefbZXiBfbM+2H1dlat21Uewg/5qtKOl8degM= +k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= +k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= +k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI= +k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc= +k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= +k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= +k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= +k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= +k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo= +k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01 h1:pWEwq4Asjm4vjW7vcsmijwBhOr1/shsbSYiWXmNGlks= k8s.io/gengo v0.0.0-20230829151522-9cce18d56c01/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= From d5f3dcf573e0a57636688f01c8c917a17d29c2e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 10:40:42 -0400 Subject: [PATCH 74/83] build(deps): bump github.com/vektra/mockery/v2 from 2.42.0 to 2.42.1 (#6274) Bumps [github.com/vektra/mockery/v2](https://github.com/vektra/mockery) from 2.42.0 to 2.42.1. - [Release notes](https://github.com/vektra/mockery/releases) - [Changelog](https://github.com/vektra/mockery/blob/master/docs/changelog.md) - [Commits](https://github.com/vektra/mockery/compare/v2.42.0...v2.42.1) --- updated-dependencies: - dependency-name: github.com/vektra/mockery/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index dcb198b954d..4fceacd4903 100644 --- a/go.mod +++ b/go.mod @@ -27,7 +27,7 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/stretchr/testify v1.9.0 github.com/tsaarni/certyaml v0.9.3 - github.com/vektra/mockery/v2 v2.42.0 + github.com/vektra/mockery/v2 v2.42.1 go.uber.org/automaxprocs v1.5.3 golang.org/x/oauth2 v0.18.0 gonum.org/v1/plot v0.14.0 diff --git a/go.sum b/go.sum index fdb4af036cc..1f527d63187 100644 --- a/go.sum +++ b/go.sum @@ -380,8 +380,8 @@ github.com/tsaarni/certyaml v0.9.3 h1:m8HHbuUzWVUOmv8IQU9HgVZZ8r5ICExKm++54DJKCs github.com/tsaarni/certyaml v0.9.3/go.mod h1:hhuU1qYr5re488geArUP4gZWqMUMqGlj4HA2qUyGYLk= github.com/tsaarni/x500dn v1.0.0 h1:LvaWTkqRpse4VHBhB5uwf3wytokK4vF9IOyNAEyiA+U= github.com/tsaarni/x500dn v1.0.0/go.mod h1:QaHa3EcUKC4dfCAZmj8+ZRGLKukWgpGv9H3oOCsAbcE= -github.com/vektra/mockery/v2 v2.42.0 h1:xnP1KXjpcc1GD8jHRjgdpRIW4LDK5MdSMrhbJizAmaI= -github.com/vektra/mockery/v2 v2.42.0/go.mod h1:XNTE9RIu3deGAGQRVjP1VZxGpQNm0YedZx4oDs3prr8= +github.com/vektra/mockery/v2 v2.42.1 h1:z7l3O4jCzRZat3rm9jpHc8lzpR8bs1VBii7bYtl3KQs= +github.com/vektra/mockery/v2 v2.42.1/go.mod h1:XNTE9RIu3deGAGQRVjP1VZxGpQNm0YedZx4oDs3prr8= github.com/xhit/go-str2duration/v2 v2.1.0 h1:lxklc02Drh6ynqX+DdPyp5pCKLUQpRT8bp8Ydu2Bstc= github.com/xhit/go-str2duration/v2 v2.1.0/go.mod h1:ohY8p+0f07DiV6Em5LKB0s2YpLtXVyJfNt1+BlmyAsU= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= From acb2acce56aef45cdad392f0e16c7aef405be02d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 11:39:19 -0400 Subject: [PATCH 75/83] build(deps): bump docker/setup-buildx-action from 3.1.0 to 3.2.0 (#6277) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/0d103c3126aa41d772a8362f6aa67afac040f80c...2b51285047da1547ffb1b2203d8be4c0af6b1f20) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build_main.yaml | 2 +- .github/workflows/build_tag.yaml | 2 +- .github/workflows/prbuild.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_main.yaml b/.github/workflows/build_main.yaml index 0dda1d9e227..7666c867b02 100644 --- a/.github/workflows/build_main.yaml +++ b/.github/workflows/build_main.yaml @@ -21,7 +21,7 @@ jobs: with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 with: version: latest - name: Log in to GHCR diff --git a/.github/workflows/build_tag.yaml b/.github/workflows/build_tag.yaml index 41a86b32447..689173508d0 100644 --- a/.github/workflows/build_tag.yaml +++ b/.github/workflows/build_tag.yaml @@ -31,7 +31,7 @@ jobs: with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 with: version: latest - name: Log in to GHCR diff --git a/.github/workflows/prbuild.yaml b/.github/workflows/prbuild.yaml index 98de343aab6..e8559551b06 100644 --- a/.github/workflows/prbuild.yaml +++ b/.github/workflows/prbuild.yaml @@ -105,7 +105,7 @@ jobs: with: persist-credentials: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@0d103c3126aa41d772a8362f6aa67afac040f80c # v3.1.0 + uses: docker/setup-buildx-action@2b51285047da1547ffb1b2203d8be4c0af6b1f20 # v3.2.0 with: version: latest - name: Build image From 49503cec5cfbd34caa77aeda1afb916ce40ebd44 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 11:39:49 -0400 Subject: [PATCH 76/83] build(deps): bump github/codeql-action from 3.24.6 to 3.24.7 (#6278) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.6 to 3.24.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8a470fddafa5cbb6266ee11b37ef4d8aae19c571...3ab4101902695724f9365a384f86c1074d94e18c) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/openssf-scorecard.yaml | 2 +- .github/workflows/trivy-scan.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index c4bc6ec2d03..8246138fa73 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,11 +41,11 @@ jobs: cache: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 with: languages: go # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - name: Autobuild - uses: github/codeql-action/autobuild@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/analyze@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 diff --git a/.github/workflows/openssf-scorecard.yaml b/.github/workflows/openssf-scorecard.yaml index 9162186b312..a1345f30754 100644 --- a/.github/workflows/openssf-scorecard.yaml +++ b/.github/workflows/openssf-scorecard.yaml @@ -37,6 +37,6 @@ jobs: name: SARIF file path: results.sarif - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 with: sarif_file: results.sarif diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml index b6baeec38d7..f12bc50309e 100644 --- a/.github/workflows/trivy-scan.yaml +++ b/.github/workflows/trivy-scan.yaml @@ -35,6 +35,6 @@ jobs: output: 'trivy-results.sarif' ignore-unfixed: true severity: 'HIGH,CRITICAL' - - uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 + - uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 with: sarif_file: 'trivy-results.sarif' From b1d6c4f4364c249fb9742e8049ffa5fbff9788eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 11:40:37 -0400 Subject: [PATCH 77/83] build(deps): bump docker/login-action from 3.0.0 to 3.1.0 (#6279) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/343f7c4344506bcbf9b4de18042ae17996df046d...e92390c5fb421da1463c202d546fed0ec5c39f20) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/build_main.yaml | 2 +- .github/workflows/build_tag.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_main.yaml b/.github/workflows/build_main.yaml index 7666c867b02..18d02090b80 100644 --- a/.github/workflows/build_main.yaml +++ b/.github/workflows/build_main.yaml @@ -25,7 +25,7 @@ jobs: with: version: latest - name: Log in to GHCR - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/build_tag.yaml b/.github/workflows/build_tag.yaml index 689173508d0..ba5a7e9e6d5 100644 --- a/.github/workflows/build_tag.yaml +++ b/.github/workflows/build_tag.yaml @@ -35,7 +35,7 @@ jobs: with: version: latest - name: Log in to GHCR - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0 + uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 with: registry: ghcr.io username: ${{ github.actor }} From 5d89845af36a15047722ab903ed31aacf0171984 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 16:20:40 +0000 Subject: [PATCH 78/83] build(deps): bump github/codeql-action from 3.24.7 to 3.24.8 (#6285) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.7 to 3.24.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/3ab4101902695724f9365a384f86c1074d94e18c...05963f47d870e2cb19a537396c1f668a348c7d8f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/codeql-analysis.yml | 6 +++--- .github/workflows/openssf-scorecard.yaml | 2 +- .github/workflows/trivy-scan.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8246138fa73..7a6cbe1b5d5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -41,11 +41,11 @@ jobs: cache: false # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/init@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: languages: go # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - name: Autobuild - uses: github/codeql-action/autobuild@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/autobuild@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/analyze@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 diff --git a/.github/workflows/openssf-scorecard.yaml b/.github/workflows/openssf-scorecard.yaml index a1345f30754..500d209c33d 100644 --- a/.github/workflows/openssf-scorecard.yaml +++ b/.github/workflows/openssf-scorecard.yaml @@ -37,6 +37,6 @@ jobs: name: SARIF file path: results.sarif - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: results.sarif diff --git a/.github/workflows/trivy-scan.yaml b/.github/workflows/trivy-scan.yaml index f12bc50309e..3670c753a75 100644 --- a/.github/workflows/trivy-scan.yaml +++ b/.github/workflows/trivy-scan.yaml @@ -35,6 +35,6 @@ jobs: output: 'trivy-results.sarif' ignore-unfixed: true severity: 'HIGH,CRITICAL' - - uses: github/codeql-action/upload-sarif@3ab4101902695724f9365a384f86c1074d94e18c # v3.24.7 + - uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8 with: sarif_file: 'trivy-results.sarif' From 484c4075547e9c4b8116aa4985771b2e0e7eb5d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 16:26:24 +0000 Subject: [PATCH 79/83] build(deps): bump github.com/onsi/ginkgo/v2 from 2.16.0 to 2.17.0 (#6287) Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.16.0 to 2.17.0. - [Release notes](https://github.com/onsi/ginkgo/releases) - [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/ginkgo/compare/v2.16.0...v2.17.0) --- updated-dependencies: - dependency-name: github.com/onsi/ginkgo/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 4fceacd4903..a578474e9f4 100644 --- a/go.mod +++ b/go.mod @@ -18,7 +18,7 @@ require ( github.com/google/uuid v1.6.0 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 - github.com/onsi/ginkgo/v2 v2.16.0 + github.com/onsi/ginkgo/v2 v2.17.0 github.com/onsi/gomega v1.31.1 github.com/projectcontour/yages v0.1.0 github.com/prometheus/client_golang v1.19.0 diff --git a/go.sum b/go.sum index 1f527d63187..47c9f615c3c 100644 --- a/go.sum +++ b/go.sum @@ -303,8 +303,8 @@ github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.16.0 h1:7q1w9frJDzninhXxjZd+Y/x54XNjG/UlRLIYPZafsPM= -github.com/onsi/ginkgo/v2 v2.16.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/ginkgo/v2 v2.17.0 h1:kdnunFXpBjbzN56hcJHrXZ8M+LOkenKA7NnBzTNigTI= +github.com/onsi/ginkgo/v2 v2.17.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= From 3de5ddd30269165d907bb0ca45b010b661ba19f5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 17:05:22 +0000 Subject: [PATCH 80/83] build(deps): bump github.com/onsi/gomega from 1.31.1 to 1.32.0 (#6286) Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.31.1 to 1.32.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](https://github.com/onsi/gomega/compare/v1.31.1...v1.32.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index a578474e9f4..7fcd896d18d 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/onsi/ginkgo/v2 v2.17.0 - github.com/onsi/gomega v1.31.1 + github.com/onsi/gomega v1.32.0 github.com/projectcontour/yages v0.1.0 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.0 diff --git a/go.sum b/go.sum index 47c9f615c3c..1c45f850d01 100644 --- a/go.sum +++ b/go.sum @@ -305,8 +305,8 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.17.0 h1:kdnunFXpBjbzN56hcJHrXZ8M+LOkenKA7NnBzTNigTI= github.com/onsi/ginkgo/v2 v2.17.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= -github.com/onsi/gomega v1.31.1 h1:KYppCUK+bUgAZwHOu7EXVBKyQA6ILvOESHkn/tgoqvo= -github.com/onsi/gomega v1.31.1/go.mod h1:y40C95dwAD1Nz36SsEnxvfFe8FFfNxzI5eJ0EYGyAy0= +github.com/onsi/gomega v1.32.0 h1:JRYU78fJ1LPxlckP6Txi/EYqJvjtMrDC04/MM5XRHPk= +github.com/onsi/gomega v1.32.0/go.mod h1:a4x4gW6Pz2yK1MAmvluYme5lvYTn61afQ2ETw/8n4Lg= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= From 17e528cc321cc43ab4ff236cb0503333c81135f6 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Mon, 18 Mar 2024 18:14:23 -0400 Subject: [PATCH 81/83] Bump Envoy to v1.29.2 (#6283) See release notes: https://www.envoyproxy.io/docs/envoy/v1.29.2/version_history/v1.29/v1.29.2 Signed-off-by: Sunjay Bhatia --- Makefile | 2 +- changelogs/unreleased/6283-sunjayBhatia-minor.md | 5 +++++ cmd/contour/gatewayprovisioner.go | 2 +- examples/contour/03-envoy.yaml | 2 +- examples/deployment/03-envoy-deployment.yaml | 2 +- examples/render/contour-deployment.yaml | 2 +- examples/render/contour-gateway.yaml | 2 +- examples/render/contour.yaml | 2 +- site/content/resources/compatibility-matrix.md | 3 ++- versions.yaml | 2 +- 10 files changed, 15 insertions(+), 9 deletions(-) create mode 100644 changelogs/unreleased/6283-sunjayBhatia-minor.md diff --git a/Makefile b/Makefile index c4a6f750f54..76427d5d822 100644 --- a/Makefile +++ b/Makefile @@ -6,7 +6,7 @@ IMAGE := $(REGISTRY)/$(PROJECT) SRCDIRS := ./cmd ./internal ./apis LOCAL_BOOTSTRAP_CONFIG = localenvoyconfig.yaml SECURE_LOCAL_BOOTSTRAP_CONFIG = securelocalenvoyconfig.yaml -ENVOY_IMAGE = docker.io/envoyproxy/envoy:v1.29.1 +ENVOY_IMAGE = docker.io/envoyproxy/envoy:v1.29.2 GATEWAY_API_VERSION ?= $(shell grep "sigs.k8s.io/gateway-api" go.mod | awk '{print $$2}') # Used to supply a local Envoy docker container an IP to connect to that is running diff --git a/changelogs/unreleased/6283-sunjayBhatia-minor.md b/changelogs/unreleased/6283-sunjayBhatia-minor.md new file mode 100644 index 00000000000..3541f49c0fe --- /dev/null +++ b/changelogs/unreleased/6283-sunjayBhatia-minor.md @@ -0,0 +1,5 @@ +## Update Envoy to v1.29.2 + +See the release notes [here](https://www.envoyproxy.io/docs/envoy/v1.29.2/version_history/v1.29/v1.29.2). + +Note that this Envoy version reverts the HTTP/2 codec back to `nghttp2` from `oghttp2`. diff --git a/cmd/contour/gatewayprovisioner.go b/cmd/contour/gatewayprovisioner.go index b86482cbb4e..4fa733ab27d 100644 --- a/cmd/contour/gatewayprovisioner.go +++ b/cmd/contour/gatewayprovisioner.go @@ -36,7 +36,7 @@ func registerGatewayProvisioner(app *kingpin.Application) (*kingpin.CmdClause, * provisionerConfig := &gatewayProvisionerConfig{ contourImage: "ghcr.io/projectcontour/contour:main", - envoyImage: "docker.io/envoyproxy/envoy:v1.29.1", + envoyImage: "docker.io/envoyproxy/envoy:v1.29.2", metricsBindAddress: ":8080", leaderElection: false, leaderElectionID: "0d879e31.projectcontour.io", diff --git a/examples/contour/03-envoy.yaml b/examples/contour/03-envoy.yaml index cde50e56c24..60fdd185f94 100644 --- a/examples/contour/03-envoy.yaml +++ b/examples/contour/03-envoy.yaml @@ -50,7 +50,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.29.1 + image: docker.io/envoyproxy/envoy:v1.29.2 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/deployment/03-envoy-deployment.yaml b/examples/deployment/03-envoy-deployment.yaml index c7861ec5244..e0b0ba34d4c 100644 --- a/examples/deployment/03-envoy-deployment.yaml +++ b/examples/deployment/03-envoy-deployment.yaml @@ -62,7 +62,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.29.1 + image: docker.io/envoyproxy/envoy:v1.29.2 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index e266a9d6a6e..c5fe223017e 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -9178,7 +9178,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.29.1 + image: docker.io/envoyproxy/envoy:v1.29.2 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index 8573b06321b..d68bc13728d 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -8982,7 +8982,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.29.1 + image: docker.io/envoyproxy/envoy:v1.29.2 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml index fadab0c761b..1246f04d59a 100644 --- a/examples/render/contour.yaml +++ b/examples/render/contour.yaml @@ -9166,7 +9166,7 @@ spec: - --log-level info command: - envoy - image: docker.io/envoyproxy/envoy:v1.29.1 + image: docker.io/envoyproxy/envoy:v1.29.2 imagePullPolicy: IfNotPresent name: envoy env: diff --git a/site/content/resources/compatibility-matrix.md b/site/content/resources/compatibility-matrix.md index c00f4f0b41f..b46f17aff1d 100644 --- a/site/content/resources/compatibility-matrix.md +++ b/site/content/resources/compatibility-matrix.md @@ -10,7 +10,7 @@ These combinations of versions are specifically tested in CI and supported by th | Contour Version | Envoy Version | Kubernetes Versions | Gateway API Version | | --------------- | :------------------- | ------------------- | --------------------| -| main | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | +| main | [1.29.2][49] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.28.1 | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.28.0 | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.27.1 | [1.28.1][47] | 1.28, 1.27, 1.26 | [0.8.1][109] | @@ -181,6 +181,7 @@ __Note:__ This list of extensions was last verified to be complete with Envoy v1 [46]: https://www.envoyproxy.io/docs/envoy/v1.29.1/version_history/v1.29/v1.29.1 [47]: https://www.envoyproxy.io/docs/envoy/v1.28.1/version_history/v1.28/v1.28.1 [48]: https://www.envoyproxy.io/docs/envoy/v1.27.3/version_history/v1.27/v1.27.3 +[49]: https://www.envoyproxy.io/docs/envoy/v1.29.2/version_history/v1.29/v1.29.2 [98]: https://github.com/kubernetes/client-go [99]: https://github.com/kubernetes/client-go#compatibility-matrix diff --git a/versions.yaml b/versions.yaml index 8c6b3f58e95..5f50fbf9aa5 100644 --- a/versions.yaml +++ b/versions.yaml @@ -7,7 +7,7 @@ versions: - version: main supported: "false" dependencies: - envoy: "1.29.1" + envoy: "1.29.2" kubernetes: - "1.29" - "1.28" From 774fae8219e573f66213730f1aa5f815bcd6f2a9 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Mon, 18 Mar 2024 18:21:05 -0400 Subject: [PATCH 82/83] Disable Envoy removing TE request header (#6288) Removal of the header was added by default in Envoy v1.29.0. This change reverts back to prior behavior. This change can be reverted once https://github.com/envoyproxy/envoy/pull/32255 is backported or present in a new release of Envoy. Signed-off-by: Sunjay Bhatia --- .codespell.ignorewords | 1 + .../unreleased/6288-sunjayBhatia-minor.md | 7 ++++++ internal/envoy/v3/runtime.go | 9 ++++++-- internal/envoy/v3/runtime_test.go | 5 ++-- internal/xdscache/v3/runtime_test.go | 23 ++++++++++++------- 5 files changed, 33 insertions(+), 12 deletions(-) create mode 100644 changelogs/unreleased/6288-sunjayBhatia-minor.md diff --git a/.codespell.ignorewords b/.codespell.ignorewords index 4d617fc6873..7303d5d652f 100644 --- a/.codespell.ignorewords +++ b/.codespell.ignorewords @@ -7,3 +7,4 @@ als wit aks immediatedly +te diff --git a/changelogs/unreleased/6288-sunjayBhatia-minor.md b/changelogs/unreleased/6288-sunjayBhatia-minor.md new file mode 100644 index 00000000000..32563f9f707 --- /dev/null +++ b/changelogs/unreleased/6288-sunjayBhatia-minor.md @@ -0,0 +1,7 @@ +## Disable Envoy removing TE header + +As of version v1.29.0, Envoy removes the hop-by-hop TE header. +However, this causes issues with HTTP/2, particularly gRPC, with implementations expecting the header to be present (and set to `trailers`). +Contour disables this via Envoy runtime setting and reverts to the v1.28.x and prior behavior of allowing the header to be proxied. + +Once [this Envoy PR that enables the TE header including `trailers` to be forwarded](https://github.com/envoyproxy/envoy/pull/32255) is backported to a release or a new minor is cut, Contour will no longer set the aforementioned runtime key. diff --git a/internal/envoy/v3/runtime.go b/internal/envoy/v3/runtime.go index 135eddab56b..4429800693c 100644 --- a/internal/envoy/v3/runtime.go +++ b/internal/envoy/v3/runtime.go @@ -40,8 +40,13 @@ func RuntimeLayers(configurableRuntimeFields map[string]*structpb.Value) []*envo func baseRuntimeLayer() *structpb.Struct { return &structpb.Struct{ Fields: map[string]*structpb.Value{ - "re2.max_program_size.error_level": structpb.NewNumberValue(maxRegexProgramSizeError), - "re2.max_program_size.warn_level": structpb.NewNumberValue(maxRegexProgramSizeWarn), + // Disable Envoy removing the client TE request header. Removing + // the header was added by default in Envoy v1.29.0. + // Can remove once https://github.com/envoyproxy/envoy/pull/32255 is + // backported or present in a new release of Envoy. + "envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false), + "re2.max_program_size.error_level": structpb.NewNumberValue(maxRegexProgramSizeError), + "re2.max_program_size.warn_level": structpb.NewNumberValue(maxRegexProgramSizeWarn), }, } } diff --git a/internal/envoy/v3/runtime_test.go b/internal/envoy/v3/runtime_test.go index 9e84d136b65..ac55923b0b4 100644 --- a/internal/envoy/v3/runtime_test.go +++ b/internal/envoy/v3/runtime_test.go @@ -39,8 +39,9 @@ func TestRuntimeLayers(t *testing.T) { for name, tc := range testCases { t.Run(name, func(t *testing.T) { expectedFields := map[string]*structpb.Value{ - "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), - "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), + "envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false), + "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), + "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), } for k, v := range tc.configurableFields { expectedFields[k] = v diff --git a/internal/xdscache/v3/runtime_test.go b/internal/xdscache/v3/runtime_test.go index da68821341f..8de43046b03 100644 --- a/internal/xdscache/v3/runtime_test.go +++ b/internal/xdscache/v3/runtime_test.go @@ -59,8 +59,9 @@ func TestRuntimeCacheContents(t *testing.T) { t.Run(name, func(t *testing.T) { rc := NewRuntimeCache(tc.runtimeSettings) fields := map[string]*structpb.Value{ - "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), - "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), + "envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false), + "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), + "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), } for k, v := range tc.additionalFields { fields[k] = v @@ -83,8 +84,9 @@ func TestRuntimeCacheQuery(t *testing.T) { Name: "dynamic", Layer: &structpb.Struct{ Fields: map[string]*structpb.Value{ - "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), - "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), + "envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false), + "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), + "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), }, }, }, @@ -149,8 +151,9 @@ func TestRuntimeVisit(t *testing.T) { Name: "dynamic", Layer: &structpb.Struct{ Fields: map[string]*structpb.Value{ - "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), - "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), + "envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false), + "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), + "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), }, }, }, @@ -188,6 +191,7 @@ func TestRuntimeVisit(t *testing.T) { Name: "dynamic", Layer: &structpb.Struct{ Fields: map[string]*structpb.Value{ + "envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false), "envoy.resource_limits.listener.ingress_http.connection_limit": structpb.NewNumberValue(100), "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), @@ -232,6 +236,7 @@ func TestRuntimeVisit(t *testing.T) { Name: "dynamic", Layer: &structpb.Struct{ Fields: map[string]*structpb.Value{ + "envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false), "envoy.resource_limits.listener.ingress_http.connection_limit": structpb.NewNumberValue(100), "envoy.resource_limits.listener.ingress_https.connection_limit": structpb.NewNumberValue(100), "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), @@ -299,6 +304,7 @@ func TestRuntimeCacheOnChangeDelete(t *testing.T) { Name: "dynamic", Layer: &structpb.Struct{ Fields: map[string]*structpb.Value{ + "envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false), "envoy.resource_limits.listener.ingress_http.connection_limit": structpb.NewNumberValue(100), "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), @@ -313,8 +319,9 @@ func TestRuntimeCacheOnChangeDelete(t *testing.T) { Name: "dynamic", Layer: &structpb.Struct{ Fields: map[string]*structpb.Value{ - "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), - "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), + "envoy.reloadable_features.sanitize_te": structpb.NewBoolValue(false), + "re2.max_program_size.error_level": structpb.NewNumberValue(1 << 20), + "re2.max_program_size.warn_level": structpb.NewNumberValue(1000), }, }, }, From 5f1b9814819dd276d662afd65442449b30bc7f35 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Tue, 19 Mar 2024 11:37:33 -0400 Subject: [PATCH 83/83] 1.28.2 release note and docs (#6292) * changelog * compat matrix * versions Signed-off-by: Sunjay Bhatia --- changelogs/CHANGELOG-v1.28.2.md | 36 +++++++++++++++++++ .../content/resources/compatibility-matrix.md | 1 + versions.yaml | 12 ++++++- 3 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 changelogs/CHANGELOG-v1.28.2.md diff --git a/changelogs/CHANGELOG-v1.28.2.md b/changelogs/CHANGELOG-v1.28.2.md new file mode 100644 index 00000000000..9ac00a33ff1 --- /dev/null +++ b/changelogs/CHANGELOG-v1.28.2.md @@ -0,0 +1,36 @@ +We are delighted to present version v1.28.2 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters. + +- [All Changes](#all-changes) +- [Installing/Upgrading](#installing-and-upgrading) +- [Compatible Kubernetes Versions](#compatible-kubernetes-versions) + +# All Changes + +## Update Envoy to v1.29.2 + +See the release notes [here](https://www.envoyproxy.io/docs/envoy/v1.29.2/version_history/v1.29/v1.29.2). + +Note that this Envoy version reverts the HTTP/2 codec back to `nghttp2` from `oghttp2`. + +## Disable Envoy removing TE header + +As of version v1.29.0, Envoy removes the hop-by-hop TE header. +However, this causes issues with HTTP/2, particularly gRPC, with implementations expecting the header to be present (and set to `trailers`). +Contour disables this via Envoy runtime setting and reverts to the v1.28.x and prior behavior of allowing the header to be proxied. + +Once [this Envoy PR that enables the TE header including `trailers` to be forwarded](https://github.com/envoyproxy/envoy/pull/32255) is backported to a release or a new minor is cut, Contour will no longer set the aforementioned runtime key. + +# Installing and Upgrading + +For a fresh install of Contour, consult the [getting started documentation](https://projectcontour.io/getting-started/). + +To upgrade an existing Contour installation, please consult the [upgrade documentation](https://projectcontour.io/resources/upgrading/). + + +# Compatible Kubernetes Versions + +Contour v1.28.2 is tested against Kubernetes 1.27 through 1.29. + + +# Are you a Contour user? We would love to know! +If you're using Contour and want to add your organization to our adopters list, please visit this [page](https://projectcontour.io/resources/adopters/). If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this [GitHub thread](https://github.com/projectcontour/contour/issues/1269). diff --git a/site/content/resources/compatibility-matrix.md b/site/content/resources/compatibility-matrix.md index b46f17aff1d..c1b76b19501 100644 --- a/site/content/resources/compatibility-matrix.md +++ b/site/content/resources/compatibility-matrix.md @@ -11,6 +11,7 @@ These combinations of versions are specifically tested in CI and supported by th | Contour Version | Envoy Version | Kubernetes Versions | Gateway API Version | | --------------- | :------------------- | ------------------- | --------------------| | main | [1.29.2][49] | 1.29, 1.28, 1.27 | [1.0.0][110] | +| 1.28.2 | [1.29.2][49] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.28.1 | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.28.0 | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.27.1 | [1.28.1][47] | 1.28, 1.27, 1.26 | [0.8.1][109] | diff --git a/versions.yaml b/versions.yaml index 5f50fbf9aa5..6c933d858f6 100644 --- a/versions.yaml +++ b/versions.yaml @@ -14,8 +14,18 @@ versions: - "1.27" gateway-api: - "1.0.0" - - version: v1.28.1 + - version: v1.28.2 supported: "true" + dependencies: + envoy: "1.29.2" + kubernetes: + - "1.29" + - "1.28" + - "1.27" + gateway-api: + - "1.0.0" + - version: v1.28.1 + supported: "false" dependencies: envoy: "1.29.1" kubernetes:

wo--HcnfG$X=t71Zd#@1b5;*j4}F31LheH8+RP=J3E)=lpKP z8AU5uu+8Gp0kSEIzUFl4>nFuIXZhG46Xks&ifQO~c-lj=JWu_~4)Z6|2mrN21PDwQ zLc_Zr*R5uEo2lj+eSLDiWWaY9i}f*aJ6wOnobpV`RmW@E&B2A^8N;(X-2JwqD(o3y z_##e?nFe5owp`3c*a6=ED9wqL=1G|T-=&LOyg}-Adh!FiY3r(+p`8?8m#{*{-}~aE zo4ZzO15E7f>O8Qt`?>1gH-~+Lecjva>a9t}67xPKg;(;6F_AB*ckePJmo)c-xQ4*M2N<&1T4iC55^ zKNpZY%B2!(rNIgEjCWN?#~`Vmr%KjJG-T|p%-=q2t>?TCi)zOU)r2Z^XXxusRamhX zYcjtU*a$42{50pEt4=Kq!+$Ie>h?(S33ODd(7YZg8Ggn1@xbj=tk7aCm(X?c;%Azq z_GUvp;uDWi0T3<6uT0E?st6X)NUK9^NhUFr)Kp3ovN?pMT6z8r-yTEvGP5q1QKVjb@e_ZDLV8tx_WvS2D|4=&aCkF z+k1EuJ9}_`8phWUrbEI?LuZQ~OC@hH2v%C=FgEHef}p#YXe-5FzPyYcp)36CuBwPe z7C|gFf%LcD$s`SM6(WQ3o-irEk~=J2S5dHW=+RCtb{_i7$1v7!;YyJ4si-&KBw^Nm zKk5mYXQSFshg{#(--0`UB=v6(3Sop@qK4St&gA{F&!2#m@g0^ZSph zRe_U@;M1(&{<_Q1=c)!iv~X*ffZc?%WWX0(;*$qdZ`~j5Kh~>*8jTxjr0&3t4MG~_^zu1ZoNU~xc`i{CLnsU+htbmK2}*D z`gja-*yx2YsJof_!ZGhhK;}5qy2RyL@1VMv+!~L^DDOUSsaW8EQsGlY$48hd^2I4T zW+1rVj~Wi$ar z188undvLIDd^co{D0ljXrDf-`>+b<1!sA516)zMUOfejBR$N?R@V`8o78dmLznIEx zseDyWCk-7)`st<(-YlSY)itk&{EGF*1uluyVS>0S^UgPUxQ;OM0^jt>E-DEH4=94& zt;!atV*Wb@&4lRX3t#qGY|z4OG)TJ&DQCiQ_=YlPWJ#Vk-rFh@z(-cnL~GRp{&X za+LSL4%{tqKcM&i>t@FTOFZZkEgYnOx%EL@-|?h?e`{s+M-U*F%@({fdTyi*?yler z!H1=4;DcaB%8SPl5MfOE3`x2Gez5R&qDOc@F9bQ|FWEw{8+ft_#CsIPcXsg-C>v2~ zTWMxR;3u&R(}ISc{%een)b}LscI@bg)BPF9s3w=bezlMV`fY*;GG3q+^ViuYOHOtM zG`oMrj4`0w5r|dmx_DEqoZV0>hBg(cWe^M`GPbaQo7nvpcrW(L z2U~ztxI^~$Q=|L4hNq9`Y)^^5rxz=Rl9jPA|00wH16D%)NEMJk2?~ICqdz77-02)f z(a{V@W)mwPK4@Kv7bpAs%6O-vwEe%FkYC`0G}ZcG-&_nGOAIr~N7#1|CeyIfEAVju zWicS{7l@(?m{;z-inOR-?qUSNRJ34Vux!ZxH%gZ{S7+U@=W)p?VoZVbW2>A%;?`tw z@U->FgExO`)=&l{+>vNiM|;}-+||Ib=mMx1z|-~60Hdq|pbbGpzQqHYwhvSQ7WFfN z0FMJFz$DB;;;6sRZZVN>0rN}sa@~2|a^<13L<~faXtb45mNFMiGjGhk6On-Qp){L8lD7-2y(3t8T{X|+38$nI-}aEA?nJlbbWUG5`! z{`X?Udx57@u4i2JkGm72=mEk+(YQu1exf_IjAC%)fF`ANB|(b%u2Ps09qh1=pNU4SSfQy68v(< z8|3-R&1jb~f&~p#h05HE%!~04K>H&B#VD0z-Kq228U3@dh5f~?Dqe<41>&K=fMHRDnXu^90aPed%xrc^-2|YZ`@o68MR7x4x9t2Alcdf9l2mt%ev5 z*xSQ%Ihnr%32B$Q$Zz;K}Wfisw)^Fw{4PFaO_#1}_!q z;xYa0jyii5Xm;35ywnsu(RZH@uTQyU4XsCYxTq)pP3)Bur$9MkfCcrdvDt1 zSe!3=)Eyig;y;Xn2*1nspu&?S1*>7fJx=!i12AiPv={97NnrW4rS9n2I8=Y_CR(!M z*8$)raDaFFCk;Acf(89q$n?hDvz>j0ate))>fUrxRzS1=TT(@qvgGcNj5|A(qu)6U zq@Rs}bl{6Vaa7;}i$?j&1Jh`;{d$oL9tq?CfzIol!yK+6PHqu9y}Fj$7Ma39Ia{t$ zZbN--fa~@LBn>kC7%}2AcL$|`aorz&cTj*Fa+BHJbN@#T59r|~%YPpLzCGq&!)1X5 zS=uci?do0h(6%^9hEd`bWoxj_+59hrOK^PFa?>w zh)7TpeF5wnu-eKMqjJ$fB7P?XD^k2-;#alPY@SFp8P!Onb2-c;drjv&CraD zjHpafF^xxU^^jNQpIDlmris(0g^`JwvI!lpnV$t+B-qw1p{S?V{s`nK`&bUbpP9MpWoLSzAVG;(W8q$g3D z3hAC78bJiYgsZ?^INM!VY=f_?-JJbPL4mx*>K8hmF-;+#C!%w^lX^l`)7w)rf*DCO zwknX>^(NT}UgmTpNMk#yc<2ar1o4mw*Hew$U)}V5 z3Z9zt)foiZhasSudkMCBA;fM?!!OY8QJ^OPN!%WuNgD|fQP$47=%8=R3uu%uA4w${ zH5{~fVrA?+jq4sJ%ZK;Sv|l4}4u(5Khj832ZG0F4fP}8+=jVTzkG>HYuz!p~iKB`f zMJ(o%v}vW9O$2|qv`6mw((UFZ8}Cz*7RxUeEyF?+>LsSt@-ReX#t3GpgO-(|G0uJ( z7(CzDr$mliKd2P+QXlgo0{LF2J3%3FBpD9;S3Zr7IHe*Apu4|_ZBaJwa!-+m%d->{ zX9>WryliqShU)d$L=M-meCQx^%$46U0_<_hm7t`SZdWG~^S60<@<^H9b5EOA4d`XjxIsbB#N75TakKSQB`{PJC)B(31A`Ppy38YXijd;=kdLFQM=jE2}0E)5JO{=T1pCx>oGfyq?j*N(sfJl zzOE+9EJ@CA31@y6A^}~OrZ6(Mbqto_@~jXl6{?-w=(5#P{fdhw-b#<$Q|H`%m2S{b zY^cPe+OFp$V`sm-)|MtJtd7RHt5&fA(?Sk)FmxE5ra}vZbk%X&^)ti|GK?mv?AY-1 zigr-*K4e3&roqvDrgm}gy;8wRUNhB3y&v-E5UJN*6r-QDIn<%kz22Dd4X3T|5-I1d z@Qz@{#P09(%&Cm=s9osDv|hb{JsGfL$^dohZyJYjg4wjC=Ps&DsfMhgH$6l5g0(d# z^)J1SOR}z18&0c}$^4FU%Z4rJ$uu-cLj)NJAi~MgoL~(+;7NJ|9`@8D8!w}g~KFD0oqhaeYbV^u`!8@-5 zjJMD}>s+oM8R6V^islJBeM}QHUEFe2%31g0J#s{h!)2Kx#C->e)p#>iN~!YPee@8& zN>1_6X*zSRDdp8{I{6`ub6FSSoppx_V^?2Tiw#(;3zoeHF-X_F>aPsHVtBbSKOQ@RN7_rTcFIT>F5y`e*HoCa4BHTxI~AYr7Q^Jcqh z*pDFQG_Yj^hI)g`aCPt^>zSOfCX1k5kKlg&zRRrdFVR|yqUQ5>!=%>YvZC>0Fs}%r z7emC3F_5dzTcw8~-B+84b_xckdg~ji3|R!pWC}jjB5gp$)^0vhboT+Dz*^Nb&B)OB zGM#c~UGn(1ozK8+exz1zfup0)!Xnn8#znAaxS59E*Fqh*4NdNmetd$QO>4hs;Nz^} zF1#j-s5oE#BZQF=WNU`e9NLTn2mU<7)dqGH60;1-w9nhzkABousSI(`9t5oOo><%yU zp+1=^ap@@c(A=eswqafMVZTyvh7A1%oOfFXA}RO;LLG+Wl{)U>i9=D*vPu=uz^-CA z!9I|=Et4d|&)tXxW%eIR!dOw-Wm~5`*jug*41A;6KBtI>UUHg0euVp%kC?)cf+qK- zUd^6Hh(QS`E=`3$p~p4O#W|9pG}6Ag>T|m4MYJ1c*d#4K@NBt+!+#uNV<)!?L(U;h zTbq69tj6CiAH9VV8LDAatkfzo>iJzM zd${!w2uSLeSP1YVhawiIMx7V~D8Y+m1dQLMH7(a$SKyjwIY_gkw7>f7E|l1QUC-@9 zHt*JWMlPxs+dzu>*N{VjTT^~+`3TwjYTXfknICu`3S_unHu+iZ)?VQ&_Nwcy`O~eo z?o7sw<*&xkW4dK^CNuNF5>N`~9JQ;*A?>_Oqk~X^4 zp7}*Lv%9|aaNqzd#TW1^amfQ;bfSKNj~@(R>$RURjyUvEB2~1P3g;o`V0uNmJP3!{ z6^)iXzAS(%3XKYe3tx?DYVA5}gGg_)8rUB5VbSeOQZ*HcgJcPlfXqSz>;U5+*719BrEe90Bb6j zuI=94FG&NpOY%tNxj%67!rr+vPa-ZDsjtj5iLPP|O<%DL@tsP^K{bIk!BBnBJgafM`aWNrDW=-@gRq zuY=yr25Hn&B}2W3CN4fgqg*ms(sJX29x<`z5k;28?KSZgiUWU4fhJBV4}M>zkglEp ztSkw}J1QVetUw!jAH*ApcX6)4?$j%2vO+iNF~r;(C(H{xdbi?hZU>D~JhAzpyLEde%3` zJab*>D+8o!M` z`D^0t68}98MR8ECm037L?95F5);O5wYd(3I;jqkUY={Be_+0CX*m{sV72CRN$ha8P z0WI*8`0oG;oaHDoifaax-N{I>1Y?pxi)OM&oT8HU>1%=kpMe_;A}~IDW&ZA!Zwde2 z3+JY75adsy5lkrYSHT<(yV~`Bl?min$thJ){bkiu;G6!oYMhk7Rt2HcKe}S)xfiGp z6{6hNHOj_0i?pD>g^6)}7HQH3nBsfhZ|!1LyPSFq)@X+lE&m}-*qu)rJA5X9X)25z zfCa3O2rVT{S6^PR`qdBnjq*4|AOzvwqsinu_lFXu&p@XX7=;88cBU6(F~Kf-BoaAjVd@T~rx9B+p>q&;mWGaTbId^AUfv7r3*1@R*H;|b9$>GlZ5xW|?qd&VT(p=m4 zJ&VEqN+`>m1=;eR({aTH)xst2EC$rw*L6J-(AgJ|&}uz!seq@aPof|b!EIZgKlWhHaG3f(dNPe6F%hDHq6qU{=jGM{=fYErPr!hONs%b8r1Q2yoUo`Oj8 zD{!Vb{;dQkD zQuGvbJtzIwS)x8~3QR_D;XxYWbQEQF&Ny)1sHc$3a3qK~(@XCKc4Ub#1Y(clE+rUb zy5UnTjZa+m9nbQmToepoVmzEqk7JeVl3B1IK4#TmQi9%Im0liocTYxPW)!hC$>wF* zf8Ubaz`l;pQKXgBObNBLAy?rTkHNs_w z)DZr&Xqog`ON}by^unC=Qrv*0ao*8tUZIRzSn*lqJtSmJy!XYu8|=!YZ+w()=<@7y zJ`&efrlUMV21|=W5P(C591xE9GQK=*Ej=Auyi5^+IC%-9Ltz2$v+RS$Da3`-E7YnZ zJUL&znF7OJ@SfH8yqG3}*|%H{ByaspRJiU0qS^7hJ|J|(LE{dX-Tk4AO?X{B(djwD zDYH3{+(NC*Df;8BaD0!YamdlCxn(;vb_z^}5sjGhra8N4P_< zIl*1bt*s&C^hgz&e3GGJ#-Fod_#qHmBQwv_-Bs09zpAdP&ME7)=D^;b98~VhypxRhZYQ=6rSfqw(aa@-oyC-uJ#CZq z1n;Lo&8l7PNZl~%5$(H2!rq&bF}3JH(ESj$wd-;KAJcmsaWFz|z*5@zH|}@cjJUgN zx4rIa0IW$jhP0?a`axs>LHku47Wi!$_=Ntj=jtoTZ$~vg$ElH0XM4{!G@N3JMnM<+ zQ_0|)C^JzhV?>`kGV0@6Q*Je*G4PuK1QlXao$NvU=A)wE$3>w`vXPOhSWb38-g-h# z;}b%r{qPXvz?yn(J=i421~!5_epf)s$alxb#D0B2NJZ(Txzb$GxjcR5P<%}A)F2(_ z2{v6TLY^@yB=H)NbVx)Yd8&beGx-xa)>bMv`#PJt?Z%QG;(ISf0*h+KHza6UPZ^bc zP-eJE`NK!chWfLQ6T{PEPY9OD40i7)+fTmRdKQ6fl8o-Uv71!V;A#L*6lt~9)}nF_ zXa+Wv+`locxl*88K_DDz_Cop{&@dqyWn5X*03yBOOAfRN?;#0;7M(qhNu~}aMTbD? z9z)Iiifbggo^cDLeGHjkv+(XaYFNmww3VX@k8P@B48=bhWrfDQEp+f?s$qEK)Hg+&U;WG z*`nz|ROkb7P(HjF#RQSo&Ix%FLyww~LLYo6jI)(3E(h17ag)zIg( zY5TRiHwv_iIfF=P{xLHno0seL=PE}4EyV=Xes-!?7Cdt`v;Wxw(EBxw@c?mtRP0Zx zsg|90E}!%s76=;fFH7Ct16X=OEiYRp1RCM~x*ZSwj4&=3I#ceI1ty_6rteKNin^-s zlbgdSp7(VTX&t!jWU-Rr`P>@jEuYlq zSI#bj4u@`EE-25Pj_Sfkq!?vB#tHzzOyS!m)InG%K$#u)KFc3kQR^Fk=LaE(D}?&2 zA1b-ewXie91J9G)YV?d!&6O*%<`DEW6u?ws#-gVM;1HkrImQ4O_d`&|6~DLm zceUUV@QgC&Q-|>?kNpQEU`*!aPX$6dLvO;|-M=y7;^I-=ZU%ticd}L;Z`|yyoe(Hq zHTn)70J+p%7$Gf{hbDU#~rWF@}*H8ho3pyvX~VqeV0MNcMn8)GSa zJtcBSMHmzcKPmpfLmy-}`e*=xAt3`qusRa*b{lEvkwr(>VLS_z1`Gw4MzE19)gLYI41%0UTeu%e!0~|=Em77 zM_7i8yoBg!bkxxJ{h1hU2%^vk#J&O|0iUByXzqprL&VNu&@3SXm&yN-an%n3iIa!V z*e#0C1VutV(e@2+Yh{r)NG~RPr>nOAQV%>n^lGk5EnUI^IK$T(gOLCcuPD7QQm(u& zx|tQ}n5)X1?7iHcAY``pG%FY?W);AF#jg)|`+?=$7^ci<&6Sz2Lydj}A+d;KqNyRA zemTvqT3Qv9t_S_TA2W{IvB;~8gOvrH!{}NNU$mhQXj;E%6B&bmBQ=B=9YlZ&YJ_%v zaP@+lg%;%{th0+om$H&Gj>gBo$%9IA?E`)i^faJs@SNPRdL)2Lj1x-S{}vyC&(3E4 zfLa_~E!d7wmp68hippF4$<#3ud}tMBpr=-#&GxCu%hZ>dqIgA$)@GLyQ9`;r^y5*{ zSP3b&hi2XKw}uKKW8r+Uo6XlyvUL*!G;f)xKHfRONi4G)3}r~`N#)bZO16)TY;T6E ziNkxL6igD-JAjdC_wdnlK{(e&=PNBahp})|3j+@phSUe(Nnu&1d#G*KmGts!C~YrX zkN&z-t;9emXmN->oIxN@Pw)(HmRohkbJIQ<*gmHW0IR{!5*VPt7UQtlh)7;+`NrLL z_qis`WcQy)E=E6SDojv0K>Ro0sH7n+dMO+{R_y z|6Fon=%;PH%927cMccZTP54*>1#RAl3m8vI?foWHvFx4pVt7!fU9R3HNn7IkS1tfW ziK(<7U8`9@SQNF`M3;Q;W4Kf%{rs(1`13^VQ$Bt%g9b77S*NFvkpsrt;ob z_Vwif1RRMD5oZTVq9WrF5romW7Cl5U1hN_5sEAt1ix)rKC_(rF#9tCDzBP=NNxm;o z_oOr;FrIYz<%l9!BQ5%Th+UMb&$%z9_m15z-p%*VU7PG=EXN{S20KV$qU`$QH_`II z3JO^6eAN{PoO1t%InJ=l2=DD~rubm6dbHhT+2ucv)@*_&T9h5Civ>1Sc7kTj&~(T!WA| zSa@?JK=BM>$O9 z>q)J}+0?C_P0bG=pTX{(>?p=}3_|f*Kj{VzF3jNRHKr$62Veo=(0$i9npTnPirXl= zn9s;b2(uxWE_O;B5jpmhTi@N?6+{dXY8YzqF%UK%LBd5En8b@ z_GNRW+)2Ds?{emvkUW&l%DO*?DHZVD{W*A>DWIRIgL4wLUoc=5$(^Tv$0ho~CmFbh zZ~~a*)lY6HFsw<)uMe|{^w|l{Dl^-tC%Dxa%ifP{Bj;fz(}e4ZSYc732ZFGRnXh=` z6QCnp+y=(Gz$(pp!ntU!_yu1s_}mKMr@u)!`vyuyLeftcA(B(Le#*c$l5dbn7ojac zL)Bb4{O!#wm_+YZ zad2a@mWuE$h|H+7l>i^} zKnfi65x(fGmK$m*I|x(KJzc~x(G-pYhY+l>J?3pH6JQ;wlY`mCoN{XP;H}ZC2IBTk15FwY5L07!IT_t1F%__SCuCw~3374Hjsj_WFKV z#md;CLEl-50aIzGffuq=QVOm@M#7~1Z~D?b!JKi0P}g%wG{3aB+&pc@3+U7cSlBP+FTOVfIz|FS1OH?QCU9FsGo zE9ECu&1ap_Bte-KXS`*xv%XI<6}Z_|G&vFaoQ8Lbaz?u&Tm-1ryhuiA*<|2}PIXpa zev;bHkR&DCNdzSZb|ln5y5kzGe(SVg+)e?L z^;@S=D-Gr!ITHRiIm(3c8Bw~OFt1IF@-lxc=@nKA!`%%+UXgzMOi3cOx>6^WQb@tD zx$F93TA(ta&Cft}aSxwJYx9*$HB72Ex z=Hbbklj+FdIQ1xa=PLCy&sz--!*TN(7Lvh3)|K5koP=okR>wimo{?(mDoGZegZDEf zeU0GC;tqj{{M9ujOa9~t%dhzvq`8Rkv1H1L^T}qO2GN|9wEU8L)jCu48L;_$+1}@w z%g?)l%^GXNDm^!7YxEPt~GvhGg$cn(AW^{%h)k~A%6!E z;!9<8LX@MZeSFeS4Z9WsRcHRZxxG^9J+q`Djcx@N10sh#dOnXRAqNF6F)Mj_yX{?k zlcSQJ`h|rbQcn6I?S~2GOjEJ#K1Iwqt41T{OhQSi3ZG0Dd*u?J2@TwzsNKBr{!$>Y zr2eU26ks+PzY!{h!|Ng*OeT)4!2C@oNjJM*`S?3~#Nu=#wtMsoj>XPvkGwU@&)9~W5r3XfLy=NN(bNXk#(pxF${mU^YPz*BD<6wR zUmMTQk}6hIFPo2M>dH0l6x#H)`IHapOxYM{k&7v82-V2>{FuzL6&c9!sxv=b)ChH& z^tV`}>dJP~?0C1AI1#vWM{FXqd+qRa&CN~5NDwrU#iXK~5H#_WT1@deDt(nN&sdgS z_1I}xqX)`$48OBS?BW5!5Tb|$2axbl?UU7X)n)U3PcXD-W5{ zZL_uU!;)JJWCXh2PfARww2ETuOSEciHXQxqJ=|Yu)@D7dDlMH~@fh0w`IguKHaa#@ zTg@;Zggj%H96$TUyH-`Bu-%iCNwi_pKU?_J`moht*9!VFT<7GCo9(~tXl&&dVT9Vs3FC!uL^G5feZQupI~h07 zFj=GGA`&|@>Xts57m<=FCREg}(_L5R(fn?NbwPtUv2!War$(j0tz4@}#QFWSPmi#f zk3C&?Hw*I9QASC}@%o~NGSt1)L`mhXR;W;%s`_Q`qnqY8hS^gI8W)e1Sbud|7hPB?U9X=%{Q$FuVJN_0oM zR5=RDQ9runr@_vvqN53`64wKCBhZ;SELKWT~sm{~mX_>Z(MMN8x!##TAyG=f8nl|)V47N6r z=03g2Pu!7~9z%}nYz3YwdADP)m*cU%56W>ikD;qJJXxm9vMwp>Op03G{i)ipRg>NQRM`4#%cjoJfy`t78nvzr zr$n@|=l7rQcM!8DCk`yy%oH3Ou8#VT$$@t8x)fhezof1WQSt6BhZd!#K+ngigm$K6 zgoXv)KGuiH{Mvq_vw=AQZtQ&VLVN$@%zNW%8YT*4LO!SXy2&(Ka#YC@u(p2F?fMdE z>-{{fHPbu&Anhe9y})wcOj%);sfX zmtEK1DaznzT~sFJUfm}h)|tU{3bD19XFhvKr*O82EMw&w>wS-H<-pG)%=vbx16Rrj zrGJ9MS_oo|;)(ljm57*@`M8haL&YsP_z07J`~44Uu~3-kZiwABXHT!eKswj^;pGjV z60HU|-iG;(mGIOxD=%<$tM2((Aa8+Hu6=Xm7~zSb&*-PJn(G>d6r<-go_;;rnprC6 z#;HmY%_39c#7`5mXj0Oq|MDOh*B zu;%XR(NNNq9P5K}bEWNtfnzlebaBIn-`K$O0L~2kBQ32woL;d&A_Pt0^p6lE9{bC3 zt|f2A^Fq<>4ikrE_xxU+r6<}jn_s)-i4#dNQwwDW9d3eKh|tpQa%Jn2*yP+Nn)6nP z1CBjbW;KK*KPU5dD3>~3Y=<2>Xx24ovrn7hnY7`-n!#!DiwL_C`AI9M z$ev%N*|5xp+De@^_UwMK$ug~dcp;n5@MGMbJ(j6gI;RsGdjcL2WU%@iFYR+L!l9mpf<2O4+4Yq@y%1^WpCt30G)z912rjBYxOMxAF zB{rQFSg|9N*H9$nP*^DRtdJ5~5z`SIYT9PWpgX`A~sNJvZA27zuGGIDskcm z|5_sg8JDXj7vF0Dj`GRhR(U6A&6P+CX3VV(hQ||9bMl~VH&>hHC7riMHSz}Lg%5>z2aZ6X zoZXVB&7I(@W$a0N_v+PG%S&q-wzjG6M@QV8oF9lf-&>s3R-w>ee{FSusNLfd1E(D} zuX#V`(^(|PF0NTJrYR|Qy{mEu{;;$s8O(dV!~GQTMEb*q79&&Le6&FIS$>s!T6fSU zZ-GrAhXS0c;j?sVRmMXn4cO^vvPUweWr9eTn4@=8$-~fh8vyopd_U|p9M9FFMv*#gwAM$8fDMm!Gq<0klL)b}Sy*Tz zvbp(@@VduX-n|rO0v-+K0{x+kH{;7+FmESdzD$Ts#JkHT>^dmy+2hHNH)B=vFxWaZ z)wwI_ieC;^^Ut!5QiGyN|9t_x88%_xLHJTro4WO;7gpti51h7a`o~?1UdbZk)r)<- z(E>^Jc(ShLssiNU1}Q7mz#|@V>|rxgL8?D%8cSd>AabFsHmB?xbCvK`h)!r39^Wbx z89(h*Hj6+q*qRS??3Y{gK6w%jm>-r{*REAtp|O+#H%7*l>{sfDOrP%fX{;F(r>*5& zIOu8-k>3Q-|HS+tzT(Z;2h6RZkBM#UyKpr)5+A}bxqG_gS6q^Lv}*RUoH_@m#w%T9 zoiyy~5Ia?Z4m!y;N6%`!51vMj{^eNbT0FZND;?&v<%%D_J5 z%D@=wat8roAuZWwJ3*5@IcfkGuXLpX*qK1bgf-ppCyxrws~es~*pl^40*N>(KJ5AS zK+JAJ+017vqSmUuP&DVU$~v@91=Kx{ifj7V&3PtQW=l6{kAll8Uyz4wI13t2CRtLB z9Pfbvut+EPq2^%?7T1&-$ zP1@e?a(RKd3q#G zN@-FDCVK8aHog^B*E5Z%QdBO9=u~jr{;XVbUUfJmffzxx zXCQ^=N`A()$DZ&L_f@t`0vO1XwPq=lV*8Zke2YK*5V>~M{Sbe*N0Z5PB4+Qbl)x_M z3*(%X+g6Lm{!+j7)#{&>WA5iw+et;I`=^fFZ>Li8wFeZnxYXL z=Urd!p$^a51sE%c2oWeEY&r?zYOZM?aeM1NbnBIe?}D2-?6CP^#(>87tl2F~s4#d+ zU>eghLf2j+D*Rwm!c1(VOMGcWFg`8G`LtGY!e^*3bF|B4?=~OacW(djTHKn}Ckj8BZ2lw3;c(KX2G3{TEXo-#l6 zobp~yBGupKpGbgwD&s@;z(j2TRDceusSgR8{@9T0i z>mB%+w~({_&cOOy?l|rw#Yw$@SYLD$e|ljqc@1xY>WZy_bZf8Am{nQ5eYmPaRFB1G znh4$aX&@ zFih=BNhu}7DSC+t7unojqJlo+O;nTgnkogU5C1WgGM>&&=wxR$5z{5E`Hf=fs>CE) z_6yl;XSta7_15)t{oVD53GY5ld-%f~X>t+aV#@f!7!q=`FIx`g=wCy{ z$la63G(ph$v*xF*pAv8_gKq1dAHt0eV`be5PFBf#MQfw)&&NI%GHvPQZ{EPWG>QHH zG>QLuDF|kF6hoq0z~&*obI&*poK$J{1!a}Y4piy79_pK1FB$ie$=W;hZYY_*0oHsG z@}zwCPe%X*+&QSeN>WFIccii5JkU`Dp?5nZEwLczGj}b_RZv4oj=_w9doo3{I%@}1 z*{e+D?pz=&Otya_tRTC*PMJ*z76S+v-tCllL<|Cjdiu3Nufw4c+7IL~(P{of&TjsP zZRH;*eizshNgZPU;yAE4a1RQbW3y}X4S7Kb7LZI7RiFOX3GisZPaNwqfP^RcPq+<1 zXvRj&(m><^^&h=|{ecafP*qgA;^R=jD8Kke-olXh6Sar_2Q7<%=l2K|v?^x9FoA)+ z($W&D{W}O5L=^2v4FTCLc3_-u5ZF4*C?OE|hekZ$H^cLEuK(!)-z7Kx%`N-Sxxqkz z72tarsNwu)payWv=@3NI(?B>A&qN2S!x+pcH1y7wK5*p5dUr{j8Ut__a6RzfK=FUG z?7vy|-@EKT=)C`{T}G`AZaW@n4gYh70<=~p;ay@xyOb(YN&@NXJz#6_y4T=k?*Gk7 zu`pI)3sOwHBu2gK#9s{xQmaK z2%Y)CJOv&efY8O>pnn8G;PS{ZM9MY0UJFN4bp}UNlTT7gc^%N_2oUBPKE)Ob?JpTY z!oUr5H(1J}CLM4hiudqwIuVAkubh9ZSmQO5C#noqYKne^0-6}L6*ikm8H8Nw;w9mD+w0c&GJn2 zzPZVpf!rg3*@We%-=UWb~Ai;^puu#)k?Y#szWPDE$#2#dRaFs5kHC zdX=@gZs1K&g5;rrkEo~1l0=b#7#|Bxt6(lsGVtT@q+1uqz*5vVjVGJm zvQPekcObi`8y_EAvOLCQ4Wwb(>p4SIL@mx-W zI3|IunJZLbczEYJETxkKmSXtm9i=?$7Z}IdTjR0HvFu)EOtm(7(wJWsglHwo5+TfF zy(}ZN^Wk00nyH5DHqEYV-m?^MtTK(&Oe85-L9X*W4XD$&f{sRrr3+sKaI)nfo4glp zlNZ?|8?S$M{JMtxwp-)XH|sQyq^Nyt38N0JY@Yx8l9WpTYw6x&wkrvfpLE+aeM%N{ zGS{P%Ql|}DC($Ln^%kVwh#xpUk)W1^8N_iVxR4}VBQh;QHkGqfy~~ddV_p=_V2m9_ zD3X%YL9p=r`j=AUd0KzMm^oThzw}q7>oBLxNHB=mc2TXODw6o~q5H|g|4euQl}%sB zlJsp9!|&KQClUP`>-s&q%_ne(VE0$Zh6M5Z`6GDwIIbP833Hn}`p7O`&-&~Yf;W*3 zodn1Nulj}(9?T%^HQv*4RJN~!wAt`MHg#{q3McELrD;09pw9CiXcL;0ERn)&V|7s6 zPvl8$zb8iumu8cN9oH2IqW&BTY5--F15p7xHd;^y;yr8HHu(!GCwe4c3HVO-5F9`2~{6w9F`O2~T^Nkj%Kgp7sU$lSzlH5vb@) z&a0#cE{WDwA0v4NG}W^w&Sx>LWY++c6XM-smqC9e&OiX2AZ>}iNBY2^I@Ogy7NqP^ z(^0`Fv77}_$&yCcew;x_B%ff<_~w_omhE%V&7X{Ik!cU(h$KHaQhg78UYY6vZi!(v zoz+lJ4?>2pxMWA+>cXjn&AP-wKWz#p3}BXXncdtqqOH6^4=DuoEZ2-!iDugA{z+P5 zn1Sa2)95S@(qaPM zUzDz(Nx+YlDPikE_JRSZIph0r1|!kS2Zlw7ztXE?i5tOvQ}dcbztFXk1pI50UliIT zBLcH&IPv{HfFyYhkWlyUstr|0gOH5YZKrnC=o*3js;v|Cl zj~Bz6G}>7F7)|#bmB6Pi5NAe8UWoY!9iEq0J5$4`~n}B1V-846iEycF314Hw#^25>*J?O z9SVM`r_C+#<_ZQQ1IQ|QDfL%6FjI47vJ;&J$l4MH)2JWyC;Ert1rMpSNdQs#D;Gc; zR8`nK?WZNZZ!Dbtnt>f0jq?FJIP>U^AYjwq3KIP2@fR#2PggkC=k zeeoUaUgGzqU?G?F)W9F4;GqDEfqVukXR;|B|2_saCrI$&e?=DpCiFNzH(7wDbuFLl zF$j60q7VCZ#6X!)2wXlC1RhE^#%BQ!0p|*pC)D^qr__ObZD5Oz-&FU3G?jm4T>Y2H zZvpIK_N6_14Q5149QGDu;K%`Hk&yo_aM&;#v#B7EMU4fV(#nl8qn3XdQScB^=p*nD zGk7RVsu_*=f*qwnZ{W~~7fu|t>zwO?Co&2Z`r*x^yE`=fBCK{F^ zs?KUQh!!}VxAQE_l!NSqR-{4hzPKxJ0KJN?fjaKL6(EqHZ0&#>;31F_CCWg1>km5~ zazAf&mBLZb1*X;(B_L@WjsgFV$WIFPpT*@Cz7z(!=V0@y0_nLf^LM3z1bjk=FC9o} z6UcR5_h1Ls=HjOFlBjD-MHmBY6i2=7ot%j=B~XVR4r{ zoN>QKG;}1XiC&?W&D^m`s}u4E$E4yb9CUBUUGJ=?PkSnhN@Vo*9gq4&yny8a$Am!o z_6cbJArPGJpnSkEgdhtI=0~HpQOT`Fn118SECu@fD!XOF3|oCt8zAXqqqKdkMk9Fb zT&BZh)%Ria9t8A3*mXCb!)yi6bNN1BTe--iAZ{#l!eCJF%WYiCnRSzv{Q94Y2vX0-!R3iD zE0qdWimB0^nm2t2c7w#(3boUf6SnWqC(NYjuO)nOk#OZH7wHHvrIRqCg^BVDr`ILd zE&rIwf^T;v1ko#yqHu{my^-@yo;>65kap2)r4ogOoCTNa2?vckk`;B#&6R6J^xi1o zU_f}+Th9u4<9q$rr%t=KUc7uECGe|q)Z~K~*eh=^x_ahY8py7g3pV z_dBDT3dQ{BQ;=V6kQu8t%j}x{O-1xYii^$qVJfkjVu%*2L4)+z*c}$Vl7!P1R(GiY zy2JMJSu%3vyc!pAuUC>CrrMA2!!7WyT_io5q6Nk$^70O4rwQgHB#@egiru?o7r?L& zY4(HSJ;28TEl7ODv#}M+EowK3$Bfa`WdpqEC7-DJzY_n2eS0HE|A%GOONYmvQFFsL zKpIa}%furR0RwQw(MEau{0|qtt&jbu7)+#tQ6i2}pa^+UB{Yzc^9=75f=XKWthz1f z9X_y@>a>1M8;d{9{BKXM@tipzzr=j+KqUPuqV|sZktdzCUyH*`e0(6PNwly;t5{{u?NF?HnUSYX)v8w=#btDflc~ zTboDct<2frhqk+ryJraHFVtq4pnr&^&#f+!wIUi4@QyS5xEEjFP=)fJbaD=f(6mZE zq4Y=90zmGg6Hfi6c9GDeZvr~#7A>duuF~9q(+sdt-m!Uhcq4_J93M2 zf{>@w*qmlJBSpP{!sNw=o^!|$3iSX&W~jDrDae-!iUcQzQp%0RUwJ=^JtJ zu4a&2t)HFX_6f68SDcyOWRv$o0aq!A3bA!NGqJB@kh0%2u zQPXgAD!0vj9Cq*ggo(D-4+G^>quvE3c`KqZBa~e_G1=>DyzZVBl}N2JKM39Y&r>_0 z?>j!wwLa|<3tM9q)tT9zaf~Of-LUq4BW?KCTEQEM@n0N+`gyOxZZ+wyT6+LP!ARu5 zTQlSSGamJaB4t&*Btf?_Wjrg7ygN_W`tG&`O>BvjhYDAG`A#*{5bM?`J&OKJm<)Mds=zc8Uek{bP-^ zDn{Ef=hCOWHVK+3mi603U94FT;jd^Oy#w%yNXI!6pdS>uTosKrTx=fCsFAh0x9{x5 zlsbNs`cn*VcoOyR0|u` z;q>>B(VA!5i&paQw1MCl0rdB3PPyokQhpt@M)Ze3!UDf!tf&Y|PkvS(fl}-Jz4+Pd zen>o*RM62yck|40@z6oLgR zJcK!S9049h5j~q4{Pd!@;F9BD@_0ayMFJECA=zx;yN+DGvA-k`pnbeILUn&juwOO+ z@-hYKzpnZ$x3bj8UDXF+0Xkz72iE?8z>cd zWDFTP&TDk==HG+^P-^kuSXOEftMv% z%1?|A;l}{3(>Krw;d0Aw0NU1>DdPS0OYsi`fN-p79lx;93{hUdS4F1F@BD6n$Y;?e zn)uP*zingy05?{A0JN|Id*~_Op9KTrTY7~m8fiT0@(y$RUioX-#fn+jJ}@&6Zvb9D}M4|(4qjAC^`&Jl-GBS zEBViNESHVMt}Ol0e1J-^U@1?~<+#9vjFVu0=@Z|5FvK+1r^{40)Lb87gTKT)GO-T; z!C>Ib7=0qV6m;>|z<<{|xIzse(;vZ{1syIb6{yVtMg;i(`k!3}*+fBQkJg>P20>|F z(Aey<5aBiW?oJnoDqqU_OO&irUCBVDkYB!4AIPE$HhnkvZ;)NAh)&s74x)hg2 z4=}_A$>7z$qz96X0p=s0eP2ML@ecUTkaH0G^1BaBKulOYue=rg`?oKH!BQCBa$iLQ zq$Rof7pGlS0QW?mx&JlD74#VK52slT1BGM_eD9Y}^6m}$?;EON=K!`*&vF0?)(D$} zK42HW|5Fz8*Si1>Y#>n2r+EekhN)zh7A@ze(WJ^^{b8TXf&BhQWze_XM>u{oYDm7~ zIW}|t+BDV6g7a(NzjO|&=I6TMkM#O1zHH}i{9GaLu;D6DmO~AJ0`WBZy#)Ouln*eZ z$A!vPI%oRNjwv4_I(r71&YcP(w-?kQXsWNp`LTc5SG~M0tq#cseL}VK(MxVIniP6{ zeVL_&r6}cVNrj;Ocf0ms3k!`to1hbxMd$rrBDS#w+$Vt&Xh%@ zEBBPTgXpM@uA&us@v65ULGckIv2QQrv%haCDF@c``Goz&YK$n#zv=bt|v)%q@;_oEjTC#DpM_{?FdOK-s>H55S*X@Md8ZWd!gVT{ z)bjwd!*S#NeL6H5*?q8{F^r$s45nq-M?<4|%fCj2>}x@DlWT5cYYz_^Uln@A!`;{2 z9#MeSDc?LMqRHfB_&ro#iI;-JG&_dGMf0A_J2}XK(CF+u_ISf$Ys1oIikG}WNM9Ur z@NS?#-Z#23r*uD$o}S4Iw>^_OraFka?{%mVRtqfcCSj14R?b{k6!(60p2pO8zSRA% zxvf_^G(DemgE#|K{M>`xnUlwv`&KupL8$r)#w7LIxT)Oniqk;VF!peAmV9zPYr3FY zwO3p9ueKF>(V4HEG>g438r0;I7bgQtyMm$Gt)zPpk*eN}Ug(83TNKTKkBCt<-$Hrl z5MFc!R#FN#uKc}wK3d5xQ+LWA1p^M>jcQyiQ5ilF^NCe0G5b=SrD$qH$$M69f$`Y= zv!Rz^y{dp_NKJ4;IrXfNU&2a#;qrosJbk3TVOxLd<~W~lKD+HH7Hf+aRSu|sbirmj z+HZI~6~Z7-U$s}I@P6bnm+V4M%!>I1Yw~%?~(w8y_9=GORI@?7Yb0 zP8rKP+0VKCJh}5c>Te~Vu`+fG*yk!<2FGs#%XXEhw$fax0SjvBKhK7ys!iq2%YWK3PO?mmEoCjXZgze6J~;!WXE79K zKMenjhfBkuJ}WZl;qY~UqrNeG?#o}*sn>2-577t<#BoSiywjPc$Vj&hyWf}hwMbu} z`#nDZ^H^klxfL_nxeG)+Wn~9=5muRzGxC|A!#aMH*}jmSm~N`QZ-t0+rRIEsUU0sp zGhCqCT4q~4%U}Pe=L)K$%SC^R^cWF3uT%G>1TmK)LS3*nbehkzGiTLO@RH)ThWqeX z$tA~ee1s%lZGQtbDi?V(KzuoY>=pr{#UspPAcrAL*>#PKbYQQ-dnocI79j}F!o@qq zd^F2gV_7tuW+VLdkD>QCK)9<0E9%pQz4@SsPFS!?vc5LB=i-^)Ma+K_tcTTa#OIWC zm_zSZ{;FK~1m698m<&x}6R`%vL^eDGIY(9$A`$WnbV*?}YIe%)iVeQ!PKu}V+2&7@oSN9$#8b9>5Bw|>(iq(z0BAYQ1kVaA?q zWj^?)zuF<__)L9Undd5Hoy1_li-I8Nd0p8B)Y*z}SsU7E!n1PUO1AuFs@uc8WsbQa zwc{2&K!GvI)OYgQA1d~F)?e&Kb#Ilwo)lc`B~p$8rKhMd7;F5%2#Z2ul(LGBz$>ei z0j(bH(AZ8&>S`)P8R#8*aBmIgby~c7h1!e+oW_&+(4yR2(-zmq@rf|Yvo=9uVn^nF_`y*Z|1#u^$W zx&6I2lpL)oNJ#8Z9UYE!u#fzG`7mx6Pg-UAlM6Pw4p`32zICprfUS4G$k4z#xH#Qi zxv_?gIss#{Mqvv-{5VB8-tLaYs8cEy8;2n9Atq_S8T0~;+;=jUxc7rMKyy-g@~dbb zz|u1nQW#H8!<2qO?gHS5`nv-ZK!`xJ2(=4PVRZe1EP6Sh-1JJc8Y&n7;QbB%OEBJu z>f+X1Y4|M6n;OChzTwoMi~It@l{%V{7ivVX5%J67V{(aC zzBs5ih$lTD3__BKBW`1910Wg>t$0yMz=ELkoo79?g zypA>lh~_1;?ilo+QQ)(&aHI(XGwM+qRCT|d9TqM+2MWnwvAeE>B4wBwIK8^a*h-(1 z&jvaSyq_nUo4dUTUlY#7eX-#h|Mc=C!SF;OVv4Fk8e?JT`pyls20$>-ODBxy$WJ^D zeEy~$CfnK+f|Pw9lYx3P0Az;=H@DDmV^snixQ^aT!VRkJ(YTfUz%f25!720&YnntO z58xhX<y6SJZy+sV2hF&WD`}!@A6AI@Q*)t0`MvjNuH74nCMTzXFN3? zS`r-A{};@D+QKh+>7ICkgQ$IQ$NYmv7ci%pcS01PPYTK}{olz{tcsiHf8_%FH-rCw z$l(8jOdXyhjbIkYdk`#8!c$x%Idz?}^joPYLmk8~E?AKS!_{N?Klh1N2T2>bB z@(F)fZ9I$Td)^=aMZMr>SxF2TwoA{K=VhjbXXcsjQ`1i?&c$$T-Lu&`c$jK+cg+kx zzDr&i-fwh?UK-aKaeFG7P0(^MzQ~)$5;K&b(aFf(oiSSfm1fQJ`23cGTo$}Ls3*qo zgq4~1FijGKP}>?#BXaMQS@av$s??c-N7+!)Brat;fM)Vi1F zdvIkpKKAmrX|h{rtl@XYSeQo=V4JufaTix8y-GCPqSsQ})@I3>lpTM%vS_(?XqLTO zoi}86EV5jEjAkNHkN*2*v#W}2gTZ)}Ok07@64OuF9nkQ{jU+FeU(ccNL=RWQCAHcI ziN|I8J)LW%$FpR)w@&la=jhAP*?|Z%S&tYSso%`On+DC{T&`iSl^KiQhsPc1`X0+G z8b0enJjKrn+B5V&(}@fZ;7J0q zY@f89G`!cjBQ>2}f9UW%T@VqfcZ{-#(9L8>J^J8I zDA(fLLDF3`vbpeVt2!GS*}5;_}II5p4!0yZ(LTLdsYtS>(WT%7)PrK!&P&uFV-`?>!nMisjFH--R3cO(?e0;pp&54{kF4yiNVGil}CpOrfKu zF>ZZjx7F`e)9pa3&R>BsS!y%nnStyfQ# zVbNb`TFngJFApzT^dz1=e${)XJXLYl-9=XXyX(lI@bT%j(Y*7t#9@!~3fjA^GvGem z!r|}E;57f+)`v$p#*?0iN}fE&7KX)~{*&o@?hkd~iH9b&Ec4GTGpx5K3>LfgtJmud zJ?i&foz!y0I%FK?J1BRDBE>{93w*e~K#MG_HMfPPKL~(EQ}u15787D#I#p>;&4gkE z?j(O4@+V$9+Nwx)nG5sLxTll7;G&oh;Cia(?JX zxAtu-VZT}{clU@-2nT1+bGvPTeuFJ(J2y6Gew?-J{7j~7!=r*_a6*i+wOikN2G2Wf zZmmYXEjixf6IXo?X6Kv*aXZ`5rcliK(qKxWO;4{5yAMq(`#qzBZ!++}25G5_9!a_w z>C~;=9Z$D;A38V~8A$8*2(H{Vn=g(Rk60ZCU9Z!uYq&R07}<{}Ws=BZfvB+Wid5M& z`6uiVd##G(8q|t|69jurw?y79V$$JG;=IKt@c(UtEuD@1N9oAB0yTZC=e|nIAS?^=t=newM8xZI|UF%TNTp=WCHL zk==PuR0Y-H82%)q#kC&`W?VZz&L`;L*JF5YP-A;C{lg_p*hSMpg{IX~lYKBxRiURdT14+2-iF-Px057(Y-jnzqHO%gVy3>VEN{wF?|f}Schq7^tMo&9 z(2bBAA^tcY{L}NF%E^AeA5UL$D%P-Q+C<+a4rPiGikdl$Q=xa*5Loo??d}$6I2P*t z*mU~U88i1QJ#Db#j@;aX@cu*pdEY7>kJrdZoZfelZd@5B?RR!?7*?T0lHa4-?qny{ zi(F%qaHYJ4@EN&#@01K*hC(xM=XlpA*yEAdnD_BiHHX};#8cs6nZBLVEKZvv8e>e< zh0xU9SQ)Q4r=4Z>y*%V+^n9}Q^j)TRvv0)C{iGbKc+$jQ{y*CL>YzBHtb?QZCs`~tt)}xIjs;~;Y1;4yt*=i> z`G!V1D0$b(b=X)c`UH`}oz>IocPUaY7?u-6-;FatktuSUKFzjhfn?K@9nywVe;R)@ zJEuJ<-aL5DzGNv+zi+r;Js;3_lg;&P?Y%I)f6unZ-`v#_;4?YB?gZ)p zYtPG4ErmGSI`9vPA#9wn#0=PK?9ln9-oPv!WfvA-y^jNk>jxK^lQ zGM9-*7oJCTn?zIbHQ8>P4T)U}q5n#a=50~0`s9W8M?K2p6sbG_j=r=8BLgcPTdXi> zdeq4EaCV6r%HMuxELv;i?>BfU(ZHb3F%mQwHSme~Yx|e=+Y9<~!&68|#_m9dKHDdl zg>`z|)p>4W*lF#aQCnCplOUrZBUUbZO1t@aRO7wCP|lTT{cJX#-JgiUK__$+--)_2 z4MgXyBl@qFOTT8F0a4c|vuvlfSqz`Olf~{6OhlEh6iK&UzP-S8Ou|oe;^@NjcP911 zJnCpytNIa z`<#eb&!0ucnredv1&sHdx&uEtZappcJFQ(`InnUR;GgCqfSx}ev{s7+HX4QUD2qNr zfI-i8wWx4#az`1vcp|tcyq++;0>M{gz4Zdx%$^-GYSebq3d4O{m(B$?wPu-jc4rhk zsKdzj-myx2OC6U56mC>2>1mY5B+=aUjY)Z=CwdN-Z~VwoLo5l0W{cXE3(h_(aTi1C zvowMnzbJw%J{kOvLT?m!7BP3313u)BBw;FLS8bw4oXS1Y>G;sJe>+;an>dmw^zKbJ zx9rw97~e?C_>!A*sA~rM*s&;|OFW{7Rh(c7g`R)*o&L8#p zI!t~whyaR@mZTv=D`A{VL5&!QY56xYW5hvOZ~*LHV{#1Jx70Tn=BxCxikm`=V-?mk;>V*IU zonpt2fer+zq5-m{_vVr0>xp6sm3Qx+JxU=6#L)4ww~9hv2VLRC!(wEB{C#nQ#o3vVq=4G`%-fy4eapXy+c9TogF;Q zQ+^?hD%bL3Q|>IC)_kQQrTtr(VTa@%5@m?C^VxPubh}ZKAxX>On9K{J4@`5WvNnqz z5c^jBexw1+l&e!i8^g7;??Rh$x7ej3y{8iWy;39Bms;!lOVZv;uEo$8&W@8ccj2_e z>jnGIzYL5!+kerXn=E<3rx+`>=b=P>6~c)7NjK zI%1Au6hp3=akhdKgJlc9E*z$2ZW`UEh{Z}E3uDKZ<@yirCpSd+qCiM%*1W(~W~e3MCdI%HHzvc9#U$a+Bt!4@FlWu|;r z(;D_RSw%V<+SO!crchU+Cju8KS{LoV+Go~^Dm+hs-iF>q%aDi}GTa^44)|@9o51azL z#B3de_jg++nJKnO;S4VBj__TDbE(X<%GeOE(IG&}o~)V~9kictZHe>No(Cc_-fVky=#$dhtd%5b~t{o;Q>9R73EWOS5JpbmF= z#8AI7|F_MuL9q)*KxQ`#O&qoU*K}z(@*e3_sKe-R!c~mnkDTyLg{6!pA#v$vj{9Bx zWNaHJJBz5!Ka3wqw1Oh0<)X?-gMG#PQp6_hmv6sgVimTQN)9tOKWkCv@K-w% z`BOzAjl)mo^8RP}7ejl^e3JUFw3wR%-(ZOWSCI`{YnLSMDD-R)Q?Ur*$BO11x=PYD z#35(W-(H|y%S}Y~7mDSRuF2e-Jpq~^2@Ckpj!8eQa- zLFJEPnylybZN%);GH67MINn@CVWtB}&Un27CMn%@uPRo2l|v2KDyT5}LZ7s}VOmYA z&|01nfS@I)ikv)iK83RrbtD+!&paVkhW&b3-Ep*^blRBL@{X8G&S>fvN;dy*ftbtf zTbpQybNj`5h2v7iiHme?fdl^yK?IMmMZs-OPqm@z@=l`5BG+zb&_ao|N2vOjPIVNA z&!|CN+nwC%zTtUsp+rQ~Im+GfqRKb2yW-bxqAYW2uqpH`^SUHS_#Km$o{O>PxRKI3 z9@ndS9$G^ckV~caz6O`x?4-F~vk)ozIo#$m49p|auKQ0S*GkmW#>$h-XGG%^PK7J` zb8;EK++UL@vP7wf8rizd7F+zbnLDj5rQa@3>*{WkkI!>kpu8{VeECyno)!{tH*Min zG?zknAmj~``8e<)FP?0XlLWSGPtU`DFMI>BrWd26vKYk6{m8!l8TXTE0I9|A82`0p zG5q z4jUysVHpy8o}DPVtde2i%LTJbH=`#^l3SOzNR#QoVpnUbNLN2H%T%@4JQDBOfr+l_Z=sxU4%^Q5Sgv&? z+grYCxqFri)9GovYSVS&4=Nl44~d?1rzlRt_}@&X@`l?itLIX_1$D#j7|k6u_BWPG z+T)SkOFp-%_`441RVVabua)ey3tky`%?YEU4<_`))C`CaVtY!1+zsh@uAR zTzd4)K}8&|q{!wp&X2W%TK}ylJA95|BcuuaE~79^^(najsmPF!P1zyFQj2S7vL27L zj6GQTg6Jpun*Sgf9`$46^&V{bpJ}9Bb1WTqr^!OM(OWsRcV9Gs*c>4(DdJsN+S=M(#^_6t~XK2=^uQ8{Yk+3MPn$zhryVZn;y zimgt=$#jV&rw{V36)Ia33CnD?*8Sx9%Mp_COkO5E$j@y(SM-X>?a@x#!uLOVt)JJV zzP@^~;IyXmbsafhL&TOJjp1gl@b$J=2W3vJk|o-JjKF5*0n1^p%)#M|LY(Y&;yz+f zE)H&3wa(6PWTjk1Z+QsJ7gN-;Ya(b82Zbsg>mZh}{jv*$ZmnbtqqYTGItEwVvm zW`s0Wo03I8X8QmhmxVafNwWytzG7~>5Fy;{<2bfD2kXf?AqaAKhn*T6FLbiy<_5{~ zImlY=$0%Dz>rseCCMO#Aa+9dhuJE=WBvNO1vaF}=!}6 zB9}>>=dY?XXv5NO;CB&|h$+8L1AR$P+_7^l{@u0(|NG}|+WCKO)(8^=j_KySX8Nug zz8dH;eF-@B(@!_{VS}P_42Q8VxFzh?mZv;!St(GuVeh_(?y>^g3MPY>`Epv{*V0a3 zrKIen<{I8-PZ2}eHQk(v4URpm=Z_QAMehoqg!PW^$uYO?=dQ0HKBKkV{FZf4jFY5EeDfmgAe8uB3!QT9e2@8IvQk!Lj892X^RJC zi3#80P67(G;p(puP(T-tgST=<*UR45l8VYQWIAa^1T?o+_Ve4bgEE z2<@T*5YQAm?1-+vx9;b3r*x|@%RVA^E0G4Z%x1B8>oy)2IrlBBbMp66wT0(0jog{? zW}%avf5PX~Fzz%yFu_v9FPke=a*a55@{ne8ys`)|2+|gr$AFP@$x<$^DZzdVYW4s;p zTw4U*Tt)V+5eT~zy|2CsozMtH1o`<4X%OcWK4XHkD1%Tdk9?Wn8~CoVPlH}?o^ypS zT;H$?-A8I11&jIolv50>*&-qaMXr0KRSxC*FTLJzzqA_?`jCEDS7{sTj1}(sl{u+s zb7{K$1Zzt=FWlpR#w6PZT$GNSa^?1850eLUX?Z-#1M)4e>*FVQ5w8P#1>l%?z#hv~ zK^u5^U3nVhKIQN*XC>92*FI+lv*~mgqe5goR_7Fsf)0|?RDfN4>rEKB_e!Z z0iS)Zwsn%R4s%wPbv`LjxUJ79KBoGt#$Mq7O+-^fDE4|b?R$p)%c_Jv_4sf#Ttqi% z*WzN$MyAt(1Snh}rWG<96|KF%0&!&J4ncsBxb)zj?*nB>iPWx_wW)tqJ!Af|j>If* zimZR5&Y@SJ>k8zLtAj*3Q{kcNLzkB2KJxm)hQM~-iVGW=0?(tHOUQ+%hdvS`zmUFC zh_mIypXm{6xQ)9{p4Z4FO9f-|6ZNi1e4crwF>K7|MER%tmWXhKf8|4mgFfGbncsyA zQ>N-Dd)uG$_i2Zq6g=tACvbuEVI5M4$$S`Tmyubis}xS;TDKuKa8JXSWP$YYI(pc6 zrYySnbHtFQ+M?kD8SkFYL8a=+cf&sdmfhpK$c`-6Y|Y@D1lCWc7IMFee)L}tDX3oW z-tV+USZ4dJYlK;SId-BrA7sT6+aF^lsJmnX(+oI-;l&`#)4_lunK#B#>*#){>E@?1}wPU zg$}dVuSN3RLO4Fz$Rz~fq5%r0C71G&Gp&ppL)2OPChfhLsl>jl{5Zz%#qD37Z(MPI zVoP}EGI|p^i{ULdjM+Ui#=&%0s5I#>6&Q|lxb2p_=FfSpH*nRnTx$}}4%Wi2WhF-<*m_Y{9k&h=_U*gmQi$04}avm?ztk4dM)Y9|A55eMrXO`=RO16oZk<_H(L}y z;YV21-9}gPubEPab;DH!)sKhkz_Ibnp81dP!-e*0J0%PS_S^57u}I5MpGW<-UV!v~ zV|3M*a6NR-&h__=N)0@*t-48Ny*%T4o0X^O9 z;L!_WZgWj_7#MJ$aZ04g(iO37S7-N9Al7k8mR_yV`4iSYhs(%qJB7x4d$@RunaaCY zfB`Gk(l6W6;?OR@>~Ml8hBOUjix@QD9>Pg}96OQ0K+)ALx3@ie4LasM2jYsDg93+< z9TZ+l&AgneLTg+ET1jYH1%|`<3M!EU-m9ZHNKeIQMs-KHVlnT3k{|^AOSVG9WwUX& zNOE=Ew4|rRwAo(PIV$hG*I}c5damp>*ov|Ek@3xP)e5jfY-RE8Q07^jmW!%RAD4gH zg-2D|ci8}=epfehdFZ!Ey6X+nBE*TgYU4%hMX0l7NthnjtJ4A1ljGc`=V*vT(Nmpz z;y(nVQL;tWKL*3VVrGfBG{2W*A&XCGOBI&q#0lYy(Px7Xc>qv>EEk$fc*LU_w4E#Z znkuVtu1D38_U^D5qw1FH$@lQ8fy8&&v% zXql<+oL`u!2m!(QxFskSab?rTyBfMq(f33vX3yzL&3)obWd`{M7c>)_JGQETg}>$2qyOpBH0opnX>8QqFqp=8PT;(`6GQHO5fUCYT*rFdpo z-1w*o1BJ!$@U~vH<}GOGC<6db;^w*{yUHty- zq%BI#PE@I3VxoeD{APrtO;#XRpXY1P3Jw(8_z7-U%|?OCbn;{8*586A&nlvN!IZBE zp{0rhKfn6=oK=kXwKR7A_6=c|oE2&9)Fp#OFUO1C`)gtmjbm(P47iNGOmyVy_`Q(n z+xVqd;3tP%4mvgIiA?Jm?ujovSnG5pg3>_%3U`#p!C>?p-RmyQNB?nm6&U6)MB)|# z)J3JT3+EeN@`htA!oIf&#-VR!&lSeSSGOFjl&61x{v=FQ{`a^-WS1I9InvmK@o(H6 zg9cPzTEP^8Q)tDH6PmYTw5&%OoX7^w7O{ykHHZaggUi>Ck}#*&mQJ9oJZ-cl>a@OZ zT8-)hk0|9-reLUPwq*AGE_SoNMjsl0g@`><`{yeLeW|yOt?zMmk z*LKS^-DA~TK}!k_PLCaEEVZ2&IkqI0U;9(e0)c0D%MI8Ic=1qAOcPsoBI=SDGfc?_ z390n!VA6FUn$SiyPe3T+n%#UI|CAU{U2_%_iDaAU5P)(x89t6hDQ_E z{7JiKI}0`-nRwDGg!i@?Fo05U4Z0|!0n1@Rsr)VKsCB1Pr@HGO5h?tr-piQu6~W0G ze0V$ky5u6f9i!fYD5`MF3Elh5x{Rn!C>@;RwHUg4<8Wb?;JNIlo#bReA+Fq@)cO|b zcjmMk_PHS0F@V~<7};w%)EXz9*(3AJn)>3L<|(dIhHka?RCYqWpFZ4Hn9TI1F2p%n zX1`ea2$Ls&eY$x8j0WYUlgzNqv;2+B?M;t76}TuZbQ2nC0iW zlb{pN_xW5<{r3&;2SCc9mg*v-qq_5GFc}oDm$0d!mu3>V zw~sOyR$rXPHvNoK6O>kO`dEcKalNy0XbKeg;eLr_}N(7*mee7WvXq$cxUnFq~aMv_M_W1fwDlIEqm>`)p0u%Mz z1kg!mbuYySpKfGN+H>%?rQArYIhKV6qT?GXUf7zOpW)2PyP zKHcR2P=qq=sPuImwgN6}TuYoJtNy2hMO^>@6E(dvRbA7>8q;s;RHEC+{nFWj= z*U-7h8KqlZo;_MKPT|_|94DkUMgLrE{0)dxWXo*l?u*y1YHfPAoQ%`kMRIzX4BxV~ z%3%{uj(7*+QT6eFQBzDFCDYG|Zd2eL_c^vxESuTnCenVBMzW+)ApT0;ALf-joV(>P%vbi&%6wSlC%`*vo<_naE>QKLcOWGkphtGD`Fn!gIV`;^_nd{OS`NN`m z)w32})y`^BHYWM;EJ%PA|xbh`>?A|x!M4}TSf z{VtCRojJrA?L=lbu&F-tn)f?uxf| zm&GIn&=#0Wxz}aDK=)v08%cqv^E?d1f1k8_Pz=W%0TdY;1yzH+w^4oyRX$ z1@Q-MXxx9U+%#27?;72O5}!;v)+GCPU)Lx2isDR}rOE}zwnY!@j4k=6b82?^u690) z{CRzI^Hfni)-2ZBAxSyZjt*<^P!g?Ot~F9nxt6qcs_g}`>wT9E;Yvc|)5v-1R7-ME zJ?WYr$m)VFeNcuD;pn*5{;ITSJsGUk0PSb`7K)#kB2C;D&1N9jkLr{8@90`vPvW01 zsPSmU_+R~Ts!99iBWD_HD5UF4n4)?&dqN^C!UoZ8d`Yjp;uN?*w)PIp7>-+banra! z59vF=$~SNsuX@kuLy@s!5~898O(EW11jTxQgvpko`gfhSJD;y<1joGIE-jdwbUO#O z$l?@WG1OrRnisl#E8VR3A!n-kYAQWE4KCVgD1=X;XuKHmG0{N30Gwk08>*xR^6 z=b*(*w3LEC&lLIxp_l0brU{9HzI7W)Vw%KHa9p{pp&OzB^K^)+Ybl%MOO#!31$v#&9%h6p_i)Ob8JHZLg{uzgQoS z`}YMHC_Jg`sB^N|f9WYh`d&`$C9n;`Bk=%J6e50z;bPWi)|rpH(7y; zLAe=)u-2lia#~)Cj;WcC7U!6$i}G#$Y}EA*W_A2%rE~dS>QW&MTNH1H_Dg71C0BO> z6Q0zU3(_V(`24`GO_-11))Z-x^|esB&jFl$3)=n(hhso=m(49q`bahiv*Yfzw7+8$ z9euyg1w>KSpRy1$X`ttJ(r8_U04_EX}|8&STKt~DB%eXW9 zszsQ9;{TZK2$`^&bp0y)NpIIG$rIj=fs@T!7NJ7rPxu^(kit>CXjWa1U8=BF)I~Ax zcT&qXZnl;H9B^8h^9#8kpP_cPa)rD)-)0K%?W(xFFz%#Mj^Y&1JuV>w+ATO{^j+41iSGqrvetNTD-_6T z!E3xD2(EO|wZ~ROrK2NZAMZ0&aG9WS{3Htccp>3FUx?Mh!NjNa-KECqwwMKvA%lpy z;Ye04cwdb;oq((y!L7c7U2+DYZN}23Pm?}f7U!1_H3B}#yWPgF66^9IqxhMM#DWw=j=+2C*PmBtB#%5qziHv;!8C zmsH0$Jp@QkkVlw5`85B+tu``nvEYb^jzcDvvHmk-E(%VP z4nv(QSHnR7++nUbon^FD`?d(2vrB7rb*Bd6zs0Hl_!q>qK%P(q!6((OZjd-g z(vp`h>!O<0g6#{PW+jkA8%ykcrCasD3BUSNN)>T|&I^)bYBosaN6SHnY$s`gP&L5@ zqpv}pzcN0%7#ZF&0f;T`WUGBR!*)4Cy$Bo9ng^ncHI?jp|!>9fPcHN zh!fT!Um6h;bq#iGT9|qt;zaF3%%;hx5@$;V;SX1}#-WUf}CbVYrrGmx`sT1mCm1X@JmK_{O9E9{6p7Gkavjc3!@O# zA$#oN28--=_}6~X*4*}EkEQ#fsepQUV)NOG=rq*TSkGP0$AM$Ko(P<(^EZb@&KVor zrYhp-o?mwNr2^RbI;bJtr(LrO7)9sGHH1D6&34`7`RaTJvc^qsa&rwiKlMEwa<_}t zzn0m%$YJn#O;!VrJ>c0)@P4xMH?WDxNYZ0J@AUoeKbNvy@u4Yvz1wDl5u)9t z7iV^fDw9F-y6lH!^~9$d;{@y5EzB$h?G3%K|plC=$&QKS#4fg)H=?{8kzE|dTo0WJXEDqiPMqvnc@S05`+PM z2GoX{9K*Rdm9B)wH%^BsXJnXMpn}>j zWfB?gheRPAwvOXRN-`)WKSsy1coOn2Y4&<j$z3M|=-_~RUItVgk zduz7O&QNMx_pzT%c|*p)?=Y?&*HgHKXXww^KbK|#rBhX`+)1$H_*2_7T%VooERcos zKI)we38wy%qbY)OHtaAd=!(c{EOP#V?FONB#KCY6Ji8m>U9YW4I36Uj!n<^30>X1+ z0!2S80;r;>$UfOayHXK#kShTcH<|>S;;rV|d=Cw^Ufs5Yo}F&aTDr9^I3XN_Rf-*= z9MJ$2q6y8Z8Tx=VxasY#m`-WZofS%b6Zh+9nrqV;+2z5XFK*ZS+A>>gZ-a!SRWK+s z-8NL}2{%aA-mz3n%{@!w4Y_tg8v98bW`jof_B$>EvNKV=mGe2Ab`JKsq9>-h&7PQR zDmf+-prYsJZG}WFYaI#YmaRHE;v4&B`%2eosV4!ASlRP9ju_i% zr>EN9xlKI~+KU~#4-Q}p#+g8#i6TaO?D#RvJ;;SItDoQ&Sr~o=bj=wj9oG^6uEcS0 zYcFy*E%naE>1upUS&ZO91WPX6>o)K4Y3ZTjWz%dtBTAhO#d)LdH z4D?yQhCOv-qE2Nb;*;x5_URSCa`~tNo*g0OuxdPy>t`oAk;{^9krnmOfLc%#w zod-SkIno3tOW$agtR0zIQwDt|fG&9Kh_FZ^PnnDTeiO5`{O6Pfw?i%KNi3nRWro+zxP;l z?pEgvP?lcE>yde0`1ZiZw!Z_BnY=)VkI5hEoU|0NGeeF6+u<+iqN#)|hU`QVJO)g=Cs0;vUKm}|sda0DK=gV#&*HL9J2R5t|J>ZVr!!-SJe zLM{*))%UZBvk)(ZHyi5nep7+5dOzYCkJc$#%zj5b%w0#)D0<&4XYx-ZviL|>EzC~d z(Ze>aIY`$_nNHtLS-JJp>aWH>ysa*s{xv6kD(iuqB_iK)Pm`>`GdP{UE4R6|@*1RU zAwF5n4$#b3Fw{*!2bNh^o*9#;;e*XVaCm`!QvA`VL0;f_dt0~w$dfG^iWuo&ocr(r zooeM-FLEz9h%TFOluZcCZ1tfdIr$e8gb~F>%ORxKQ;WjSK=?uLf!h@^VA+zQO$+@* z?*$syl9j^gq{4+s(8x_We`>Y(Rvml~*R_7lnIW0C6z2CrsgHhA9ZKHvb1!-#=bMzcQb~N7EIE&hwRy1QecE)zje;q z)_hO-w~4W*g+apjMwiwMh0e$Z7%Ob)34rg|9?fr%hG+ni!wSa9lxRTDFuIU}0xx{U z5WGBZ<_7o~Y&`*D<0Vi5u`Ej(y|+()L=NjD21o^7i3)+eo*%p#dGX}<0Ok)dIDD2h z?sREw)WDM?0=^)CCb`wtljDK$fddPYn9uu|p@`39ng#?9B&DYV^TB_P-SHX;oeH4f zF%GN@fKbTBJTcIVaQ+Tg+jckClBY5Tzy!u;^sG?`%aD9^Pg`Ix@S;lr_*=AYVM-V8 z3QQ;|R*$skf5Yk6|I@3-Ixmy_L(cLKaxQP31EJGpKhQxt^OX5N@H4B|v*D1pSsKX# zVD94E!h}@6d{Ytj@DyU12Q6U$gt6HFv9BgU0tqO)DnIHMr~vdHl_y6EiTM?Pd4?hg z+V$rEK7s&7pi2)$ncTd{H_d8!`d63|sz67oGK&M>Yb1F_fR3GSO_G4}_hnZnN;ClH zD+T9N`NSN=2Yvz$_$RH3%ni3e%0G;M%On7-3ycIt^CMR4Z0X`3J*W|IKQIduWbkoJ zX}kmmAZR6Hkx&OM_Y`D20DkrCRcR;y1-#w{ZBg#-eeLzaLP zVqn0WC1A{S@lt@KftqywLW(|pPzXRu4mi1r37U&51ois2*#9l||9`AK;>_;!`gTIy zkhSZ2v;Q5fGEiCp;|JA&4_({)EgB=IZKgR1q6bV$Y8aY0xpMumuvGcr(4w=@7{G+- zasb2W=QfY22JCwa>%W?%9#TCKIHt+1;pCW-v4z_%2DpV~?P2L81NN+ioZ6jw?G^1T z&mB~JL_sr0_P zupvfsG|6+JXMpKGe?s(}{-F$nC-*2QeI!RHE?M8*1xd$<5U}oSc`7!Dus(rfq98UZ zArvlbNJsG2!ef>Qa3R6yvz%R8Sp&EIYfdU4$2jovER#9$eOgGc?-~7trkUHr!m@OC z%ssTdA{**_m@3b5RWktsTEkvWbSnJ~b1)zL$P4tdkI2A-9)SBK{J(75?1MT{s|iQ7 zd{I71q9Y>(tFUxEjl0P0l0-^b5YCsiO9Z%pi(EA)vo3I7Yck5JF=$pKFqP6*7BctR z?~Ir4&E;@FJe0fxj|;i#BeGl`KH4nianXhce{`h}f4%U<{$2?6HijaQeqt2o5*8SwZ6rfSG7~{S%fpi{MlT^x~Ezp z@=O=g9q*_@UbDzZh8GFI4oloR3&JQ^+2p{>E8lucvlcukLhpCuw44~(rK(DlXjYH4-E zoDIb2vn6G}b2KDe-J^m@~e?^c8n=iqQ`UdtA5RMiIW&%pI1owsS=Ge4!F_URYd6T zt4-WGblfSA=Vr{|5Hmf%51Xl2kUsb=38ZTD&xDS>^-i~nit7s+99>Z?^`XRI0!Pp5 z_&{s)GEZ6}^m#TDRu&vf>&V%<_{eplQqM_5ABd=(b|Ak_Aa;wbt2bAMVgVs)iV2+V zfEveNX}tq5bTD&5u*&Dzb>HU0fT2N4L!ZN!6w*kWv^|!&m(U{2(}-SAViG$8mcLO` zn1n8Zfo=A)Z+IgYPO=J^X?Jh@-s*sB_)!BbUEYV*h%(P79&s9W!(0P}Z6q<$eWYfQ zwY2E3x;!Bac%kC5l-nTqw*;dlIvmO%xgaLC_!h$czSs|9TIbxGjhtQAF_sB|@6nFt zEK?J<38E))Nd}dEKvY>Yva#sUVGKiQ+iYgdTr0jo|h|o)HkeLC^U-qR+ z@L1CJBjiezTTd2`9p{bB2HTl}nxz!Y-Y$MK%Or3V+Inie_bkpg?AU8w(6m<**rN;W zm6-5Cm)V93FQ2^FHTD(OP(u=i2WeRYw>Lkb*qEroJNEe(a@IBKg|aaS8_S!3Kw z^;ts^O46fY50HEyvJP6mPLB%CmZB8WCL@mRxRh+67c_QM^#p?ABZY*(Tjf4I8bZu@ zT>SKWik=?xDA&(|G~x5!b0EwnRW-nQm~j#KF^7?==h3Vio)tq63gpreMa*_s{PjLH z`qBH03!lKzt_M#-7jFejh(3d9PZ$|kWjkda3^Ne8W~pT7Q&KY92Zbn$QtRWAAH-}Uo<`O|-&?LV;g-+cR@=*j;p4Jqmb z$11d}vJzli!nS(2|6!f~Fp>ZK-i{U|XDmYCJe+WUU;R#^^)LdjhMx^mOPGL5K8~~Z zzp(*Qq&;?`A56GGI21&E_$*N$)m1|f5>!qp(>7li?Zd)|rT%7Ne_hf)9MeC&19qGb z{5odIAplGs;!L|)}UktmATp3*0BS3&d7BFWx>JL zsC8q@tJ!+f>WiS6y#uCF?>BKG!pi@O1pOF^*RR7cRw}h>vH1*r%s_-UOy(hoIx7D< zxW2uw*Oz~y_dm^J9Q|_)x?mD-zlN8q=+abZI*~^SxP8U zkuBM&>?8{PuD8CQ`@TQl`+lC|_Z-Lb&vP7~<0!mm-pjR|*Lj_<*ZDf%=gmy?80op_ z4;(naXrPa>IB{%Jb zvoLuKOhyE*DK8Ix$jM0|oOY-dRB${HYljh{xIBT+!a34Z8Ah1t~ZJd@P36#~2%lz_h{N zcyC`E_@#$)^9_J5(e?@s@B^RdB4JW8QgZUL@=~($NbrRv)&m>t{a&AS=m1qdjD$-W#Kqk83fYptRf8Ob{6683Og$U_mDj+ zD-XvhAUtp~;NPE{Dp(U;-H-utx@K~+VWy!XFfCsrT}3$$w4ELd21nRq?CsI6CIJeX zy6)a4uGU(1hDZ|+lCLG)!^a%1V`qa$+xi)}Q>@&z;c)j59g?Ln77mS(C(abifR>z< zyqB51OqjJl+{Z8k7wm1~Ye4e!H?$|(856PAcE&nLi%>XP%gh63gh1=~1)@XD3~)ML zc6!>zmO+a4*17=%il!&g+sDAz)PoR+@gjuzd68wkt#Q5v!JcpeRt8Oi`m^cXhThXv{eus=VccRP64Oe zW4(NIjlmdM5xqn7Y^*8Z;{YvPeTt`*KMID|H$;)b{Paw8z{g|-Yh5D+S3he7Q~=i9 z6N^U~;@#|#mPBm>IaHW7-h`xMg+gihT6&vdy|e>$wG<5T6mxeggs*`aQB%(})I%#Y zR7Tc@;Af_b@iVbDGQpF{w!ReI5T76{%EG|g+QX7;DQkh(m($U=u-EZG8|q+PZN7Qp9@&1)R@cilj9TOGR~g0F&` zmZ^=qwP8qrZ;&5BJ|w`#Bv{Ke$iNgv4uBiu0yJR+Yhb-vBvhE64Ooj>#(o~=x^kdV zA!aaQn2fKxjh4Gyptr1oLWsA87D*R;W2uFL+Y!BiRhY}m`5NHegM49b#+G_^D6)*N zo3=b2>+O!mo8ZlYtxzG_x^F_ntFzyz> zZ)urZQf%zN??4+XE2JjLSXalw3hAkh!O0ug1!AEtA>b&vpg>HRp=U6T7z7?`s7(k) z8$+Gc!Ga~{uMIN_!&!Oh1j9nD(N<`EaE+Umg^xMG4ICI~8!JN3@gU1x6(0kYq9mL-Dotf@#T{`{=?vG!bN&ES!YZMH0a07z>1_wt~F{N>|U&NY4sxLpG2% zHHSksBc}+BqOFN;7)4IOfMn!Ok+t&nAbA*)0~Oumbzs^AjJ$y^!Pd{*%uWWU=!t+4 zY;i=e7PRoD6a`}gdq0Cf1A<5_yeefs?PXl>u2oe{D!6Ln2 z@NIkbJ>Tq($(O*YygtGBvbx*CN=+5Eap`khs($9VhT{4w67U{iZVZJz+7zCOw<2&EtD zhI?NeC-+h_3+}sU;JH4{?WsO$_Dk=VotCbTth&A^O|N zYXvCSDwxZ{{V2xZbTDDMBzw7xjRK5!7Ffv99Zn*0+Uf#ZJ#op7C%+^>oU4hS4DKxtygP75~< zKRMR1zALGlPo|;^67fgT2`(9q3hJt~fBK|~n&1|G)P8t!X-TU6lfmBH`{v()Id9Z9 zn|_dL!jrxd6rcMWhxR|Le;-;F?(uT#$LHwZ)xSS4)lM;S%ecg-ZoJjr?6+~o@&Eda z6qM=5SlVUqsXho@9;^BJ_5PfkVT1n-(>E{FrYsB9BJtJz*1k*Qj3?e~zdOL<(5KV4 zU7SS!SgLWuB7AEiInv2e(>M8?s#DtK^XW~Izmje*RDX1uNa(L4%#j$rB}>po>}}7H z=5B-zd*8j`(S4@s;`imx&d3KWh@QK%ckf*>O&MD6Rd3!lc@l)$T6-m&VcQ(FyR-9N zm%$<2_VRY|%dZUAr!Ozgn7r!zSXO9xV4Q>>VaBANrfsK~us zeENBBIqKJ<=i`Po!zMoRatLd#X8~nlI@45Y!{TU((VXQc%$)yo=BP2soNw=13eee6%lvZEloaW7tB&gTVu*W-1hj= zi{gT4*yyfG7RMpUUTrC*cU@_h^NX~Thut%cIUXrp7})73uzqPVo0*#ar1r{;+p9~0 ziK@SA=k-%9v$tQ(%5(CbpApMDRZF!n))?+O)*srTqZfJcy7y&Rp(9Z)lkR&**)d)n z=!(+9xf2}ObAp__vM`wovQ^VAl?#>KqO<2BLmi19I!do`h_83*=)tdpd9R~B#!8~lou2C?$62i7_xnA&s&TRt9A6oEa`+%8ub<{agO1xO24XC=^JZo~ z1;$+w!F_!yd}6|N;5az1Mqs@7*4a||FS%K#=?+tI{?#NYrRyDsaHpVS|Mwi!#plx> zH}4ILUiT8>4ro{%o(z5B7PYgg_ieDk&GMxw<%-z>v9kH`d%4aLtBJ&b;6*@sS%BnbmjR zdgKSaB>k{_$uxXM=|ISG;}0h3!^0sT&n=eTN{5ZjKAp*N7&cK}Jf=3aT30=6tnkSl z7;{tOkFjvX`fK=H`nTog-(xI6>vM(C!x8ImJbP8vFB+??wzn)hNAJovoLmQ%S;MF> z`t}*|iz{uWm9^aq4m)>NW#F9_%kDp_^n3bgAYElmKM$Y$ zZ0Iw6#gVrZZ9f*7pSb<{ZWgLT^~WfC)Z?8oik)CnwdJZ%uL3}lI zX>_O{?5p^QSKmg^4UnlM00~vNjvGr>B%KOcJ>@9ilk3l2c00b3Y@c zRk>Bjfid}CIXSI-A68q3TbSj#bxSB6VdQd8<_S(|+@8%tY!14O#2h@-y6uu_jHm#{ z@WI*^d)ST`C>6`u&naW7wtd^LX2@f6seXC3U>VQkF^1ji+`03Hy8l-ns_d=VdL`xu6%v+uR$# zfG2ZS4#ne;)fX$T5g7sGYUwL&$5{j)ZseWm)&Tt~y5{W46ECEgWVyRbkyT zS&hxnLt((I1D65nhh}!_0>qy*DsX@`$?6p%xmt<<@1u{~Y#?EOc zPF;le(3W6^!5RFDS~Fj2r_zr)CY+vL`e13wXv1{onhF@TSayuwD+1W_THR62r*9A~ z#Ja67r2FhiJ)1B7J#jPc93Mh_U0l9TvpPqz--x)e{8`=6<&8`mL(N=4coI9(YS{O2 zBf?Sqam}y~_T3~;J4!<&OVX2CIv{nHJ}iz-lys8nMiKez zIrcvHRNj3qQv);U6utZ1EcW!(-@iWp)>69{wW2J_4;pXs>KC{-$83>-=(STuW0(h= z_FhGS*t8YL@WpDsnQR-T$e<;Gj~I5c?CH7P47HzPfeGtIAxqb^!CscO!pm97(>r2= zoGWiQ#JrV1<@1J+ecqj^Y4s&{TixPV_%h=h*YHd306bU%dgIojN-41f!O3gUmTwZf zt6z=_T~MsG_1GH*mYpWSv@^Za(NI6=nmRP#5Wp)_swO=a`Qy{XPVLrYYI17S?7+p3 zjI6xWof)*|8fy~Vhc0a}m$*Z6PC~vPHpF)|tVHlAEysYc3N2L>} zH7{26C`oRZmS6|Vv844k3M2mYiyYK6XdaeWwe56+*ye+~L!O0pnazE7EqrBV@ zNY#bv04~xg(>b37#)LRiiy%%HYtu0HwRA=RXTThn%^pJHn{tc`9Cy^T%1q^Gm&kS~ zySA`8A>`h{8~Ow-Rd>pfR!~vVCg^b2?YP01@ciFRyPG32b>^GNsp3y6FEEwA$w6%^ z6kpj+d>N3Znq+ik`a*PJ)Xy(ie|y3kdF{gqhH7)#_;git*;VXaKC(?+Y<}@C}Ve--IDJftd5ycC= z$?>TSwzmGFxcKCK9HWr%{kYosErns^u}Xr7_ARP|rsFOHJ;=HIa?W^m)$KW&E9aS_ zN>k{`?HP&u5;)8;RU7Syp30LpXRpnVCzz)?uZT>!$jOvNE!=DDzAKi^Bvrs7+`$)) zAE%FI5zWu?-r+V0w7O_E)6nvQ!;y+0dPMZBC{5Xez?A!*60VNtEH4`uW!n*Bq_b&r zG-}IVNl+W@G}vaA5H{z7~PO+jsJsB@Cv^f&MkEr-~eNHi>pN-d%w(539?_eNndTkeqrekMky>|ls5+xw3 zP$PHb*EKTxnK_-F%$3+E;IgL$e4f)>MrG$#_}<`T9Ur%8To`5PYq{M`ebIKj-59Cl zdtts7c;G{dr_v=Y4Q1uBj%gfpQSH<8KHAs9G`*0XyWI3kD(h_}yV^{F{jRo9lNh^a_W_LWBPmxq&If=>N(hO#ExpMP?z9ou=WW+Fd<=dIL z2&QH+8;|0tqGZ0ZPU(c&)O2&xl6$F4JvuuRU0JG1XU{X4%;!J0b(+aW(iOaH?+V~FZ`rXFSCZ&uyv4@*?cr0W+Ch&Y z#Qp1-3+d)F1r3(58u>yVto$39el7uN^DdGHyUC8nEQ4l*@~je#h~*R6C7k5s@ky!( zOmX~-djj*w$=bkp=KSUPc---_6I*)Usnb6yNzV!?RW=@d5E~?P*YOP(>*=8d8r^G` zMVLM?;k?VZPSML=;Y~I>xB=|yJ%x*-Mc3so;~lXsfOWlhsPx;Z+*c!7`mk*@iw zV})7uI2*h*KXVO=PvwLgjUP>ZxxL=0H7`VMbAZ)?Tn;%;0 zRDR~Fd|6rk+q!biS3)k^k(M6461+z4S+|kDD|n2iT$7G+_N1O+uS)7kq(AMu*ISoH zFaB%9!W#rxMm>%ymF^l-JT0&j-3&(M5k2l*mGoAJW*LJ!w{ILZt)Vh28V~QG!Q5BO zk)TC$=37?!99|zO4enLb+dOB+TO!eY0@Ihv?{IyNg*}_`*VC~u$=Bhu5)x;IZV)fN zsiXG~mNj0;r$_?=uKOwxoBfj66VGWG}U)rBSF2=6ZqDf7=iGkkl! zjIdEs+ZvC*q#_!qF^4iPABv*Y&^TijC1^MLNWb&?Da-3E=BR_}8d0TU-FP^2UX}il zgOiFi_^(rCF%}9wslV5Sdk_<5LT#Lz_ye>!nFMN^Ts&7Xtfh9#en>qM?j3lgg?V6J z0^R#`G#JgobBYS~F87kyn+orXw_!)xCv0yv3PW)rk&1pYbY zc8RnuvGC~HE4rna&w?#ya~v6hqzp^4t%xfQ9??wMrjJI4UUw$a*!+IY?zmOSbAe?- zD_)Y^GlhAStHPS4B6={WC7>`BUuHXehtyE--JStvbj#YHG$zxpe{d z2=uxmqB$@&VQ_*frR(sV{LgW%T*C1=8EU$y6(r}mV>Fc)Xb4=K_SLf%J#OtWDcG^w z*V}fE_`iPa=ptA<_`5aW*3X7lIvkVdchULlwXb}i&U?Mdh(C2u;@h*Dgx-5~ys+Wh6u(ggbE-(AQDYoTu_3BQH86tB9ke=H4l?##At@MdPd zpYbBJ=it`M=Bmi#vuT&NGlwiDG-}NjZ&6*W)x-$aX05wg>gWl_a^LuA2$0>H8FgP# zyEzAF14gv3Xf2U3RfQ|YI5E3-*F2;5{i6rP!ltjg#uV-|VWNjHsWEr1w|qjD1rqwq z45007K4x+=S?gBC5bmN|sMxaUqUzUsM) znLnYJCcmp2dBPkE;R)D(;L=;S=DnO|9n`O+rVqHy>UjYi{5J4{D-;4Bm@L-Tyhj0H zD*)!}ZzLhrGcQ5_gdWH`(oR#R~(%o%pj%r>J?*R309 zN<`-Y`o%_QMIWdBd%8C{On7CU#CQMA)L1H@UR*cU%^L9v%fBE-r!nmN&#QOSO4h<= zW;HL5={GP7gdf70M{hJB-*0Cfd3xdb>9LIVJe%De_Ck1rr3WCgCK`nRCE_mjlOm>8 z2xBhm)pldxQ`!2w`{VOxC(2AVv4O`}^~-RzFL?;F=`kW?twc_p0L<20gkemZ&N#dD zRFEnEm zFl$u2V=nqrhgCn-hh|I}DeEPgHkfQb`}WA!(=>|gz$(U8NUlFE{d#@f)S>Fr-qeM5 zPI>#nkC@wQRrg=q7f?EJ<>Po|%`*@RBz^q;lgl^i{HrjJhp9F`g%N9=FRgS%6}O@) zJ4KIvyRYL1I6==xuOfn*+NX{Nu+8{9F`6r6FrKqgajKSkoW{b7QL=px0oa8^PAA%I z=74P>89?eKe>?)%yDs4zOr=Bz-~{|4oIlJ)_(aWKczt>CBbt z=^G|FwS79ZIi*1&b-r}AKN>}2P<-k;U}FX|)c0(2%Q^sFhDg`V7o5(vcTH~CuREmr zqb-z33ts1*5ydyI7@{?l3a_Ipir4?u2B9?{0C6YMUt-&mhUDHGWzw9f`#$uJQhI0p z)tgjN;?8(HGsjwyy>ZOTWUoV1J$Df?2rmA~h?8lVg>Lh>$?Vj0p7WFEIQe5?yMw8P zX&b_UO}7hg35D5;I%Vq;c_`DDNr2NGq2Z5kfxnTnWTnigolb~Z7cX)@_Wbx9`rs9e z24{xSS21M}TN}zh2G?w*zNFtuH5|mvS+;f>yp^9r#~Fy%qH&Re#i{9W?C(GI(i|*A zt+iA?XjF3Ux;{h>s+&(qZj@VN)#JhLYy*Vt_wuA?R(g=I-c1qeeAAw^0fF%dZ$^9n z`vNiZE<=y->-OFfymoBePbPE)?~F{Rg623!bPv?8m*7tt3m3pvyL9xp@`I(>bZ#1{ zZ=wXHvK@M^T9m-AxpcMPf0x4aS+(Hx@~va(iiL)kU*0)95#i1C;a0y!)DOefFPmwO zbf@peJVF-I=RQf1Qg#-KbADG8DeOIY{yTrt$C8IwOK%T>Wv z%jCEX;2t^R$UWcG4A6%trVG=t>m~X_66ud|lUClSurVzc3$Nb(xwP8Oj*mGVT`ZBv&>%{I-cHF6IBW{0sD$2c2M73kI?RSCtjoQuOB7RI;8ET6=$KEKpR#@&00nYYRAuDFMkSYLYZjLCI6_m zp}+D0=2t6DJ6%G0zm562flyJLL$?WjX9B%=f*e=>`DEQvZaLpnr`y&s`i6ASs`NL= z&ObL=Sm%T}E^0kr*7f3yxb>-}=W3tSj4|EdvXeLcYd`LGh2UyN1@$rnRnKWpU0;^K zrYA?vKDA<5NxMyN$m+MF$IrUM#TTZ5#{8at z-(%X>06KWqEoe8Ssr^OsgIib6+W<4Pv-=uUee_^6chR|(G!l)nvu=Hsf{06Vc!{{o zQ$Lo^ulf)LQeo!W9WIohPgOk*F24;*<4z2?lRuPtBpz z$J6hetDo0bS#1heS*1SyT6NB{g^gqA+#GtEIxCP2rnu;KuvHO)ZSD=Lmn0Q#_<6rI z!;T{F!MW7*Y=`uVF-niIKYG=FALD4!@;_yTzE*Y)TQ!%iKz;CgM~{n?D>oITNI9tK zm{Me?(&HW*w{+y4)N~I|bK`WMkNDq_4Nq9i9`kHffF?+W$~FWwwQDr)xRtE~-$UzY zmU(Mfhqfizi1uLi>9TWh?QoD7!spm|$eN&VzFjkL7?oeC2tF&_lE_z%S140p_{p z%bmO)zOZ@0JVFnWTOMEk3+t>6@>vUjj;={l7#nN?%#i@!=8z|U9%> zX*{5u1KdA8TuMEU`P5tfYpH%De7Vsxo`#v}Td!)^Mmcc(qyCNGt-VK27e>5847wcR z#~h*lu%2q8B;@Y!Z+&D)lZ-6mHdXze74mJs@AjjBrfm=9nJi1K!_#03DFkmtSqF*`5uKEkb!VApN$ySuI zP|=~)%+uU0RX>=nyyPYM@W~Y@Mc1SLdq;pI!CgEROT$OoeF{*Mp(obwUuM0F&K=@(_Y1?Z;a^??0@e4>DH${y~#0UnQ;r z0^Zjbv)s-k+5j{EA3GZ##Bv-X&cb`9ZtOAUfY zs9SG@j(G!?>4EC6g{q0(ulFDGrGNWy&$5&Vm}te8f-dS-k4JU0m1k=PTYFU2UkfnI zhjyQR$`C1VrZf(d%Cvc%2jo38cZ|U1KjDi=wpe|&MCE$sCzO(D`*Hu#GanWa(0Y3o zb&R?fMt6|2RgKgB2m7|mR(b0=Dg3x zSLOC>ydZrQmP?k@p_%Fd#)yqu0+}mYt)dGWFD4$5Lnr7Jz~U0pB`e2 zJT-JHL(K<$wi;7@_oqw?HTxh)ePQ$bYV2%%uy|3c9DEI+^vn`9#xbesT{GDW^*(*E z2Y!N7LF+p@zsHT6^l{1bh9&bZ28T6KJfOd$DKq&HOvZ$k>6i)=%syR(8cy-JnI9?H z0J4VSKYW5Q_4?SY^78^W*HG2I?zW?B%3w&jxg|Lr@D*>rD}0V{1IabZ!Boxun35|6 zs^Lk?08bCas-C=|99jch%oyNvCd`IhDm}!DL5zp3OOT+pV*2R>G3S74uG#zfEtxJq zYS1&bT;sU_6$}5UNZUKw&>SApAa--OCwu(YUs?d)$B9wMn##rUHl`xO*xGyeYbjbg zI`vo*a~>^~gej(8H}Qo9RsV(9Lo`RsHLa$=@@Ed0w#{+r zJse8LSG_@Ko)Vy!I7}B6I7geQK!r<3&eCdu)bK$08->p*crEl;QN&##HQSnNfvt4$DK2i}zs#FJy1%?#Ycz#(@5s^iHy}sG-_8_WH40yDSVzzY z-{ViDky1J(_NkQW;QkUa*ZsS{sAzMo5}7QjtT2Lgp32l`W}VvRr=?%;radHTo?|_@ zbuIFxBIZO{hYxxug<<6e$baf7?R4-*GsN9~b|tpW-Y<2zd^9be#SGj^ z`1A^T^x^(I(BAy}JfK>G6@s-iCSp_5^PfuxJ*9u_NJI(6T<7VRvN)lJ7osgyF<)e( z>;CkL?jY3pV5;W!PZIl$I`Hp}dT`x;C7*$B^Tj!#hBJ>IE`p7n!Su+(@5M+2Wo?0B z$w%DH66)B+YrP7h(D<#r(M)Z;|L?8dn>z9|FL*>e^o|k8;F3V@r>4`Y;NZKb0nXZF zcV^zH9uB@UFBco`Kd3Y$$DA;gJ^SBo3woo!mG0kGrcUaYvf3dJ9LeCB+r&7jf9C2l z-%YaPi|^qFiNENnA+Cnci7(sQ$=JNqbXh%>B~>evTIVkUHw&D1&Q`Go-+@MpC64(T z%f8hnXmNKQ9}`M78^=2D+)%a7fBIo9;k|u8?#xM^22LD6mQ^DG&8j41Sw3Wryo8bg2ejCiJ-3$g;q*i7db0drB3i!^`uU*h%Oww1|Hq&;6pKYWZieC zI-RgPJ`TV(Y`+vVNtpYik4$TW(EMaQ_AkLmhrEiff(ah@}aJb0xwMcBxqr{i%)?XOCm)5WOtD1CcSes80qgYRhQV>3Z4L3~$8 zrnGDU#2rP?TJC@4v~`J2FxbXon)%*X3^y4s$VeU?F=j?i6Lpqu#YmZ7>Ct+fM!yOKT2wmWC{#Gnv@!(DIL zZGW!XS^s^ma_TR$Q_(X!5~r!7I-ivc>&sud^Z&y;eeiqg|Ecxi*E8zDHk{!F)>(RkU9$3fqNRAhR>}Mr2#zB$4p9<|2V&EEw^b|aV@W_!%*^} zoMG=dB1-?k+O5z&RzcaryzjO#Z`*Z(9VSwNN9YuPTb^AkOyFMatM>i4^1LahJsBVc z1M8>_5DuNXb5pw}$23bTLvb=CPFMM7?ZerS4b668W4eO~Qq{qFYi(Nwezk@d%Vd3L z^N|z3B~taz>)b6c!qm675<;(EgeLV-=hCl0V_o1+ZIrI(XHhXJlo@uI>+#CF#(Rf& zfkk}@KclytolbjReEt%E`=U};M(CY^%QZBKO?p^;H-2ucyoiW-qobE_N>V+Hlb4mv z@~z+v)5FG&r=A{fss+FxpNbL6O(!OAtfmX);3+bNl`Fu-YhB6aZv?&hpKhEe3`LJD z+z+oo-d(?P?N)#>n{dLow&;HlF3^zDUwYNtU(!u<;+->&|N zE${w4rqNCQ4%A`8g2_CtcMGGQJp}NKG<(f+m^_u{2_owZ2+Y&~aRPUfDj=`8XE+JMtH3qPBYE&y5O^ z9NX3$$6$kB+jE6}0FXWb;NXoCah|2s4v^%F0MF5OsP3$^Z33!$PA#E%8JNYbt-hu;-o5PY@1F!Eun;jf(kzVnKKJfkfBA8(v04~5Y(^ReQ6F}}Y zlNThD1Pg!yQ^uefj06clY?@VBfOirMqD!)^E8CdWM}de(1VD(73jjt{0wnVeAkC(g zPXKCjBpl5|W-1H00qF-r<`y6(Try3RyjhSbv0y8G50NCPXKQi+k?_VN&ks?*^z0k{ zRvLo725=FTk-OhNl7L7wIqL2;kL!W2DRVb$*4KM(C}+d~ovB(SI95ox3xvJO5qltl zgb=6qdlTh{=OR{Lw1l?zLi_-JB`E2n2d%5P?!GDLdR$Pwvu_H)5B_cnDy_wpGDGf} zLtp{|x}}>VPE3NSdI}i*L7?e52MPOt_*Y!1Eb<-)@6ZpRB{VIymMQuTW*7k?cf4wQe-1i4B}c_LO?YWl4m5|{6(ECBw2^!y;rhnSFen?~dD)$Nc(BB5S7!S3_!*CLyeyvh z2*i$T61)}HAs1g!X*nA7ClYl2cSEv%OGpScd;GN-!O4 zYvH?W=XpauB^}a8VVu2ESS18x_uC>1vs{q<(-yb?-WHTzO@qak-#|CzSJkT)UP^j9 z=-l#-PRI?&l$i=wd4Hi`vYNO_0BDb9r`s0_8&EXmgYvJ(bRZ zxFm!cM1_4k7diwqlHMQ+#I2+$`weCRF#32HC{wN12{~?+FF(m`)pv^KQD4@a${9V( z>G*c@b9D3wkfFAIk~?#sflE$oP!%MoG>HP%wgcXqi`DyK*s7#hXyHDpoBTIa$HmJ5 zBz@F59JayZ0ZS@FVBy6JxU7}Hp6k8`z~m$8Q^?2iiY!BIQL`1gpi02?Bq+O-PgrBp zCmyl?ybj5?o5MHeS+&N8cv4tINnB6wTT7*_oQ$k!IVP)B5@$#o`cXzIu6SUse@mcr zuv`g<{|~ol839&9heb1bZ`-rBKB?q7Sb{I50AA--iy#jwtO3d0$vg`?(!>zo8=w8b zm*k!~ska{_Z2#Nf3t_8A82JVg$2A$m7{mRC4&Ut>csJJ{3FGJ%#}KcdYc!ke#_tmm zjK%&(ss4<@h5w3eI~NA02N!58M5was1x=Wwl=3AW>S(Ak3%;V{7(+qc+BY#;cvDSbr#l)+wE?od|5ho|F&MS9&H3^{X*Snp6?>|7ThH8P? z(6~PXLdGNQO%`B$jfGfix!<5}@;R@(_+Pnfuk)v`0m|0nJ3IUw@zj+DT7R**&?uDPM(ksRTTWXWH1 zxv$l#d%wNN-gc-PlJ5>cN4)yA&S1K9ic5*;Rr&-oi^CME15JwXstU>J>x8;Q(@Yw{ z_t)cTN@H#1x*2-QGw4@AIxTy$geaz-R&eVQo#0zG(ftZ~gS{{5=pgCKi3+t!cG>S-!2r3!38UwcpuUz2tZH`QKL4mcP_rPky-DFrfH4X~$K3@x+BE zF~2t0HOL!8&57f$$R)y5>QJ!BsuB9Z z0ivg*@7&Wmbx69A$GdvyXzV`Cm#B}kFxgK(iQ^y+TcxcQ6tLoZRewAIC4xPmSjOrX zsHVjO-1`&&me&BddxHvF5A7s%fHN1fZJa8g3gG@-L25;Vbk)tlkPKc>rTqQN`;Hu2 zS2~B_PLV}Ov;nE)L8@Qj+uNcxv5eoKiGCmnOcw_g&^%DKu3~_6A#c`3I?l)Mw<{>v za@zb)WR8U*^8)NBfK!N1#P>r$q7VS&BekDE$;l?DIUWRbiqBQ2uzQeVfWqWlwG5z8 z$4gM0xAF;Mnm_`naS>oy1gI#|ZxVo!MuYT5KyB0lq(K3?i4P`V)C3-Vt+q5lz5ta? zs-S*n{p&TvVmLHb?|FX276UQ?EWNA`$HL6^dD9YGz?*)2AS0ophnV1p3W@>BN|a~; zA`v_gX;$6=p#rE7-h<@piTdd)=mjXL)QW>}Kd5b! z#h5>8+_YEz{=u>>2rxtSpw{{`C~qS`5|OyK6IFGy*SjGJ3RFYA2y(|y-XKO^gL2AL z0U;K_jqgy2oV9}=4&=7qM~`df@Z1CMlS9D_?^mIczfxRs0MmHBC3qMl-NRF2zPr zeull~4mh+Lpa&TQQlfBD(<9Zq@)8XO(I|f!W&-NHd{gv_#87eMl=Vl3h-M7IS>yT${204g%T= zlI?DS-X{t60{0O3qSu1XifZ#556~YVI(P_!xU1(la-_Y0a#Tov8rp+iIrlGeX(8!iU!sR`Pmo@8iK_+J)@G?NT7J1=|fS2utYK_Z3Q&qGy+a0k3McKes zosLEmek}m6!ruNuG!M^)Z~*we9$L7GX$7y4shH)op9dPfR9q-|2Kadu^e#qtC z-Rec)f$2k=R?eh%%|*#brDX=y5Z@0stykJaFO;2giVAD?{^LQp>Ljjk?%%wt^e@(k ziMBl93D|Rz4AX`opYyfW-^OTPiXrCV?-uqDqH%9C{KfwuP8?jifF&#d*^Ioa^93O_ z=n_Vz?s_!C{_W>`Z+`n2kd@60x%c?C zwIw#~{hqg9u|5#`hwRt?iwrsy|F4K3~m!^o{ z`YV;psC(18Bwjh#)}vE`w|bKdO%xYTPUzJW`}_Z?oF`PZxAsQ|RrW7-3~?gXurGFS z-0zvnVm8f<)k{xuu0u)G7Az(7{Ga5XtAS*U^8OSU-u`O};#o@@!gW}=hgKjZ(UIht zPa;YCyYP9DhX8M6p7j!XfcR6){f@tS8r zMXJ=ZS5md(anE*Lo>$YZrl+Uf*Ed->TWzmm3u@5!cl!Xvo|Rh}dVG|2AnoK*{`R1X z>j=)5FjO9!_rYA`2c$R@XtnBF1sRZ$ByN8%5J7HdJncvN5EW^7iDp~7kh0M4tG#M7 z5C^h1EGp|mfvH-+&U~@(zWR}w540x35A0`}#K7Vk?pF+2v-w13LGJS7-p;xyclbiZ z;ybi-b=2-p5D-OrK*2l|y&}L{0EUR~jXBGN;*T&^0$Jh+fAkLP-h+fsT!b^z#-d_hvEWD!VzTA~vMK?uS(IXwto!|`brBu8Zifa2KCQIH?XNsb10 z4*_BB$sGN88h#pPKKxuh!9;N{`u8vA6Pa|6Er_pyB|wRtlhNTlfchnSfq2;~!A1UczB}q;DWm{R(b<`XK0p+6S?yn!rgDnb*W|Df88wvgrc|_^6{0OS|yj89Y%oE9h3|T zjT{JvR>>j9H7WW(Djiib0j1mp0K&ZMzn0x^P3Zj$JV8|M%>tn67U0{@y@T%hfnou= zOyx{Ec6jEg;t4RZM^FFIW>%HMoXNe3gkH*|VDczm@tRjNuqB!8W)Q+@=F3o;f!-DY zh1M46v&Vlf_TT@Qaw%7gg(^RR^@OFVYDn%|@ZN`-K&mm28*e@STPXDm+fMrt^A_r! z_6-m+A7PaTA>xtW$a~9D(=LgOnO4>F0(U^`CAUyRg$)+>wg7bX1KF;p05>UPigUfdyY+&{ zz-yP{G&B@pqOzl4S!!y00uyW@bu#tDwNuatTsqy(Scm(PzL$Fn810PtEJp#Rqt}9J zRD%|Z-$|eXfM&JkIn_~Wa~nxh$6Yu_hv1P{;;ud*5apFsqwZLaAO!=7uo zI{x(eSUOaM1{R?OTx~5@-p)YoV4&h7FTCdH2-xS&$vC2whrr>1EOe&vhSV9-el(6e_>e!bjXnE2n zn1MBtYw#}$PD*eZ(7dI9^{7yu~8kcAD8uWGrI0!IzKi>>=s+>B^RODuELTA^O^G!%*S&8Z2&Wx#5j)I43s{R;b?*dNk4h} z|FQSp;av9p|G2&5Eqjy5DkI6t9uXmAZ$d_PviA&8X0~J`-e{1LO(dy=BCE2q_xe81 zclUMw?(6@20e8+MBcU?z#pYQX0ov+vP`B+Z{dFK$VpMtODBdC~)o!X;k zy4-MDjU^PYp0#mV%e}vQs$5rZX`Er;Y}>i*wXdA#^*B}tCo=TsnsAdZdsjZy#2gE! zYmT7}kOrlRYpJjaqd)$FtNdeC-A*>OF#M5oF#8e_DRGTamut(#xZ-m{`z;4 z8jnKj$>|3TXNS4jQ@BZ^=< zLc7r2t~a9Z#rf3eh3lx~duF`WsslL8rJvq!=f>v7Cft=t;M2Ui1Ai+y~zH1g$~w9!{BuWQu_Q(4RD zh>FQ50+gFLurj+G+sJ*s*XPbS@TPw+d|FskJTj?OJkzbD`jcN8N!Bv_U}^NASelZ5 zUtymkqD#k4(F;wcsu4qn$Ntjw(Tv>1&)t+kPrln+-LX+4FxUMNGEYRzcPDNJ+OyLt zL@S@ONq_Hp`Cr&gkX zp1sGFpm7qd6(S;PusG!Yqw_(N_5m^V+c%ha_fm$GA(60mdE8UIjE=U3qq(hxPWvA%}W zdZRL+nv6zoMPQq6+jEL+A104#@;3_G4?|1wRn7hUYI(KuT)Mr7INm6&tH;? zk&7UhjJ}R_NJZEZ6-ccon6ZA(^vY>DQJvZR8`j?qckR_eVxRlfI$x^)5hqK<(x!Fp zRKq1)3lt?0-gXF)3$NCA%5W_mVICL@LhlMBS9^7=qG-ey`1o0dI9@olcY3^qEGGI% zo3iBVYTk*klji8`Ui?8`K;o)r8%55-=qq0o>_HqILq%rf+M2ErQT^$j8QGJcrXVgi z^?E`uKroCnLX6+jZt80Pt}!D+YozW9p1O6|OCy~?9P`MbawPLT@7mciPrGilTsul` z5pM487ugk=5J(WhW0{i^o70!MkYQ;gY2_Fi8%D)@N}bzFNfjFD)?A#+5AK!lGf~m) z@$&euo!_Gr$3Ckjl&pRIT48>08*wUbIoo;lR;6@GY#c5KMQY=~v2~iMGQnKee#&Ccu(H<0$9C_d@~cLPcq<~C7<=aMp$ zCytgW`th$ZTkxyKd`}Bdazk$sP4q00?blvV-DgF;_#P%L#Cl>E(FxsZJB2q}`YY)A z?Edd3wL$hZaSG8DEV{K*oW{mD0j|j_NMyZ9y33aE$S~mTn7r%GCxQ zrw|gIY-1WI=(f+dEyTTT^sLY?rJbU2-DLRure1N=lPe)lBW}Dhz1C^x^Zjo3oe#!$ zzuvydaLwrG^p9BLY}wS*#|!jA;}i<2f%#^Sw_{S7?Y5uYD@qG!BlO5yOz++t{?vM= zp{L~Z{fo0E$WB|D9?RT_?6g0|3vU{+V^$zON#IF?`WHo_X7x<3ORK-nK5q%{K9zE1 zc;eacT(?55%)`&;FZtoge{~*BnyHMC-JB?}^f1b9# zIk$Y_GOt)&&8f(*pC7eH|2KRuhR+dQc+Lg67z#eN5%1K+9E_{%&(dXLpT_TZE`B)i zqM$KddY+{u_V%U%G()kF+NJzkN~H zBHABSM}zbd(a8c}d=s*2@1C<6Qb-C#A$Ywr#MC+&Fq2TIobPY`s=IR*ioWNhCgiTR z7K=U)V=*SP{>Hnu4iLG{=XY(Ks@S4p@l)jvlykfeYSfP^vKsfKQa*9 zgBooS5+ti3+xH9n_YEiysvo0UNK~@Hk$G(5)2&B`Te2pQqWMGoHRMJLbs$1z$jVF)Fg>jpNoYsS0yIuG z60nQ#Is1gPt8e3bL2pjZ@D=jx+7OcDJ~;AJBnc{!7|c+qB3)gKqk;3!@2Y{I0QXmj zBJCrfU}dhH^IM;>0-^N|(S-KWHn3dZ5`iN63guat@5HgR?1j8rKN%Wk3gZ``dMF)K z9$nh{dP5d~jm`yteHg5I@Z^<$z_CyZO=Ta_&@XR+v&9y=WfPRt_Br5!@cLWEfMuW< zV+-1z*aSEPKY0UD&Lh3C##_-wDS#>#fktGRRllVtLq;!@?@Bg60CdOGW6a|3l~o@l z@4d#wq@DWBmAODSeLZF-19B!8farM+wB?|3bY|H!os#5qLg6#v!``4B{5ZsUVUYiR zbO1In=$ZyRt1Vs!Z9?1|VZS`WnkG;!gL&H-_>0N|P*_{7z5=)OF_SdBpU_xK%|5v6 z48G7~snLjX8Bu#8*@s~V@PMsg^%S}*YjOR6rAB@tiVyFS@VaW`Bruy#p_SrZkG2Hf zMG<`;Xj~PK`~1dus>L&g5F!~qGfr~OX`rx3a#OuOIq)Xfy%_@SN^+q={{)6(jXi|6 z8sK!=2x!XfCZ7C>pj`unzyM3E>&~xfc!fxXIkpg=dIBVHE8rT9e!NVx{;(=4yxs!6 z6M7b!>^K&9ESvCkzJgttvD_3IWqTBt+cwg8==0#Q(maB@Jo*kS3?UPMebFc(SBjfw zpJ_+yzxw9XB5+*KI1|NB3~AHsfg?eo7+}C}XcnKLW(4wKuY@&oV-LQz0+%gh?rcI- zCw^$pwjK!sT`n8YJRDWuv#*ap+B0K0AMg1{gKbFKP@qL(3hNnq8iDJ!mFfeg>>b8o(*xsbsKtt!T2e@6U zS~_tUNgIG0Y`Y2%ZUc;2Kz;dXC|54{Gg=W3+EEO7hhmo=$!!qgqpb?3pxr!X9a^qT zYf?-Vlc=-f2Gtiqb2U8R$m08&V#94RupEV&KkYJ0XA(jG+llsi0wd8rFN7 zUN7O@lrPmeDCCP~&j9KRHxD7D*!_%LZ6sU^B56saVI)SZBD-zRnHbHsR!n z;B@ZjqB(hdiqKYiqR8QE_fN+t?jnu_oSVbxYXAcf2!}UCT^fDiO&X{ptfFEb*Y{gGM`97=q4Wvl2KYpB2d$H z0(mF#O%D4+NQ!?Ir<+UaokX!zGv#Y1U*5YQTF%ac(;lzW_(-uKHb|`a=w3wXka`ji) z`axC8`Obw?APgtY{t9@D3piBB^vO53D{8v=3PhS8Bnnw-Q5*}cX*+%?;(+m~5+RPT zi8+#WqiA=63O}X;+9FXRr8d!2{=MmwgOL5L=(WnE@bZp-NBB~Vp;8a5aJIHh zgz*zk^V6|F>a5TESC||gAy7%a(>Hx=3{)}@p6_>ytG0@o#Z=--!T9%{C=Es$^2>AE z$)|~ttXLun^>;)G8eRxPZdJs6v+n&+cDlX}0LmoL^K&!=M?zP{CH&=C7WrE?%a(_y1v?C{h@NjVI8)I0OI3eliH&Q^n`~# z>eeSe0T5jNq!wWOoU!C-Uky{BI~PdSF6$E8u5s>q{f5gLTmH=|yN!0UwFN4SNft%R zoJ1raplemY7@ZfB15l;(LS7g@1bek?cCbzPOEM;vZ5ayT-BXLWqu1a!QLCb97y4)w zdSpvBRcrs4@L3P0(v%+cZMq`n2({W;hU=6JG*zxg*w}+&atKt(L$`{)s z0x4q1(>yY;GKT6K9{72(58$ZJ3JlsNY-+F0Jo1`olO+KiP9Iy0;9phzpMYakJ8+-Etgh(#j-us&FOwixJWE{ z#F-vvf$BTcpxO|1Hjc6&l8(SCe2_L{IZN)!5j7!nDN=y&S|RSC58#LkotAl2J={q8 zMF1IRo&jMf0Q7!g8&6}nYB06Vh&-Qypz7y6vHC7AfgK_T;Q^YX)WZ3DAmR1Gy-&m0-2?o06@RQLEQj`GIv^RTD5?`g!NcNRxwOAb zt-{J&<0yu|VW(-JR7c8tSaHR^d9<7CNca<>{MX}O>jfH4S~Cz}f698eT&z(TUXD{J z_I2isIeo+^0=|nmp0KPxOWbI8zX)K5%ZAtFnbCB(*kRfaNg`(~Espnqg`4AId%`Og zy^G_N);O+L>O-FItDt!Ix#`niam5(9Myd?G1PGL)L=?mc3~eYJYI48gqH_X$eV>(8 zgNFS2@a5$)l^D4sjY)}58I;pjINBehY{{X!m-#4fv6MrqaUUpx4%w%)sij}n`lhWzA$7X{88iVKqR#Qifs5>@dB2N{cDvD zc`@wT2ZjeD38MHQM8G}U{f{FL+<=l?%?+4qw8vu7xU7LM{o#x)f~zDCrG z*k94})%NKxDEN7my{VB;$>5bq?Qazg?;jlV?>ri=<5xA$^BC2(<{eN-TZGm;eXheP zcPqCTyRxRfC(J~2K6TE_OZ<@t-jK#6?-VZCv^2vn&QADXY&~gSb}IOv(*+z*I3o;g z`h0eWK*#ay_vWI0DOhJdy6V~A&%S)={jrk$laaSDTuQF)W4KCYPQy)y0AQ;6l6;9we@wspl+=+!pPJ`6&yz4+rx)~2 zakT67(t6o`wrbKx-zNBp5uM1u&BW}tY`JMY)25jQUp#Np zOpk0_fgdqhk$8UHAn0AK**3Gg(T)U#@RTQO##Q*2&1H$_MQgWC_b0nY_Vzh%`t&Ei zkI?R+u}g8#JWfS1INHO29jP_K+I?3*BGfu>g@4cAYp3FB_ERAqDpu(doX|U(V5ObCgzDy-}shv{m^y^_szHC*%KYRvI!=o{MAZW?@@TEd7ShP!?hMQ zOEuGX*v0u4DNjCG7?lj@%v+H6k|r!lnUc1RkHRWni2iEgNc2#h)pn28ch%{~^srP= zUF5SGw%qILQ!DGKo6;&zLMn(M5_s39V8mRlGau?e_M?Y?5$mOG^odem zG-HCD1Rk4UXOY6yVGIIGgoi;Y{=WpO-%As#zd8JqgLHptNyF|a|1m5d(b=%+yV?wI z+ElI%my%l`$V`kJGxD}YpaQxgFy%HEbymX%EIeN#+P>NGHWIOd5i3CLg(as* zi+8478iSn@N!1L<{{FO-{{%f0auSYT`c{m=LoWXRm;>_vcC-DzGBM@fcj~{JE%U$p zPBqW)NkaPksXgcmD|AaPKUO&cnzI(f$HNb^J=FKWFzkXjc7b$n7&s7J4M7wEGP^UJ zh-a8_*rm4-(Oz|3IQEqAUqlzkQL;eQh!Hbv0=fvN;xQ$K@> zv;ow2VHD#ZpE?=T=czEB@Pjc2($GdtJGUM?{{&jr&MyC4O{AumJ}VU0_=n2ucTU#d zF+go4!e7E~f{}bS-{tY~MbQ0HaUVVXY|MXZ$?0a#_HDJNp>H;kBsloEca?RMBn@y8 z2y*l27Q6d1dl3~wq$Bxb`Uz!6{)-TzIY22;9KEjKICk&Ct#?#{35Nin6j3rbDzYJ+ zmss6+^u6Ete6jf}+SfsLCr87Aq+OM|+7=cCA02+KweLe$ppi^DsD(_%KT~;#!>xS2eIEl4f8bU7YyDgJ=NNKs(}*@iFU!4*RN^ssY37KS z8LtJIV8N}-EzJD}AO}ez@T_V_d z9LM=gPWLx&fvnx9RN55K94nCvlQEpmku+D)5CsrDM>u8%w_y{W<5#Y9)8mIi%~zVo zJ(XI(N`D;?zdSP#QBAB>*wHV-d)eG+e2lX7f#yEZBLEyu5}mRx9k_YP#yVcy<_1CG z6bNW)Q?DAofw3fx{tyJQ0IDI1FcSCbeif!+zyzq4RbM8PDiK^d1Il*`LzzOxCm?T* zmZ5b2el6Y1hggQ=Jpma#N@)~?*=)P7LHwzpOql%n3I+@;Ve@|Fio8@C9cxQH2^gYv z#Nn0~357AIEIssJ zfy6#)j_?u}A`%(Oa|0z&6tOonIrpHOAgbJDxQU20kR{S4LUdoIs^OPp0|ZYhDC1ap zLi$k>iY}%Mf-^oNz|S(FRb))Lv&LJERgg*fXj%)0a-slgFhX#s3dLx0ABesC3OFs; z4~%Vs06D@Ip^j{s}6(}o51&V!-x(>lgB!mN;Z4?RDiBl=sn0-@< z0KYv=bgr#~*2I}orUW$Uc*5f4n53TvYe|0yHUB9+%mq^TUH7dDr9sf*6i41-jq{`X ze#e71DIFlKVypaACZ~N)-XQ=4AXXo2f^mXAp7*CMH+ihy30osmVtekRL-qdVA;1f* zGkohC!sjlTC=uS3lBxA-SylG7(I^*zbPdgIK9isF7YB}u0u*wnlj#cz7?-l*G?Ie= zST;V84;L9nTo{^W)pxwdZ~ige<~_YQay(jpO_2#D{J1!(uyU?`>_Y)9j<<$i=aXBD7-2e<954;eDAVa;_T@ zu=Al7ye;!^f;qA1^SELGOzTA^2U$kHMieuXhz;clq9+%4gC1#p@RpU34{IPb5e|so zS%9aa432o!~g zaFQW*zNS0HR1vh3Nn8vaKeZ5v`f(aVA(>RFG(7-uXjp#v8o{Kf)?Ad>ObuD9c@E5& z=~wQ2y)Q}f`5xN^jxry7(y>t&Aq+uE&@la5maFU~l&3f0V@2g~b;WWvRLTs+ETC-JX&wd9FOmxz zmLB$GyN{jq7@vX8PsqLY9)b%-#o=XWvvhI0w2|(qA#fhMZ~5LeXFRRP!p$)k1f8`< z0hkICbe@w2A)n&Yunu$TG}R%0oG3)Zh~gQtwN7|FOdZdzxXs>z;vf>XmJ{bNM1_Ds z$9E{ZCzmFz1C^+kXMCNcN<1wN)nlaWVgp0ruFs7usc_^U4(T_j?EE-*5DS`RWv?ga zCAkkZ+-w6mXonnP=}QC9v@~SgSGa$uoD)k9!`DY0j(#J&RZSgwG*Cz+U?gK*7Oh$A z;$iBJ!im@uKqmZJFC^bXp-2P9B6W8I)dOZIODf7Lp-gY9$eR@**HzyrT zD?!8Mx>f4}mVnYzl68~UlCbX6tT_u%Xg{{RfnzW`Qa^E8^LJd@J*j{0`2XhkhG5N@ z1Ynv@FMJ&DzF&OoS7O&AcbdL$dPd$TdrrjB?y5^Yn>xXhTCoX8^GiNL>$UbtmwdPdpSB_pQJN`R? z(fywi82^Zb3WvEpGL*R&-&|4mwxQy=FW>W_j>`-1dGA)oCuXDAq_+7Z8gn{hxi&`rt=pc0Qc3u(SErI2rL&{=UJMVlr;=~Ec?SDER>k&=Z0pIX+sdJ$rO27U zK8uK)iPB?}3>4Q+aQ|YPHh0Ti?F`%~@}t*$m2vA@6QffFrPwQX3+ceM5H{AO`}Y3J z&4jI$L9DfJaRY`zlYGZHq~Te)j26^Kvjo&F<(lnn7(4CgRmmPTju7z#lzscCQ~x$4 zmcqiE_q>)dQx39h9xFeU-#n^%wH8wIxb&INg*OuB9(5t#dDN0`;~dA650mU#*7Km% z_PCrxmc+xpeXnR&DYPa%9)=`Kx>+zhNNE=4g^rJr|+15%8jfq=nyPuZEvh zYFIc#S6>`5Yo`c=rB^$~-}Q-q%V3#vz{PGp6Sh#(*{qpEXEJkTQO;{QDSAxzhb5O3 zA?^zC%t|L)lGK=RSIu3PlG9gMX0^P=3GL5_7KY+Z9=qs|h_Q5pnyUfmj?NLpNky3>7)<(cTUo2@^;EARhY=JHvb ze~GfwbIRg;J*-Jt9d(+CnImjD*^Kdx)spEQdmnY%J*#&H?7<5QF&Ugo<2@5P3u0ZL zQbp3sSI>ORi)>&y0j3tRCt8G)MZ+cGn*o3Y8PKw1`WAAR2=+INJd9P6Emjk?rrzdIaIe!%w$_J02r2!NdB<5kpO&MNU3RB_0+kpSJC3f*bmWkj&YPaQwU`af6UUhEK71i_w_`U*P!Nz3}WsRZs>u$K?nb6Hd;$j7_U0 ztY>~5gy_Z7k{O5ASrLl~l)B?_rSc)#3<{#5W)}7NTF*kR#l^5NHsh0(@o@x*=Y^e) z&x}*>GWN3FwQ;q2-hGr8s-#NV`m86GQrp+AKUtjk;9M2Ay;myvv#&osp2OvfMhOpj znu?fwUv2#PL`4ZVn!)`92jRZ9`?#*SLik6Ddio&-qG6}kJJbmo1u6Y|L$(W2{4D#P zgZzw8>g} z<#jZww1pw#rx0Zuli1A6k>F66)na@H$S`4R)eR!b)(&N&_-`gW;llHVP0V>HE7M-b ztb~g*f^;#L%9-`9)S+}MNUaV?2LYsHizFxvuRAR%av=O1ZSvzNNm-SY>i)1D=1HeK zfG=5yJ81Oa%?on!Ls+5OjrQ-s(SSQOapB(9j@}_OAZ;EO=qAI;vBDy>`tQv{d$?`L zWwksX=pC2XK|x^l5L>(=#(==_p%gL#P%!(K_??;j6CpRG%LlVZx=QvM6MeYF2!bNI z;ZHG_=*EPXG4KhR#*ou`*T`72_xF!cevn>Vg;=nTS>A`ntdJZk-lc0baZ zuM4j}SPq$Zt*4Xn@#GX1m7Q?+IA#4P^IZX7Tj*6-tcMvULyuRFItz;;V|y2BTKMA= zHPo)${pdI-@C2FyDgVpnwk%lT;#|QI_^IRs>^~1O*X&V0Ck<`+P)I!1ey)8#Lj|RP z^LDFaQnubu_DmO6AasH4HhBzf{uTk(?O6y*=zYv9(#Lhr>#{KWDKW(mK6EKnS`Ls3 z7Y!1Q@iC{ku&!+gWbYK^hbQ4!Ee~U#!+RZ@mr-iWeunq^cwua^!cd>PquqJUiIzAEU(|?&z(%fAP{C=*){7P{h2rFKr>}$oM%Tc%H1nIsv z>Us%4ho|$_eV5Dnb{V74wYl4~4Dd~Z-=1E$x^raH-`~=9&Bq9{ubnJ=JL@XdNcCJat?wjU&5p<~0lrT0)YV$-l zuC>v1YMixGJjz~=!LshJ@QV=rc>YPWrS%0e-OFuC0UEd*Du&bjrbNfePgIQMXDKb1 z?sJwX^fRmWW~Cl_tUzv7M;+>V44wHKw#leEl+?=<&bBPr)@6Uv`aIe{s-AJMvOe2T zvD{tAshfg`IdCJJWl;~U{R~di56y%p)Jh6Q;K%EAe%BfKS$Ca4_sg%P{^8JoU-Mgm zEQ=$zq7cV-ky z1&oy-UyuqDiImym_B;}kFwTEcpdpzEDk@r**ruvFBh1T=iG}W=j%qmlJARYHYB)g& zbD0;iLoupn&A@Pz(23k}3g75llE`IxpExliyk33N1BEu~7e6_9qkV$KBUQcG*}+ zmsYXwl%aOcYOg=h7Z-%DP(2GpV^|t0GEMF~eUKJA%>o~qoGA2VW!)yOUk0@DjPEKwj zUOAfgtRa-UMqXsJ180UGy=hJiZ%0J1ZlLCgLclZD?;XAE6W2#f&+TVZ8Pto9R6MM^ zGCdEWj<=_)yjBYY%gbNRAMYL2D8Sro9?@I)4aJyci8JusvXi)0vpAf}7&J?RLeTzg z_$D4RSkgkf?BAloZG7H;bXoFP@eyWVmD6<&|V!>YFB5I5sUMI3v$UGf~>x*8R!65~qF{1) za%ul>d@ugRE&3ID1XX1;xU9!7Z9y+e?>EL4xUMr3xOVt$3(Pae>vkln06?8hH{U_b zbF{&O0lix}=LwZpFI2s{A>P#IyBHXL*;CGb+G#0Vbx)ysEu{Nbfwb4@gRDDDm;TTK zbRO~Qkmtx=(duTqaIDPdN{LuGEoQTNDkp)C326zR5RjzL9|Lg3x8;1Nrf5~b0gRXp zm>TK7# z7UC=Xi^ZlLKO@J3Q1laEbDyt=+29*Z2Y{Eak02@R4z75e5FWw`_H?1O^(Q<=6Y?{9J9M73hxQ7S6r==h5jR2-iO-Y2e?%PpiAwjlX|9|C*M}QbO?~y5XEK1FXaOxAGbs8V=K2E? z41l(fVqfp4$f^Q)%pZRLee%*Pxl#N&;{^IgFRJ^2t3_<31#BGfoZa#Md>1Ny0 z;}&~g23tU5NlR^Y)%NqL^m(`3^n%_KnPETkB@9Ne;AStesVB=2j zjVQQ>+yPTeV?;1g#VY`(&0rK7dN>2yun|<_Kc0cja)sf%DYE+$6cdOZ?)j*Xi6ID2 zTc0;>JVrxkZ<~5l)kJg%W&?YP@I`;Ifvs~%=0X&V8(51Y;A2Ih**!bqKelIX2y@F@ zZZ@vvDCNEw7K3dJDO*$!nB*_kUQS`SdI!ATEJ&w_hKCf1K;i*=U&k(g&$;iy4=I>% z1lt+>^$YSoCh?fq5c~c{Rq!#)&=F|XCa->Lye(((w;RCnS2w_tot0gD6TZ0{G6)?I zHW`=-bS75Xz4jc35UMK6FmT)?ssfqxAQCZth7_V1LAj{y;KPNDQ#92K)Bz(9N%!k` z2a#A)&lCro^CPx)M5RX-aH%KFkxS*kyJ_@$21A%aEk7}8CW$afdiA0q$o*Q8p~Hx$ z)wjiglw##_NXC6Vl=jhULoXf&pJ4Hm<6o(Z^CafzNerib zbnvubj_FjZSA0sYdT<0sXea}+%*Z(EdcuC6UesA;Y9VqK(g@4ang?%^8!$rctPQ6n z5i2knc#>$)2}_VLkvrMAA#=W`wgSz_vSbftwQyUey7{Zf2$|jF#34*$ucFZ{k#t@g ze6-)tkft1kOj>vg)WyW>!}-^fR&KnNh({BNC0-GpTngH1SP`~)2 zj7O6gm=;@eJsriqI23JPJgdcYtiAX!xO#>@&Ut-K@h|UjJR#XVBvE)|ggV%tW9e8mTtRM zFUiMa24>#+rnL$$x7!Bw^u;ND!gnDDOx|<5T`-99DwtZ`K!mB(++x$3gDZ5x0hl== zINQe3eJt(#?15iO9LO9y_;qsvB=V%dmb!{VAQDdF=D;S~(ROFhp3KL3kCJ2J8<&VmhsiQP$eL7U9k@r}tM15P9`RN&lXTw05C486XpKqDYkBstQ})mu4&C!DK)DWtUpzbX z@fX}cMz$j)JZWl2$f>ga8a1QF>;2_u+1pz4?2?yZuRwn`c4`kz$A3yTg!Gl-uuD(f z66uW$k*jzKJ8NJrf2-FAL}!OT0ErCrkvIp-w%Qgho+_Favi7HYKqQM&Zbt&BE(26Y zk4qY~;tiWZy#2^{AA&AX3{I7CRwCguacCg8N-P3k0`t7@mn9klQ%cCl>YTy-XsMye z@uYNy{U^#0*KFiN(+8q5C3j)g-vY8(H12jKB)kR%{lZx07zQ6y;9!YYy`#Xxc< zx*PA*yDQiZ56ui4gdv%|U2BBwK}F^`)uCK!B9hx3myVpcl{Ai(@Wjra`DN>NZQTA< zH!|-lxHn&2KU`}!hH%$TGSrckkC|+f>^s@Biun8ka3d6!xbR_<4e1f>8lMf*(sL@! za_gt7)}EcIT5Jp=mq9%G)C|2|oluD|^HbObHM90T#ZS@va1KO6S`6_BAv0vXPa z(6SaoxjESMl_cs@K#o&AnL-+dYw)+BGYV*_WmQ)A$O6+$@5Nl`+&0VY0Fg@qNznZmgE?rsR27%rK~pX_IA)Jxqx&Vtm1 z)av`JE1@$CGnkj2EW$Qy3^_86*UfO7L}0#3UDVYz%k)&L0Ic6Vukq$Gwu12qmw zl>|l_l|*KSlJnpnsTcIU92u!KxSl{H4#Ptyd7o*}xYZsOQPORH@ek$H<%psErs$1z z6ue%<)-Io=oTHJ%ZjMm%A!tj+&{_K2<)&P%^#HANIAoHM*t){fR*LQUYlS!=8CI`| zob>BT-wA29dr>6y%D~31gA#66JQq2eb@=7i{Ip&;twq2JPh)8lT01R{)b}xDg1f)M z9}3}bM6rcMhaQ}g-BGLXS^(0zzfmwC^9pP@spMaR#zP6Mi}9+P_fR65_i=SJ|BLte z(AN!!fzHSrvMjQW(Glj`T9W~*_T?d}#+lYuEXtl7O1{!*v*e%8FoQ#6<)eg?=JNd3 z>!U!+?l5nL3VbWM#h1Qek=Plt*yKfuL_z~CR04XqC>A7+$+A1NDMqdD z|9-7`efA`M@l-m)VF7TF2at)AT~n;*bgZqWvkq_MEOenG7nW04sj4^e4#ed)V#i`w_;&q}w^f~q$- zK8;+p>(n?{k&euw?P+;ynHs!8A4G@`cT&;6fgyuaAEKfzR-57_3$P+X-h0* zCeIZ6sDF-Nd zhRY?TJwrOP`P9wN@;vb;?n>%8PLWg*jTQn$hBOKc3U2B697vK1KaXfb3KpO|IizaC zoMBJNHCTieTNG4seV6Uv1gG_{flzFG1uHm_@pkifUE7qNmANdb_o%JoS3qc zO6y;=JVpMtX$NPAzTH1y@>NPb#pF8|Sw`x!v3^eaZ=c2V*Pn&!okuQKYRyLInj2ts zR)AH|j*VPwWRhLNq7_&_gmI`tl!|`=O=&Bu-k_5Rxcy3Ss5?97ti;YeD!XBZdzzKv zCXvUgpzX<4>aQO*{av=+`^&ObZlXCOF7ex$+S$)gSTWsrW@O)aNo;H~mY)2|)GYlk zFs2B8GtbZBnN@s`0UtOnDp{EQi^k~%m*g%GHi}4RJ`f^m683rr8lv7 zgoygt&aZjPr%I^$VPOD|pueNX`kL?@gXK-!{puiyIj}cRSoP5Wn(=^|rD$yhcF9=# z3L(wb-Yw^=9lf!Y3kz?0D~m_qP4aw6c{2M!_u}=~mayipZZ&62I?qSH-Efuv-8nA( z>&`JYu^%5uLbkTEN+`D8-n8j#x(_1)ws!t*_?K{ z8dZ|83U5G1~H_yY1)4i5Gy?WZyy^fD_reBpFK5HiLuYRvU+HPhR zd$-m|e8?3n0gIGuzxx+teCb~_`0uav3mXoV-e%XUlgMhk^~2q=aXJ;hx|bhUaBQu+ zx4^ZRpAap~<2hsO$>|_@LriySkC;1y-L;~lcd$3XZNka?{{2zQ`kh<@@-`>)ofm5l z8Jhu;s9p43G6?E8MweyK`19BN95qYt64Q$OkMLSQlyx_D=r@8uG}&UZdYw+h! zTa(70PuCvez=!&LBjRtIe!9lp7trUlbU$B88Bd?3O@E0rwAH2`d{oiO(Qof@i0K{9 zoR*9d=RN)FUBGqsRgt<%z(+Y1tx0BTC>av498C*9RD;a3SIqat}E8tTnwcmt|uc*H{)Oy{%B<(;)zhM`KG47<|SVcEg2Rb_iI ze^pgBW;5D|kR3g35#w&E~Z4KM^&rWKO@ z=()4qTF}UJ9Aqx_{&eu6y*LEpwII1(7%cJVVC?7^U;+La05Z2g8O=;CIg^iu!!ddZ zg4rejh>8!~UoVk8h8XC5VPmwB0&A}RcE|ZfN{ArKTn2e~6fzcT0kptYAZt$AjKi1& zGXOCDE)GJ_7cpx{kG%J5zJ|dO(~d?7jpV+!4og>z0q0x8iJ-ZuBKK+z)Y=x zx01Z$W=AW*`>D?su0Yj_pkiO`FjR?|PgVI(1g{nXu`!~};TL%N=?cI-u0-J7zK-y= zv=EgYi*0kzdn1TSxfvv000;dS-kx&B(4d%NfroH+g)C~ z5iFH;c(4?lba=3qcSHuUVK;rD?Q4O+J!Yh9n>oTJWJa<2j)yLT>^B-5^d}+7jXShC zbUvIyCZ^>_3}+${Xr;BN8Dw|fXkoO+NG7ombR8#8P>&U9$gZb(dH}DxpArLu|3XRYSq)7a(p!tf*jMM!IYOFfwu2c}ceK6G^j!&DY22UiwdmW4PDHDdx(L0u0KC`= zN}OY`)JEvsfIoR|O%uvT66k?UY_kH0iUMwlZAFb}-hiaCsy$~fD3@j&f|7U&8N>4Q z{E!yL4RAG8jt{1|J3;^|s5k=`&5Jft`UI8Elk+#5GzR?GEyYcF{?^gh26DB#RKATQ;2Oi9aC2db*K12%cxV z{Tx#_{`qFBb4v0IpLGx#LY9jasDk3dk4;XRjO|{{fHcC^zTm?(Hz@0sggs!kR}|=4 zWjj1!7+Mrm5j;UqVj4svjBAi)5G%aThH93(q0MoQqz^A-obd&;z$Tb1|A{x;)DG+o zKr3Sg(!b%#d_?v3QOXS6yyV3ml5u=D?`S6vnHJYR`0gof!puxxG{dzF4guhCCP3^T zr%&D1PZ7M`%JX7(cLxZJDW0?@O8I8?vB7)9g;Q{Sp6dyr!64pGGDKVj?vhT?EI!*; zE~75#`Da|&T{=2k63=OqybpVU)YW`s+BlC=*DZ@i7jQwl$B|%v(km~ujEJSx0&mcELHOl!vPz&w#AN>7_KQ;qo#qI}Nd%Gj;nTL3WPEAc;1bp@ZekgLV z44I@7+bLLhmqq%e(65CN|BMom%ZK2S8AA{`Px%{BOWrFi$~2!9l*f%t1c9B@<>Z$@ z;Z+lVHboK_-QO?GPsb1naa?}*q?BmmDe7sac|q0_040_Cn~iCl_j-s^X;&3A^zuvH z;11)lT8EEqO`8ORmY&Lb4g4!fG`#yZjMqRB9p`?QrtMzOkO1qMA4y6WGJ(V9pAi9L z_eyO?dI=BP>~hNsN;mrZrDH!-6j&za$wz6uArl8Y&z?Dg=g4zKEo)TUi-Gf98))LPzL1h?f z$kzCuX$$^t8d~mEwRA@+R#m&WNc`m9Q{FO0XM3Ap;1W0zFh0aFq-e@lR}ODpMBp$} z#U{(k%H!#;_wBL^9X@j|mt|cEIBU4#nB#ro-cL#n1P^0gH~QWcGPF~7Mn*)r`3uEo z)N=Q!ou41Y^l1rPmGFaVDnsZmLmSH)svu3))T=8xgs?Ex#&Y_R&kV_W2Kg({E$JQ) zwwsDxYM6vj4B#u_geA-p1k4_I=F;L&d^TYhKoNe&V$1U8A1C=~D)6)Y7aWGM&)Rw| z`@Y=yCNXi7h^CEr-ofyG=#1PQ4lhH(R>|XdsuqnL*(fiFExFZpcY}Alg-TwdN@qZB znLVv3XDnQ>Y8(x%Gfn%Nu(t{ZOMFO_)V_ycH#QS-W5&NT%)Z?b)xs6x*=1zLAtKHF z<-jV7e~H$7^%Ef-uF-URNN-bTJJtqFL})*U-P?y^fdgT{H1*|YFW#3Y%;OWujF1R2yWdSE68=q`fSsbXHWI-2<6}|POCs$YIXASgyM|yS zp(2-LhiKHjB~G7+6T0kr83B$MaOXXG;YBJEGd55DqWLNY{hB{5Hk1_Vjn%k%qA80! z_l~7J-+gnP7i@RoYTamA7BX9O&s7vzNk;RsS>R%jEgMVbyM_oBlOjH=ViF$GeK&ML zK+O2=YPE+KJL~&x_$?d!UqV5(zcnbx&ie<2d-o82l0@x0s=fe`CdH)a=$yxZ6kMkN z2vY3U+IXJW)EswL@Jah_ZLfKC%+sBSer#{Ll`#69>b0D$iMw0EJN`EgkCh)qzq}*b z+EjpGD}S7k2gB7b8jXayIrAzeEUSntyiepWx2Gmbdgh7nMH*CkJ$T#X@CC6h|NXMy z3&@bDIar@3n8Y46@j7`~A+nbrA+hiI{+Yu?e$4sA`Ttx(qiOi6y%X>#ql;}mHqIEe zmarHRMc)=i8`gI0&wtV{I&#~RX$Ii$@;fn$9YaW-KA@y1*4(Av@~(dc2mV{>^N$L+ zfA@|5lYQgA^Z87*K@l(qaC z*Q~Gci}i9nj{=eS|vc_wInIeW|c5 zDv)4xXP7b+DxWYPf=f<>KnfVn9eR8z%fYr~ICvvrzpd{?Ot2KPM>~D3h?kEWG-z(X z%}429HR1weA-)xO8jpd(t2JcN=j%AMn@KIv^GH9+CS68KHIIUTD^^ zRU{*Ku(|NMKL&RNOUIuu{BCrqOa-)H7Yc2l2_prAvvq|ZJ1dG!Pbm%JsSq!=N`oS~ z#7Svzwjyu@1(Ji0^jNJLXM5MV&iluclVMb_pLA5)x152+w?b&_F$_=c^#CE3S8 zC6eI=KD9`MRfO5p5>`+*-nLj<1C#MNgm|8K{QMgUXvQ2Wx&oH`$4HULa(ZEFCFd>Z zOvymwXj#!{3J(%#%t(+j)X=%Q-I{D&4L@p&86bpe98YLVRfJo%h)zy^1@NR5%*fQi zM>$IYr?R0pQM*!rs6mO>_0N}M)S&o(CbljyT;-HJQ~y0hTpOXvSEvr4NTy1J0DvZH z5*%CTK*?co$+m#O8uf?+uG)KlT^5?)W1vD|@j$?BSUD0%T-Zvg4+7#qp!s>c&sqYI zF<#BsvK4Rv8uX6tH>~~(lqI?-HN?6)1ex=#IHUq7`1L#lAL@Lzd=t=s+hI0vac2n*0IRSyb z{##!e<~n5Yu>S;NeP|R3y^AEk6{O2srz9W?LPoq(W0|()UzKEZU#ZPI5NHHm^a`2? zy!G~rWzPZtMO(42D9QJ$M#9LD;5%d_cIZ}(n>QkHp@~N%gK^~L$Eh?$br4xoE11$z z0B$uJM(#jM)(T+6@yZu-<%Y@yT1uTT+kgST3sDw5;zf+&`z$MH6+GrFUhanm!1sgR zFeS#dVIBdtGJI@zs~-;r?^~Re7%3z|9_4A0(MoPi=4^UXdoH)XR+Z>$OJQCZbH!!~ z1|$=DXn-c4;F2n59(PnC)JlFUK6Tr|qjqbZB=r1zUDV%Ph@De~zN^d{tLli|56OSNTSLI6IY8N+K&}P@LhKo}kuXtlAKL>9I zZ6v`G7q=3rlQC@ix#9_}S(Fd2Iov&@ytMwtdJvXc-TW*b$-Z zzvV7GUNW+;ffzHig^DX>5X*pVcRjKU{wz{|5rY+PU}Ue*u8P&t*1Z!SEu+&W)IurT^TGZj5{-PhcDj*Z>z8GNL*gZdK%Twow4uEdE#mg|S{J z986dJy+wd-3sKLfqvX8MzMHV36P&L3`bEo!b>1rrSob#a@*;+6w7{c-k^c-Uzdaix zAKL>&pE13+i;J8EO_y&ln2Yr7Jt*!WOjcKIXJ6X3&Ol17b<>7^%M0 zp1l>noyX4~6AEPp&pjVJGvH(8+HR-1D)8agyn-S7^}RjNu`^AQCHArlw^hDqpk=p| zdCIQFV75^8q50#vg<~zO+^6(LcJ3R@R8c4CpX0_y=*U{31i9f4MvK0 z{>MTJi*^e{#b;aHP-fleXt`(o=|zjV4}{-y0SRSJXI;8@H*iU+z~N>WwhP+tF4e5E z*cr>Q_VY_oGq+@^)CJ3VbgXtU)I9Yqcx0rmRXjmy&Z9j`8Y@^;K;C`msKoq2v^>); zbj}^U)?;?EZ#H?QIsRYs@#XtXKdzFxSa`va zy_K2ILIJctDDlaOiKWIDE~>g8sPW<}43(XsAG&n&j0CB;UMW*8(DtmOKTOT~LX@qp z{M@jS@$`FHJB}Itht;p&?YL6&lC3Lmu`r{WB51K>nE%o*Qv{ zV}^dS2s>aMLE0L%BrOgVyYFx51!0inEfo6d-Al4sh?Gqe@rcV z+q$Gx{aXE(R`nIB?`HbzdPe}y6q$a8bH#@0?!H5lqmm_86`WXIcD`nn)!tbCb2Trm zmgE_<1Sqdx6?yrh!IovL=Kofo?gu*3o;~-|ftt+VZMPn0`vP0n8T{|xWU{ej{YpO1 zaDT(=OEr>Zn(~txvLA(-E;_vWczet5!^?y}XWm${OS^HFer)5#-Y-rEE^D&}AL8E0 z<>$v8Ydk+{#+Dwv+4_tKPd0$s7ZLX_YDl4-h^PsP_!1~+XpI5&7Q)X@TdFkzrUA6)% zI>WE(sN}AQ3@-Zfe40GtXU%%PTTdE)URsv3_4xH!6`{Q^KD_$)?GNMDgTbFy@|SaJgxA znL^z5>Cb}i{(M_j^2~d?U}?2NfG{|m12!*v^5eX&JrlBR{p-OA_~F&ZZ+|jpH7|b_ zEWIhDum731<<1o+Crd4VyGl?t?nLP2`BDEO&Mg09nK7CDnfL5XSNY=iPT2Cn=4b!D z4=h{H*nVD_%6aO01riRev+g~4?sUO>Zh4G0q!lf(AjW+$@J-ojVUe%YEE&~aql*Z2PS^89WlW87nU{E-I00lzSCE|S^ig- z?^w+U%r32$d;iw6WIYNkU9?!u^~L@jSp4&!T|0HbrnNu!%x3@sPgg&ebxsLQ05$M@ As{jB1 literal 0 HcmV?d00001 diff --git a/site/content/docs/1.28/img/source/shutdownmanager.drawio b/site/content/docs/1.28/img/source/shutdownmanager.drawio new file mode 100644 index 00000000000..99b86620c42 --- /dev/null +++ b/site/content/docs/1.28/img/source/shutdownmanager.drawio @@ -0,0 +1 @@ +7Vtbc9o4FP41zOw+kLF84fKYG2236ZTZZKbNo7AFdiNbVBYJ9NfvkS3fjQ3EYWlKXmIdyUdC33duEvSMa3/9geOl+4U5hPZ0zVn3jJueriNkIvgnJZtYMhqYsWDBPUcNygT33i+ihJqSrjyHhIWBgjEqvGVRaLMgILYoyDDn7KU4bM5ocdYlXpCK4N7GtCr95jnCTT6XpmUdH4m3cNXUI0t1zLD9tOBsFaj5eroxj/7ibh8nutT40MUOe8mJjNuecc0ZE/GTv74mVO5tsm3xe5Mtvem6OQnELi8MZ3iGkW3ObH04N2daX481PGO6UntxGzyzjVqt2CQ7BAtfyseVT++8OaFeAK2rJeGeTwTh0EOVeJrJrl5cT5D7Jbblqy/AHZC5wqfQQvAIcAoMr/C0TSleht4smlUDCSf2iofeM/mXhDFrpJSthJzpOmVDNFSiQBylKt3oWK/v2WoYxTNCr1LYrhllcvqARR8oFJw9pRyQ785hjRPse1RS+25lew6GnYGpQyZXGfUrQiOA8wpTbxFAwwZEoj2oQqRQeyZckHVOpCD7QBjsHwcMNNVrJjxMzEs1X3JcTYa4OZoOEiFW9rFIVWccgQdFkx0pkxhtjjMVuuRAXjIvENH81lXPuimxhnHhsgULMM3zJsNSy2OpnR6WWw1qd3CtIraoBtsqtOZw/AbQGhVk792VgM0PQPoFB+AG+dk1dEanBcVhqCbvwE1Y1km5iSqZzm6iYmkHu4k6bGvcxKgDaBff6cPPZ775yZxBXzy6/6zNSR9ZFXinLHrt65IE8X5JE/Rg25pwlzvgQSZ2qTZxxoRgPnSQwLmUqZ2UUWY/tQK5L2yEziLtyQqkyIG0UC0zo9xtJr0Cn/OcepLdcZaKd0FZuxho5riAtGpxQrEAb1fMfWtQVbqn0p620scYDIoaQrbiNlEv5RPIZj2mZhX1CMwXRFT0AJJ4kxumrH3rcvuolPIkC962rsoLycoyjsdrKL2eLIjN5yERvbJVpAgd5gNHNS5wQIUiIzwv5PPnFdBaTh53wSz53nO8PaVUHILlCcXY8TnEbne9o32xPaVMHKEKtFMOUYgtZTRZEzs6DfF9HDjw9Jc0X/Dgsi8u37VQJe5/n2jwzUXaKBDng2xdZA5gR7+DrK9d6En7UbLvwhiaieBmrfgYtzb5Vo7VzQl3HMJastrdA7pmIrOTEG6gUgw3Sy5l1xhujbVmRVuC+LGiZrJfOe5/fHiYgh5delHt6+f3wWkHh25DLqkIEqPanF42Una0L2Mt9EaMhcUdytjxRYuqjhJPs2QbyTzbVmaUam7Lahlf1l8cf5Q0tbaeG1ZsTh0EazccEsPfoqDb0/62mlyrqbzSLqxxqYpCB3py02pRtMUquiJNNf+8g10JSAgM0aaczUhS1Mx4Vs9MXIKpcH+9cxY1OuU90wjIetDQ0gtg9y2jIy89LOhFY3QgG80WRa15RfJpLbP+k769G6zJu7eV7DyAbFIS/XL66Vy7/wa1O0JFAzpq7V7PNr2GbX9qAd9sj7/vQXm1mnkg3PcCLIiMkszpKg6mNXJa8z7uhO67zbPQsFToHppnGeXT6CPnWWhQ4VB2GhTXxtpHxp7gH3j4JSBHXksqJm9xSjUqdCsejGRr7YmUbfAcn8ZAats13w7nTy57QokneW22pJcKPkM/LMkpn8JUFLWS8wjZUPUCI6kKJ9ijEd2w4xUT/k54d0InM7C4iSf3rfnYsJWMSTI77IaHWjHZNvemT+IkBy2KjnsaWMvDxOYKl80QN7U0kp6D6FsF0YrDK2dKux9WtCh64yCq15V25xOIN6ZPK+o7nwGPjkYfM+gPfiB0F5DBT/poDb0f80/9pgu5Qgr2HiiV5nYX40J2ZxpD1c6u2mRjk2vsfNHWeLMx/n+8mzHsyLtVFB03jNZSeL/Thj+TraXUL7t1lnlS4d5ZaT+xe+fXuutBhcYXhm4cZhOVi+YObWLvi70t9ll78daVwdV9BXYSpl+pLtmexPZOGlLxeLdydFY2TN9znMg0uDzdxdmxb/W8sEq+RkdRPnRLf4GjJunlf8VSf5lsmGOl7ZXM7MvvUqAChv3yMcwhrhOa2e9v4uHZj5yM2/8A \ No newline at end of file diff --git a/site/content/docs/1.28/redeploy-envoy.md b/site/content/docs/1.28/redeploy-envoy.md new file mode 100644 index 00000000000..2456b53d2bf --- /dev/null +++ b/site/content/docs/1.28/redeploy-envoy.md @@ -0,0 +1,72 @@ +# Redeploying Envoy + +The Envoy process, the data path component of Contour, at times needs to be re-deployed. +This could be due to an upgrade, a change in configuration, or a node-failure forcing a redeployment. + +When implementing this roll out, the following steps should be taken: + +1. Stop Envoy from accepting new connections +2. Start draining existing connections in Envoy by sending a `POST` request to `/healthcheck/fail` endpoint +3. Wait for connections to drain before allowing Kubernetes to `SIGTERM` the pod + +## Overview + +Contour implements an `envoy` sub-command named `shutdown-manager` whose job is to manage a single Envoy instances lifecycle for Kubernetes. +The `shutdown-manager` runs as a new container alongside the Envoy container in the same pod. +It uses a Kubernetes `preStop` event hook to keep the Envoy container running while waiting for connections to drain. The `/shutdown` endpoint blocks until the connections are drained. + +```yaml + - name: shutdown-manager + command: + - /bin/contour + args: + - envoy + - shutdown-manager + image: ghcr.io/projectcontour/contour:main + imagePullPolicy: Always + lifecycle: + preStop: + exec: + command: + - /bin/contour + - envoy + - shutdown +``` + +The Envoy container also has some configuration to implement the shutdown manager. +First the `preStop` hook is configured to use the `/shutdown` endpoint which blocks the Envoy container from exiting. +Finally, the pod's `terminationGracePeriodSeconds` is customized to extend the time in which Kubernetes will allow the pod to be in the `Terminating` state. +The termination grace period defines an upper bound for long-lived sessions. +If during shutdown, the connections aren't drained to the configured amount, the `terminationGracePeriodSeconds` will send a `SIGTERM` to the pod killing it. + +![shutdown-manager overview][1] + +### Shutdown Manager Config Options + +The `shutdown-manager` runs as another container in the Envoy pod. +When the pod is requested to terminate, the `preStop` hook on the `shutdown-manager` executes the `contour envoy shutdown` command initiating the shutdown sequence. + +The shutdown manager has a single argument that can be passed to change how it behaves: + +| Name | Type | Default | Description | +|------------|------|---------|-------------| +| serve-port | integer | 8090 | Port to serve the http server on | +| ready-file | string | /admin/ok | File to poll while waiting shutdown to be completed. | + +### Shutdown Config Options + +The `shutdown` command does the work of draining connections from Envoy and polling for open connections. + +The shutdown command has a few arguments that can be passed to change how it behaves: + +| Name | Type | Default | Description | +|------------|------|---------|-------------| +| check-interval | duration | 5s | Time interval to poll Envoy for open connections. | +| check-delay | duration | 0s | Time wait before polling Envoy for open connections. | +| drain-delay | duration | 0s | Time wait before draining Envoy connections. | +| min-open-connections | integer | 0 | Min number of open connections when polling Envoy. | +| admin-port (Deprecated) | integer | 9001 | Deprecated: No longer used, Envoy admin interface runs as a unix socket. | +| admin-address | string | /admin/admin.sock | Path to Envoy admin unix domain socket. | +| ready-file | string | /admin/ok | File to write when shutdown is completed. | + + [1]: ../img/shutdownmanager.png diff --git a/site/content/docs/1.28/start-contributing.md b/site/content/docs/1.28/start-contributing.md new file mode 100644 index 00000000000..2ddefb6c485 --- /dev/null +++ b/site/content/docs/1.28/start-contributing.md @@ -0,0 +1,130 @@ +# Getting Started with Contributing + +Thanks for your interest in contributing to Contour. Community contributions are always needed, welcome, and appreciated. This guide shows how you can contribute to Contour in the following areas: + +- Code +- Website +- Documentation + +Please familiarize yourself with the [Code of Conduct][1] and project [Philosophy][15] before contributing. + +# Getting Started with Code + +Everything is managed on the [Project Contour GitHub][2] organization. Create an issue for a new idea or look for issues labeled **good first issue** to get started. + +## How we work + +See [How We Work][3] for an overview: +- Issue management +- Code reviews +- Coding practice +- GitHub labels + +## Contribution workflow + +Review the [Contribution workflow][4] to understand how to work with the code. + +Below is a list of workflow areas: +- Building from source +- Contribution workflow +- Contour testing +- Developer Certificate of Origin (DCO) sign off + +# Getting Started with the Website + +Updates, corrections, or improvements are managed through [GitHub][16] issues. + +When you are ready to take on an issue, see [Website Contribution Guidelines][5] to understand how the Contour website contributions are managed. There is information on: +- Site structure +- Link formatting +- Testing +- Setting up your environment + +# Getting Started with Documentation + +Documentation is critical to the success of any project. Open to all levels, Contour needs help to create and update its documentation. Join the [Contour Community Meetings][8] meeting and learn more about the Tech Docs Working Group. + +Review the [Contour Technical Documentation Contributing Guide][6] for instructions to set up your environment. + +Technical documentation will follow the [Website Contribution Guidelines][5]. + +## New documentation suggestions + +If you have a document suggestion, create an issue in [GitHub][16]. The team will triage and prioritize the issue. Connect on Slack or in a meeting to discuss your issue or request. + +## Helping with identified document issues + +Take a look at the project issues list with the label **area/documentation**. If you are new to technical writing, add in the **good first issue** label: +[area/documentation and good first issue][7] + +Reach out on Slack or a Contour meeting for any assistance. Help is always appreciated. + +# Filing and Working on Issues + +Whether code, website, or documentation, Contour uses GitHub to create, track, and manage all issues. + +If there is a fix or a suggestion for improvement, create an issue in [GitHub][16]. + +All issues are reviewed and evaluated by the Contour team. + +# Meet the Community and the Team + +To find out more about contributing to Contour, connect with us at a Contour Community Meeting, on Slack, or through the mailing list. We also have an Office Hours meeting to answer “How do I…” questions. + +## Contour Community meetings + +Discuss issues, features, or suggestions with the Contour team and other community members. Ask anything and find out more about Contour. + +Ask questions: +- “How do I do this in Contour?” +- “Why does Contour do this thing this way?” +- “Where can I find…?” + +See the [Community][8] page for: +- Meeting schedule +- Meeting notes with zoom link +- Meeting recordings + +## Mailing list + +To get email updates to Contour, join the [mailing list][10]. Topics include: +- Release notifications +- Issues +- Feedback and suggestions +- Meeting notifications + +## Find us +There are many ways to connect with the Contour team: + +- Slack: Kubernetes [#contour][11] +- Contour YouTube Channel: [CNCF Contour][12] +- Twitter: [@projectcontour][13] +- GitHub: [projectcontour][14] + +# Want More Contributing Information? + +Slack or a meeting is a great way to introduce yourself. Let us know what you are interested in, your background, and what you want to accomplish. + +# Next steps + +Come out and join a [Community meeting][8] or an [Office Hours meeting][9]. Ask questions about how to get started or just sit back and get to know the team. + + + +[1]: {{< param github_url >}}/blob/main/CODE_OF_CONDUCT.md +[2]: https://github.com/projectcontour +[3]: {{< relref "resources/how-we-work.md" >}} +[4]: {{< param github_url >}}/blob/main/CONTRIBUTING.md +[5]: {{< param github_url >}}/blob/main/SITE_CONTRIBUTION.md +[6]: {{< relref "resources/contributing-docs.md" >}} +[7]: {{< param github_url >}}/issues/?q=is%3Aopen+is%3Aissue+label%3Aarea%2Fdocumentation+label%3A%22good+first+issue%22 +[8]: {{< relref "community.md" >}} +[9]: https://github.com/projectcontour/community/wiki/Office-Hours +[10]: https://lists.cncf.io/g/cncf-contour-users/ +[11]: {{< param slack_url >}} +[12]: https://www.youtube.com/channel/UCCde7QSfcyYJ8AuXofD5bTA +[13]: https://twitter.com/projectcontour +[14]: https://github.com/projectcontour +[15]: {{< relref "resources/philosophy.md" >}} +[16]: {{< param github_url >}}/issues/ +[17]: {{< param github_url >}}/ \ No newline at end of file diff --git a/site/content/docs/1.28/troubleshooting.md b/site/content/docs/1.28/troubleshooting.md new file mode 100644 index 00000000000..28461bd8641 --- /dev/null +++ b/site/content/docs/1.28/troubleshooting.md @@ -0,0 +1,41 @@ +## Troubleshooting + +If you encounter issues, follow the guides below for help. For topics not covered here, you can [file an issue][0], or talk to us on the [#contour channel][1] on Kubernetes Slack. + +### [Troubleshooting Common Proxy Errors][2] +A guide on how to investigate common errors with Contour and Envoy. + +### [Envoy Administration Access][3] +Review the linked steps to learn how to access the administration interface for your Envoy instance. + +### [Contour Debug Logging][4] +Learn how to enable debug logging to diagnose issues between Contour and the Kubernetes API. + +### [Envoy Debug Logging][5] +Learn how to enable debug logging to diagnose TLS connection issues. + +### [Visualize the Contour Graph][6] +Learn how to visualize Contour's internal object graph in [DOT][9] format, or as a png file. + +### [Show Contour xDS Resources][7] +Review the linked steps to view the [xDS][10] resource data exchanged by Contour and Envoy. + +### [Profiling Contour][8] +Learn how to profile Contour by using [net/http/pprof][11] handlers. + +### [Envoy container stuck in unready/draining state][12] +Read the linked document if you have Envoy containers stuck in an unready/draining state. + +[0]: {{< param github_url >}}/issues +[1]: {{< param slack_url >}} +[2]: /docs/{{< param version >}}/troubleshooting/common-proxy-errors/ +[3]: /docs/{{< param version >}}/troubleshooting/envoy-admin-interface/ +[4]: /docs/{{< param version >}}/troubleshooting/contour-debug-log/ +[5]: /docs/{{< param version >}}/troubleshooting/envoy-debug-log/ +[6]: /docs/{{< param version >}}/troubleshooting/contour-graph/ +[7]: /docs/{{< param version >}}/troubleshooting/contour-xds-resources/ +[8]: /docs/{{< param version >}}/troubleshooting/profiling-contour/ +[9]: https://en.wikipedia.org/wiki/Dot +[10]: https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol +[11]: https://golang.org/pkg/net/http/pprof/ +[12]: /docs/{{< param version >}}/troubleshooting/envoy-container-draining/ diff --git a/site/content/docs/1.28/troubleshooting/common-proxy-errors.md b/site/content/docs/1.28/troubleshooting/common-proxy-errors.md new file mode 100644 index 00000000000..e05f153242d --- /dev/null +++ b/site/content/docs/1.28/troubleshooting/common-proxy-errors.md @@ -0,0 +1,96 @@ +# Troubleshooting Common Proxy Errors + +## Unexpected HTTP errors + +Here are some steps to take in investigating common HTTP errors that users may encounter. +We'll include example error cases to debug with these steps. + +1. Inspect the HTTP response in detail (possibly via `curl -v`). + + Here we're looking to validate if the error response is coming from the backend app, Envoy, or possibly another proxy in front of Envoy. + If the response has the `server: envoy` header set, the request at least made it to the Envoy proxy so we can likely rule out anything before it. + The error may originate from Envoy itself or the backend app. + Look for headers or a response body that may originate from the backend app to verify if the error is in fact just the intended app behavior. + In the example below, we can see the response looks like it originates from Envoy, based on the `server: envoy` header and response body string. + + ``` + curl -vvv example.projectcontour.io + ... + > GET / HTTP/1.1 + > Host: example.projectcontour.io + ... + > + < HTTP/1.1 503 Service Unavailable + < content-length: 91 + < content-type: text/plain + < vary: Accept-Encoding + < date: Tue, 06 Feb 2024 03:44:30 GMT + < server: envoy + < + * Connection #0 to host example.projectcontour.io left intact + upstream connect error or disconnect/reset before headers. reset reason: connection failure + ``` + +1. Look at the Envoy pod logs for the access logs corresponding to the erroring request/response. + + The exact fields/field ordering present in the access log may vary if you have [configured a custom access log string or JSON access logs][0]. + For example for a Contour installation using the [default Envoy access log format][1] we would want to inspect: + * `%REQ(:METHOD)%`, `%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%`, `%REQ(:AUTHORITY)%`, `%PROTOCOL%`: Ensure these are sensible values based on your configured route and HTTP request + * `%RESPONSE_FLAGS%`: See the [documentation on Envoy response flags][2] and below how to interpret a few of them in a Contour context: + * `UF`: Likely that Envoy could not connect to the upstream + * `UH`: Upstream Service has no health/ready pods + * `NR`: No configured route matching the request + * `%DURATION%`: Can correlate this with any configured timeouts + * `%RESP(X-ENVOY-UPSTREAM-SERVICE-TIME)%`: Can correlate this with any configured timeouts. If `-` then this is a hint the request was never forwarded to the upstream. + * `%UPSTREAM_HOST%`: This is the IP of the upstream pod that was selected to proxy the request to and can be used to verify the exact upstream instance that might be erroring. + + For example in this access log: + + ``` + [2024-02-06T15:18:17.437Z] "GET / HTTP/1.1" 503 UF 0 91 1998 - "103.67.2.26" "curl/8.4.0" "d70640ec-2feb-46f8-9f63-24c44142c42e" "example.projectcontour.io" "10.244.8.27:8080" + ``` + + We can see the `UF` response flag as the cause of the `503` response code. + We also see the `-` for upstream request time. + It is likely in this case that Envoy was not able to establish a connection to the upstream. + That is further supported by the request duration of `1998` which is approximately the default upstream connection timeout of `2s`. + +1. Inspect Envoy metrics + + This method of debugging can be useful especially for deployments that service a large volume of traffic. + In this case, access logs are possibly not suitable to use, as the volume of logs may be too large to pinpoint an exact erroring request. + + Metrics from individual Envoy instances can be viewed manually or scraped using Envoy's prometheus endpoints and graphed using common visualization tools. + See the `/stats/prometheus` endpoint of the [Envoy admin interface][3]. + + Metrics that may be useful to inspect: + * [Listener metrics][4] + * `downstream_cx_total` + * `ssl.connection_error` + * [HTTP metrics][5] + * `downstream_cx_total` + * `downstream_cx_protocol_error` + * `downstream_rq_total` + * `downstream_rq_rx_reset` + * `downstream_rq_tx_reset` + * `downstream_rq_timeout` + * `downstream_rq_5xx` (and other status code groups) + * [Upstream metrics][6] + * `upstream_cx_total` + * `upstream_cx_connect_fail` + * `upstream_cx_connect_timeout` + * `upstream_rq_total` + * `upstream_rq_timeout` + +1. Send a direct request to the backend app to narrow down where the error may be originating. + + This can be done via a port-forward to send a request to the app directly, skipping over the Envoy proxy. + If this sort of request succeeds, we know the issue likely originates from Contour configuration or the Envoy proxy rather than the app itself. + +[0]: /docs/{{< param latest_version >}}/config/access-logging/ +[1]: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#default-format-string +[2]: https://www.envoyproxy.io/docs/envoy/latest/configuration/observability/access_log/usage#config-access-log-format-response-flags +[3]: /docs/{{< param latest_version >}}/guides/prometheus/#envoy-metrics +[4]: https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/stats +[5]: https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_conn_man/stats +[6]: https://www.envoyproxy.io/docs/envoy/latest/configuration/upstream/cluster_manager/cluster_stats diff --git a/site/content/docs/1.28/troubleshooting/contour-debug-log.md b/site/content/docs/1.28/troubleshooting/contour-debug-log.md new file mode 100644 index 00000000000..821634242c6 --- /dev/null +++ b/site/content/docs/1.28/troubleshooting/contour-debug-log.md @@ -0,0 +1,6 @@ +# Enabling Contour Debug Logging + +The `contour serve` subcommand has two command-line flags that can be helpful for debugging. +The `--debug` flag enables general Contour debug logging, which logs more information about how Contour is processing API resources. +The `--kubernetes-debug` flag enables verbose logging in the Kubernetes client API, which can help debug interactions between Contour and the Kubernetes API server. +This flag requires an integer log level argument, where higher number indicates more detailed logging. diff --git a/site/content/docs/1.28/troubleshooting/contour-graph.md b/site/content/docs/1.28/troubleshooting/contour-graph.md new file mode 100644 index 00000000000..5abcfeb22af --- /dev/null +++ b/site/content/docs/1.28/troubleshooting/contour-graph.md @@ -0,0 +1,25 @@ +# Visualizing Contour's Internal Object Graph + +Contour models its configuration using a directed acyclic graph (DAG) of internal objects. +This can be visualized through a debug endpoint that outputs the DAG in [DOT][2] format. +To visualize the graph, you must have [`graphviz`][3] installed on your system. + +To download the graph and save it as a PNG: + +```bash +# Port forward into the contour pod +$ CONTOUR_POD=$(kubectl -n projectcontour get pod -l app=contour -o name | head -1) +# Do the port forward to that pod +$ kubectl -n projectcontour port-forward $CONTOUR_POD 6060 +# Download and store the DAG in png format +$ curl localhost:6060/debug/dag | dot -T png > contour-dag.png +``` + +The following is an example of a DAG that maps `http://kuard.local:80/` to the +`kuard` service in the `default` namespace: + +![Sample DAG][4] + +[2]: https://en.wikipedia.org/wiki/DOT +[3]: https://graphviz.gitlab.io/ +[4]: /img/kuard-dag.png diff --git a/site/content/docs/1.28/troubleshooting/contour-xds-resources.md b/site/content/docs/1.28/troubleshooting/contour-xds-resources.md new file mode 100644 index 00000000000..69f413a8cb3 --- /dev/null +++ b/site/content/docs/1.28/troubleshooting/contour-xds-resources.md @@ -0,0 +1,19 @@ +# Interrogate Contour's xDS Resources + +Sometimes it's helpful to be able to interrogate Contour to find out exactly what [xDS][1] resource data it is sending to Envoy. +Contour ships with a `contour cli` subcommand which can be used for this purpose. + +Because Contour secures its communications with Envoy using Secrets in the cluster, the easiest way is to run `contour cli` commands _inside_ the pod. +Do this is via `kubectl exec`: + +```bash +# Get one of the pods that matches the examples/daemonset +$ CONTOUR_POD=$(kubectl -n projectcontour get pod -l app=contour -o jsonpath='{.items[0].metadata.name}') +# Do the port forward to that pod +$ kubectl -n projectcontour exec $CONTOUR_POD -c contour -- contour cli lds --cafile=/certs/ca.crt --cert-file=/certs/tls.crt --key-file=/certs/tls.key +``` + +Which will stream changes to the LDS api endpoint to your terminal. +Replace `contour cli lds` with `contour cli rds` for route resources, `contour cli cds` for cluster resources, and `contour cli eds` for endpoints. + +[1]: https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol diff --git a/site/content/docs/1.28/troubleshooting/envoy-admin-interface.md b/site/content/docs/1.28/troubleshooting/envoy-admin-interface.md new file mode 100644 index 00000000000..c44b6fe3e9d --- /dev/null +++ b/site/content/docs/1.28/troubleshooting/envoy-admin-interface.md @@ -0,0 +1,32 @@ +# Accessing the Envoy Administration Interface + +Getting access to the Envoy [administration interface][1] can be useful for diagnosing issues with routing or cluster health. +However, Contour doesn't expose the entire Envoy Administration interface since that interface contains many options, such as shutting down Envoy or draining traffic. +To prohibit this behavior, Contour only exposes the read-only options from the admin interface which still allows for debugging Envoy, but without the options mentioned previously. + +Those endpoints are: + - /certs + - /clusters + - /listeners + - /config_dump + - /memory + - /ready + - /runtime + - /server_info + - /stats + - /stats/prometheus + - /stats/recentlookups + +The Envoy administration interface is bound by default to `http://127.0.0.1:9001`. +To access it from your workstation use `kubectl port-forward` like so: + +```sh +# Get one of the pods that matches the Envoy daemonset +ENVOY_POD=$(kubectl -n projectcontour get pod -l app=envoy -o name | head -1) +# Do the port forward to that pod +kubectl -n projectcontour port-forward $ENVOY_POD 9001 +``` + +Then navigate to `http://127.0.0.1:9001/` to access the administration interface for the Envoy container running on that pod. + +[1]: https://www.envoyproxy.io/docs/envoy/latest/operations/admin diff --git a/site/content/docs/1.28/troubleshooting/envoy-container-draining.md b/site/content/docs/1.28/troubleshooting/envoy-container-draining.md new file mode 100644 index 00000000000..82bb47cb883 --- /dev/null +++ b/site/content/docs/1.28/troubleshooting/envoy-container-draining.md @@ -0,0 +1,29 @@ +# Envoy container stuck in unready/draining state + +It's possible for the Envoy containers to become stuck in an unready/draining state. +This is an unintended side effect of the shutdown-manager sidecar container being restarted by the kubelet. +For more details on exactly how this happens, see [this issue][1]. + +If you observe Envoy containers in this state, you should `kubectl delete` them to allow new Pods to be created to replace them. + +To make this issue less likely to occur, you should: +- ensure you have [resource requests][2] on all your containers +- ensure you do **not** have a liveness probe on the shutdown-manager sidecar container in the envoy daemonset (this was removed from the example YAML in Contour 1.24.0). + +If the above are not sufficient for preventing the issue, you may also add a liveness probe to the envoy container itself, like the following: + +```yaml +livenessProbe: + httpGet: + path: /ready + port: 8002 + initialDelaySeconds: 15 + periodSeconds: 5 + failureThreshold: 6 +``` + +This will cause the kubelet to restart the envoy container if it does get stuck in this state, resulting in a return to normal operations load balancing traffic. +Note that in this case, it's possible that a graceful drain of connections may or may not occur, depending on the exact sequence of operations that preceded the envoy container failing the liveness probe. + +[1]: https://github.com/projectcontour/contour/issues/4851 +[2]: /docs/{{< param latest_version >}}/deploy-options/#setting-resource-requests-and-limits \ No newline at end of file diff --git a/site/content/docs/1.28/troubleshooting/envoy-debug-log.md b/site/content/docs/1.28/troubleshooting/envoy-debug-log.md new file mode 100644 index 00000000000..bfef4fa5531 --- /dev/null +++ b/site/content/docs/1.28/troubleshooting/envoy-debug-log.md @@ -0,0 +1,8 @@ +# Enabling Envoy Debug Logging + +The `envoy` command has a `--log-level` [flag][1] that can be useful for debugging. +By default, it's set to `info`. +To change it to `debug`, edit the `envoy` DaemonSet in the `projectcontour` namespace and replace the `--log-level info` flag with `--log-level debug`. +Setting the Envoy log level to `debug` can be particilarly useful for debugging TLS connection failures. + +[1]: https://www.envoyproxy.io/docs/envoy/latest/operations/cli diff --git a/site/content/docs/1.28/troubleshooting/profiling-contour.md b/site/content/docs/1.28/troubleshooting/profiling-contour.md new file mode 100644 index 00000000000..95bb0164210 --- /dev/null +++ b/site/content/docs/1.28/troubleshooting/profiling-contour.md @@ -0,0 +1,14 @@ +# Accessing Contour's /debug/pprof Service + +Contour exposes the [net/http/pprof][1] handlers for `go tool pprof` and `go tool trace` by default on `127.0.0.1:6060`. +This service is useful for profiling Contour. +To access it from your workstation use `kubectl port-forward` like so, + +```bash +# Get one of the pods that matches the Contour deployment +$ CONTOUR_POD=$(kubectl -n projectcontour get pod -l app=contour -o name | head -1) +# Do the port forward to that pod +$ kubectl -n projectcontour port-forward $CONTOUR_POD 6060 +``` + +[1]: https://golang.org/pkg/net/http/pprof diff --git a/site/content/resources/compatibility-matrix.md b/site/content/resources/compatibility-matrix.md index b6d8f31d584..d97996621d8 100644 --- a/site/content/resources/compatibility-matrix.md +++ b/site/content/resources/compatibility-matrix.md @@ -11,6 +11,7 @@ These combinations of versions are specifically tested in CI and supported by th | Contour Version | Envoy Version | Kubernetes Versions | Gateway API Version | | --------------- | :------------------- | ------------------- | --------------------| | main | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | +| 1.28.0 | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.27.0 | [1.28.0][45] | 1.28, 1.27, 1.26 | [0.8.1][109] | | 1.26.1 | [1.27.2][42] | 1.28, 1.27, 1.26 | [0.8.1][109] | | 1.26.0 | [1.27.0][41] | 1.28, 1.27, 1.26 | [0.8.0][108] | diff --git a/site/data/docs/1-28-toc.yml b/site/data/docs/1-28-toc.yml new file mode 100644 index 00000000000..151db52d41a --- /dev/null +++ b/site/data/docs/1-28-toc.yml @@ -0,0 +1,151 @@ +toc: + - title: Introduction + subfolderitems: + - page: Contour Architecture + url: /architecture + - page: Contour Philosophy + link: /resources/philosophy + - title: Configuration + subfolderitems: + - page: HTTPProxy Fundamentals + url: /config/fundamentals + - page: Gateway API Support + url: /config/gateway-api + - page: Ingress v1 Support + url: /config/ingress + - page: Virtual Hosts + url: /config/virtual-hosts + - page: Inclusion and Delegation + url: /config/inclusion-delegation + - page: TLS Termination + url: /config/tls-termination + - page: Upstream TLS + url: /config/upstream-tls + - page: Request Routing + url: /config/request-routing + - page: External Service Routing + url: /config/external-service-routing + - page: Request Rewriting + url: /config/request-rewriting + - page: CORS + url: /config/cors + - page: Websockets + url: /config/websockets + - page: Upstream Health Checks + url: /config/health-checks + - page: Client Authorization + url: /config/client-authorization + - page: TLS Delegation + url: /config/tls-delegation + - page: Rate Limiting + url: /config/rate-limiting + - page: Access logging + url: /config/access-logging + - page: Cookie Rewriting + url: /config/cookie-rewriting + - page: Overload Manager + url: /config/overload-manager + - page: JWT Verification + url: /config/jwt-verification + - page: IP Filtering + url: /config/ip-filtering + - page: Annotations Reference + url: /config/annotations + - page: Slow Start Mode + url: /config/slow-start + - page: Tracing Support + url: /config/tracing + - page: API Reference + url: /config/api + - title: Deployment + subfolderitems: + - page: Deployment Options + url: /deploy-options + - page: Contour Configuration + url: /configuration + - page: Upgrading Contour + link: /resources/upgrading + - page: Enabling TLS between Envoy and Contour + url: /grpc-tls-howto + - page: Redeploy Envoy + url: /redeploy-envoy + - title: Guides + subfolderitems: + - page: Deploying Contour on AWS with NLB + url: /guides/deploy-aws-nlb/ + - page: AWS Network Load Balancer TLS Termination with Contour + url: /guides/deploy-aws-tls-nlb/ + - page: Deploying HTTPS services with Contour and cert-manager + url: /guides/cert-manager/ + - page: External Authorization Support + url: /guides/external-authorization/ + - page: FIPS 140-2 in Contour + url: /guides/fips + - page: Using Gatekeeper with Contour + url: /guides/gatekeeper + - page: Using Gateway API with Contour + url: /guides/gateway-api + - page: Global Rate Limiting + url: /guides/global-rate-limiting + - page: Configuring ingress to gRPC services with Contour + url: /guides/grpc + - page: Health Checking + url: /guides/health-checking + - page: Creating a Contour-compatible kind cluster + url: /guides/kind + - page: Collecting Metrics with Prometheus + url: /guides/prometheus/ + - page: How to Configure PROXY Protocol v1/v2 Support + url: /guides/proxy-proto/ + - page: Contour/Envoy Resource Limits + url: /guides/resource-limits/ + - title: Troubleshooting + subfolderitems: + - page: Troubleshooting Common Proxy Errors + url: /troubleshooting/common-proxy-errors + - page: Envoy Administration Access + url: /troubleshooting/envoy-admin-interface + - page: Contour Debug Logging + url: /troubleshooting/contour-debug-log + - page: Envoy Debug Logging + url: /troubleshooting/envoy-debug-log + - page: Visualize the Contour Graph + url: /troubleshooting/contour-graph + - page: Show Contour xDS Resources + url: /troubleshooting/contour-xds-resources + - page: Profiling Contour + url: /troubleshooting/profiling-contour + - page: Envoy Container Stuck in Unready State + url: /troubleshooting/envoy-container-draining + - title: Resources + subfolderitems: + - page: Support Policy + link: /resources/support + - page: Compatibility Matrix + link: /resources/compatibility-matrix + - page: Contour Deprecation Policy + link: /resources/deprecation-policy + - page: Release Process + link: /resources/release-process + - page: Frequently Asked Questions + link: /resources/faq + - page: Tagging + link: /resources/tagging + - page: Adopters + link: /resources/adopters + - page: Ecosystem + link: /resources/ecosystem + - title: Security + subfolderitems: + - page: Threat Model and Security Posture + link: /resources/security-threat-model + - page: Security Report Process + link: /resources/security-process + - page: Security Fix Checklist + link: /resources/security-checklist + - title: Contribute + subfolderitems: + - page: Start Contributing + url: /start-contributing + - page: How We Work + link: /resources/how-we-work diff --git a/site/data/docs/toc-mapping.yml b/site/data/docs/toc-mapping.yml index f3b7be407f0..4efb5bf2424 100644 --- a/site/data/docs/toc-mapping.yml +++ b/site/data/docs/toc-mapping.yml @@ -50,3 +50,4 @@ v1.19.1: v1-19-1-toc "1.25": 1-25-toc "1.26": 1-26-toc "1.27": 1-27-toc +"1.28": 1-28-toc diff --git a/versions.yaml b/versions.yaml index 2ca19ee939f..ae6f3c78bfc 100644 --- a/versions.yaml +++ b/versions.yaml @@ -14,6 +14,16 @@ versions: - "1.27" gateway-api: - "1.0.0" + - version: v1.28.0 + supported: "true" + dependencies: + envoy: "1.29.1" + kubernetes: + - "1.29" + - "1.28" + - "1.27" + gateway-api: + - "1.0.0" - version: v1.27.0 supported: "true" dependencies: @@ -45,7 +55,7 @@ versions: gateway-api: - "0.8.0" - version: v1.25.3 - supported: "true" + supported: "false" dependencies: envoy: "1.26.6" kubernetes: From 60aeb27c2407b8516d719c68fb4030aa071d98ed Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Mon, 12 Feb 2024 11:19:16 -0700 Subject: [PATCH 21/83] hack: fix link in release notes template (#6183) Signed-off-by: Steve Kriss --- hack/release/release-notes-template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/release/release-notes-template.md b/hack/release/release-notes-template.md index c433b10a8b7..61ee8d38a8a 100644 --- a/hack/release/release-notes-template.md +++ b/hack/release/release-notes-template.md @@ -75,4 +75,4 @@ We’re immensely grateful for all the community contributions that help make Co {{ end}} # Are you a Contour user? We would love to know! -If you're using Contour and want to add your organization to our adopters list, please visit this [page](https://github.com/projectcontour/contour/blob/master/ADOPTERS.md). If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this [GitHub thread](https://github.com/projectcontour/contour/issues/1269). +If you're using Contour and want to add your organization to our adopters list, please visit this [page](https://projectcontour.io/resources/adopters/). If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this [GitHub thread](https://github.com/projectcontour/contour/issues/1269). From 3d78210c413afdf0cef76790513a9666389486b6 Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Mon, 12 Feb 2024 11:29:34 -0700 Subject: [PATCH 22/83] v1.27.1, v1.26.2 changelogs & docs updates (#6184) Signed-off-by: Steve Kriss --- changelogs/CHANGELOG-v1.26.2.md | 24 +++++++++++++++++++ changelogs/CHANGELOG-v1.27.1.md | 24 +++++++++++++++++++ .../content/resources/compatibility-matrix.md | 4 ++++ versions.yaml | 24 +++++++++++++++++-- 4 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 changelogs/CHANGELOG-v1.26.2.md create mode 100644 changelogs/CHANGELOG-v1.27.1.md diff --git a/changelogs/CHANGELOG-v1.26.2.md b/changelogs/CHANGELOG-v1.26.2.md new file mode 100644 index 00000000000..4f55e9bc7ca --- /dev/null +++ b/changelogs/CHANGELOG-v1.26.2.md @@ -0,0 +1,24 @@ +We are delighted to present version v1.26.2 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters. + +- [All Changes](#all-changes) +- [Installing/Upgrading](#installing-and-upgrading) +- [Compatible Kubernetes Versions](#compatible-kubernetes-versions) + +# All Changes + +- Updates Envoy to v1.27.3. See the release notes for v1.27.3 [here](https://www.envoyproxy.io/docs/envoy/v1.27.3/version_history/v1.27/v1.27.3). + +# Installing and Upgrading + +For a fresh install of Contour, consult the [getting started documentation](https://projectcontour.io/getting-started/). + +To upgrade an existing Contour installation, please consult the [upgrade documentation](https://projectcontour.io/resources/upgrading/). + + +# Compatible Kubernetes Versions + +Contour v1.26.2 is tested against Kubernetes 1.26 through 1.28. + + +# Are you a Contour user? We would love to know! +If you're using Contour and want to add your organization to our adopters list, please visit this [page](https://projectcontour.io/resources/adopters/). If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this [GitHub thread](https://github.com/projectcontour/contour/issues/1269). diff --git a/changelogs/CHANGELOG-v1.27.1.md b/changelogs/CHANGELOG-v1.27.1.md new file mode 100644 index 00000000000..7926444faae --- /dev/null +++ b/changelogs/CHANGELOG-v1.27.1.md @@ -0,0 +1,24 @@ +We are delighted to present version v1.27.1 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters. + +- [All Changes](#all-changes) +- [Installing/Upgrading](#installing-and-upgrading) +- [Compatible Kubernetes Versions](#compatible-kubernetes-versions) + +# All Changes + +- Updates Envoy to v1.28.1. See the release notes for v1.28.1 [here](https://www.envoyproxy.io/docs/envoy/v1.28.1/version_history/v1.28/v1.28.1). + +# Installing and Upgrading + +For a fresh install of Contour, consult the [getting started documentation](https://projectcontour.io/getting-started/). + +To upgrade an existing Contour installation, please consult the [upgrade documentation](https://projectcontour.io/resources/upgrading/). + + +# Compatible Kubernetes Versions + +Contour v1.27.1 is tested against Kubernetes 1.26 through 1.28. + + +# Are you a Contour user? We would love to know! +If you're using Contour and want to add your organization to our adopters list, please visit this [page](https://projectcontour.io/resources/adopters/). If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this [GitHub thread](https://github.com/projectcontour/contour/issues/1269). diff --git a/site/content/resources/compatibility-matrix.md b/site/content/resources/compatibility-matrix.md index d97996621d8..b3a8c43f71c 100644 --- a/site/content/resources/compatibility-matrix.md +++ b/site/content/resources/compatibility-matrix.md @@ -12,7 +12,9 @@ These combinations of versions are specifically tested in CI and supported by th | --------------- | :------------------- | ------------------- | --------------------| | main | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.28.0 | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | +| 1.27.1 | [1.28.1][47] | 1.28, 1.27, 1.26 | [0.8.1][109] | | 1.27.0 | [1.28.0][45] | 1.28, 1.27, 1.26 | [0.8.1][109] | +| 1.26.2 | [1.27.3][48] | 1.28, 1.27, 1.26 | [0.8.1][109] | | 1.26.1 | [1.27.2][42] | 1.28, 1.27, 1.26 | [0.8.1][109] | | 1.26.0 | [1.27.0][41] | 1.28, 1.27, 1.26 | [0.8.0][108] | | 1.25.3 | [1.26.6][43] | 1.27, 1.26, 1.25 | [0.6.2][107] | @@ -176,6 +178,8 @@ __Note:__ This list of extensions was last verified to be complete with Envoy v1 [44]: https://www.envoyproxy.io/docs/envoy/v1.25.11/version_history/v1.25/v1.25.11 [45]: https://www.envoyproxy.io/docs/envoy/v1.28.0/version_history/v1.28/v1.28.0 [46]: https://www.envoyproxy.io/docs/envoy/v1.29.1/version_history/v1.29/v1.29.1 +[47]: https://www.envoyproxy.io/docs/envoy/v1.28.1/version_history/v1.28/v1.28.1 +[48]: https://www.envoyproxy.io/docs/envoy/v1.27.3/version_history/v1.27/v1.27.3 [98]: https://github.com/kubernetes/client-go [99]: https://github.com/kubernetes/client-go#compatibility-matrix diff --git a/versions.yaml b/versions.yaml index ae6f3c78bfc..396e5497028 100644 --- a/versions.yaml +++ b/versions.yaml @@ -24,8 +24,18 @@ versions: - "1.27" gateway-api: - "1.0.0" - - version: v1.27.0 + - version: v1.27.1 supported: "true" + dependencies: + envoy: "1.28.1" + kubernetes: + - "1.28" + - "1.27" + - "1.26" + gateway-api: + - "0.8.1" + - version: v1.27.0 + supported: "false" dependencies: envoy: "1.28.0" kubernetes: @@ -34,8 +44,18 @@ versions: - "1.26" gateway-api: - "0.8.1" - - version: v1.26.1 + - version: v1.26.2 supported: "true" + dependencies: + envoy: "1.27.3" + kubernetes: + - "1.28" + - "1.27" + - "1.26" + gateway-api: + - "0.8.1" + - version: v1.26.1 + supported: "false" dependencies: envoy: "1.27.2" kubernetes: From fa1d380122096c5339601cb35f77d6eb6ae490a4 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Mon, 12 Feb 2024 17:06:20 -0500 Subject: [PATCH 23/83] Enable more linters for standardizing imports (#6094) Enable gci linter, for deterministic import order Enable importas linter for consistent import aliases - group imports by standard, external, contour - enforce alias for all occurrences that have a rule Signed-off-by: Sunjay Bhatia --- .golangci.yml | 37 + CONTRIBUTING.md | 8 +- Makefile | 4 +- apis/projectcontour/v1/detailedconditions.go | 12 +- apis/projectcontour/v1/httpproxy.go | 16 +- apis/projectcontour/v1/register.go | 4 +- .../v1/tlscertificatedelegation.go | 12 +- .../projectcontour/v1alpha1/accesslog_test.go | 31 +- apis/projectcontour/v1alpha1/contourconfig.go | 20 +- .../v1alpha1/contourconfig_helpers_test.go | 113 +- .../v1alpha1/contourdeployment.go | 43 +- .../v1alpha1/extensionservice.go | 23 +- .../v1alpha1/extensionservice_helpers.go | 4 +- apis/projectcontour/v1alpha1/register.go | 4 +- cmd/contour/bootstrap.go | 1 + cmd/contour/certgen.go | 11 +- cmd/contour/certgen_test.go | 20 +- cmd/contour/cli.go | 36 +- cmd/contour/contour.go | 6 +- cmd/contour/gatewayprovisioner.go | 10 +- cmd/contour/ingressstatus.go | 33 +- cmd/contour/ingressstatus_test.go | 56 +- cmd/contour/serve.go | 88 +- cmd/contour/serve_test.go | 39 +- cmd/contour/servecontext.go | 167 +- cmd/contour/servecontext_test.go | 233 +- hack/generate-metrics-doc.go | 3 +- hack/gofumpt | 3 - internal/annotation/annotations.go | 19 +- internal/annotation/annotations_test.go | 69 +- internal/certgen/certgen.go | 63 +- internal/certgen/output.go | 4 +- internal/contour/metrics.go | 13 +- internal/contour/metrics_test.go | 173 +- .../contourconfig/contourconfiguration.go | 75 +- .../contourconfiguration_test.go | 131 +- internal/controller/backendtlspolicy.go | 5 +- internal/controller/controller_test.go | 7 +- internal/controller/gateway.go | 19 +- internal/controller/gatewayclass.go | 11 +- internal/controller/grpcroute.go | 5 +- internal/controller/httproute.go | 5 +- internal/controller/tcproute.go | 5 +- internal/controller/tlsroute.go | 5 +- internal/dag/accessors.go | 15 +- internal/dag/accessors_test.go | 68 +- internal/dag/builder.go | 7 +- internal/dag/builder_test.go | 3073 +++++++------- internal/dag/cache.go | 100 +- internal/dag/cache_test.go | 810 ++-- internal/dag/conditions.go | 38 +- internal/dag/conditions_test.go | 275 +- internal/dag/dag.go | 29 +- internal/dag/dag_test.go | 10 +- internal/dag/extension_processor.go | 37 +- internal/dag/gatewayapi_processor.go | 184 +- internal/dag/gatewayapi_processor_test.go | 63 +- internal/dag/httpproxy_processor.go | 290 +- internal/dag/httpproxy_processor_test.go | 503 +-- internal/dag/ingress_processor.go | 10 +- internal/dag/policy.go | 54 +- internal/dag/policy_test.go | 345 +- internal/dag/secret.go | 24 +- internal/dag/secret_test.go | 107 +- internal/dag/status.go | 17 +- internal/dag/status_test.go | 3658 ++++++++--------- internal/debug/debug_test.go | 3 +- internal/debug/dot_test.go | 9 +- internal/envoy/bootstrap.go | 3 +- internal/envoy/route.go | 3 +- internal/envoy/v3/accesslog.go | 77 +- internal/envoy/v3/accesslog_test.go | 127 +- internal/envoy/v3/auth.go | 59 +- internal/envoy/v3/auth_test.go | 91 +- internal/envoy/v3/bootstrap.go | 173 +- internal/envoy/v3/bootstrap_test.go | 9 +- internal/envoy/v3/cluster.go | 169 +- internal/envoy/v3/cluster_test.go | 479 +-- internal/envoy/v3/endpoint.go | 45 +- internal/envoy/v3/endpoint_test.go | 31 +- internal/envoy/v3/healthcheck.go | 39 +- internal/envoy/v3/healthcheck_test.go | 45 +- internal/envoy/v3/listener.go | 361 +- internal/envoy/v3/listener_test.go | 1088 ++--- internal/envoy/v3/ratelimit.go | 79 +- internal/envoy/v3/ratelimit_test.go | 171 +- internal/envoy/v3/regex.go | 8 +- internal/envoy/v3/regex_test.go | 11 +- internal/envoy/v3/route.go | 328 +- internal/envoy/v3/route_test.go | 888 ++-- internal/envoy/v3/secret.go | 23 +- internal/envoy/v3/secret_test.go | 51 +- internal/envoy/v3/socket.go | 17 +- internal/envoy/v3/socket_options.go | 43 +- internal/envoy/v3/socket_options_test.go | 21 +- internal/envoy/v3/socket_test.go | 37 +- internal/envoy/v3/stats.go | 117 +- internal/envoy/v3/stats_test.go | 291 +- internal/envoy/v3/tls.go | 10 +- internal/envoy/v3/tracing.go | 15 +- internal/envoy/v3/tracing_test.go | 37 +- internal/featuretests/kubernetes.go | 51 +- .../featuretests/v3/authorization_test.go | 269 +- .../v3/backendcavalidation_test.go | 77 +- .../featuretests/v3/backendclientauth_test.go | 67 +- internal/featuretests/v3/cluster_test.go | 429 +- internal/featuretests/v3/corspolicy_test.go | 241 +- .../v3/directresponsepolicy_test.go | 63 +- .../v3/downstreamvalidation_test.go | 145 +- internal/featuretests/v3/endpoints_test.go | 91 +- internal/featuretests/v3/envoy.go | 306 +- .../featuretests/v3/extensionservice_test.go | 209 +- internal/featuretests/v3/externalname_test.go | 134 +- internal/featuretests/v3/fallbackcert_test.go | 141 +- internal/featuretests/v3/featuretests.go | 50 +- .../v3/global_authorization_test.go | 219 +- .../featuretests/v3/globalratelimit_test.go | 389 +- .../featuretests/v3/headercondition_test.go | 183 +- internal/featuretests/v3/headerpolicy_test.go | 155 +- internal/featuretests/v3/httpproxy.go | 82 +- internal/featuretests/v3/httproute_test.go | 45 +- internal/featuretests/v3/ingressclass_test.go | 255 +- .../v3/internalredirectpolicy_test.go | 88 +- internal/featuretests/v3/ipfilter_test.go | 97 +- .../featuretests/v3/jwtverification_test.go | 903 ++-- internal/featuretests/v3/listeners_test.go | 429 +- .../v3/loadbalancerpolicy_test.go | 163 +- .../featuretests/v3/localratelimit_test.go | 249 +- internal/featuretests/v3/mirrorpolicy_test.go | 55 +- .../v3/queryparametercondition_test.go | 159 +- .../v3/redirectroutepolicy_test.go | 65 +- .../featuretests/v3/replaceprefix_test.go | 207 +- internal/featuretests/v3/retrypolicy_test.go | 83 +- .../featuretests/v3/rootnamespaces_test.go | 55 +- internal/featuretests/v3/route_test.go | 471 +-- .../v3/routesourcemetadata_test.go | 57 +- internal/featuretests/v3/routeweight_test.go | 189 +- internal/featuretests/v3/secrets_test.go | 47 +- internal/featuretests/v3/tcpproxy_test.go | 339 +- internal/featuretests/v3/tcproute_test.go | 46 +- .../featuretests/v3/timeoutpolicy_test.go | 91 +- internal/featuretests/v3/timeouts_test.go | 47 +- .../v3/tlscertificatedelegation_test.go | 91 +- .../v3/tlsprotocolversion_test.go | 49 +- internal/featuretests/v3/tlsroute_test.go | 74 +- internal/featuretests/v3/tracing_test.go | 45 +- .../featuretests/v3/upstreamprotocol_test.go | 41 +- internal/featuretests/v3/upstreamtls_test.go | 107 +- internal/featuretests/v3/websockets_test.go | 67 +- internal/featuretests/v3/wildcardhost_test.go | 124 +- internal/fixture/detailedcondition.go | 36 +- internal/fixture/httpproxy.go | 14 +- internal/fixture/meta.go | 16 +- internal/fixture/secret_fixtures.go | 22 +- internal/fixture/service.go | 16 +- internal/fixture/service_fixtures.go | 56 +- internal/gatewayapi/helpers.go | 3 +- internal/gatewayapi/listeners.go | 27 +- internal/gatewayapi/listeners_test.go | 45 +- internal/httpsvc/http_test.go | 5 +- internal/ingressclass/ingressclass.go | 3 +- internal/ingressclass/ingressclass_test.go | 45 +- internal/k8s/filter.go | 4 +- internal/k8s/filter_test.go | 3 +- internal/k8s/helpers.go | 55 +- internal/k8s/helpers_test.go | 29 +- internal/k8s/kind.go | 39 +- internal/k8s/kind_test.go | 39 +- internal/k8s/objectmeta.go | 11 +- internal/k8s/scheme.go | 9 +- internal/k8s/status_test.go | 9 +- internal/k8s/statusaddress.go | 41 +- internal/k8s/statusaddress_test.go | 157 +- internal/k8s/statuscache.go | 15 +- internal/leadership/notifier_test.go | 5 +- internal/metrics/metrics.go | 3 +- internal/metrics/metrics_test.go | 3 +- internal/provisioner/controller/gateway.go | 50 +- .../provisioner/controller/gateway_test.go | 770 ++-- .../provisioner/controller/gatewayclass.go | 58 +- .../controller/gatewayclass_test.go | 371 +- internal/provisioner/equality/equality.go | 30 +- .../provisioner/equality/equality_test.go | 164 +- internal/provisioner/labels/labels_test.go | 3 +- internal/provisioner/model/model.go | 92 +- internal/provisioner/model/model_test.go | 14 +- .../objects/contourconfig/contourconfig.go | 32 +- .../contourconfig/contourconfig_test.go | 145 +- .../objects/dataplane/dataplane.go | 188 +- .../objects/dataplane/dataplane_test.go | 98 +- .../objects/deployment/deployment.go | 100 +- .../objects/deployment/deployment_test.go | 66 +- internal/provisioner/objects/object.go | 12 +- internal/provisioner/objects/object_test.go | 98 +- .../objects/rbac/clusterrole/cluster_role.go | 21 +- .../rbac/clusterrole/cluster_role_test.go | 36 +- .../cluster_role_binding.go | 32 +- .../cluster_role_binding_test.go | 14 +- internal/provisioner/objects/rbac/rbac.go | 42 +- .../provisioner/objects/rbac/role/role.go | 45 +- .../objects/rbac/role/role_test.go | 36 +- .../objects/rbac/rolebinding/role_binding.go | 37 +- .../rbac/rolebinding/role_binding_test.go | 16 +- .../rbac/serviceaccount/service_account.go | 26 +- .../provisioner/objects/rbac/util/util.go | 45 +- .../objects/rbac/util/util_test.go | 12 +- internal/provisioner/objects/secret/secret.go | 17 +- .../provisioner/objects/service/service.go | 70 +- .../objects/service/service_test.go | 54 +- internal/provisioner/scheme.go | 13 +- internal/sorter/sorter.go | 49 +- internal/sorter/sorter_test.go | 45 +- internal/status/backendtlspolicyconditions.go | 15 +- .../status/backendtlspolicyconditions_test.go | 36 +- internal/status/cache.go | 35 +- internal/status/cache_test.go | 13 +- internal/status/extensionstatus.go | 31 +- internal/status/gatewayclassconditions.go | 24 +- .../status/gatewayclassconditions_test.go | 148 +- internal/status/gatewaystatus.go | 37 +- internal/status/gatewaystatus_test.go | 53 +- internal/status/proxystatus.go | 27 +- internal/status/proxystatus_test.go | 117 +- internal/status/routeconditions.go | 15 +- internal/status/routeconditions_test.go | 17 +- internal/xds/v3/contour.go | 3 +- internal/xds/v3/contour_test.go | 9 +- internal/xds/v3/hash.go | 4 +- internal/xdscache/v3/cluster.go | 15 +- internal/xdscache/v3/cluster_test.go | 381 +- internal/xdscache/v3/contour_test.go | 26 +- .../xdscache/v3/endpointslicetranslator.go | 61 +- .../v3/endpointslicetranslator_test.go | 357 +- internal/xdscache/v3/endpointstranslator.go | 61 +- .../xdscache/v3/endpointstranslator_test.go | 261 +- internal/xdscache/v3/listener.go | 87 +- internal/xdscache/v3/listener_test.go | 1361 +++--- internal/xdscache/v3/route.go | 17 +- internal/xdscache/v3/route_test.go | 1720 ++++---- internal/xdscache/v3/runtime.go | 5 +- internal/xdscache/v3/runtime_test.go | 75 +- internal/xdscache/v3/secret.go | 21 +- internal/xdscache/v3/secret_test.go | 193 +- internal/xdscache/v3/server_test.go | 56 +- internal/xdscache/v3/snapshot.go | 3 +- pkg/config/accesslog.go | 6 +- pkg/config/ciphersuites.go | 10 +- pkg/config/parameters.go | 29 +- pkg/config/parameters_test.go | 3 +- .../gatewayapi/gateway_conformance_test.go | 12 +- test/e2e/bench/bench_test.go | 87 +- test/e2e/certs.go | 26 +- test/e2e/deployment.go | 157 +- test/e2e/fixtures.go | 237 +- test/e2e/framework.go | 41 +- test/e2e/gateway/backend_tls_policy_test.go | 31 +- test/e2e/gateway/gateway_test.go | 30 +- test/e2e/gateway/host_rewrite_test.go | 11 +- .../multiple_gateways_and_classes_test.go | 37 +- .../gateway/multiple_https_listeners_test.go | 13 +- test/e2e/gateway/query_param_match_test.go | 9 +- .../gateway/request_header_modifier_test.go | 9 +- test/e2e/gateway/request_redirect_test.go | 11 +- .../gateway/response_header_modifier_test.go | 9 +- test/e2e/gateway/tcproute_test.go | 11 +- test/e2e/gateway/tls_gateway_test.go | 13 +- test/e2e/gateway/tls_wildcard_host_test.go | 11 +- test/e2e/gatewayapi_predicates.go | 22 +- .../backend_tls_protocol_version_test.go | 23 +- test/e2e/httpproxy/backend_tls_test.go | 27 +- test/e2e/httpproxy/cel_validation_test.go | 19 +- test/e2e/httpproxy/client_cert_auth_test.go | 127 +- test/e2e/httpproxy/client_cert_crl_test.go | 119 +- test/e2e/httpproxy/cookie_rewrite_test.go | 303 +- .../default_global_rate_limiting_test.go | 131 +- test/e2e/httpproxy/direct_response_test.go | 34 +- test/e2e/httpproxy/dynamic_headers_test.go | 27 +- .../exact_path_condition_match_test.go | 41 +- test/e2e/httpproxy/external_auth_test.go | 97 +- test/e2e/httpproxy/external_name_test.go | 97 +- test/e2e/httpproxy/fqdn_test.go | 93 +- .../httpproxy/global_external_auth_test.go | 107 +- .../httpproxy/global_rate_limiting_test.go | 163 +- test/e2e/httpproxy/grpc_test.go | 39 +- .../httpproxy/header_condition_match_test.go | 95 +- .../e2e/httpproxy/host_header_rewrite_test.go | 85 +- test/e2e/httpproxy/http_health_checks_test.go | 23 +- test/e2e/httpproxy/httpproxy_test.go | 81 +- .../https_fallback_certificate_test.go | 21 +- .../https_misdirected_request_test.go | 21 +- .../httpproxy/https_sni_enforcement_test.go | 35 +- .../httpproxy/include_exact_condition_test.go | 67 +- .../include_prefix_condition_test.go | 41 +- .../include_regex_path_condition_test.go | 65 +- test/e2e/httpproxy/internal_redirect_test.go | 97 +- test/e2e/httpproxy/ip_filtering_test.go | 78 +- .../e2e/httpproxy/local_rate_limiting_test.go | 43 +- test/e2e/httpproxy/merge_slash_test.go | 25 +- .../multiple_ingress_classes_test.go | 31 +- test/e2e/httpproxy/namespaces_test.go | 47 +- .../httpproxy/path_condition_match_test.go | 27 +- test/e2e/httpproxy/path_rewrite_test.go | 37 +- test/e2e/httpproxy/pod_restart_test.go | 27 +- .../query_parameter_condition_match_test.go | 99 +- .../httpproxy/regex_path_condition_test.go | 41 +- test/e2e/httpproxy/request_redirect_test.go | 74 +- .../required_field_validation_test.go | 17 +- .../httpproxy/retry_policy_validation_test.go | 19 +- .../tcproute_https_termination_test.go | 25 +- test/e2e/incluster/incluster_test.go | 19 +- test/e2e/incluster/leaderelection_test.go | 23 +- test/e2e/incluster/memory_usage_test.go | 35 +- test/e2e/incluster/rbac_test.go | 65 +- test/e2e/incluster/smoke_test.go | 19 +- test/e2e/infra/admin_test.go | 3 +- test/e2e/infra/endpointslice_test.go | 24 +- test/e2e/infra/infra_test.go | 22 +- test/e2e/infra/metrics_test.go | 3 +- test/e2e/ingress/backend_tls_test.go | 37 +- test/e2e/ingress/headers_policy_test.go | 31 +- test/e2e/ingress/ingress_class_test.go | 29 +- test/e2e/ingress/ingress_test.go | 32 +- test/e2e/ingress/long_path_match_test.go | 45 +- test/e2e/ingress/tls_wildcard_host_test.go | 31 +- test/e2e/provisioner.go | 22 +- test/e2e/provisioner/provisioner_test.go | 119 +- test/e2e/upgrade/upgrade_test.go | 45 +- test/e2e/waiter.go | 21 +- 328 files changed, 18822 insertions(+), 18551 deletions(-) delete mode 100755 hack/gofumpt diff --git a/.golangci.yml b/.golangci.yml index 123dfa64617..2f26c14b874 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -6,6 +6,8 @@ linters: - bodyclose - gofumpt - goimports + - gci + - importas - revive - gosec - misspell @@ -62,6 +64,41 @@ linters-settings: forbid-focus-container: true gofumpt: extra-rules: true + gci: + custom-order: true + sections: + - standard + - default + - prefix(github.com/projectcontour/contour) + importas: + no-unaliased: true + alias: + - pkg: github.com/projectcontour/contour/apis/projectcontour/(v\w+) + alias: contour_${1} + - pkg: sigs.k8s.io/gateway-api/apis/(v\w+) + alias: gatewayapi_${1} + - pkg: k8s.io.*/apis?/(\w+)/(v\w+) + alias: ${1}_${2} + - pkg: github.com/envoyproxy/go-control-plane/envoy/config/(\w+)/(v\w+) + alias: envoy_config_${1}_${2} + - pkg: github.com/envoyproxy/go-control-plane/envoy/service/(\w+)/(v\w+) + alias: envoy_service_${1}_${2} + - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/filters/(\w+)/(\w+)/(v\w+) + alias: envoy_filter_${1}_${2}_${3} + - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/(\w+)/(v\w+) + alias: envoy_transport_socket_${1}_${2} + - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/compression/(\w+)/(\w+)/(v\w+) + alias: envoy_compression_${1}_${2}_${3} + - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/(\w+)/(v\w+) + alias: envoy_access_logger_${1}_${2} + - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/(\w+)/(v\w+) + alias: envoy_formatter_${1}_${2} + - pkg: github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/(\w+)/(v\w+) + alias: envoy_upstream_${1}_${2} + - pkg: github.com/envoyproxy/go-control-plane/envoy/type/(v\w+) + alias: envoy_type_${1} + - pkg: github.com/envoyproxy/go-control-plane/envoy/type/matcher/(v\w+) + alias: envoy_matcher_${1} issues: max-issues-per-linter: 0 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7eaeadbc19c..49bbf9bddcc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -321,19 +321,21 @@ The `make format` target can be used to run `gofumpt` locally before making a PR ### Import Aliases Naming is one of the most difficult things in software engineering. -Contour uses the following pattern to name imports when referencing packages from other packages. +Contour uses the following general pattern to name imports when referencing internal packages and packages from other projects. > thing_version: The name+package path of the thing and then the version separated by underscores Examples: ``` -contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" -contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" +contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" +contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" ``` +Exact patterns for import paths can be found in the `importas` linter settings in `.golangci.yml` + ### Pre commit CI Before a change is submitted it should pass all the pre commit CI jobs. diff --git a/Makefile b/Makefile index a6c1a796440..d655e9245bf 100644 --- a/Makefile +++ b/Makefile @@ -226,7 +226,9 @@ lint-flags: .PHONY: format format: ## Run gofumpt to format the codebase. @echo Running gofumpt... - @./hack/gofumpt -l -w -extra . + @go run mvdan.cc/gofumpt@v0.5.0 -l -w -extra . + @echo Running gci... + @go run github.com/daixiang0/gci@v0.12.1 write . --skip-generated -s standard -s default -s "prefix(github.com/projectcontour/contour)" --custom-order .PHONY: generate generate: ## Re-generate generated code and documentation diff --git a/apis/projectcontour/v1/detailedconditions.go b/apis/projectcontour/v1/detailedconditions.go index d7ac6e13856..f8c293a5bbf 100644 --- a/apis/projectcontour/v1/detailedconditions.go +++ b/apis/projectcontour/v1/detailedconditions.go @@ -18,28 +18,28 @@ package v1 import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // ConditionStatus is a type alias for the k8s.io/apimachinery/pkg/apis/meta/v1 // ConditionStatus type to maintain API compatibility. // +k8s:deepcopy-gen=false -type ConditionStatus = metav1.ConditionStatus +type ConditionStatus = meta_v1.ConditionStatus // These are valid condition statuses. "ConditionTrue" means a resource is in the condition. // "ConditionFalse" means a resource is not in the condition. "ConditionUnknown" means kubernetes // can't decide if a resource is in the condition or not. In the future, we could add other // intermediate conditions, e.g. ConditionDegraded. These are retained here for API compatibility. const ( - ConditionTrue ConditionStatus = metav1.ConditionTrue - ConditionFalse ConditionStatus = metav1.ConditionFalse - ConditionUnknown ConditionStatus = metav1.ConditionUnknown + ConditionTrue ConditionStatus = meta_v1.ConditionTrue + ConditionFalse ConditionStatus = meta_v1.ConditionFalse + ConditionUnknown ConditionStatus = meta_v1.ConditionUnknown ) // Condition is a type alias for the k8s.io/apimachinery/pkg/apis/meta/v1 // Condition type to maintain API compatibility. // +k8s:deepcopy-gen=false -type Condition = metav1.Condition +type Condition = meta_v1.Condition // SubCondition is a Condition-like type intended for use as a subcondition inside a DetailedCondition. // diff --git a/apis/projectcontour/v1/httpproxy.go b/apis/projectcontour/v1/httpproxy.go index 1de37a7248e..976795d6903 100644 --- a/apis/projectcontour/v1/httpproxy.go +++ b/apis/projectcontour/v1/httpproxy.go @@ -14,8 +14,8 @@ package v1 import ( - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // HTTPProxySpec defines the spec of the CRD. @@ -1431,7 +1431,7 @@ type HTTPProxyStatus struct { Description string `json:"description,omitempty"` // +optional // LoadBalancer contains the current status of the load balancer. - LoadBalancer corev1.LoadBalancerStatus `json:"loadBalancer,omitempty"` + LoadBalancer core_v1.LoadBalancerStatus `json:"loadBalancer,omitempty"` // +optional // Conditions contains information about the current status of the HTTPProxy, // in an upstream-friendly container. @@ -1464,8 +1464,8 @@ type HTTPProxyStatus struct { // +kubebuilder:resource:scope=Namespaced,path=httpproxies,shortName=proxy;proxies,singular=httpproxy // +kubebuilder:subresource:status type HTTPProxy struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata"` + meta_v1.TypeMeta `json:",inline"` + meta_v1.ObjectMeta `json:"metadata"` Spec HTTPProxySpec `json:"spec"` // Status is a container for computed information about the HTTPProxy. @@ -1478,9 +1478,9 @@ type HTTPProxy struct { // HTTPProxyList is a list of HTTPProxies. type HTTPProxyList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - Items []HTTPProxy `json:"items"` + meta_v1.TypeMeta `json:",inline"` + meta_v1.ListMeta `json:"metadata"` + Items []HTTPProxy `json:"items"` } // SlowStartPolicy will gradually increase amount of traffic to a newly added endpoint. diff --git a/apis/projectcontour/v1/register.go b/apis/projectcontour/v1/register.go index 3014e9357e7..07c34e16f3b 100644 --- a/apis/projectcontour/v1/register.go +++ b/apis/projectcontour/v1/register.go @@ -14,7 +14,7 @@ package v1 import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" ) @@ -49,7 +49,7 @@ func AddKnownTypes(scheme *runtime.Scheme) error { &TLSCertificateDelegation{}, &TLSCertificateDelegationList{}, ) - metav1.AddToGroupVersion(scheme, GroupVersion) + meta_v1.AddToGroupVersion(scheme, GroupVersion) return nil } diff --git a/apis/projectcontour/v1/tlscertificatedelegation.go b/apis/projectcontour/v1/tlscertificatedelegation.go index 3623defbf79..c80b5a39362 100644 --- a/apis/projectcontour/v1/tlscertificatedelegation.go +++ b/apis/projectcontour/v1/tlscertificatedelegation.go @@ -14,7 +14,7 @@ package v1 import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // TLSCertificateDelegationSpec defines the spec of the CRD @@ -68,8 +68,8 @@ type TLSCertificateDelegationStatus struct { // +kubebuilder:resource:scope=Namespaced,path=tlscertificatedelegations,shortName=tlscerts,singular=tlscertificatedelegation // +kubebuilder:subresource:status type TLSCertificateDelegation struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata"` + meta_v1.TypeMeta `json:",inline"` + meta_v1.ObjectMeta `json:"metadata"` Spec TLSCertificateDelegationSpec `json:"spec"` // +optional @@ -80,7 +80,7 @@ type TLSCertificateDelegation struct { // TLSCertificateDelegationList is a list of TLSCertificateDelegations. type TLSCertificateDelegationList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata"` - Items []TLSCertificateDelegation `json:"items"` + meta_v1.TypeMeta `json:",inline"` + meta_v1.ListMeta `json:"metadata"` + Items []TLSCertificateDelegation `json:"items"` } diff --git a/apis/projectcontour/v1alpha1/accesslog_test.go b/apis/projectcontour/v1alpha1/accesslog_test.go index 6f02627e655..eed731970cf 100644 --- a/apis/projectcontour/v1alpha1/accesslog_test.go +++ b/apis/projectcontour/v1alpha1/accesslog_test.go @@ -16,26 +16,27 @@ package v1alpha1_test import ( "testing" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/stretchr/testify/require" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) func TestValidateAccessLogType(t *testing.T) { - require.Error(t, v1alpha1.AccessLogType("").Validate()) - require.Error(t, v1alpha1.AccessLogType("foo").Validate()) + require.Error(t, contour_v1alpha1.AccessLogType("").Validate()) + require.Error(t, contour_v1alpha1.AccessLogType("foo").Validate()) - require.NoError(t, v1alpha1.EnvoyAccessLog.Validate()) - require.NoError(t, v1alpha1.JSONAccessLog.Validate()) + require.NoError(t, contour_v1alpha1.EnvoyAccessLog.Validate()) + require.NoError(t, contour_v1alpha1.JSONAccessLog.Validate()) } func TestValidateAccessLogLevel(t *testing.T) { - require.Error(t, v1alpha1.AccessLogLevel("").Validate()) - require.Error(t, v1alpha1.AccessLogLevel("foo").Validate()) + require.Error(t, contour_v1alpha1.AccessLogLevel("").Validate()) + require.Error(t, contour_v1alpha1.AccessLogLevel("foo").Validate()) - require.NoError(t, v1alpha1.LogLevelInfo.Validate()) - require.NoError(t, v1alpha1.LogLevelError.Validate()) - require.NoError(t, v1alpha1.LogLevelCritical.Validate()) - require.NoError(t, v1alpha1.LogLevelDisabled.Validate()) + require.NoError(t, contour_v1alpha1.LogLevelInfo.Validate()) + require.NoError(t, contour_v1alpha1.LogLevelError.Validate()) + require.NoError(t, contour_v1alpha1.LogLevelCritical.Validate()) + require.NoError(t, contour_v1alpha1.LogLevelDisabled.Validate()) } func TestValidateAccessLogJSONFields(t *testing.T) { @@ -59,7 +60,7 @@ func TestValidateAccessLogJSONFields(t *testing.T) { } for _, c := range errorCases { - require.Error(t, v1alpha1.AccessLogJSONFields(c).Validate(), c) + require.Error(t, contour_v1alpha1.AccessLogJSONFields(c).Validate(), c) } successCases := [][]string{ @@ -82,7 +83,7 @@ func TestValidateAccessLogJSONFields(t *testing.T) { } for _, c := range successCases { - require.NoError(t, v1alpha1.AccessLogJSONFields(c).Validate(), c) + require.NoError(t, contour_v1alpha1.AccessLogJSONFields(c).Validate(), c) } } @@ -103,7 +104,7 @@ func TestAccessLogFormatString(t *testing.T) { } for _, c := range errorCases { - require.Error(t, v1alpha1.AccessLogFormatString(c).Validate(), c) + require.Error(t, contour_v1alpha1.AccessLogFormatString(c).Validate(), c) } successCases := []string{ @@ -135,6 +136,6 @@ func TestAccessLogFormatString(t *testing.T) { } for _, c := range successCases { - require.NoError(t, v1alpha1.AccessLogFormatString(c).Validate(), c) + require.NoError(t, contour_v1alpha1.AccessLogFormatString(c).Validate(), c) } } diff --git a/apis/projectcontour/v1alpha1/contourconfig.go b/apis/projectcontour/v1alpha1/contourconfig.go index a3f2ddc38cb..ff2d73c4590 100644 --- a/apis/projectcontour/v1alpha1/contourconfig.go +++ b/apis/projectcontour/v1alpha1/contourconfig.go @@ -14,9 +14,9 @@ package v1alpha1 import ( - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) // ContourConfigurationSpec represents a configuration of a Contour controller. @@ -65,7 +65,7 @@ type ContourConfigurationSpec struct { // GlobalExternalAuthorization allows envoys external authorization filter // to be enabled for all virtual hosts. // +optional - GlobalExternalAuthorization *contour_api_v1.AuthorizationServer `json:"globalExtAuth,omitempty"` + GlobalExternalAuthorization *contour_v1.AuthorizationServer `json:"globalExtAuth,omitempty"` // RateLimitService optionally holds properties of the Rate Limit Service // to be used for global rate limiting. @@ -800,7 +800,7 @@ type RateLimitServiceConfig struct { // HTTPProxy can overwrite this configuration. // // +optional - DefaultGlobalRateLimitPolicy *contour_api_v1.GlobalRateLimitPolicy `json:"defaultGlobalRateLimitPolicy,omitempty"` + DefaultGlobalRateLimitPolicy *contour_v1.GlobalRateLimitPolicy `json:"defaultGlobalRateLimitPolicy,omitempty"` } // TracingConfig defines properties for exporting trace data to OpenTelemetry. @@ -899,7 +899,7 @@ type ContourConfigurationStatus struct { // +patchStrategy=merge // +listType=map // +listMapKey=type - Conditions []contour_api_v1.DetailedCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []contour_v1.DetailedCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` } // +genclient @@ -909,8 +909,8 @@ type ContourConfigurationStatus struct { // ContourConfiguration is the schema for a Contour instance. type ContourConfiguration struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` + meta_v1.TypeMeta `json:",inline"` + meta_v1.ObjectMeta `json:"metadata,omitempty"` Spec ContourConfigurationSpec `json:"spec"` @@ -923,7 +923,7 @@ type ContourConfiguration struct { // ContourConfigurationList contains a list of Contour configuration resources. type ContourConfigurationList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []ContourConfiguration `json:"items"` + meta_v1.TypeMeta `json:",inline"` + meta_v1.ListMeta `json:"metadata,omitempty"` + Items []ContourConfiguration `json:"items"` } diff --git a/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go b/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go index 4dda74cf897..d0ea033aea3 100644 --- a/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go +++ b/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go @@ -17,22 +17,23 @@ import ( "fmt" "testing" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/ref" ) func TestContourConfigurationSpecValidate(t *testing.T) { t.Run("xds server type validation", func(t *testing.T) { - c := v1alpha1.ContourConfigurationSpec{ - XDSServer: &v1alpha1.XDSServerConfig{}, + c := contour_v1alpha1.ContourConfigurationSpec{ + XDSServer: &contour_v1alpha1.XDSServerConfig{}, } - c.XDSServer.Type = v1alpha1.ContourServerType + c.XDSServer.Type = contour_v1alpha1.ContourServerType require.NoError(t, c.Validate()) - c.XDSServer.Type = v1alpha1.EnvoyServerType + c.XDSServer.Type = contour_v1alpha1.EnvoyServerType require.NoError(t, c.Validate()) c.XDSServer.Type = "foo" @@ -40,13 +41,13 @@ func TestContourConfigurationSpecValidate(t *testing.T) { }) t.Run("envoy validation", func(t *testing.T) { - c := v1alpha1.ContourConfigurationSpec{ - Envoy: &v1alpha1.EnvoyConfig{ - Metrics: &v1alpha1.MetricsConfig{ + c := contour_v1alpha1.ContourConfigurationSpec{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: "0.0.0.0", Port: 8080, }, - Health: &v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: "0.0.0.0", Port: 8080, }, @@ -54,14 +55,14 @@ func TestContourConfigurationSpecValidate(t *testing.T) { } require.NoError(t, c.Validate()) - c = v1alpha1.ContourConfigurationSpec{ - Envoy: &v1alpha1.EnvoyConfig{ - Metrics: &v1alpha1.MetricsConfig{ - TLS: &v1alpha1.MetricsTLS{}, + c = contour_v1alpha1.ContourConfigurationSpec{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ + TLS: &contour_v1alpha1.MetricsTLS{}, Address: "0.0.0.0", Port: 8080, }, - Health: &v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: "0.0.0.0", Port: 8080, }, @@ -69,45 +70,45 @@ func TestContourConfigurationSpecValidate(t *testing.T) { } require.Error(t, c.Validate()) - c = v1alpha1.ContourConfigurationSpec{ - Envoy: &v1alpha1.EnvoyConfig{ - DefaultHTTPVersions: []v1alpha1.HTTPVersionType{v1alpha1.HTTPVersion1, v1alpha1.HTTPVersion2}, + c = contour_v1alpha1.ContourConfigurationSpec{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + DefaultHTTPVersions: []contour_v1alpha1.HTTPVersionType{contour_v1alpha1.HTTPVersion1, contour_v1alpha1.HTTPVersion2}, }, } require.NoError(t, c.Validate()) - c = v1alpha1.ContourConfigurationSpec{ - Envoy: &v1alpha1.EnvoyConfig{ - DefaultHTTPVersions: []v1alpha1.HTTPVersionType{v1alpha1.HTTPVersion1, v1alpha1.HTTPVersion2, "foo"}, + c = contour_v1alpha1.ContourConfigurationSpec{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + DefaultHTTPVersions: []contour_v1alpha1.HTTPVersionType{contour_v1alpha1.HTTPVersion1, contour_v1alpha1.HTTPVersion2, "foo"}, }, } require.Error(t, c.Validate()) - c = v1alpha1.ContourConfigurationSpec{ - Envoy: &v1alpha1.EnvoyConfig{ - Cluster: &v1alpha1.ClusterParameters{}, + c = contour_v1alpha1.ContourConfigurationSpec{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Cluster: &contour_v1alpha1.ClusterParameters{}, }, } - c.Envoy.Cluster.DNSLookupFamily = v1alpha1.AutoClusterDNSFamily + c.Envoy.Cluster.DNSLookupFamily = contour_v1alpha1.AutoClusterDNSFamily require.NoError(t, c.Validate()) - c.Envoy.Cluster.DNSLookupFamily = v1alpha1.IPv4ClusterDNSFamily + c.Envoy.Cluster.DNSLookupFamily = contour_v1alpha1.IPv4ClusterDNSFamily require.NoError(t, c.Validate()) - c.Envoy.Cluster.DNSLookupFamily = v1alpha1.IPv6ClusterDNSFamily + c.Envoy.Cluster.DNSLookupFamily = contour_v1alpha1.IPv6ClusterDNSFamily require.NoError(t, c.Validate()) - c.Envoy.Cluster.DNSLookupFamily = v1alpha1.AllClusterDNSFamily + c.Envoy.Cluster.DNSLookupFamily = contour_v1alpha1.AllClusterDNSFamily require.NoError(t, c.Validate()) c.Envoy.Cluster.DNSLookupFamily = "foo" require.Error(t, c.Validate()) - c = v1alpha1.ContourConfigurationSpec{ - Envoy: &v1alpha1.EnvoyConfig{ - Listener: &v1alpha1.EnvoyListenerConfig{ - TLS: &v1alpha1.EnvoyTLS{}, + c = contour_v1alpha1.ContourConfigurationSpec{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Listener: &contour_v1alpha1.EnvoyListenerConfig{ + TLS: &contour_v1alpha1.EnvoyTLS{}, }, }, } @@ -163,30 +164,30 @@ func TestContourConfigurationSpecValidate(t *testing.T) { }) t.Run("gateway validation", func(t *testing.T) { - c := v1alpha1.ContourConfigurationSpec{ - Gateway: &v1alpha1.GatewayConfig{}, + c := contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{}, } c.Gateway.ControllerName = "foo" require.NoError(t, c.Validate()) c.Gateway.ControllerName = "" - c.Gateway.GatewayRef = &v1alpha1.NamespacedName{Namespace: "ns", Name: "name"} + c.Gateway.GatewayRef = &contour_v1alpha1.NamespacedName{Namespace: "ns", Name: "name"} require.NoError(t, c.Validate()) c.Gateway.ControllerName = "foo" - c.Gateway.GatewayRef = &v1alpha1.NamespacedName{Namespace: "ns", Name: "name"} + c.Gateway.GatewayRef = &contour_v1alpha1.NamespacedName{Namespace: "ns", Name: "name"} require.Error(t, c.Validate()) }) t.Run("tracing validation", func(t *testing.T) { - c := v1alpha1.ContourConfigurationSpec{ - Tracing: &v1alpha1.TracingConfig{}, + c := contour_v1alpha1.ContourConfigurationSpec{ + Tracing: &contour_v1alpha1.TracingConfig{}, } require.Error(t, c.Validate()) - c.Tracing.ExtensionService = &v1alpha1.NamespacedName{ + c.Tracing.ExtensionService = &contour_v1alpha1.NamespacedName{ Name: "otel-collector", Namespace: "projectcontour", } @@ -198,7 +199,7 @@ func TestContourConfigurationSpecValidate(t *testing.T) { c.Tracing.OverallSampling = ref.To("10") require.NoError(t, c.Validate()) - customTags := []*v1alpha1.CustomTag{ + customTags := []*contour_v1alpha1.CustomTag{ { TagName: "first tag", Literal: "literal", @@ -207,21 +208,21 @@ func TestContourConfigurationSpecValidate(t *testing.T) { c.Tracing.CustomTags = customTags require.NoError(t, c.Validate()) - customTags = append(customTags, &v1alpha1.CustomTag{ + customTags = append(customTags, &contour_v1alpha1.CustomTag{ TagName: "second tag", RequestHeaderName: "x-custom-header", }) c.Tracing.CustomTags = customTags require.NoError(t, c.Validate()) - customTags = append(customTags, &v1alpha1.CustomTag{ + customTags = append(customTags, &contour_v1alpha1.CustomTag{ TagName: "first tag", RequestHeaderName: "x-custom-header", }) c.Tracing.CustomTags = customTags require.Error(t, c.Validate()) - customTags = []*v1alpha1.CustomTag{ + customTags = []*contour_v1alpha1.CustomTag{ { TagName: "first tag", Literal: "literal", @@ -240,7 +241,7 @@ func TestSanitizeCipherSuites(t *testing.T) { }{ "no ciphers": { ciphers: nil, - want: v1alpha1.DefaultTLSCiphers, + want: contour_v1alpha1.DefaultTLSCiphers, }, "valid list": { ciphers: []string{ @@ -267,7 +268,7 @@ func TestSanitizeCipherSuites(t *testing.T) { for name, tc := range testCases { t.Run(name, func(t *testing.T) { - e := &v1alpha1.EnvoyTLS{ + e := &contour_v1alpha1.EnvoyTLS{ CipherSuites: tc.ciphers, } assert.Equal(t, tc.want, e.SanitizedCipherSuites()) @@ -277,20 +278,20 @@ func TestSanitizeCipherSuites(t *testing.T) { // TestAccessLogFormatExtensions tests that command operators requiring extensions are recognized for given access log format. func TestAccessLogFormatExtensions(t *testing.T) { - e1 := v1alpha1.EnvoyLogging{ - AccessLogFormat: v1alpha1.EnvoyAccessLog, + e1 := contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.EnvoyAccessLog, AccessLogFormatString: "[%START_TIME%] \"%REQ_WITHOUT_QUERY(X-ENVOY-ORIGINAL-PATH?:PATH)%\"\n", } assert.Equal(t, []string{"envoy.formatter.req_without_query"}, e1.AccessLogFormatterExtensions()) - e2 := v1alpha1.EnvoyLogging{ - AccessLogFormat: v1alpha1.JSONAccessLog, + e2 := contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.JSONAccessLog, AccessLogJSONFields: []string{"@timestamp", "path=%REQ_WITHOUT_QUERY(X-ENVOY-ORIGINAL-PATH?:PATH)%"}, } assert.Equal(t, []string{"envoy.formatter.req_without_query"}, e2.AccessLogFormatterExtensions()) - e3 := v1alpha1.EnvoyLogging{ - AccessLogFormat: v1alpha1.EnvoyAccessLog, + e3 := contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.EnvoyAccessLog, } assert.Empty(t, e3.AccessLogFormatterExtensions()) } @@ -298,27 +299,27 @@ func TestAccessLogFormatExtensions(t *testing.T) { func TestFeatureFlagsValidate(t *testing.T) { tests := []struct { name string - flags v1alpha1.FeatureFlags + flags contour_v1alpha1.FeatureFlags expected error }{ { name: "valid flag", - flags: v1alpha1.FeatureFlags{"useEndpointSlices"}, + flags: contour_v1alpha1.FeatureFlags{"useEndpointSlices"}, expected: nil, }, { name: "invalid flag", - flags: v1alpha1.FeatureFlags{"invalidFlag"}, + flags: contour_v1alpha1.FeatureFlags{"invalidFlag"}, expected: fmt.Errorf("invalid contour configuration, unknown feature flag:invalidFlag"), }, { name: "mix of valid and invalid flags", - flags: v1alpha1.FeatureFlags{"useEndpointSlices", "invalidFlag"}, + flags: contour_v1alpha1.FeatureFlags{"useEndpointSlices", "invalidFlag"}, expected: fmt.Errorf("invalid contour configuration, unknown feature flag:invalidFlag"), }, { name: "empty flags", - flags: v1alpha1.FeatureFlags{}, + flags: contour_v1alpha1.FeatureFlags{}, expected: nil, }, } diff --git a/apis/projectcontour/v1alpha1/contourdeployment.go b/apis/projectcontour/v1alpha1/contourdeployment.go index da534f384fa..b430c2c1ff1 100644 --- a/apis/projectcontour/v1alpha1/contourdeployment.go +++ b/apis/projectcontour/v1alpha1/contourdeployment.go @@ -14,10 +14,11 @@ package v1alpha1 import ( - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) // LogLevel is the logging levels available. @@ -113,7 +114,7 @@ type ContourSettings struct { // Cannot be updated. // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ // +optional - Resources corev1.ResourceRequirements `json:"resources,omitempty"` + Resources core_v1.ResourceRequirements `json:"resources,omitempty"` // Deployment describes the settings for running contour as a `Deployment`. // +optional @@ -130,7 +131,7 @@ type ContourSettings struct { // +kubebuilder:validation:Type=array // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=42 - WatchNamespaces []contour_api_v1.Namespace `json:"watchNamespaces,omitempty"` + WatchNamespaces []contour_v1.Namespace `json:"watchNamespaces,omitempty"` // DisabledFeatures defines an array of resources that will be ignored by // contour reconciler. @@ -138,7 +139,7 @@ type ContourSettings struct { // +kubebuilder:validation:Type=array // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=42 - DisabledFeatures []contour_api_v1.Feature `json:"disabledFeatures,omitempty"` + DisabledFeatures []contour_v1.Feature `json:"disabledFeatures,omitempty"` } // DeploymentSettings contains settings for Deployment resources. @@ -150,14 +151,14 @@ type DeploymentSettings struct { // Strategy describes the deployment strategy to use to replace existing pods with new pods. // +optional - Strategy *appsv1.DeploymentStrategy `json:"strategy,omitempty"` + Strategy *apps_v1.DeploymentStrategy `json:"strategy,omitempty"` } // DaemonSetSettings contains settings for DaemonSet resources. type DaemonSetSettings struct { // Strategy describes the deployment strategy to use to replace existing DaemonSet pods with new pods. // +optional - UpdateStrategy *appsv1.DaemonSetUpdateStrategy `json:"updateStrategy,omitempty"` + UpdateStrategy *apps_v1.DaemonSetUpdateStrategy `json:"updateStrategy,omitempty"` } // EnvoySettings contains settings for the Envoy part of the installation, @@ -194,11 +195,11 @@ type EnvoySettings struct { // ExtraVolumes holds the extra volumes to add. // +optional - ExtraVolumes []corev1.Volume `json:"extraVolumes,omitempty"` + ExtraVolumes []core_v1.Volume `json:"extraVolumes,omitempty"` // ExtraVolumeMounts holds the extra volume mounts to add (normally used with extraVolumes). // +optional - ExtraVolumeMounts []corev1.VolumeMount `json:"extraVolumeMounts,omitempty"` + ExtraVolumeMounts []core_v1.VolumeMount `json:"extraVolumeMounts,omitempty"` // PodAnnotations defines annotations to add to the Envoy pods. // the annotations for Prometheus will be appended or overwritten with predefined value. @@ -209,7 +210,7 @@ type EnvoySettings struct { // Cannot be updated. // More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ // +optional - Resources corev1.ResourceRequirements `json:"resources,omitempty"` + Resources core_v1.ResourceRequirements `json:"resources,omitempty"` // LogLevel sets the log level for Envoy. // Allowed values are "trace", "debug", "info", "warn", "error", "critical", "off". @@ -305,7 +306,7 @@ type NetworkPublishing struct { // If unset, defaults to "Local". // // +optional - ExternalTrafficPolicy corev1.ServiceExternalTrafficPolicyType `json:"externalTrafficPolicy,omitempty"` + ExternalTrafficPolicy core_v1.ServiceExternalTrafficPolicyType `json:"externalTrafficPolicy,omitempty"` // IPFamilyPolicy represents the dual-stack-ness requested or required by // this Service. If there is no value provided, then this field will be set @@ -315,7 +316,7 @@ type NetworkPublishing struct { // (two IP families on dual-stack configured clusters, otherwise fail). // // +optional - IPFamilyPolicy corev1.IPFamilyPolicy `json:"ipFamilyPolicy,omitempty"` + IPFamilyPolicy core_v1.IPFamilyPolicy `json:"ipFamilyPolicy,omitempty"` // ServiceAnnotations is the annotations to add to // the provisioned Envoy service. @@ -366,7 +367,7 @@ type NodePlacement struct { // for additional details. // // +optional - Tolerations []corev1.Toleration `json:"tolerations,omitempty"` + Tolerations []core_v1.Toleration `json:"tolerations,omitempty"` } // ContourDeploymentStatus defines the observed state of a ContourDeployment resource. @@ -378,7 +379,7 @@ type ContourDeploymentStatus struct { // +patchStrategy=merge // +listType=map // +listMapKey=type - Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []meta_v1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` } // +genclient @@ -388,8 +389,8 @@ type ContourDeploymentStatus struct { // ContourDeployment is the schema for a Contour Deployment. type ContourDeployment struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` + meta_v1.TypeMeta `json:",inline"` + meta_v1.ObjectMeta `json:"metadata,omitempty"` Spec ContourDeploymentSpec `json:"spec,omitempty"` Status ContourDeploymentStatus `json:"status,omitempty"` @@ -400,7 +401,7 @@ type ContourDeployment struct { // ContourDeploymentList contains a list of Contour Deployment resources. type ContourDeploymentList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []ContourDeployment `json:"items"` + meta_v1.TypeMeta `json:",inline"` + meta_v1.ListMeta `json:"metadata,omitempty"` + Items []ContourDeployment `json:"items"` } diff --git a/apis/projectcontour/v1alpha1/extensionservice.go b/apis/projectcontour/v1alpha1/extensionservice.go index 62b891603d2..20c53058b54 100644 --- a/apis/projectcontour/v1alpha1/extensionservice.go +++ b/apis/projectcontour/v1alpha1/extensionservice.go @@ -14,8 +14,9 @@ package v1alpha1 import ( - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) // ExtensionProtocolVersion is the version of the GRPC protocol used @@ -74,7 +75,7 @@ type ExtensionServiceSpec struct { // UpstreamValidation defines how to verify the backend service's certificate // +optional - UpstreamValidation *contour_api_v1.UpstreamValidation `json:"validation,omitempty"` + UpstreamValidation *contour_v1.UpstreamValidation `json:"validation,omitempty"` // Protocol may be used to specify (or override) the protocol used to reach this Service. // Values may be h2 or h2c. If omitted, protocol-selection falls back on Service annotations. @@ -88,12 +89,12 @@ type ExtensionServiceSpec struct { // here. // // +optional - LoadBalancerPolicy *contour_api_v1.LoadBalancerPolicy `json:"loadBalancerPolicy,omitempty"` + LoadBalancerPolicy *contour_v1.LoadBalancerPolicy `json:"loadBalancerPolicy,omitempty"` // The timeout policy for requests to the services. // // +optional - TimeoutPolicy *contour_api_v1.TimeoutPolicy `json:"timeoutPolicy,omitempty"` + TimeoutPolicy *contour_v1.TimeoutPolicy `json:"timeoutPolicy,omitempty"` // This field sets the version of the GRPC protocol that Envoy uses to // send requests to the extension service. Since Contour always uses the @@ -120,7 +121,7 @@ type ExtensionServiceStatus struct { // +patchStrategy=merge // +listType=map // +listMapKey=type - Conditions []contour_api_v1.DetailedCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` + Conditions []contour_v1.DetailedCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` } // +genclient @@ -133,8 +134,8 @@ type ExtensionServiceStatus struct { // API so that Contour API features can be implemented by collaborating // components. type ExtensionService struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` + meta_v1.TypeMeta `json:",inline"` + meta_v1.ObjectMeta `json:"metadata,omitempty"` Spec ExtensionServiceSpec `json:"spec,omitempty"` Status ExtensionServiceStatus `json:"status,omitempty"` @@ -145,7 +146,7 @@ type ExtensionService struct { // ExtensionServiceList contains a list of ExtensionService resources. type ExtensionServiceList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []ExtensionService `json:"items"` + meta_v1.TypeMeta `json:",inline"` + meta_v1.ListMeta `json:"metadata,omitempty"` + Items []ExtensionService `json:"items"` } diff --git a/apis/projectcontour/v1alpha1/extensionservice_helpers.go b/apis/projectcontour/v1alpha1/extensionservice_helpers.go index 2e8362b367c..7023b51565e 100644 --- a/apis/projectcontour/v1alpha1/extensionservice_helpers.go +++ b/apis/projectcontour/v1alpha1/extensionservice_helpers.go @@ -14,12 +14,12 @@ package v1alpha1 import ( - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) // GetConditionFor returns the a pointer to the condition for a given type, // or nil if there are none currently present. -func (status *ExtensionServiceStatus) GetConditionFor(condType string) *contour_api_v1.DetailedCondition { +func (status *ExtensionServiceStatus) GetConditionFor(condType string) *contour_v1.DetailedCondition { for i, cond := range status.Conditions { if cond.Type == condType { return &status.Conditions[i] diff --git a/apis/projectcontour/v1alpha1/register.go b/apis/projectcontour/v1alpha1/register.go index 92b2ab901b4..459ffcde843 100644 --- a/apis/projectcontour/v1alpha1/register.go +++ b/apis/projectcontour/v1alpha1/register.go @@ -14,7 +14,7 @@ package v1alpha1 import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" ) @@ -47,6 +47,6 @@ func addKnownTypes(scheme *runtime.Scheme) error { &ContourDeploymentList{}, ) - metav1.AddToGroupVersion(scheme, GroupVersion) + meta_v1.AddToGroupVersion(scheme, GroupVersion) return nil } diff --git a/cmd/contour/bootstrap.go b/cmd/contour/bootstrap.go index 89b5504be11..dfa365f90a1 100644 --- a/cmd/contour/bootstrap.go +++ b/cmd/contour/bootstrap.go @@ -15,6 +15,7 @@ package main import ( "github.com/alecthomas/kingpin/v2" + "github.com/projectcontour/contour/internal/envoy" ) diff --git a/cmd/contour/certgen.go b/cmd/contour/certgen.go index ef55f004f2e..73acb4c8b66 100644 --- a/cmd/contour/certgen.go +++ b/cmd/contour/certgen.go @@ -20,13 +20,14 @@ import ( "strconv" "github.com/alecthomas/kingpin/v2" - "github.com/projectcontour/contour/internal/certgen" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/pkg/certs" "github.com/sirupsen/logrus" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/client-go/kubernetes" + + "github.com/projectcontour/contour/internal/certgen" + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/pkg/certs" ) // registercertgen registers the certgen subcommand and flags @@ -89,7 +90,7 @@ type certgenConfig struct { // OutputCerts outputs the certs in certs as directed by config. func OutputCerts(config *certgenConfig, kubeclient *kubernetes.Clientset, certs *certs.Certificates) error { - var secrets []*corev1.Secret + var secrets []*core_v1.Secret var errs []error force := certgen.NoOverwrite diff --git a/cmd/contour/certgen_test.go b/cmd/contour/certgen_test.go index 6dcea53c9d4..51da72778c1 100644 --- a/cmd/contour/certgen_test.go +++ b/cmd/contour/certgen_test.go @@ -22,13 +22,13 @@ import ( "sort" "testing" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + core_v1 "k8s.io/api/core/v1" + "github.com/projectcontour/contour/internal/certgen" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/pkg/certs" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" ) func TestGeneratedSecretsValid(t *testing.T) { @@ -83,15 +83,15 @@ func TestGeneratedSecretsValid(t *testing.T) { // Check the keys we want are present. for _, key := range []string{ dag.CACertificateKey, - corev1.TLSCertKey, - corev1.TLSPrivateKeyKey, + core_v1.TLSCertKey, + core_v1.TLSPrivateKeyKey, } { if _, ok := s.Data[key]; !ok { t.Errorf("missing data key %q", key) } } - pemBlock, _ := pem.Decode(s.Data[corev1.TLSCertKey]) + pemBlock, _ := pem.Decode(s.Data[core_v1.TLSCertKey]) assert.Equal(t, "CERTIFICATE", pemBlock.Type) cert, err := x509.ParseCertificate(pemBlock.Bytes) @@ -160,15 +160,15 @@ func TestSecretNamePrefix(t *testing.T) { // Check the keys we want are present. for _, key := range []string{ dag.CACertificateKey, - corev1.TLSCertKey, - corev1.TLSPrivateKeyKey, + core_v1.TLSCertKey, + core_v1.TLSPrivateKeyKey, } { if _, ok := s.Data[key]; !ok { t.Errorf("missing data key %q", key) } } - pemBlock, _ := pem.Decode(s.Data[corev1.TLSCertKey]) + pemBlock, _ := pem.Decode(s.Data[core_v1.TLSCertKey]) assert.Equal(t, "CERTIFICATE", pemBlock.Type) cert, err := x509.ParseCertificate(pemBlock.Bytes) diff --git a/cmd/contour/cli.go b/cmd/contour/cli.go index cc5e1295d92..0f7ae7ca4af 100644 --- a/cmd/contour/cli.go +++ b/cmd/contour/cli.go @@ -21,9 +21,9 @@ import ( "os" "github.com/alecthomas/kingpin/v2" - corev3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_service_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/service/cluster/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" envoy_service_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/service/endpoint/v3" envoy_service_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/service/listener/v3" envoy_service_route_v3 "github.com/envoyproxy/go-control-plane/envoy/service/route/v3" @@ -154,8 +154,8 @@ func (c *Client) RouteStream() envoy_service_route_v3.RouteDiscoveryService_Stre } type stream interface { - Send(*envoy_discovery_v3.DiscoveryRequest) error - Recv() (*envoy_discovery_v3.DiscoveryResponse, error) + Send(*envoy_service_discovery_v3.DiscoveryRequest) error + Recv() (*envoy_service_discovery_v3.DiscoveryResponse, error) } func watchstream(log *logrus.Logger, st stream, typeURL string, resources []string, nack bool, nodeID string) { @@ -168,11 +168,11 @@ func watchstream(log *logrus.Logger, st stream, typeURL string, resources []stri currentVersion := "0" // Send the initial, non-ACK discovery request. - req := &envoy_discovery_v3.DiscoveryRequest{ + req := &envoy_service_discovery_v3.DiscoveryRequest{ TypeUrl: typeURL, ResourceNames: resources, VersionInfo: currentVersion, - Node: &corev3.Node{ + Node: &envoy_config_core_v3.Node{ Id: nodeID, }, } @@ -209,7 +209,7 @@ func watchstream(log *logrus.Logger, st stream, typeURL string, resources []stri // just got, or else the watch won't happen properly. // The ErrorDetail field being populated is what makes this a NACK // instead of an ACK. - nackReq := &envoy_discovery_v3.DiscoveryRequest{ + nackReq := &envoy_service_discovery_v3.DiscoveryRequest{ TypeUrl: typeURL, ResponseNonce: resp.Nonce, VersionInfo: resp.VersionInfo, @@ -217,7 +217,7 @@ func watchstream(log *logrus.Logger, st stream, typeURL string, resources []stri Code: int32(grpc_code.Code_INTERNAL), Message: "Told to create a NACK for testing", }, - Node: &corev3.Node{ + Node: &envoy_config_core_v3.Node{ Id: nodeID, }, } @@ -237,11 +237,11 @@ func watchstream(log *logrus.Logger, st stream, typeURL string, resources []stri // The ResponseNonce field is what makes it an ACK, // and the VersionInfo field must match the one in the response we // just got, or else the watch won't happen properly. - ackReq := &envoy_discovery_v3.DiscoveryRequest{ + ackReq := &envoy_service_discovery_v3.DiscoveryRequest{ TypeUrl: typeURL, ResponseNonce: resp.Nonce, VersionInfo: resp.VersionInfo, - Node: &corev3.Node{ + Node: &envoy_config_core_v3.Node{ Id: nodeID, }, } @@ -296,8 +296,8 @@ func (c *Client) DeltaRouteStream() envoy_service_route_v3.RouteDiscoveryService } type deltaStream interface { - Send(*envoy_discovery_v3.DeltaDiscoveryRequest) error - Recv() (*envoy_discovery_v3.DeltaDiscoveryResponse, error) + Send(*envoy_service_discovery_v3.DeltaDiscoveryRequest) error + Recv() (*envoy_service_discovery_v3.DeltaDiscoveryResponse, error) } func watchDeltaStream(log *logrus.Logger, st deltaStream, typeURL string, resources []string, nack bool, nodeID string) { @@ -310,10 +310,10 @@ func watchDeltaStream(log *logrus.Logger, st deltaStream, typeURL string, resour currentVersion := "0" // Send the initial, non-ACK discovery request. - req := &envoy_discovery_v3.DeltaDiscoveryRequest{ + req := &envoy_service_discovery_v3.DeltaDiscoveryRequest{ TypeUrl: typeURL, ResourceNamesSubscribe: resources, - Node: &corev3.Node{ + Node: &envoy_config_core_v3.Node{ Id: nodeID, }, } @@ -348,14 +348,14 @@ func watchDeltaStream(log *logrus.Logger, st deltaStream, typeURL string, resour // The ResponseNonce field is what makes it an ACK. // The ErrorDetail field being populated is what makes this a NACK // instead of an ACK. - nackReq := &envoy_discovery_v3.DeltaDiscoveryRequest{ + nackReq := &envoy_service_discovery_v3.DeltaDiscoveryRequest{ TypeUrl: typeURL, ResponseNonce: resp.Nonce, ErrorDetail: &status.Status{ Code: int32(grpc_code.Code_INTERNAL), Message: "Told to create a NACK for testing", }, - Node: &corev3.Node{ + Node: &envoy_config_core_v3.Node{ Id: nodeID, }, } @@ -373,10 +373,10 @@ func watchDeltaStream(log *logrus.Logger, st deltaStream, typeURL string, resour } else { // We'll ACK our request. // The ResponseNonce field is what makes it an ACK. - ackReq := &envoy_discovery_v3.DeltaDiscoveryRequest{ + ackReq := &envoy_service_discovery_v3.DeltaDiscoveryRequest{ TypeUrl: typeURL, ResponseNonce: resp.Nonce, - Node: &corev3.Node{ + Node: &envoy_config_core_v3.Node{ Id: nodeID, }, } diff --git a/cmd/contour/contour.go b/cmd/contour/contour.go index a2b92fd1865..48f2997d3ee 100644 --- a/cmd/contour/contour.go +++ b/cmd/contour/contour.go @@ -16,15 +16,15 @@ package main import ( "os" - "go.uber.org/automaxprocs/maxprocs" - "github.com/alecthomas/kingpin/v2" resource_v3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3" + "github.com/sirupsen/logrus" + "go.uber.org/automaxprocs/maxprocs" + "github.com/projectcontour/contour/internal/build" "github.com/projectcontour/contour/internal/envoy" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/k8s" - "github.com/sirupsen/logrus" ) func main() { diff --git a/cmd/contour/gatewayprovisioner.go b/cmd/contour/gatewayprovisioner.go index ab3e2a5607e..b86482cbb4e 100644 --- a/cmd/contour/gatewayprovisioner.go +++ b/cmd/contour/gatewayprovisioner.go @@ -17,11 +17,6 @@ import ( "fmt" "os" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/provisioner" - "github.com/projectcontour/contour/internal/provisioner/controller" - "github.com/projectcontour/contour/pkg/config" - "github.com/alecthomas/kingpin/v2" "github.com/distribution/reference" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" @@ -29,6 +24,11 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/manager" controller_runtime_metrics_server "sigs.k8s.io/controller-runtime/pkg/metrics/server" + + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/provisioner" + "github.com/projectcontour/contour/internal/provisioner/controller" + "github.com/projectcontour/contour/pkg/config" ) func registerGatewayProvisioner(app *kingpin.Application) (*kingpin.CmdClause, *gatewayProvisionerConfig) { diff --git a/cmd/contour/ingressstatus.go b/cmd/contour/ingressstatus.go index c3a4a77de77..2827765a28a 100644 --- a/cmd/contour/ingressstatus.go +++ b/cmd/contour/ingressstatus.go @@ -18,15 +18,16 @@ import ( "net" "strings" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/k8s" "github.com/sirupsen/logrus" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/k8s" ) // loadBalancerStatusWriter orchestrates LoadBalancer address status @@ -37,8 +38,8 @@ import ( // // 1. On startup the loadBalancerStatusWriter waits to be elected leader. // 2. Once elected leader, the loadBalancerStatusWriter waits to receive a -// v1.LoadBalancerStatus value. -// 3. Once a v1.LoadBalancerStatus value has been received, the +// core_v1.LoadBalancerStatus value. +// 3. Once a core_v1.LoadBalancerStatus value has been received, the // cached address is updated so that it will be applied to objects // received in any subsequent informer events. // 4. All Ingress, HTTPProxy and Gateway objects are listed from the informer @@ -50,7 +51,7 @@ import ( type loadBalancerStatusWriter struct { log logrus.FieldLogger cache cache.Cache - lbStatus chan v1.LoadBalancerStatus + lbStatus chan core_v1.LoadBalancerStatus statusUpdater k8s.StatusUpdater ingressClassNames []string gatewayControllerName string @@ -83,7 +84,7 @@ func (isw *loadBalancerStatusWriter) Start(ctx context.Context) error { // address status. The cache should have already started // informers, so new informers will auto-start. resources := []client.Object{ - &contour_api_v1.HTTPProxy{}, + &contour_v1.HTTPProxy{}, &networking_v1.Ingress{}, } @@ -112,7 +113,7 @@ func (isw *loadBalancerStatusWriter) Start(ctx context.Context) error { // informer from here. Clear the load balancer // status so that subsequent informer events // will have no effect. - u.Set(v1.LoadBalancerStatus{}) + u.Set(core_v1.LoadBalancerStatus{}) return nil case lbs := <-isw.lbStatus: isw.log.WithField("loadbalancer-address", lbAddress(lbs)). @@ -129,7 +130,7 @@ func (isw *loadBalancerStatusWriter) Start(ctx context.Context) error { } } - var proxyList contour_api_v1.HTTPProxyList + var proxyList contour_v1.HTTPProxyList if err := isw.cache.List(context.Background(), &proxyList); err != nil { isw.log.WithError(err).WithField("kind", "HTTPProxy").Error("failed to list objects") } else { @@ -154,9 +155,9 @@ func (isw *loadBalancerStatusWriter) Start(ctx context.Context) error { } } -func parseStatusFlag(status string) v1.LoadBalancerStatus { +func parseStatusFlag(status string) core_v1.LoadBalancerStatus { // Support ','-separated lists. - var ingresses []v1.LoadBalancerIngress + var ingresses []core_v1.LoadBalancerIngress for _, item := range strings.Split(status, ",") { item = strings.TrimSpace(item) @@ -165,25 +166,25 @@ func parseStatusFlag(status string) v1.LoadBalancerStatus { } // Use the parseability by net.ParseIP as a signal, since we need - // to pass a string into the v1.LoadBalancerIngress anyway. + // to pass a string into the core_v1.LoadBalancerIngress anyway. if ip := net.ParseIP(item); ip != nil { - ingresses = append(ingresses, v1.LoadBalancerIngress{ + ingresses = append(ingresses, core_v1.LoadBalancerIngress{ IP: item, }) } else { - ingresses = append(ingresses, v1.LoadBalancerIngress{ + ingresses = append(ingresses, core_v1.LoadBalancerIngress{ Hostname: item, }) } } - return v1.LoadBalancerStatus{ + return core_v1.LoadBalancerStatus{ Ingress: ingresses, } } // lbAddress gets the string representation of the first address, for logging. -func lbAddress(lb v1.LoadBalancerStatus) string { +func lbAddress(lb core_v1.LoadBalancerStatus) string { if len(lb.Ingress) == 0 { return "" } diff --git a/cmd/contour/ingressstatus_test.go b/cmd/contour/ingressstatus_test.go index 0994431d0f1..02e0ba8559b 100644 --- a/cmd/contour/ingressstatus_test.go +++ b/cmd/contour/ingressstatus_test.go @@ -19,7 +19,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "sigs.k8s.io/controller-runtime/pkg/manager" ) @@ -27,13 +27,13 @@ func Test_parseStatusFlag(t *testing.T) { tests := []struct { name string status string - want v1.LoadBalancerStatus + want core_v1.LoadBalancerStatus }{ { name: "IPv4", status: "10.0.0.1", - want: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + want: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { IP: "10.0.0.1", }, @@ -43,8 +43,8 @@ func Test_parseStatusFlag(t *testing.T) { { name: "IPv6", status: "2001:4860:4860::8888", - want: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + want: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { IP: "2001:4860:4860::8888", }, @@ -54,8 +54,8 @@ func Test_parseStatusFlag(t *testing.T) { { name: "arbitrary string", status: "anarbitrarystring", - want: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + want: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { Hostname: "anarbitrarystring", }, @@ -65,8 +65,8 @@ func Test_parseStatusFlag(t *testing.T) { { name: "WhitespacePadded", status: " anarbitrarystring ", - want: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + want: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { Hostname: "anarbitrarystring", }, @@ -76,23 +76,23 @@ func Test_parseStatusFlag(t *testing.T) { { name: "Empty", status: "", - want: v1.LoadBalancerStatus{}, + want: core_v1.LoadBalancerStatus{}, }, { name: "EmptyComma", status: ",", - want: v1.LoadBalancerStatus{}, + want: core_v1.LoadBalancerStatus{}, }, { name: "EmptySpace", status: " ", - want: v1.LoadBalancerStatus{}, + want: core_v1.LoadBalancerStatus{}, }, { name: "SingleComma", status: "10.0.0.1,", - want: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + want: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { IP: "10.0.0.1", }, @@ -102,8 +102,8 @@ func Test_parseStatusFlag(t *testing.T) { { name: "SingleCommaBefore", status: ",10.0.0.1", - want: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + want: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { IP: "10.0.0.1", }, @@ -113,8 +113,8 @@ func Test_parseStatusFlag(t *testing.T) { { name: "Multi", status: "10.0.0.1,2001:4860:4860::8888,anarbitrarystring", - want: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + want: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { IP: "10.0.0.1", }, @@ -130,8 +130,8 @@ func Test_parseStatusFlag(t *testing.T) { { name: "MultiSpace", status: "10.0.0.1, 2001:4860:4860::8888, anarbitrarystring", - want: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + want: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { IP: "10.0.0.1", }, @@ -155,20 +155,20 @@ func Test_parseStatusFlag(t *testing.T) { func Test_lbAddress(t *testing.T) { tests := []struct { name string - lb v1.LoadBalancerStatus + lb core_v1.LoadBalancerStatus want string }{ { name: "empty Loadbalancer", - lb: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{}, + lb: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{}, }, want: "", }, { name: "IP address loadbalancer", - lb: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + lb: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { IP: "10.0.0.1", }, @@ -178,8 +178,8 @@ func Test_lbAddress(t *testing.T) { }, { name: "Hostname loadbalancer", - lb: v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + lb: core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { Hostname: "somedomain.com", }, diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index 7831265b2b6..7a2a44b142f 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -27,8 +27,8 @@ import ( envoy_server_v3 "github.com/envoyproxy/go-control-plane/pkg/server/v3" "github.com/prometheus/client_golang/prometheus" "github.com/sirupsen/logrus" - corev1 "k8s.io/api/core/v1" - discoveryv1 "k8s.io/api/discovery/v1" + core_v1 "k8s.io/api/core/v1" + discovery_v1 "k8s.io/api/discovery/v1" networking_v1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" @@ -44,8 +44,8 @@ import ( controller_runtime_metrics_server "sigs.k8s.io/controller-runtime/pkg/metrics/server" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/annotation" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/contourconfig" @@ -237,16 +237,16 @@ func NewServer(log logrus.FieldLogger, ctx *serveContext) (*Server, error) { // ByObject is a function that allows changing incoming objects before they are cached by the informer. // This is useful for saving memory by removing fields that are not needed by Contour. ByObject: map[client.Object]ctrl_cache.ByObject{ - &corev1.Secret{}: { + &core_v1.Secret{}: { Transform: func(obj any) (any, error) { - secret, ok := obj.(*corev1.Secret) + secret, ok := obj.(*core_v1.Secret) // TransformFunc should handle the tombstone of type cache.DeletedFinalStateUnknown if !ok { return obj, nil } // Do not touch Secrets that might be needed. - if secret.Type == corev1.SecretTypeTLS || secret.Type == corev1.SecretTypeOpaque { + if secret.Type == core_v1.SecretTypeTLS || secret.Type == core_v1.SecretTypeOpaque { return obj, nil } @@ -260,9 +260,9 @@ func NewServer(log logrus.FieldLogger, ctx *serveContext) (*Server, error) { return secret, nil }, }, - &corev1.ConfigMap{}: { + &core_v1.ConfigMap{}: { Transform: func(obj any) (any, error) { - configMap, ok := obj.(*corev1.ConfigMap) + configMap, ok := obj.(*core_v1.ConfigMap) // TransformFunc should handle the tombstone of type cache.DeletedFinalStateUnknown if !ok { return obj, nil @@ -339,8 +339,8 @@ func NewServer(log logrus.FieldLogger, ctx *serveContext) (*Server, error) { }, nil } -func (s *Server) getConfig() (contour_api_v1alpha1.ContourConfigurationSpec, error) { - var userConfig contour_api_v1alpha1.ContourConfigurationSpec +func (s *Server) getConfig() (contour_v1alpha1.ContourConfigurationSpec, error) { + var userConfig contour_v1alpha1.ContourConfigurationSpec // Get the ContourConfiguration CRD if specified if len(s.ctx.contourConfigurationName) > 0 { @@ -353,13 +353,13 @@ func (s *Server) getConfig() (contour_api_v1alpha1.ContourConfigurationSpec, err contourNamespace = "projectcontour" } - contourConfig := &contour_api_v1alpha1.ContourConfiguration{} + contourConfig := &contour_v1alpha1.ContourConfiguration{} key := client.ObjectKey{Namespace: contourNamespace, Name: s.ctx.contourConfigurationName} // Using GetAPIReader() here because the manager's caches won't be started yet, // so reads from the manager's client (which uses the caches for reads) will fail. if err := s.mgr.GetAPIReader().Get(context.Background(), key, contourConfig); err != nil { - return contour_api_v1alpha1.ContourConfigurationSpec{}, fmt.Errorf("error getting contour configuration %s: %v", key, err) + return contour_v1alpha1.ContourConfigurationSpec{}, fmt.Errorf("error getting contour configuration %s: %v", key, err) } // Copy the Spec from the parsed Configuration @@ -373,11 +373,11 @@ func (s *Server) getConfig() (contour_api_v1alpha1.ContourConfigurationSpec, err // with the final set of config to use. contourConfiguration, err := contourconfig.OverlayOnDefaults(userConfig) if err != nil { - return contour_api_v1alpha1.ContourConfigurationSpec{}, err + return contour_v1alpha1.ContourConfigurationSpec{}, err } if err := contourConfiguration.Validate(); err != nil { - return contour_api_v1alpha1.ContourConfigurationSpec{}, err + return contour_v1alpha1.ContourConfigurationSpec{}, err } return contourConfiguration, nil @@ -508,7 +508,7 @@ func (s *Server) doServe() error { // the contents of the Contour xDS caches after the DAG is built. var snapshotHandler *xdscache_v3.SnapshotHandler - if contourConfiguration.XDSServer.Type == contour_api_v1alpha1.EnvoyServerType { + if contourConfiguration.XDSServer.Type == contour_v1alpha1.EnvoyServerType { snapshotHandler = xdscache_v3.NewSnapshotHandler( resources, envoy_cache_v3.NewSnapshotCache(false, &contour_xds_v3.Hash, s.log.WithField("context", "snapshotCache")), @@ -632,10 +632,10 @@ func (s *Server) doServe() error { // Start to build informers. informerResources := map[string]client.Object{ - "httpproxies": &contour_api_v1.HTTPProxy{}, - "tlscertificatedelegations": &contour_api_v1.TLSCertificateDelegation{}, - "extensionservices": &contour_api_v1alpha1.ExtensionService{}, - "services": &corev1.Service{}, + "httpproxies": &contour_v1.HTTPProxy{}, + "tlscertificatedelegations": &contour_v1.TLSCertificateDelegation{}, + "extensionservices": &contour_v1alpha1.ExtensionService{}, + "services": &core_v1.Service{}, "ingresses": &networking_v1.Ingress{}, } @@ -662,20 +662,20 @@ func (s *Server) doServe() error { handler = k8s.NewNamespaceFilter(sets.List(secretNamespaces), eventHandler) } - if err := s.informOnResource(&corev1.Secret{}, handler); err != nil { + if err := s.informOnResource(&core_v1.Secret{}, handler); err != nil { s.log.WithError(err).WithField("resource", "secrets").Fatal("failed to create informer") } // Inform on endpoints/endpointSlices. if contourConfiguration.FeatureFlags.IsEndpointSliceEnabled() { - if err := s.informOnResource(&discoveryv1.EndpointSlice{}, &contour.EventRecorder{ + if err := s.informOnResource(&discovery_v1.EndpointSlice{}, &contour.EventRecorder{ Next: endpointHandler, Counter: contourMetrics.EventHandlerOperations, }); err != nil { s.log.WithError(err).WithField("resource", "endpointslices").Fatal("failed to create informer") } } else { - if err := s.informOnResource(&corev1.Endpoints{}, &contour.EventRecorder{ + if err := s.informOnResource(&core_v1.Endpoints{}, &contour.EventRecorder{ Next: endpointHandler, Counter: contourMetrics.EventHandlerOperations, }); err != nil { @@ -707,7 +707,7 @@ func (s *Server) doServe() error { lbsw := &loadBalancerStatusWriter{ log: s.log.WithField("context", "loadBalancerStatusWriter"), cache: s.mgr.GetCache(), - lbStatus: make(chan corev1.LoadBalancerStatus, 1), + lbStatus: make(chan core_v1.LoadBalancerStatus, 1), ingressClassNames: ingressClassNames, gatewayControllerName: gatewayControllerName, gatewayRef: gatewayRef, @@ -733,7 +733,7 @@ func (s *Server) doServe() error { handler = k8s.NewNamespaceFilter([]string{contourConfiguration.Envoy.Service.Namespace}, handler) } - if err := s.informOnResource(&corev1.Service{}, handler); err != nil { + if err := s.informOnResource(&core_v1.Service{}, handler); err != nil { s.log.WithError(err).WithField("resource", "services").Fatal("failed to create informer") } @@ -769,7 +769,7 @@ func (s *Server) doServe() error { } func (s *Server) getExtensionSvcConfig(name, namespace string) (xdscache_v3.ExtensionServiceConfig, error) { - extensionSvc := &contour_api_v1alpha1.ExtensionService{} + extensionSvc := &contour_v1alpha1.ExtensionService{} key := client.ObjectKey{ Namespace: namespace, Name: name, @@ -805,7 +805,7 @@ func (s *Server) getExtensionSvcConfig(name, namespace string) (xdscache_v3.Exte return extensionSvcConfig, nil } -func (s *Server) setupTracingService(tracingConfig *contour_api_v1alpha1.TracingConfig) (*xdscache_v3.TracingConfig, error) { +func (s *Server) setupTracingService(tracingConfig *contour_v1alpha1.TracingConfig) (*xdscache_v3.TracingConfig, error) { if tracingConfig == nil { return nil, nil } @@ -850,7 +850,7 @@ func (s *Server) setupTracingService(tracingConfig *contour_api_v1alpha1.Tracing }, nil } -func (s *Server) setupRateLimitService(contourConfiguration contour_api_v1alpha1.ContourConfigurationSpec) (*xdscache_v3.RateLimitConfig, error) { +func (s *Server) setupRateLimitService(contourConfiguration contour_v1alpha1.ContourConfigurationSpec) (*xdscache_v3.RateLimitConfig, error) { if contourConfiguration.RateLimitService == nil { return nil, nil } @@ -870,7 +870,7 @@ func (s *Server) setupRateLimitService(contourConfiguration contour_api_v1alpha1 }, nil } -func (s *Server) setupGlobalExternalAuthentication(contourConfiguration contour_api_v1alpha1.ContourConfigurationSpec) (*xdscache_v3.GlobalExternalAuthConfig, error) { +func (s *Server) setupGlobalExternalAuthentication(contourConfiguration contour_v1alpha1.ContourConfigurationSpec) (*xdscache_v3.GlobalExternalAuthConfig, error) { if contourConfiguration.GlobalExternalAuthorization == nil { return nil, nil } @@ -902,7 +902,7 @@ func (s *Server) setupGlobalExternalAuthentication(contourConfiguration contour_ return globalExternalAuthConfig, nil } -func (s *Server) setupDebugService(debugConfig contour_api_v1alpha1.DebugConfig, builder *dag.Builder) error { +func (s *Server) setupDebugService(debugConfig contour_v1alpha1.DebugConfig, builder *dag.Builder) error { debugsvc := &debug.Service{ Service: httpsvc.Service{ Addr: debugConfig.Address, @@ -917,7 +917,7 @@ func (s *Server) setupDebugService(debugConfig contour_api_v1alpha1.DebugConfig, type xdsServer struct { log logrus.FieldLogger registry *prometheus.Registry - config contour_api_v1alpha1.XDSServerConfig + config contour_v1alpha1.XDSServerConfig snapshotHandler *xdscache_v3.SnapshotHandler resources []xdscache.ResourceCache initialDagBuilt func() bool @@ -941,9 +941,9 @@ func (x *xdsServer) Start(ctx context.Context) error { grpcServer := xds.NewServer(x.registry, grpcOptions(log, x.config.TLS)...) switch x.config.Type { - case contour_api_v1alpha1.EnvoyServerType: + case contour_v1alpha1.EnvoyServerType: contour_xds_v3.RegisterServer(envoy_server_v3.NewServer(ctx, x.snapshotHandler.SnapshotCache, contour_xds_v3.NewRequestLoggingCallbacks(log)), grpcServer) - case contour_api_v1alpha1.ContourServerType: + case contour_v1alpha1.ContourServerType: contour_xds_v3.RegisterServer(contour_xds_v3.NewContourServer(log, xdscache.ResourcesOf(x.resources)...), grpcServer) default: // This can't happen due to config validation. @@ -978,7 +978,7 @@ func (x *xdsServer) Start(ctx context.Context) error { } // setupMetrics creates metrics service for Contour. -func (s *Server) setupMetrics(metricsConfig contour_api_v1alpha1.MetricsConfig, healthConfig contour_api_v1alpha1.HealthConfig, +func (s *Server) setupMetrics(metricsConfig contour_v1alpha1.MetricsConfig, healthConfig contour_v1alpha1.HealthConfig, registry *prometheus.Registry, ) error { // Create metrics service and register with mgr. @@ -1006,8 +1006,8 @@ func (s *Server) setupMetrics(metricsConfig contour_api_v1alpha1.MetricsConfig, return s.mgr.Add(metricsvc) } -func (s *Server) setupHealth(healthConfig contour_api_v1alpha1.HealthConfig, - metricsConfig contour_api_v1alpha1.MetricsConfig, +func (s *Server) setupHealth(healthConfig contour_v1alpha1.HealthConfig, + metricsConfig contour_v1alpha1.MetricsConfig, ) error { if healthConfig.Address != metricsConfig.Address || healthConfig.Port != metricsConfig.Port { healthsvc := &httpsvc.Service{ @@ -1026,7 +1026,7 @@ func (s *Server) setupHealth(healthConfig contour_api_v1alpha1.HealthConfig, return nil } -func (s *Server) setupGatewayAPI(contourConfiguration contour_api_v1alpha1.ContourConfigurationSpec, +func (s *Server) setupGatewayAPI(contourConfiguration contour_v1alpha1.ContourConfigurationSpec, mgr manager.Manager, eventHandler *contour.EventRecorder, sh *k8s.StatusUpdateHandler, ) []leadership.NeedLeaderElectionNotification { needLeadershipNotification := []leadership.NeedLeaderElectionNotification{} @@ -1120,7 +1120,7 @@ func (s *Server) setupGatewayAPI(contourConfiguration contour_api_v1alpha1.Conto // Create and register the BackendTLSPolicy controller with the manager. if _, enabled := features["backendtlspolicies"]; enabled { // Inform on ConfigMap if BackendTLSPolicy is enabled - if err := s.informOnResource(&corev1.ConfigMap{}, eventHandler); err != nil { + if err := s.informOnResource(&core_v1.ConfigMap{}, eventHandler); err != nil { s.log.WithError(err).WithField("resource", "configmaps").Fatal("failed to create informer") } @@ -1135,7 +1135,7 @@ func (s *Server) setupGatewayAPI(contourConfiguration contour_api_v1alpha1.Conto } // Inform on Namespaces. - if err := s.informOnResource(&corev1.Namespace{}, eventHandler); err != nil { + if err := s.informOnResource(&core_v1.Namespace{}, eventHandler); err != nil { s.log.WithError(err).WithField("resource", "namespaces").Fatal("failed to create informer") } } @@ -1149,8 +1149,8 @@ type dagBuilderConfig struct { gatewayRef *types.NamespacedName disablePermitInsecure bool enableExternalNameService bool - dnsLookupFamily contour_api_v1alpha1.ClusterDNSFamilyType - headersPolicy *contour_api_v1alpha1.PolicyConfig + dnsLookupFamily contour_v1alpha1.ClusterDNSFamilyType + headersPolicy *contour_v1alpha1.PolicyConfig clientCert *types.NamespacedName fallbackCert *types.NamespacedName connectTimeout time.Duration @@ -1160,11 +1160,11 @@ type dagBuilderConfig struct { httpPort int httpsAddress string httpsPort int - globalExternalAuthorizationService *contour_api_v1.AuthorizationServer + globalExternalAuthorizationService *contour_v1.AuthorizationServer maxRequestsPerConnection *uint32 perConnectionBufferLimitBytes *uint32 - globalRateLimitService *contour_api_v1alpha1.RateLimitServiceConfig - globalCircuitBreakerDefaults *contour_api_v1alpha1.GlobalCircuitBreakerDefaults + globalRateLimitService *contour_v1alpha1.RateLimitServiceConfig + globalCircuitBreakerDefaults *contour_v1alpha1.GlobalCircuitBreakerDefaults upstreamTLS *dag.UpstreamTLS } diff --git a/cmd/contour/serve_test.go b/cmd/contour/serve_test.go index 4bf95257e73..13e6bd4d7b3 100644 --- a/cmd/contour/serve_test.go +++ b/cmd/contour/serve_test.go @@ -16,13 +16,14 @@ package main import ( "testing" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/ref" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/types" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/ref" ) func TestGetDAGBuilder(t *testing.T) { @@ -46,7 +47,7 @@ func TestGetDAGBuilder(t *testing.T) { serve := &Server{ log: logrus.StandardLogger(), } - got := serve.getDAGBuilder(dagBuilderConfig{rootNamespaces: []string{}, dnsLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily}) + got := serve.getDAGBuilder(dagBuilderConfig{rootNamespaces: []string{}, dnsLookupFamily: contour_v1alpha1.AutoClusterDNSFamily}) commonAssertions(t, got) assert.Empty(t, got.Source.ConfiguredSecretRefs) }) @@ -57,7 +58,7 @@ func TestGetDAGBuilder(t *testing.T) { serve := &Server{ log: logrus.StandardLogger(), } - got := serve.getDAGBuilder(dagBuilderConfig{rootNamespaces: []string{}, dnsLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, clientCert: clientCert}) + got := serve.getDAGBuilder(dagBuilderConfig{rootNamespaces: []string{}, dnsLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, clientCert: clientCert}) commonAssertions(t, got) assert.ElementsMatch(t, got.Source.ConfiguredSecretRefs, []*types.NamespacedName{clientCert}) }) @@ -68,7 +69,7 @@ func TestGetDAGBuilder(t *testing.T) { serve := &Server{ log: logrus.StandardLogger(), } - got := serve.getDAGBuilder(dagBuilderConfig{rootNamespaces: []string{}, dnsLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, fallbackCert: fallbackCert}) + got := serve.getDAGBuilder(dagBuilderConfig{rootNamespaces: []string{}, dnsLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, fallbackCert: fallbackCert}) commonAssertions(t, got) assert.ElementsMatch(t, got.Source.ConfiguredSecretRefs, []*types.NamespacedName{fallbackCert}) }) @@ -80,21 +81,21 @@ func TestGetDAGBuilder(t *testing.T) { serve := &Server{ log: logrus.StandardLogger(), } - got := serve.getDAGBuilder(dagBuilderConfig{rootNamespaces: []string{}, dnsLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, clientCert: clientCert, fallbackCert: fallbackCert}) + got := serve.getDAGBuilder(dagBuilderConfig{rootNamespaces: []string{}, dnsLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, clientCert: clientCert, fallbackCert: fallbackCert}) commonAssertions(t, got) assert.ElementsMatch(t, got.Source.ConfiguredSecretRefs, []*types.NamespacedName{clientCert, fallbackCert}) }) t.Run("request and response headers policy specified", func(t *testing.T) { - policy := &contour_api_v1alpha1.PolicyConfig{ - RequestHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + policy := &contour_v1alpha1.PolicyConfig{ + RequestHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{ "req-set-key-1": "req-set-val-1", "req-set-key-2": "req-set-val-2", }, Remove: []string{"req-remove-key-1", "req-remove-key-2"}, }, - ResponseHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{ "res-set-key-1": "res-set-val-1", "res-set-key-2": "res-set-val-2", @@ -107,7 +108,7 @@ func TestGetDAGBuilder(t *testing.T) { serve := &Server{ log: logrus.StandardLogger(), } - got := serve.getDAGBuilder(dagBuilderConfig{rootNamespaces: []string{}, dnsLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, headersPolicy: policy}) + got := serve.getDAGBuilder(dagBuilderConfig{rootNamespaces: []string{}, dnsLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, headersPolicy: policy}) commonAssertions(t, got) httpProxyProcessor := mustGetHTTPProxyProcessor(t, got) @@ -124,7 +125,7 @@ func TestGetDAGBuilder(t *testing.T) { }) t.Run("GlobalCircuitBreakerDefaults specified for all processors", func(t *testing.T) { - g := contour_api_v1alpha1.GlobalCircuitBreakerDefaults{ + g := contour_v1alpha1.GlobalCircuitBreakerDefaults{ MaxConnections: 100, } @@ -134,7 +135,7 @@ func TestGetDAGBuilder(t *testing.T) { got := serve.getDAGBuilder(dagBuilderConfig{ gatewayControllerName: "projectcontour.io/gateway-controller", rootNamespaces: []string{}, - dnsLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, + dnsLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, globalCircuitBreakerDefaults: &g, }) @@ -149,15 +150,15 @@ func TestGetDAGBuilder(t *testing.T) { }) t.Run("request and response headers policy specified for ingress", func(t *testing.T) { - policy := &contour_api_v1alpha1.PolicyConfig{ - RequestHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + policy := &contour_v1alpha1.PolicyConfig{ + RequestHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{ "req-set-key-1": "req-set-val-1", "req-set-key-2": "req-set-val-2", }, Remove: []string{"req-remove-key-1", "req-remove-key-2"}, }, - ResponseHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{ "res-set-key-1": "res-set-val-1", "res-set-key-2": "res-set-val-2", @@ -172,7 +173,7 @@ func TestGetDAGBuilder(t *testing.T) { } got := serve.getDAGBuilder(dagBuilderConfig{ rootNamespaces: []string{}, - dnsLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, + dnsLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, headersPolicy: policy, }) commonAssertions(t, got) @@ -192,7 +193,7 @@ func TestGetDAGBuilder(t *testing.T) { } got := serve.getDAGBuilder(dagBuilderConfig{ rootNamespaces: []string{}, - dnsLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, + dnsLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, ingressClassNames: ingressClassNames, }) commonAssertions(t, got) @@ -207,7 +208,7 @@ func TestGetDAGBuilder(t *testing.T) { } got := serve.getDAGBuilder(dagBuilderConfig{ rootNamespaces: []string{}, - dnsLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, + dnsLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, ingressClassNames: ingressClassNames, }) commonAssertions(t, got) diff --git a/cmd/contour/servecontext.go b/cmd/contour/servecontext.go index 7e3d024a182..d0c11af843b 100644 --- a/cmd/contour/servecontext.go +++ b/cmd/contour/servecontext.go @@ -23,17 +23,18 @@ import ( "strings" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/sirupsen/logrus" + "google.golang.org/grpc" + "google.golang.org/grpc/credentials" + "google.golang.org/grpc/keepalive" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/ref" xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" "github.com/projectcontour/contour/pkg/config" - "github.com/sirupsen/logrus" - "google.golang.org/grpc" - "google.golang.org/grpc/credentials" - "google.golang.org/grpc/keepalive" ) type serveContext struct { @@ -144,7 +145,7 @@ func newServeContext() *serveContext { // grpcOptions returns a slice of grpc.ServerOptions. // if ctx.PermitInsecureGRPC is false, the option set will // include TLS configuration. -func grpcOptions(log logrus.FieldLogger, contourXDSConfig *contour_api_v1alpha1.TLS) []grpc.ServerOption { +func grpcOptions(log logrus.FieldLogger, contourXDSConfig *contour_v1alpha1.TLS) []grpc.ServerOption { opts := []grpc.ServerOption{ // By default the Go grpc library defaults to a value of ~100 streams per // connection. This number is likely derived from the HTTP/2 spec: @@ -176,7 +177,7 @@ func grpcOptions(log logrus.FieldLogger, contourXDSConfig *contour_api_v1alpha1. // tlsconfig returns a new *tls.Config. If the TLS parameters passed are not properly configured // for tls communication, tlsconfig returns nil. -func tlsconfig(log logrus.FieldLogger, contourXDSTLS *contour_api_v1alpha1.TLS) *tls.Config { +func tlsconfig(log logrus.FieldLogger, contourXDSTLS *contour_v1alpha1.TLS) *tls.Config { err := verifyTLSFlags(contourXDSTLS) if err != nil { log.WithError(err).Fatal("failed to verify TLS flags") @@ -227,7 +228,7 @@ func tlsconfig(log logrus.FieldLogger, contourXDSTLS *contour_api_v1alpha1.TLS) } // verifyTLSFlags indicates if the TLS flags are set up correctly. -func verifyTLSFlags(contourXDSTLS *contour_api_v1alpha1.TLS) error { +func verifyTLSFlags(contourXDSTLS *contour_v1alpha1.TLS) error { if contourXDSTLS.CAFile == "" && contourXDSTLS.CertFile == "" && contourXDSTLS.KeyFile == "" { return errors.New("no TLS parameters and --insecure not supplied. You must supply one or the other") } @@ -265,14 +266,14 @@ func (ctx *serveContext) watchedNamespaces() []string { // parseDefaultHTTPVersions parses a list of supported HTTP versions // (of the form "HTTP/xx") into a slice of unique version constants. -func parseDefaultHTTPVersions(versions []contour_api_v1alpha1.HTTPVersionType) []envoy_v3.HTTPVersionType { +func parseDefaultHTTPVersions(versions []contour_v1alpha1.HTTPVersionType) []envoy_v3.HTTPVersionType { wanted := map[envoy_v3.HTTPVersionType]struct{}{} for _, v := range versions { switch v { - case contour_api_v1alpha1.HTTPVersion1: + case contour_v1alpha1.HTTPVersion1: wanted[envoy_v3.HTTPVersion1] = struct{}{} - case contour_api_v1alpha1.HTTPVersion2: + case contour_v1alpha1.HTTPVersion2: wanted[envoy_v3.HTTPVersion2] = struct{}{} } } @@ -285,22 +286,22 @@ func parseDefaultHTTPVersions(versions []contour_api_v1alpha1.HTTPVersionType) [ return parsed } -func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha1.ContourConfigurationSpec { - ingress := &contour_api_v1alpha1.IngressConfig{} +func (ctx *serveContext) convertToContourConfigurationSpec() contour_v1alpha1.ContourConfigurationSpec { + ingress := &contour_v1alpha1.IngressConfig{} if len(ctx.ingressClassName) > 0 { ingress.ClassNames = strings.Split(ctx.ingressClassName, ",") } ingress.StatusAddress = ctx.Config.IngressStatusAddress - var gatewayConfig *contour_api_v1alpha1.GatewayConfig + var gatewayConfig *contour_v1alpha1.GatewayConfig if ctx.Config.GatewayConfig != nil { - gatewayConfig = &contour_api_v1alpha1.GatewayConfig{ + gatewayConfig = &contour_v1alpha1.GatewayConfig{ // nolint:staticcheck ControllerName: ctx.Config.GatewayConfig.ControllerName, } if ctx.Config.GatewayConfig.GatewayRef != nil { - gatewayConfig.GatewayRef = &contour_api_v1alpha1.NamespacedName{ + gatewayConfig.GatewayRef = &contour_v1alpha1.NamespacedName{ Namespace: ctx.Config.GatewayConfig.GatewayRef.Namespace, Name: ctx.Config.GatewayConfig.GatewayRef.Name, } @@ -312,42 +313,42 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha cipherSuites = append(cipherSuites, suite) } - var accessLogFormat contour_api_v1alpha1.AccessLogType + var accessLogFormat contour_v1alpha1.AccessLogType switch ctx.Config.AccessLogFormat { case config.EnvoyAccessLog: - accessLogFormat = contour_api_v1alpha1.EnvoyAccessLog + accessLogFormat = contour_v1alpha1.EnvoyAccessLog case config.JSONAccessLog: - accessLogFormat = contour_api_v1alpha1.JSONAccessLog + accessLogFormat = contour_v1alpha1.JSONAccessLog } - var accessLogFields contour_api_v1alpha1.AccessLogJSONFields + var accessLogFields contour_v1alpha1.AccessLogJSONFields for _, alf := range ctx.Config.AccessLogFields { accessLogFields = append(accessLogFields, alf) } - var accessLogLevel contour_api_v1alpha1.AccessLogLevel + var accessLogLevel contour_v1alpha1.AccessLogLevel switch ctx.Config.AccessLogLevel { case config.LogLevelInfo: - accessLogLevel = contour_api_v1alpha1.LogLevelInfo + accessLogLevel = contour_v1alpha1.LogLevelInfo case config.LogLevelError: - accessLogLevel = contour_api_v1alpha1.LogLevelError + accessLogLevel = contour_v1alpha1.LogLevelError case config.LogLevelCritical: - accessLogLevel = contour_api_v1alpha1.LogLevelCritical + accessLogLevel = contour_v1alpha1.LogLevelCritical case config.LogLevelDisabled: - accessLogLevel = contour_api_v1alpha1.LogLevelDisabled + accessLogLevel = contour_v1alpha1.LogLevelDisabled } - var defaultHTTPVersions []contour_api_v1alpha1.HTTPVersionType + var defaultHTTPVersions []contour_v1alpha1.HTTPVersionType for _, version := range ctx.Config.DefaultHTTPVersions { switch version { case config.HTTPVersion1: - defaultHTTPVersions = append(defaultHTTPVersions, contour_api_v1alpha1.HTTPVersion1) + defaultHTTPVersions = append(defaultHTTPVersions, contour_v1alpha1.HTTPVersion1) case config.HTTPVersion2: - defaultHTTPVersions = append(defaultHTTPVersions, contour_api_v1alpha1.HTTPVersion2) + defaultHTTPVersions = append(defaultHTTPVersions, contour_v1alpha1.HTTPVersion2) } } - timeoutParams := &contour_api_v1alpha1.TimeoutParameters{} + timeoutParams := &contour_v1alpha1.TimeoutParameters{} if len(ctx.Config.Timeouts.RequestTimeout) > 0 { timeoutParams.RequestTimeout = ref.To(ctx.Config.Timeouts.RequestTimeout) } @@ -370,48 +371,48 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha timeoutParams.ConnectTimeout = ref.To(ctx.Config.Timeouts.ConnectTimeout) } - var dnsLookupFamily contour_api_v1alpha1.ClusterDNSFamilyType + var dnsLookupFamily contour_v1alpha1.ClusterDNSFamilyType switch ctx.Config.Cluster.DNSLookupFamily { case config.AutoClusterDNSFamily: - dnsLookupFamily = contour_api_v1alpha1.AutoClusterDNSFamily + dnsLookupFamily = contour_v1alpha1.AutoClusterDNSFamily case config.IPv6ClusterDNSFamily: - dnsLookupFamily = contour_api_v1alpha1.IPv6ClusterDNSFamily + dnsLookupFamily = contour_v1alpha1.IPv6ClusterDNSFamily case config.IPv4ClusterDNSFamily: - dnsLookupFamily = contour_api_v1alpha1.IPv4ClusterDNSFamily + dnsLookupFamily = contour_v1alpha1.IPv4ClusterDNSFamily case config.AllClusterDNSFamily: - dnsLookupFamily = contour_api_v1alpha1.AllClusterDNSFamily + dnsLookupFamily = contour_v1alpha1.AllClusterDNSFamily } - var tracingConfig *contour_api_v1alpha1.TracingConfig + var tracingConfig *contour_v1alpha1.TracingConfig if ctx.Config.Tracing != nil { namespacedName := k8s.NamespacedNameFrom(ctx.Config.Tracing.ExtensionService) - var customTags []*contour_api_v1alpha1.CustomTag + var customTags []*contour_v1alpha1.CustomTag for _, customTag := range ctx.Config.Tracing.CustomTags { - customTags = append(customTags, &contour_api_v1alpha1.CustomTag{ + customTags = append(customTags, &contour_v1alpha1.CustomTag{ TagName: customTag.TagName, Literal: customTag.Literal, RequestHeaderName: customTag.RequestHeaderName, }) } - tracingConfig = &contour_api_v1alpha1.TracingConfig{ + tracingConfig = &contour_v1alpha1.TracingConfig{ IncludePodDetail: ctx.Config.Tracing.IncludePodDetail, ServiceName: ctx.Config.Tracing.ServiceName, OverallSampling: ctx.Config.Tracing.OverallSampling, MaxPathTagLength: ctx.Config.Tracing.MaxPathTagLength, CustomTags: customTags, - ExtensionService: &contour_api_v1alpha1.NamespacedName{ + ExtensionService: &contour_v1alpha1.NamespacedName{ Name: namespacedName.Name, Namespace: namespacedName.Namespace, }, } } - var rateLimitService *contour_api_v1alpha1.RateLimitServiceConfig + var rateLimitService *contour_v1alpha1.RateLimitServiceConfig if ctx.Config.RateLimitService.ExtensionService != "" { nsedName := k8s.NamespacedNameFrom(ctx.Config.RateLimitService.ExtensionService) - rateLimitService = &contour_api_v1alpha1.RateLimitServiceConfig{ - ExtensionService: contour_api_v1alpha1.NamespacedName{ + rateLimitService = &contour_v1alpha1.RateLimitServiceConfig{ + ExtensionService: contour_v1alpha1.NamespacedName{ Name: nsedName.Name, Namespace: nsedName.Namespace, }, @@ -423,21 +424,21 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha } } - var serverHeaderTransformation contour_api_v1alpha1.ServerHeaderTransformationType + var serverHeaderTransformation contour_v1alpha1.ServerHeaderTransformationType switch ctx.Config.ServerHeaderTransformation { case config.OverwriteServerHeader: - serverHeaderTransformation = contour_api_v1alpha1.OverwriteServerHeader + serverHeaderTransformation = contour_v1alpha1.OverwriteServerHeader case config.AppendIfAbsentServerHeader: - serverHeaderTransformation = contour_api_v1alpha1.AppendIfAbsentServerHeader + serverHeaderTransformation = contour_v1alpha1.AppendIfAbsentServerHeader case config.PassThroughServerHeader: - serverHeaderTransformation = contour_api_v1alpha1.PassThroughServerHeader + serverHeaderTransformation = contour_v1alpha1.PassThroughServerHeader } - var globalExtAuth *contour_api_v1.AuthorizationServer + var globalExtAuth *contour_v1.AuthorizationServer if ctx.Config.GlobalExternalAuthorization.ExtensionService != "" { nsedName := k8s.NamespacedNameFrom(ctx.Config.GlobalExternalAuthorization.ExtensionService) - globalExtAuth = &contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + globalExtAuth = &contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Name: nsedName.Name, Namespace: nsedName.Namespace, }, @@ -446,14 +447,14 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha } if ctx.Config.GlobalExternalAuthorization.AuthPolicy != nil { - globalExtAuth.AuthPolicy = &contour_api_v1.AuthorizationPolicy{ + globalExtAuth.AuthPolicy = &contour_v1.AuthorizationPolicy{ Disabled: ctx.Config.GlobalExternalAuthorization.AuthPolicy.Disabled, Context: ctx.Config.GlobalExternalAuthorization.AuthPolicy.Context, } } if ctx.Config.GlobalExternalAuthorization.WithRequestBody != nil { - globalExtAuth.WithRequestBody = &contour_api_v1.AuthorizationServerBufferSettings{ + globalExtAuth.WithRequestBody = &contour_v1.AuthorizationServerBufferSettings{ MaxRequestBytes: ctx.Config.GlobalExternalAuthorization.WithRequestBody.MaxRequestBytes, AllowPartialMessage: ctx.Config.GlobalExternalAuthorization.WithRequestBody.AllowPartialMessage, PackAsBytes: ctx.Config.GlobalExternalAuthorization.WithRequestBody.PackAsBytes, @@ -461,40 +462,40 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha } } - policy := &contour_api_v1alpha1.PolicyConfig{ - RequestHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + policy := &contour_v1alpha1.PolicyConfig{ + RequestHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: ctx.Config.Policy.RequestHeadersPolicy.Set, Remove: ctx.Config.Policy.RequestHeadersPolicy.Remove, }, - ResponseHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: ctx.Config.Policy.ResponseHeadersPolicy.Set, Remove: ctx.Config.Policy.ResponseHeadersPolicy.Remove, }, ApplyToIngress: ref.To(ctx.Config.Policy.ApplyToIngress), } - var clientCertificate *contour_api_v1alpha1.NamespacedName + var clientCertificate *contour_v1alpha1.NamespacedName if len(ctx.Config.TLS.ClientCertificate.Name) > 0 { - clientCertificate = &contour_api_v1alpha1.NamespacedName{ + clientCertificate = &contour_v1alpha1.NamespacedName{ Name: ctx.Config.TLS.ClientCertificate.Name, Namespace: ctx.Config.TLS.ClientCertificate.Namespace, } } - var fallbackCertificate *contour_api_v1alpha1.NamespacedName + var fallbackCertificate *contour_v1alpha1.NamespacedName if len(ctx.Config.TLS.FallbackCertificate.Name) > 0 { - fallbackCertificate = &contour_api_v1alpha1.NamespacedName{ + fallbackCertificate = &contour_v1alpha1.NamespacedName{ Name: ctx.Config.TLS.FallbackCertificate.Name, Namespace: ctx.Config.TLS.FallbackCertificate.Namespace, } } - contourMetrics := contour_api_v1alpha1.MetricsConfig{ + contourMetrics := contour_v1alpha1.MetricsConfig{ Address: ctx.metricsAddr, Port: ctx.metricsPort, } - envoyMetrics := contour_api_v1alpha1.MetricsConfig{ + envoyMetrics := contour_v1alpha1.MetricsConfig{ Address: ctx.statsAddr, Port: ctx.statsPort, } @@ -510,18 +511,18 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha setMetricsFromConfig(ctx.Config.Metrics.Envoy, &envoyMetrics) // Convert serveContext to a ContourConfiguration - contourConfiguration := contour_api_v1alpha1.ContourConfigurationSpec{ + contourConfiguration := contour_v1alpha1.ContourConfigurationSpec{ Ingress: ingress, - Debug: &contour_api_v1alpha1.DebugConfig{ + Debug: &contour_v1alpha1.DebugConfig{ Address: ctx.debugAddr, Port: ctx.debugPort, }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: ctx.healthAddr, Port: ctx.healthPort, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Listener: &contour_api_v1alpha1.EnvoyListenerConfig{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Listener: &contour_v1alpha1.EnvoyListenerConfig{ UseProxyProto: &ctx.useProxyProto, DisableAllowChunkedLength: &ctx.Config.DisableAllowChunkedLength, DisableMergeSlashes: &ctx.Config.DisableMergeSlashes, @@ -532,37 +533,37 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha MaxRequestsPerIOCycle: ctx.Config.Listener.MaxRequestsPerIOCycle, HTTP2MaxConcurrentStreams: ctx.Config.Listener.HTTP2MaxConcurrentStreams, MaxConnectionsPerListener: ctx.Config.Listener.MaxConnectionsPerListener, - TLS: &contour_api_v1alpha1.EnvoyTLS{ + TLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: ctx.Config.TLS.MinimumProtocolVersion, MaximumProtocolVersion: ctx.Config.TLS.MaximumProtocolVersion, CipherSuites: cipherSuites, }, - SocketOptions: &contour_api_v1alpha1.SocketOptions{ + SocketOptions: &contour_v1alpha1.SocketOptions{ TOS: ctx.Config.Listener.SocketOptions.TOS, TrafficClass: ctx.Config.Listener.SocketOptions.TrafficClass, }, }, - Service: &contour_api_v1alpha1.NamespacedName{ + Service: &contour_v1alpha1.NamespacedName{ Name: ctx.Config.EnvoyServiceName, Namespace: ctx.Config.EnvoyServiceNamespace, }, - HTTPListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPListener: &contour_v1alpha1.EnvoyListener{ Address: ctx.httpAddr, Port: ctx.httpPort, AccessLog: ctx.httpAccessLog, }, - HTTPSListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPSListener: &contour_v1alpha1.EnvoyListener{ Address: ctx.httpsAddr, Port: ctx.httpsPort, AccessLog: ctx.httpsAccessLog, }, Metrics: &envoyMetrics, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: ctx.statsAddr, Port: ctx.statsPort, }, ClientCertificate: clientCertificate, - Logging: &contour_api_v1alpha1.EnvoyLogging{ + Logging: &contour_v1alpha1.EnvoyLogging{ AccessLogFormat: accessLogFormat, AccessLogFormatString: ctx.Config.AccessLogFormatString, AccessLogJSONFields: accessLogFields, @@ -570,24 +571,24 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha }, DefaultHTTPVersions: defaultHTTPVersions, Timeouts: timeoutParams, - Cluster: &contour_api_v1alpha1.ClusterParameters{ + Cluster: &contour_v1alpha1.ClusterParameters{ DNSLookupFamily: dnsLookupFamily, MaxRequestsPerConnection: ctx.Config.Cluster.MaxRequestsPerConnection, PerConnectionBufferLimitBytes: ctx.Config.Cluster.PerConnectionBufferLimitBytes, GlobalCircuitBreakerDefaults: ctx.Config.Cluster.GlobalCircuitBreakerDefaults, - UpstreamTLS: &contour_api_v1alpha1.EnvoyTLS{ + UpstreamTLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: ctx.Config.Cluster.UpstreamTLS.MinimumProtocolVersion, MaximumProtocolVersion: ctx.Config.Cluster.UpstreamTLS.MaximumProtocolVersion, CipherSuites: ctx.Config.Cluster.UpstreamTLS.CipherSuites, }, }, - Network: &contour_api_v1alpha1.NetworkParameters{ + Network: &contour_v1alpha1.NetworkParameters{ XffNumTrustedHops: &ctx.Config.Network.XffNumTrustedHops, EnvoyAdminPort: &ctx.Config.Network.EnvoyAdminPort, }, }, Gateway: gatewayConfig, - HTTPProxy: &contour_api_v1alpha1.HTTPProxyConfig{ + HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ DisablePermitInsecure: &ctx.Config.DisablePermitInsecure, RootNamespaces: ctx.proxyRootNamespaces(), FallbackCertificate: fallbackCertificate, @@ -601,16 +602,16 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha FeatureFlags: ctx.Config.FeatureFlags, } - xdsServerType := contour_api_v1alpha1.ContourServerType + xdsServerType := contour_v1alpha1.ContourServerType if ctx.Config.Server.XDSServerType == config.EnvoyServerType { - xdsServerType = contour_api_v1alpha1.EnvoyServerType + xdsServerType = contour_v1alpha1.EnvoyServerType } - contourConfiguration.XDSServer = &contour_api_v1alpha1.XDSServerConfig{ + contourConfiguration.XDSServer = &contour_v1alpha1.XDSServerConfig{ Type: xdsServerType, Address: ctx.xdsAddr, Port: ctx.xdsPort, - TLS: &contour_api_v1alpha1.TLS{ + TLS: &contour_v1alpha1.TLS{ CAFile: ctx.caFile, CertFile: ctx.contourCert, KeyFile: ctx.contourKey, @@ -621,7 +622,7 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_api_v1alpha return contourConfiguration } -func setMetricsFromConfig(src config.MetricsServerParameters, dst *contour_api_v1alpha1.MetricsConfig) { +func setMetricsFromConfig(src config.MetricsServerParameters, dst *contour_v1alpha1.MetricsConfig) { if len(src.Address) > 0 { dst.Address = src.Address } @@ -631,7 +632,7 @@ func setMetricsFromConfig(src config.MetricsServerParameters, dst *contour_api_v } if src.HasTLS() { - dst.TLS = &contour_api_v1alpha1.MetricsTLS{ + dst.TLS = &contour_v1alpha1.MetricsTLS{ CertFile: src.ServerCert, KeyFile: src.ServerKey, CAFile: src.CABundle, diff --git a/cmd/contour/servecontext_test.go b/cmd/contour/servecontext_test.go index 395b4966d1c..af4c03f3ff3 100644 --- a/cmd/contour/servecontext_test.go +++ b/cmd/contour/servecontext_test.go @@ -24,15 +24,16 @@ import ( "testing" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/stretchr/testify/assert" + "github.com/tsaarni/certyaml" + "google.golang.org/grpc" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/pkg/config" - "github.com/stretchr/testify/assert" - "github.com/tsaarni/certyaml" - "google.golang.org/grpc" ) func TestServeContextProxyRootNamespaces(t *testing.T) { @@ -84,11 +85,11 @@ func TestServeContextProxyRootNamespaces(t *testing.T) { func TestServeContextTLSParams(t *testing.T) { tests := map[string]struct { - tls *contour_api_v1alpha1.TLS + tls *contour_v1alpha1.TLS expectError bool }{ "tls supplied correctly": { - tls: &contour_api_v1alpha1.TLS{ + tls: &contour_v1alpha1.TLS{ CAFile: "cacert.pem", CertFile: "contourcert.pem", KeyFile: "contourkey.pem", @@ -97,7 +98,7 @@ func TestServeContextTLSParams(t *testing.T) { expectError: false, }, "tls partially supplied": { - tls: &contour_api_v1alpha1.TLS{ + tls: &contour_v1alpha1.TLS{ CertFile: "contourcert.pem", KeyFile: "contourkey.pem", Insecure: ref.To(false), @@ -105,7 +106,7 @@ func TestServeContextTLSParams(t *testing.T) { expectError: true, }, "tls not supplied": { - tls: &contour_api_v1alpha1.TLS{}, + tls: &contour_v1alpha1.TLS{}, expectError: true, }, } @@ -186,7 +187,7 @@ func TestServeContextCertificateHandling(t *testing.T) { checkFatalErr(t, err) defer os.RemoveAll(configDir) - contourTLS := &contour_api_v1alpha1.TLS{ + contourTLS := &contour_v1alpha1.TLS{ CAFile: filepath.Join(configDir, "CAcert.pem"), CertFile: filepath.Join(configDir, "contourcert.pem"), KeyFile: filepath.Join(configDir, "contourkey.pem"), @@ -252,7 +253,7 @@ func TestTlsVersionDeprecation(t *testing.T) { Issuer: &caCert, } - contourTLS := &contour_api_v1alpha1.TLS{ + contourTLS := &contour_v1alpha1.TLS{ CAFile: filepath.Join(configDir, "CAcert.pem"), CertFile: filepath.Join(configDir, "contourcert.pem"), KeyFile: filepath.Join(configDir, "contourkey.pem"), @@ -322,25 +323,25 @@ func peekError(conn net.Conn) error { func TestParseHTTPVersions(t *testing.T) { cases := map[string]struct { - versions []contour_api_v1alpha1.HTTPVersionType + versions []contour_v1alpha1.HTTPVersionType parseVersions []envoy_v3.HTTPVersionType }{ "empty": { - versions: []contour_api_v1alpha1.HTTPVersionType{}, + versions: []contour_v1alpha1.HTTPVersionType{}, parseVersions: nil, }, "http/1.1": { - versions: []contour_api_v1alpha1.HTTPVersionType{contour_api_v1alpha1.HTTPVersion1}, + versions: []contour_v1alpha1.HTTPVersionType{contour_v1alpha1.HTTPVersion1}, parseVersions: []envoy_v3.HTTPVersionType{envoy_v3.HTTPVersion1}, }, "http/1.1+http/2": { - versions: []contour_api_v1alpha1.HTTPVersionType{contour_api_v1alpha1.HTTPVersion1, contour_api_v1alpha1.HTTPVersion2}, + versions: []contour_v1alpha1.HTTPVersionType{contour_v1alpha1.HTTPVersion1, contour_v1alpha1.HTTPVersion2}, parseVersions: []envoy_v3.HTTPVersionType{envoy_v3.HTTPVersion1, envoy_v3.HTTPVersion2}, }, "http/1.1+http/2 duplicated": { - versions: []contour_api_v1alpha1.HTTPVersionType{ - contour_api_v1alpha1.HTTPVersion1, contour_api_v1alpha1.HTTPVersion2, - contour_api_v1alpha1.HTTPVersion1, contour_api_v1alpha1.HTTPVersion2, + versions: []contour_v1alpha1.HTTPVersionType{ + contour_v1alpha1.HTTPVersion1, contour_v1alpha1.HTTPVersion2, + contour_v1alpha1.HTTPVersion1, contour_v1alpha1.HTTPVersion2, }, parseVersions: []envoy_v3.HTTPVersionType{envoy_v3.HTTPVersion1, envoy_v3.HTTPVersion2}, }, @@ -375,74 +376,74 @@ func TestConvertServeContext(t *testing.T) { return ctx } - defaultContourConfiguration := func() contour_api_v1alpha1.ContourConfigurationSpec { - return contour_api_v1alpha1.ContourConfigurationSpec{ - XDSServer: &contour_api_v1alpha1.XDSServerConfig{ - Type: contour_api_v1alpha1.ContourServerType, + defaultContourConfiguration := func() contour_v1alpha1.ContourConfigurationSpec { + return contour_v1alpha1.ContourConfigurationSpec{ + XDSServer: &contour_v1alpha1.XDSServerConfig{ + Type: contour_v1alpha1.ContourServerType, Address: "127.0.0.1", Port: 8001, - TLS: &contour_api_v1alpha1.TLS{ + TLS: &contour_v1alpha1.TLS{ CAFile: "/certs/ca.crt", CertFile: "/certs/cert.crt", KeyFile: "/certs/cert.key", Insecure: ref.To(false), }, }, - Ingress: &contour_api_v1alpha1.IngressConfig{ + Ingress: &contour_v1alpha1.IngressConfig{ ClassNames: nil, StatusAddress: "", }, - Debug: &contour_api_v1alpha1.DebugConfig{ + Debug: &contour_v1alpha1.DebugConfig{ Address: "127.0.0.1", Port: 6060, }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: "0.0.0.0", Port: 8000, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Service: &contour_api_v1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Name: "envoy", Namespace: "projectcontour", }, - Listener: &contour_api_v1alpha1.EnvoyListenerConfig{ + Listener: &contour_v1alpha1.EnvoyListenerConfig{ UseProxyProto: ref.To(false), DisableAllowChunkedLength: ref.To(false), DisableMergeSlashes: ref.To(false), - ServerHeaderTransformation: contour_api_v1alpha1.OverwriteServerHeader, - TLS: &contour_api_v1alpha1.EnvoyTLS{ + ServerHeaderTransformation: contour_v1alpha1.OverwriteServerHeader, + TLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: "", MaximumProtocolVersion: "", }, - SocketOptions: &contour_api_v1alpha1.SocketOptions{ + SocketOptions: &contour_v1alpha1.SocketOptions{ TOS: 0, TrafficClass: 0, }, }, - HTTPListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPListener: &contour_v1alpha1.EnvoyListener{ Address: "0.0.0.0", Port: 8080, AccessLog: "/dev/stdout", }, - HTTPSListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPSListener: &contour_v1alpha1.EnvoyListener{ Address: "0.0.0.0", Port: 8443, AccessLog: "/dev/stdout", }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: "0.0.0.0", Port: 8002, }, - Metrics: &contour_api_v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: "0.0.0.0", Port: 8002, }, ClientCertificate: nil, - Logging: &contour_api_v1alpha1.EnvoyLogging{ - AccessLogFormat: contour_api_v1alpha1.EnvoyAccessLog, + Logging: &contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.EnvoyAccessLog, AccessLogFormatString: "", - AccessLogLevel: contour_api_v1alpha1.LogLevelInfo, - AccessLogJSONFields: contour_api_v1alpha1.AccessLogJSONFields([]string{ + AccessLogLevel: contour_v1alpha1.LogLevelInfo, + AccessLogJSONFields: contour_v1alpha1.AccessLogJSONFields([]string{ "@timestamp", "authority", "bytes_received", @@ -469,37 +470,37 @@ func TestConvertServeContext(t *testing.T) { }), }, DefaultHTTPVersions: nil, - Timeouts: &contour_api_v1alpha1.TimeoutParameters{ + Timeouts: &contour_v1alpha1.TimeoutParameters{ ConnectionIdleTimeout: ref.To("60s"), ConnectTimeout: ref.To("2s"), }, - Cluster: &contour_api_v1alpha1.ClusterParameters{ - DNSLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, + Cluster: &contour_v1alpha1.ClusterParameters{ + DNSLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, GlobalCircuitBreakerDefaults: nil, - UpstreamTLS: &contour_api_v1alpha1.EnvoyTLS{ + UpstreamTLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: "", MaximumProtocolVersion: "", }, }, - Network: &contour_api_v1alpha1.NetworkParameters{ + Network: &contour_v1alpha1.NetworkParameters{ EnvoyAdminPort: ref.To(9001), XffNumTrustedHops: ref.To(uint32(0)), }, }, Gateway: nil, - HTTPProxy: &contour_api_v1alpha1.HTTPProxyConfig{ + HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ DisablePermitInsecure: ref.To(false), FallbackCertificate: nil, }, EnableExternalNameService: ref.To(false), RateLimitService: nil, GlobalExternalAuthorization: nil, - Policy: &contour_api_v1alpha1.PolicyConfig{ - RequestHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{}, - ResponseHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{}, + Policy: &contour_v1alpha1.PolicyConfig{ + RequestHeadersPolicy: &contour_v1alpha1.HeadersPolicy{}, + ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{}, ApplyToIngress: ref.To(false), }, - Metrics: &contour_api_v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: "0.0.0.0", Port: 8000, }, @@ -508,13 +509,13 @@ func TestConvertServeContext(t *testing.T) { cases := map[string]struct { getServeContext func(ctx *serveContext) *serveContext - getContourConfiguration func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec + getContourConfiguration func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec }{ "default ServeContext": { getServeContext: func(ctx *serveContext) *serveContext { return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { return cfg }, }, @@ -533,13 +534,13 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Policy = &contour_api_v1alpha1.PolicyConfig{ - RequestHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Policy = &contour_v1alpha1.PolicyConfig{ + RequestHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{"custom-request-header-set": "foo-bar", "Host": "request-bar.com"}, Remove: []string{"custom-request-header-remove"}, }, - ResponseHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{"custom-response-header-set": "foo-bar", "Host": "response-bar.com"}, Remove: []string{"custom-response-header-remove"}, }, @@ -554,8 +555,8 @@ func TestConvertServeContext(t *testing.T) { ctx.Config.IngressStatusAddress = "1.2.3.4" return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Ingress = &contour_api_v1alpha1.IngressConfig{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Ingress = &contour_v1alpha1.IngressConfig{ ClassNames: []string{"coolclass"}, StatusAddress: "1.2.3.4", } @@ -569,8 +570,8 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Gateway = &contour_api_v1alpha1.GatewayConfig{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Gateway = &contour_v1alpha1.GatewayConfig{ ControllerName: "projectcontour.io/gateway-controller", } return cfg @@ -586,9 +587,9 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Gateway = &contour_api_v1alpha1.GatewayConfig{ - GatewayRef: &contour_api_v1alpha1.NamespacedName{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Gateway = &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: "gateway-namespace", Name: "gateway-name", }, @@ -604,8 +605,8 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Envoy.ClientCertificate = &contour_api_v1alpha1.NamespacedName{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Envoy.ClientCertificate = &contour_v1alpha1.NamespacedName{ Name: "cert", Namespace: "secretplace", } @@ -621,10 +622,10 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.HTTPProxy = &contour_api_v1alpha1.HTTPProxyConfig{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.HTTPProxy = &contour_v1alpha1.HTTPProxyConfig{ DisablePermitInsecure: ref.To(true), - FallbackCertificate: &contour_api_v1alpha1.NamespacedName{ + FallbackCertificate: &contour_v1alpha1.NamespacedName{ Name: "fallbackname", Namespace: "fallbacknamespace", }, @@ -640,12 +641,12 @@ func TestConvertServeContext(t *testing.T) { FailOpen: true, EnableXRateLimitHeaders: true, EnableResourceExhaustedCode: true, - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "foo", Value: "bar", }, @@ -657,9 +658,9 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.RateLimitService = &contour_api_v1alpha1.RateLimitServiceConfig{ - ExtensionService: contour_api_v1alpha1.NamespacedName{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.RateLimitService = &contour_v1alpha1.RateLimitServiceConfig{ + ExtensionService: contour_v1alpha1.NamespacedName{ Name: "ratelimitext", Namespace: "ratens", }, @@ -667,12 +668,12 @@ func TestConvertServeContext(t *testing.T) { FailOpen: ref.To(true), EnableXRateLimitHeaders: ref.To(true), EnableResourceExhaustedCode: ref.To(true), - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "foo", Value: "bar", }, @@ -692,9 +693,9 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Envoy.DefaultHTTPVersions = []contour_api_v1alpha1.HTTPVersionType{ - contour_api_v1alpha1.HTTPVersion1, + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Envoy.DefaultHTTPVersions = []contour_v1alpha1.HTTPVersionType{ + contour_v1alpha1.HTTPVersion1, } return cfg }, @@ -706,12 +707,12 @@ func TestConvertServeContext(t *testing.T) { ctx.Config.AccessLogFields = []string{"custom_field"} return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Envoy.Logging = &contour_api_v1alpha1.EnvoyLogging{ - AccessLogFormat: contour_api_v1alpha1.JSONAccessLog, + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Envoy.Logging = &contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.JSONAccessLog, AccessLogFormatString: "foo-bar-baz", - AccessLogLevel: contour_api_v1alpha1.LogLevelInfo, - AccessLogJSONFields: contour_api_v1alpha1.AccessLogJSONFields([]string{ + AccessLogLevel: contour_v1alpha1.LogLevelInfo, + AccessLogJSONFields: contour_v1alpha1.AccessLogJSONFields([]string{ "custom_field", }), } @@ -726,12 +727,12 @@ func TestConvertServeContext(t *testing.T) { ctx.Config.AccessLogLevel = config.LogLevelError return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Envoy.Logging = &contour_api_v1alpha1.EnvoyLogging{ - AccessLogFormat: contour_api_v1alpha1.JSONAccessLog, + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Envoy.Logging = &contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.JSONAccessLog, AccessLogFormatString: "foo-bar-baz", - AccessLogLevel: contour_api_v1alpha1.LogLevelError, - AccessLogJSONFields: contour_api_v1alpha1.AccessLogJSONFields([]string{ + AccessLogLevel: contour_v1alpha1.LogLevelError, + AccessLogJSONFields: contour_v1alpha1.AccessLogJSONFields([]string{ "custom_field", }), } @@ -746,12 +747,12 @@ func TestConvertServeContext(t *testing.T) { ctx.Config.AccessLogLevel = config.LogLevelCritical return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Envoy.Logging = &contour_api_v1alpha1.EnvoyLogging{ - AccessLogFormat: contour_api_v1alpha1.JSONAccessLog, + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Envoy.Logging = &contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.JSONAccessLog, AccessLogFormatString: "foo-bar-baz", - AccessLogLevel: contour_api_v1alpha1.LogLevelCritical, - AccessLogJSONFields: contour_api_v1alpha1.AccessLogJSONFields([]string{ + AccessLogLevel: contour_v1alpha1.LogLevelCritical, + AccessLogJSONFields: contour_v1alpha1.AccessLogJSONFields([]string{ "custom_field", }), } @@ -763,7 +764,7 @@ func TestConvertServeContext(t *testing.T) { ctx.Config.DisableMergeSlashes = true return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { cfg.Envoy.Listener.DisableMergeSlashes = ref.To(true) return cfg }, @@ -773,14 +774,14 @@ func TestConvertServeContext(t *testing.T) { ctx.Config.ServerHeaderTransformation = config.AppendIfAbsentServerHeader return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Envoy.Listener.ServerHeaderTransformation = contour_api_v1alpha1.AppendIfAbsentServerHeader + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Envoy.Listener.ServerHeaderTransformation = contour_v1alpha1.AppendIfAbsentServerHeader return cfg }, }, "global circuit breaker defaults": { getServeContext: func(ctx *serveContext) *serveContext { - ctx.Config.Cluster.GlobalCircuitBreakerDefaults = &contour_api_v1alpha1.GlobalCircuitBreakerDefaults{ + ctx.Config.Cluster.GlobalCircuitBreakerDefaults = &contour_v1alpha1.GlobalCircuitBreakerDefaults{ MaxConnections: 4, MaxPendingRequests: 5, MaxRequests: 6, @@ -788,8 +789,8 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Envoy.Cluster.GlobalCircuitBreakerDefaults = &contour_api_v1alpha1.GlobalCircuitBreakerDefaults{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Envoy.Cluster.GlobalCircuitBreakerDefaults = &contour_v1alpha1.GlobalCircuitBreakerDefaults{ MaxConnections: 4, MaxPendingRequests: 5, MaxRequests: 6, @@ -816,20 +817,20 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.GlobalExternalAuthorization = &contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.GlobalExternalAuthorization = &contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Name: "extauthtext", Namespace: "extauthns", }, FailOpen: true, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "foo": "bar", }, Disabled: false, }, - WithRequestBody: &contour_api_v1.AuthorizationServerBufferSettings{ + WithRequestBody: &contour_v1.AuthorizationServerBufferSettings{ MaxRequestBytes: 512, PackAsBytes: true, AllowPartialMessage: true, @@ -859,13 +860,13 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Tracing = &contour_api_v1alpha1.TracingConfig{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Tracing = &contour_v1alpha1.TracingConfig{ IncludePodDetail: ref.To(false), ServiceName: ref.To("contour"), OverallSampling: ref.To("100"), MaxPathTagLength: ref.To(uint32(256)), - CustomTags: []*contour_api_v1alpha1.CustomTag{ + CustomTags: []*contour_v1alpha1.CustomTag{ { TagName: "literal", Literal: "this is literal", @@ -875,7 +876,7 @@ func TestConvertServeContext(t *testing.T) { RequestHeaderName: ":method", }, }, - ExtensionService: &contour_api_v1alpha1.NamespacedName{ + ExtensionService: &contour_v1alpha1.NamespacedName{ Name: "otel-collector", Namespace: "otel", }, @@ -890,9 +891,9 @@ func TestConvertServeContext(t *testing.T) { } return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { - cfg.Tracing = &contour_api_v1alpha1.TracingConfig{ - ExtensionService: &contour_api_v1alpha1.NamespacedName{ + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { + cfg.Tracing = &contour_v1alpha1.TracingConfig{ + ExtensionService: &contour_v1alpha1.NamespacedName{ Name: "otel-collector", Namespace: "otel", }, @@ -907,7 +908,7 @@ func TestConvertServeContext(t *testing.T) { ctx.Config.Listener.MaxConnectionsPerListener = ref.To(uint32(50)) return ctx }, - getContourConfiguration: func(cfg contour_api_v1alpha1.ContourConfigurationSpec) contour_api_v1alpha1.ContourConfigurationSpec { + getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { cfg.Envoy.Listener.MaxRequestsPerIOCycle = ref.To(uint32(10)) cfg.Envoy.Listener.HTTP2MaxConcurrentStreams = ref.To(uint32(30)) cfg.Envoy.Listener.MaxConnectionsPerListener = ref.To(uint32(50)) diff --git a/hack/generate-metrics-doc.go b/hack/generate-metrics-doc.go index 9f13c243fe6..7692d6f89f8 100644 --- a/hack/generate-metrics-doc.go +++ b/hack/generate-metrics-doc.go @@ -19,10 +19,11 @@ import ( "os" "strings" - "github.com/projectcontour/contour/internal/metrics" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/testutil/promlint" dto "github.com/prometheus/client_model/go" + + "github.com/projectcontour/contour/internal/metrics" ) // Collect all the label names for this metric and return them as diff --git a/hack/gofumpt b/hack/gofumpt deleted file mode 100755 index 49d8e719f02..00000000000 --- a/hack/gofumpt +++ /dev/null @@ -1,3 +0,0 @@ -#! /usr/bin/env bash - -go run mvdan.cc/gofumpt@v0.5.0 "$@" diff --git a/internal/annotation/annotations.go b/internal/annotation/annotations.go index 1a292ccfa8b..d1eae986ab5 100644 --- a/internal/annotation/annotations.go +++ b/internal/annotation/annotations.go @@ -18,9 +18,10 @@ import ( "strconv" "strings" - "github.com/projectcontour/contour/internal/timeout" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/projectcontour/contour/internal/timeout" ) // IsKnown checks if an annotation is one Contour knows about. @@ -97,7 +98,7 @@ func ValidForKind(kind, key string) bool { // ContourAnnotation checks the Object for the given annotation with the // "projectcontour.io/" prefix. -func ContourAnnotation(o metav1.Object, key string) string { +func ContourAnnotation(o meta_v1.Object, key string) string { a := o.GetAnnotations() return a["projectcontour.io/"+key] @@ -199,7 +200,7 @@ func PerTryTimeout(i *networking_v1.Ingress) (timeout.Setting, error) { // annotations: // 1. projectcontour.io/ingress.class // 2. kubernetes.io/ingress.class -func IngressClass(o metav1.Object) string { +func IngressClass(o meta_v1.Object) string { a := o.GetAnnotations() if class, ok := a["projectcontour.io/ingress.class"]; ok { return class @@ -226,7 +227,7 @@ func TLSVersion(version, defaultVal string) string { // 1. projectcontour.io/max-connections // // '0' is returned if the annotation is absent or unparsable. -func MaxConnections(o metav1.Object) uint32 { +func MaxConnections(o meta_v1.Object) uint32 { return parseUInt32(ContourAnnotation(o, "max-connections")) } @@ -235,7 +236,7 @@ func MaxConnections(o metav1.Object) uint32 { // 1. projectcontour.io/max-pending-requests // // '0' is returned if the annotation is absent or unparsable. -func MaxPendingRequests(o metav1.Object) uint32 { +func MaxPendingRequests(o meta_v1.Object) uint32 { return parseUInt32(ContourAnnotation(o, "max-pending-requests")) } @@ -244,7 +245,7 @@ func MaxPendingRequests(o metav1.Object) uint32 { // 1. projectcontour.io/max-requests // // '0' is returned if the annotation is absent or unparsable. -func MaxRequests(o metav1.Object) uint32 { +func MaxRequests(o meta_v1.Object) uint32 { return parseUInt32(ContourAnnotation(o, "max-requests")) } @@ -253,7 +254,7 @@ func MaxRequests(o metav1.Object) uint32 { // 1. projectcontour.io/max-retries // // '0' is returned if the annotation is absent or unparsable. -func MaxRetries(o metav1.Object) uint32 { +func MaxRetries(o meta_v1.Object) uint32 { return parseUInt32(ContourAnnotation(o, "max-retries")) } @@ -262,6 +263,6 @@ func MaxRetries(o metav1.Object) uint32 { // 1. projectcontour.io/per-host-max-connections // // '0' is returned if the annotation is absent or unparsable. -func PerHostMaxConnections(o metav1.Object) uint32 { +func PerHostMaxConnections(o meta_v1.Object) uint32 { return parseUInt32(ContourAnnotation(o, "per-host-max-connections")) } diff --git a/internal/annotation/annotations_test.go b/internal/annotation/annotations_test.go index 8689f802d3b..7a2d481c832 100644 --- a/internal/annotation/annotations_test.go +++ b/internal/annotation/annotations_test.go @@ -17,12 +17,13 @@ import ( "fmt" "testing" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/stretchr/testify/assert" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) func TestParseUint32(t *testing.T) { @@ -106,7 +107,7 @@ func TestNumRetries(t *testing.T) { }{ "blank": { ingress: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ing", Annotations: map[string]string{ "projectcontour.io/num-retries": "", @@ -117,7 +118,7 @@ func TestNumRetries(t *testing.T) { }, "Set to 1": { ingress: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ing", Annotations: map[string]string{ "projectcontour.io/num-retries": "1", @@ -128,7 +129,7 @@ func TestNumRetries(t *testing.T) { }, "Set to 0": { ingress: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ing", Annotations: map[string]string{ "projectcontour.io/num-retries": "0", @@ -139,7 +140,7 @@ func TestNumRetries(t *testing.T) { }, "Set to -1": { ingress: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ing", Annotations: map[string]string{ "projectcontour.io/num-retries": "-1", @@ -150,7 +151,7 @@ func TestNumRetries(t *testing.T) { }, "Set to 9": { ingress: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ing", Annotations: map[string]string{ "projectcontour.io/num-retries": "9", @@ -227,7 +228,7 @@ func TestWebsocketRoutes(t *testing.T) { }{ "empty": { a: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/websocket-routes": "", }, @@ -237,7 +238,7 @@ func TestWebsocketRoutes(t *testing.T) { }, "empty with spaces": { a: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/websocket-routes": ", ,", }, @@ -247,7 +248,7 @@ func TestWebsocketRoutes(t *testing.T) { }, "single value": { a: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/websocket-routes": "/ws1", }, @@ -259,7 +260,7 @@ func TestWebsocketRoutes(t *testing.T) { }, "multiple values": { a: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/websocket-routes": "/ws1,/ws2", }, @@ -272,7 +273,7 @@ func TestWebsocketRoutes(t *testing.T) { }, "multiple values with spaces and invalid entries": { a: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/websocket-routes": " /ws1, , /ws2 ", }, @@ -300,7 +301,7 @@ func TestTLSCertNamespace(t *testing.T) { }{ "absent": { a: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{}, }, }, @@ -308,7 +309,7 @@ func TestTLSCertNamespace(t *testing.T) { }, "empty": { a: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/tls-cert-namespace": "", }, @@ -318,7 +319,7 @@ func TestTLSCertNamespace(t *testing.T) { }, "valid value": { a: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/tls-cert-namespace": "namespace-with-cert", }, @@ -343,7 +344,7 @@ func TestHttpAllowed(t *testing.T) { }{ "basic ingress": { i: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -359,7 +360,7 @@ func TestHttpAllowed(t *testing.T) { }, "kubernetes.io/ingress.allow-http: \"false\"": { i: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", Annotations: map[string]string{ @@ -391,21 +392,21 @@ func TestHttpAllowed(t *testing.T) { func TestAnnotationCompat(t *testing.T) { tests := map[string]struct { - svc *v1.Service + svc *core_v1.Service value string }{ "no annotations": { value: "", - svc: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + svc: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{}, }, }, }, "projectcontour.io/annotation": { value: "200", - svc: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + svc: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/annotation": "200", }, @@ -431,11 +432,11 @@ func TestAnnotationKindValidation(t *testing.T) { valid bool } tests := map[string]struct { - obj metav1.Object + obj meta_v1.Object annotations map[string]status }{ "service": { - obj: &v1.Service{}, + obj: &core_v1.Service{}, annotations: map[string]status{ "foo.invalid.com/annotation": { known: false, valid: false, @@ -446,7 +447,7 @@ func TestAnnotationKindValidation(t *testing.T) { }, }, "httpproxy": { - obj: &contour_api_v1.HTTPProxy{}, + obj: &contour_v1.HTTPProxy{}, annotations: map[string]status{ // Valid only on Service. "projectcontour.io/max-requests": { @@ -459,7 +460,7 @@ func TestAnnotationKindValidation(t *testing.T) { }, }, "namespaces": { - obj: &v1.Namespace{}, + obj: &core_v1.Namespace{}, annotations: map[string]status{ // In our namespace but not valid on this kind. "projectcontour.io/ingress.class": { @@ -476,9 +477,9 @@ func TestAnnotationKindValidation(t *testing.T) { // Trivially check that everything specified in the global // table is valid. for _, kind := range []string{ - kindOf(&v1.Service{}), + kindOf(&core_v1.Service{}), kindOf(&networking_v1.Ingress{}), - kindOf(&contour_api_v1.HTTPProxy{}), + kindOf(&contour_v1.HTTPProxy{}), } { for key := range annotationsByKind[kind] { t.Run(fmt.Sprintf("%s is known and valid for %s", key, kind), @@ -522,22 +523,22 @@ func backend(name string, port intstr.IntOrString) *networking_v1.IngressBackend // kindOf returns the kind string for the given Kubernetes object. // -// The API machinery doesn't populate the metav1.TypeMeta field for +// The API machinery doesn't populate the meta_v1.TypeMeta field for // objects, so we have to use a type assertion to detect kinds that // we care about. // TODO(youngnick): This is a straight copy from internal/k8s/kind.go // Needs to be moved to a separate module somewhere. func kindOf(obj any) string { switch obj.(type) { - case *v1.Secret: + case *core_v1.Secret: return "Secret" - case *v1.Service: + case *core_v1.Service: return "Service" case *networking_v1.Ingress: return "Ingress" - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: return "HTTPProxy" - case *contour_api_v1.TLSCertificateDelegation: + case *contour_v1.TLSCertificateDelegation: return "TLSCertificateDelegation" default: return "" diff --git a/internal/certgen/certgen.go b/internal/certgen/certgen.go index df7544d4daf..0672a3c4af9 100644 --- a/internal/certgen/certgen.go +++ b/internal/certgen/certgen.go @@ -20,13 +20,14 @@ import ( "fmt" "path" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/pkg/certs" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" k8serrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/validation" "k8s.io/client-go/kubernetes" + + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/pkg/certs" ) const ( @@ -52,14 +53,14 @@ const ( Overwrite OverwritePolicy = 1 ) -func newSecret(secretType corev1.SecretType, name, namespace string, data map[string][]byte) *corev1.Secret { - return &corev1.Secret{ +func newSecret(secretType core_v1.SecretType, name, namespace string, data map[string][]byte) *core_v1.Secret { + return &core_v1.Secret{ Type: secretType, - TypeMeta: metav1.TypeMeta{ + TypeMeta: meta_v1.TypeMeta{ Kind: "Secret", APIVersion: "v1", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, Labels: map[string]string{ @@ -109,7 +110,7 @@ func WriteCertsPEM(outputDir string, certdata *certs.Certificates, force Overwri // WriteSecretsYAML writes all the keypairs out to Kubernetes Secrets in YAML form // in outputDir. -func WriteSecretsYAML(outputDir string, secrets []*corev1.Secret, force OverwritePolicy) error { +func WriteSecretsYAML(outputDir string, secrets []*core_v1.Secret, force OverwritePolicy) error { for _, s := range secrets { filename := path.Join(outputDir, s.Name+".yaml") f, err := createFile(filename, force == Overwrite) @@ -126,9 +127,9 @@ func WriteSecretsYAML(outputDir string, secrets []*corev1.Secret, force Overwrit // WriteSecretsKube writes all the keypairs out to Kubernetes Secrets in the // compact format which is compatible with Secrets generated by cert-manager. -func WriteSecretsKube(client *kubernetes.Clientset, secrets []*corev1.Secret, force OverwritePolicy) error { +func WriteSecretsKube(client *kubernetes.Clientset, secrets []*core_v1.Secret, force OverwritePolicy) error { for _, s := range secrets { - if _, err := client.CoreV1().Secrets(s.Namespace).Create(context.TODO(), s, metav1.CreateOptions{}); err != nil { + if _, err := client.CoreV1().Secrets(s.Namespace).Create(context.TODO(), s, meta_v1.CreateOptions{}); err != nil { if !k8serrors.IsAlreadyExists(err) { return err } @@ -138,7 +139,7 @@ func WriteSecretsKube(client *kubernetes.Clientset, secrets []*corev1.Secret, fo continue } - if _, err := client.CoreV1().Secrets(s.Namespace).Update(context.TODO(), s, metav1.UpdateOptions{}); err != nil { + if _, err := client.CoreV1().Secrets(s.Namespace).Update(context.TODO(), s, meta_v1.UpdateOptions{}); err != nil { return err } } @@ -152,31 +153,31 @@ func WriteSecretsKube(client *kubernetes.Clientset, secrets []*corev1.Secret, fo // AsSecrets transforms the given Certificates struct into a slice of // Secrets in in compact Secret format, which is compatible with // both cert-manager and Contour. -func AsSecrets(namespace, nameSuffix string, certdata *certs.Certificates) ([]*corev1.Secret, []error) { +func AsSecrets(namespace, nameSuffix string, certdata *certs.Certificates) ([]*core_v1.Secret, []error) { // Only check the "contourcert" name because suffixes are the same // for all, and "contourcert" is the longest. if errs := validateSecretNamespaceAndName(namespace, "contourcert"+nameSuffix); len(errs) > 0 { return nil, errs } - return []*corev1.Secret{ + return []*core_v1.Secret{ newSecret( - corev1.SecretTypeTLS, + core_v1.SecretTypeTLS, "contourcert"+nameSuffix, namespace, map[string][]byte{ - dag.CACertificateKey: certdata.CACertificate, - corev1.TLSCertKey: certdata.ContourCertificate, - corev1.TLSPrivateKeyKey: certdata.ContourPrivateKey, + dag.CACertificateKey: certdata.CACertificate, + core_v1.TLSCertKey: certdata.ContourCertificate, + core_v1.TLSPrivateKeyKey: certdata.ContourPrivateKey, }), newSecret( - corev1.SecretTypeTLS, + core_v1.SecretTypeTLS, "envoycert"+nameSuffix, namespace, map[string][]byte{ - dag.CACertificateKey: certdata.CACertificate, - corev1.TLSCertKey: certdata.EnvoyCertificate, - corev1.TLSPrivateKeyKey: certdata.EnvoyPrivateKey, + dag.CACertificateKey: certdata.CACertificate, + core_v1.TLSCertKey: certdata.EnvoyCertificate, + core_v1.TLSPrivateKeyKey: certdata.EnvoyPrivateKey, }), }, nil } @@ -185,32 +186,32 @@ func AsSecrets(namespace, nameSuffix string, certdata *certs.Certificates) ([]*c // Secrets that is compatible with certgen from contour 1.4 and earlier. // The difference is that the CA cert is in a separate secret, rather // than duplicated inline in each TLS secrets. -func AsLegacySecrets(namespace, nameSuffix string, certdata *certs.Certificates) ([]*corev1.Secret, []error) { +func AsLegacySecrets(namespace, nameSuffix string, certdata *certs.Certificates) ([]*core_v1.Secret, []error) { // Only check the "contourcert" name because suffixes are the same // for all, and "contourcert" is the longest. if errs := validateSecretNamespaceAndName(namespace, "contourcert"+nameSuffix); len(errs) > 0 { return nil, errs } - return []*corev1.Secret{ + return []*core_v1.Secret{ newSecret( - corev1.SecretTypeTLS, + core_v1.SecretTypeTLS, "contourcert"+nameSuffix, namespace, map[string][]byte{ - corev1.TLSCertKey: certdata.ContourCertificate, - corev1.TLSPrivateKeyKey: certdata.ContourPrivateKey, + core_v1.TLSCertKey: certdata.ContourCertificate, + core_v1.TLSPrivateKeyKey: certdata.ContourPrivateKey, }), newSecret( - corev1.SecretTypeTLS, + core_v1.SecretTypeTLS, "envoycert"+nameSuffix, namespace, map[string][]byte{ - corev1.TLSCertKey: certdata.EnvoyCertificate, - corev1.TLSPrivateKeyKey: certdata.EnvoyPrivateKey, + core_v1.TLSCertKey: certdata.EnvoyCertificate, + core_v1.TLSPrivateKeyKey: certdata.EnvoyPrivateKey, }), newSecret( - corev1.SecretTypeOpaque, + core_v1.SecretTypeOpaque, "cacert"+nameSuffix, namespace, map[string][]byte{ diff --git a/internal/certgen/output.go b/internal/certgen/output.go index 8525304e5ea..9444a8645f1 100644 --- a/internal/certgen/output.go +++ b/internal/certgen/output.go @@ -18,13 +18,13 @@ import ( "os" "path" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/runtime/serializer/json" "k8s.io/client-go/kubernetes/scheme" ) // writeSecret writes out a given Secret to a file. -func writeSecret(f *os.File, secret *corev1.Secret) error { +func writeSecret(f *os.File, secret *core_v1.Secret) error { s := json.NewYAMLSerializer(json.DefaultMetaFactory, scheme.Scheme, scheme.Scheme) return s.Encode(secret, f) } diff --git a/internal/contour/metrics.go b/internal/contour/metrics.go index e0f6ab6cfa4..350f720bc5f 100644 --- a/internal/contour/metrics.go +++ b/internal/contour/metrics.go @@ -19,13 +19,14 @@ package contour import ( "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/prometheus/client_golang/prometheus" + "k8s.io/client-go/tools/cache" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/metrics" "github.com/projectcontour/contour/internal/status" - "github.com/prometheus/client_golang/prometheus" - "k8s.io/client-go/tools/cache" ) // EventRecorder records the count and kind of events forwarded @@ -125,10 +126,10 @@ func calculateRouteMetric(updates []*status.ProxyUpdate) metrics.RouteMetric { func calcMetrics(u *status.ProxyUpdate, metricValid, metricInvalid, metricOrphaned, metricTotal map[metrics.Meta]int) { validCond := u.ConditionFor(status.ValidCondition) switch validCond.Status { - case contour_api_v1.ConditionTrue: + case contour_v1.ConditionTrue: metricValid[metrics.Meta{VHost: u.Vhost, Namespace: u.Fullname.Namespace}]++ - case contour_api_v1.ConditionFalse: - if _, ok := validCond.GetError(contour_api_v1.ConditionTypeOrphanedError); ok { + case contour_v1.ConditionFalse: + if _, ok := validCond.GetError(contour_v1.ConditionTypeOrphanedError); ok { metricOrphaned[metrics.Meta{Namespace: u.Fullname.Namespace}]++ } else { metricInvalid[metrics.Meta{VHost: u.Vhost, Namespace: u.Fullname.Namespace}]++ diff --git a/internal/contour/metrics_test.go b/internal/contour/metrics_test.go index 8c0f725f9be..c33a22790d2 100644 --- a/internal/contour/metrics_test.go +++ b/internal/contour/metrics_test.go @@ -16,13 +16,14 @@ package contour import ( "testing" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/stretchr/testify/assert" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/metrics" - "github.com/stretchr/testify/assert" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestHTTPProxyMetrics(t *testing.T) { @@ -67,20 +68,20 @@ func TestHTTPProxyMetrics(t *testing.T) { } // proxy1 is a valid httpproxy - proxy1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -89,20 +90,20 @@ func TestHTTPProxyMetrics(t *testing.T) { } // proxy2 is invalid because it contains a service with negative port - proxy2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: -80, }}, @@ -111,20 +112,20 @@ func TestHTTPProxyMetrics(t *testing.T) { } // proxy3 is invalid because it lives outside the roots namespace - proxy3 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy3 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "finance", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foobar", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -133,18 +134,18 @@ func TestHTTPProxyMetrics(t *testing.T) { } // proxy6 is invalid because it delegates to itself, producing a cycle - proxy6 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy6 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "self", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "self", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }}, @@ -152,33 +153,33 @@ func TestHTTPProxyMetrics(t *testing.T) { } // proxy7 delegates to proxy8, which is invalid because it delegates back to proxy7 - proxy7 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy7 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "parent", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "child", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }}, }, } - proxy8 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy8 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "child", }, - Spec: contour_api_v1.HTTPProxySpec{ - Includes: []contour_api_v1.Include{{ + Spec: contour_v1.HTTPProxySpec{ + Includes: []contour_v1.Include{{ Name: "parent", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }}, @@ -186,40 +187,40 @@ func TestHTTPProxyMetrics(t *testing.T) { } // proxy10 delegates to proxy11 and proxy12. - proxy10 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy10 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "parent", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "validChild", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }, { Name: "invalidChild", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/bar", }}, }}, }, } - proxy11 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy11 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "validChild", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "foo", Port: 8080, }}, @@ -228,17 +229,17 @@ func TestHTTPProxyMetrics(t *testing.T) { } // proxy12 is invalid because it contains an invalid port - proxy12 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy12 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "invalidChild", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/bar", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "foo", Port: 12345678, }}, @@ -247,18 +248,18 @@ func TestHTTPProxyMetrics(t *testing.T) { } // proxy13 is invalid because it does not specify and FQDN - proxy13 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy13 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "parent", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "foo", Port: 8080, }}, @@ -266,29 +267,29 @@ func TestHTTPProxyMetrics(t *testing.T) { }, } - proxy14 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy14 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "invalidParent", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{}, - Includes: []contour_api_v1.Include{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{}, + Includes: []contour_v1.Include{{ Name: "validChild", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }}, }, } - s1 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s1 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "foo", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 12345678, @@ -296,13 +297,13 @@ func TestHTTPProxyMetrics(t *testing.T) { }, } - s2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "foo", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, @@ -310,13 +311,13 @@ func TestHTTPProxyMetrics(t *testing.T) { }, } - s3 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s3 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "home", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, diff --git a/internal/contourconfig/contourconfiguration.go b/internal/contourconfig/contourconfiguration.go index c2ebe4db4e9..7b89ce8c8fb 100644 --- a/internal/contourconfig/contourconfiguration.go +++ b/internal/contourconfig/contourconfiguration.go @@ -18,18 +18,19 @@ import ( "time" "dario.cat/mergo" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" ) // OverlayOnDefaults overlays the settings in the provided spec onto the // default settings, and returns the results. -func OverlayOnDefaults(spec contour_api_v1alpha1.ContourConfigurationSpec) (contour_api_v1alpha1.ContourConfigurationSpec, error) { +func OverlayOnDefaults(spec contour_v1alpha1.ContourConfigurationSpec) (contour_v1alpha1.ContourConfigurationSpec, error) { res := Defaults() if err := mergo.Merge(&res, spec, mergo.WithOverride); err != nil { - return contour_api_v1alpha1.ContourConfigurationSpec{}, err + return contour_v1alpha1.ContourConfigurationSpec{}, err } return res, nil @@ -37,79 +38,79 @@ func OverlayOnDefaults(spec contour_api_v1alpha1.ContourConfigurationSpec) (cont // Defaults returns the default settings Contour uses if no user-specified // configuration is provided. -func Defaults() contour_api_v1alpha1.ContourConfigurationSpec { - return contour_api_v1alpha1.ContourConfigurationSpec{ - XDSServer: &contour_api_v1alpha1.XDSServerConfig{ - Type: contour_api_v1alpha1.ContourServerType, +func Defaults() contour_v1alpha1.ContourConfigurationSpec { + return contour_v1alpha1.ContourConfigurationSpec{ + XDSServer: &contour_v1alpha1.XDSServerConfig{ + Type: contour_v1alpha1.ContourServerType, Address: "0.0.0.0", Port: 8001, - TLS: &contour_api_v1alpha1.TLS{ + TLS: &contour_v1alpha1.TLS{ CAFile: "/certs/ca.crt", CertFile: "/certs/tls.crt", KeyFile: "/certs/tls.key", Insecure: ref.To(false), }, }, - Ingress: &contour_api_v1alpha1.IngressConfig{ + Ingress: &contour_v1alpha1.IngressConfig{ ClassNames: nil, StatusAddress: "", }, - Debug: &contour_api_v1alpha1.DebugConfig{ + Debug: &contour_v1alpha1.DebugConfig{ Address: "127.0.0.1", Port: 6060, }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: "0.0.0.0", Port: 8000, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Listener: &contour_api_v1alpha1.EnvoyListenerConfig{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Listener: &contour_v1alpha1.EnvoyListenerConfig{ UseProxyProto: ref.To(false), DisableAllowChunkedLength: ref.To(false), DisableMergeSlashes: ref.To(false), - ServerHeaderTransformation: contour_api_v1alpha1.OverwriteServerHeader, + ServerHeaderTransformation: contour_v1alpha1.OverwriteServerHeader, ConnectionBalancer: "", - TLS: &contour_api_v1alpha1.EnvoyTLS{ + TLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: "1.2", MaximumProtocolVersion: "1.3", - CipherSuites: contour_api_v1alpha1.DefaultTLSCiphers, + CipherSuites: contour_v1alpha1.DefaultTLSCiphers, }, }, - Service: &contour_api_v1alpha1.NamespacedName{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: "projectcontour", Name: "envoy", }, - HTTPListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPListener: &contour_v1alpha1.EnvoyListener{ Address: "0.0.0.0", Port: 8080, AccessLog: "/dev/stdout", }, - HTTPSListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPSListener: &contour_v1alpha1.EnvoyListener{ Address: "0.0.0.0", Port: 8443, AccessLog: "/dev/stdout", }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: "0.0.0.0", Port: 8002, }, - Metrics: &contour_api_v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: "0.0.0.0", Port: 8002, TLS: nil, }, ClientCertificate: nil, - Logging: &contour_api_v1alpha1.EnvoyLogging{ - AccessLogFormat: contour_api_v1alpha1.EnvoyAccessLog, + Logging: &contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.EnvoyAccessLog, AccessLogFormatString: "", AccessLogJSONFields: nil, - AccessLogLevel: contour_api_v1alpha1.LogLevelInfo, + AccessLogLevel: contour_v1alpha1.LogLevelInfo, }, - DefaultHTTPVersions: []contour_api_v1alpha1.HTTPVersionType{ + DefaultHTTPVersions: []contour_v1alpha1.HTTPVersionType{ "HTTP/1.1", "HTTP/2", }, - Timeouts: &contour_api_v1alpha1.TimeoutParameters{ + Timeouts: &contour_v1alpha1.TimeoutParameters{ RequestTimeout: nil, ConnectionIdleTimeout: nil, StreamIdleTimeout: nil, @@ -118,33 +119,33 @@ func Defaults() contour_api_v1alpha1.ContourConfigurationSpec { ConnectionShutdownGracePeriod: nil, ConnectTimeout: nil, }, - Cluster: &contour_api_v1alpha1.ClusterParameters{ - DNSLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, - UpstreamTLS: &contour_api_v1alpha1.EnvoyTLS{ + Cluster: &contour_v1alpha1.ClusterParameters{ + DNSLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, + UpstreamTLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: "1.2", MaximumProtocolVersion: "1.3", - CipherSuites: contour_api_v1alpha1.DefaultTLSCiphers, + CipherSuites: contour_v1alpha1.DefaultTLSCiphers, }, }, - Network: &contour_api_v1alpha1.NetworkParameters{ + Network: &contour_v1alpha1.NetworkParameters{ XffNumTrustedHops: ref.To(uint32(0)), EnvoyAdminPort: ref.To(9001), }, }, Gateway: nil, - HTTPProxy: &contour_api_v1alpha1.HTTPProxyConfig{ + HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ DisablePermitInsecure: ref.To(false), RootNamespaces: nil, FallbackCertificate: nil, }, EnableExternalNameService: ref.To(false), RateLimitService: nil, - Policy: &contour_api_v1alpha1.PolicyConfig{ - RequestHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{}, - ResponseHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{}, + Policy: &contour_v1alpha1.PolicyConfig{ + RequestHeadersPolicy: &contour_v1alpha1.HeadersPolicy{}, + ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{}, ApplyToIngress: ref.To(false), }, - Metrics: &contour_api_v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: "0.0.0.0", Port: 8000, TLS: nil, @@ -162,7 +163,7 @@ type Timeouts struct { ConnectTimeout time.Duration // Since "infinite" is not valid ConnectTimeout value, use time.Duration instead of timeout.Setting. } -func ParseTimeoutPolicy(timeoutParameters *contour_api_v1alpha1.TimeoutParameters) (Timeouts, error) { +func ParseTimeoutPolicy(timeoutParameters *contour_v1alpha1.TimeoutParameters) (Timeouts, error) { var ( err error timeouts Timeouts diff --git a/internal/contourconfig/contourconfiguration_test.go b/internal/contourconfig/contourconfiguration_test.go index 38124d2752d..a93bd3d8941 100644 --- a/internal/contourconfig/contourconfiguration_test.go +++ b/internal/contourconfig/contourconfiguration_test.go @@ -17,50 +17,51 @@ import ( "testing" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/contourconfig" "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" ) func TestOverlayOnDefaults(t *testing.T) { - allFieldsSpecified := contour_api_v1alpha1.ContourConfigurationSpec{ - XDSServer: &contour_api_v1alpha1.XDSServerConfig{ - Type: contour_api_v1alpha1.EnvoyServerType, + allFieldsSpecified := contour_v1alpha1.ContourConfigurationSpec{ + XDSServer: &contour_v1alpha1.XDSServerConfig{ + Type: contour_v1alpha1.EnvoyServerType, Address: "7.7.7.7", Port: 7777, - TLS: &contour_api_v1alpha1.TLS{ + TLS: &contour_v1alpha1.TLS{ CAFile: "/foo/ca.crt", CertFile: "/foo/tls.crt", KeyFile: "/foo/tls.key", Insecure: ref.To(true), }, }, - Ingress: &contour_api_v1alpha1.IngressConfig{ + Ingress: &contour_v1alpha1.IngressConfig{ ClassNames: []string{"coolclass"}, StatusAddress: "7.7.7.7", }, - Debug: &contour_api_v1alpha1.DebugConfig{ + Debug: &contour_v1alpha1.DebugConfig{ Address: "1.2.3.4", Port: 6789, }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: "2.3.4.5", Port: 8888, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Listener: &contour_api_v1alpha1.EnvoyListenerConfig{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Listener: &contour_v1alpha1.EnvoyListenerConfig{ UseProxyProto: ref.To(true), DisableAllowChunkedLength: ref.To(true), DisableMergeSlashes: ref.To(true), MaxRequestsPerConnection: ref.To(uint32(1)), HTTP2MaxConcurrentStreams: ref.To(uint32(10)), - ServerHeaderTransformation: contour_api_v1alpha1.PassThroughServerHeader, + ServerHeaderTransformation: contour_v1alpha1.PassThroughServerHeader, ConnectionBalancer: "yesplease", - TLS: &contour_api_v1alpha1.EnvoyTLS{ + TLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: "1.7", MaximumProtocolVersion: "1.7", CipherSuites: []string{ @@ -69,48 +70,48 @@ func TestOverlayOnDefaults(t *testing.T) { }, }, }, - Service: &contour_api_v1alpha1.NamespacedName{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: "coolnamespace", Name: "coolname", }, - HTTPListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPListener: &contour_v1alpha1.EnvoyListener{ Address: "3.4.5.6", Port: 8989, AccessLog: "/dev/oops", }, - HTTPSListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPSListener: &contour_v1alpha1.EnvoyListener{ Address: "4.5.6.7", Port: 8445, AccessLog: "/dev/oops", }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: "1.1.1.1", Port: 8222, }, - Metrics: &contour_api_v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: "1.2.12.1212", Port: 8882, - TLS: &contour_api_v1alpha1.MetricsTLS{ + TLS: &contour_v1alpha1.MetricsTLS{ CAFile: "cafile", CertFile: "certfile", KeyFile: "keyfile", }, }, - ClientCertificate: &contour_api_v1alpha1.NamespacedName{ + ClientCertificate: &contour_v1alpha1.NamespacedName{ Namespace: "clientcertnamespace", Name: "clientcertname", }, - Logging: &contour_api_v1alpha1.EnvoyLogging{ - AccessLogFormat: contour_api_v1alpha1.JSONAccessLog, + Logging: &contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.JSONAccessLog, AccessLogFormatString: "foo", AccessLogJSONFields: []string{"field-1", "field-2"}, - AccessLogLevel: contour_api_v1alpha1.LogLevelCritical, + AccessLogLevel: contour_v1alpha1.LogLevelCritical, }, - DefaultHTTPVersions: []contour_api_v1alpha1.HTTPVersionType{ + DefaultHTTPVersions: []contour_v1alpha1.HTTPVersionType{ "HTTP/2.2", "HTTP/3", }, - Timeouts: &contour_api_v1alpha1.TimeoutParameters{ + Timeouts: &contour_v1alpha1.TimeoutParameters{ RequestTimeout: ref.To("1s"), ConnectionIdleTimeout: ref.To("2s"), StreamIdleTimeout: ref.To("3s"), @@ -119,9 +120,9 @@ func TestOverlayOnDefaults(t *testing.T) { ConnectionShutdownGracePeriod: ref.To("6s"), ConnectTimeout: ref.To("7s"), }, - Cluster: &contour_api_v1alpha1.ClusterParameters{ - DNSLookupFamily: contour_api_v1alpha1.IPv4ClusterDNSFamily, - UpstreamTLS: &contour_api_v1alpha1.EnvoyTLS{ + Cluster: &contour_v1alpha1.ClusterParameters{ + DNSLookupFamily: contour_v1alpha1.IPv4ClusterDNSFamily, + UpstreamTLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: "1.1", MaximumProtocolVersion: "1.2", CipherSuites: []string{ @@ -129,41 +130,41 @@ func TestOverlayOnDefaults(t *testing.T) { }, }, }, - Network: &contour_api_v1alpha1.NetworkParameters{ + Network: &contour_v1alpha1.NetworkParameters{ XffNumTrustedHops: ref.To(uint32(77)), EnvoyAdminPort: ref.To(9997), }, }, - Gateway: &contour_api_v1alpha1.GatewayConfig{ + Gateway: &contour_v1alpha1.GatewayConfig{ ControllerName: "gatewaycontroller", - GatewayRef: &contour_api_v1alpha1.NamespacedName{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: "gatewaynamespace", Name: "gatewayname", }, }, - HTTPProxy: &contour_api_v1alpha1.HTTPProxyConfig{ + HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ DisablePermitInsecure: ref.To(true), RootNamespaces: []string{"rootnamespace"}, - FallbackCertificate: &contour_api_v1alpha1.NamespacedName{ + FallbackCertificate: &contour_v1alpha1.NamespacedName{ Namespace: "fallbackcertificatenamespace", Name: "fallbackcertificatename", }, }, EnableExternalNameService: ref.To(true), - RateLimitService: &contour_api_v1alpha1.RateLimitServiceConfig{ - ExtensionService: contour_api_v1alpha1.NamespacedName{ + RateLimitService: &contour_v1alpha1.RateLimitServiceConfig{ + ExtensionService: contour_v1alpha1.NamespacedName{ Namespace: "ratelimitservicenamespace", Name: "ratelimitservicename", }, Domain: "ratelimitservicedomain", FailOpen: ref.To(true), EnableXRateLimitHeaders: ref.To(true), - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "foo", Value: "bar", }, @@ -173,21 +174,21 @@ func TestOverlayOnDefaults(t *testing.T) { }, }, }, - Policy: &contour_api_v1alpha1.PolicyConfig{ - RequestHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + Policy: &contour_v1alpha1.PolicyConfig{ + RequestHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{"set": "val"}, Remove: []string{"remove"}, }, - ResponseHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{"set": "val"}, Remove: []string{"remove"}, }, ApplyToIngress: ref.To(true), }, - Metrics: &contour_api_v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: "9.8.7.6", Port: 9876, - TLS: &contour_api_v1alpha1.MetricsTLS{ + TLS: &contour_v1alpha1.MetricsTLS{ CAFile: "cafile.cafile", CertFile: "certfile.certfile", KeyFile: "keyfile.keyfile", @@ -196,28 +197,28 @@ func TestOverlayOnDefaults(t *testing.T) { } tests := map[string]struct { - contourConfig contour_api_v1alpha1.ContourConfigurationSpec - want func() contour_api_v1alpha1.ContourConfigurationSpec + contourConfig contour_v1alpha1.ContourConfigurationSpec + want func() contour_v1alpha1.ContourConfigurationSpec }{ "empty ContourConfig results in all the defaults": { - contourConfig: contour_api_v1alpha1.ContourConfigurationSpec{}, + contourConfig: contour_v1alpha1.ContourConfigurationSpec{}, want: contourconfig.Defaults, }, "ContourConfig with single non-default field is overlaid correctly": { - contourConfig: contour_api_v1alpha1.ContourConfigurationSpec{ - XDSServer: &contour_api_v1alpha1.XDSServerConfig{ - Type: contour_api_v1alpha1.EnvoyServerType, + contourConfig: contour_v1alpha1.ContourConfigurationSpec{ + XDSServer: &contour_v1alpha1.XDSServerConfig{ + Type: contour_v1alpha1.EnvoyServerType, }, }, - want: func() contour_api_v1alpha1.ContourConfigurationSpec { + want: func() contour_v1alpha1.ContourConfigurationSpec { res := contourconfig.Defaults() - res.XDSServer.Type = contour_api_v1alpha1.EnvoyServerType + res.XDSServer.Type = contour_v1alpha1.EnvoyServerType return res }, }, "ContourConfig with every field specified with a non-default value results in all of those values used": { contourConfig: allFieldsSpecified, - want: func() contour_api_v1alpha1.ContourConfigurationSpec { + want: func() contour_v1alpha1.ContourConfigurationSpec { return allFieldsSpecified }, }, @@ -234,7 +235,7 @@ func TestOverlayOnDefaults(t *testing.T) { func TestParseTimeoutPolicy(t *testing.T) { testCases := map[string]struct { - config *contour_api_v1alpha1.TimeoutParameters + config *contour_v1alpha1.TimeoutParameters expected contourconfig.Timeouts errorMsg string }{ @@ -251,7 +252,7 @@ func TestParseTimeoutPolicy(t *testing.T) { }, }, "timeouts not set": { - config: &contour_api_v1alpha1.TimeoutParameters{}, + config: &contour_v1alpha1.TimeoutParameters{}, expected: contourconfig.Timeouts{ Request: timeout.DefaultSetting(), ConnectionIdle: timeout.DefaultSetting(), @@ -263,7 +264,7 @@ func TestParseTimeoutPolicy(t *testing.T) { }, }, "timeouts all set": { - config: &contour_api_v1alpha1.TimeoutParameters{ + config: &contour_v1alpha1.TimeoutParameters{ RequestTimeout: ref.To("1s"), ConnectionIdleTimeout: ref.To("2s"), StreamIdleTimeout: ref.To("3s"), @@ -283,43 +284,43 @@ func TestParseTimeoutPolicy(t *testing.T) { }, }, "request timeout invalid": { - config: &contour_api_v1alpha1.TimeoutParameters{ + config: &contour_v1alpha1.TimeoutParameters{ RequestTimeout: ref.To("xxx"), }, errorMsg: "failed to parse request timeout", }, "connection idle timeout invalid": { - config: &contour_api_v1alpha1.TimeoutParameters{ + config: &contour_v1alpha1.TimeoutParameters{ ConnectionIdleTimeout: ref.To("a"), }, errorMsg: "failed to parse connection idle timeout", }, "stream idle timeout invalid": { - config: &contour_api_v1alpha1.TimeoutParameters{ + config: &contour_v1alpha1.TimeoutParameters{ StreamIdleTimeout: ref.To("invalid"), }, errorMsg: "failed to parse stream idle timeout", }, "max connection duration invalid": { - config: &contour_api_v1alpha1.TimeoutParameters{ + config: &contour_v1alpha1.TimeoutParameters{ MaxConnectionDuration: ref.To("xxx"), }, errorMsg: "failed to parse max connection duration", }, "delayed close timeout invalid": { - config: &contour_api_v1alpha1.TimeoutParameters{ + config: &contour_v1alpha1.TimeoutParameters{ DelayedCloseTimeout: ref.To("xxx"), }, errorMsg: "failed to parse delayed close timeout", }, "connection shutdown grace period invalid": { - config: &contour_api_v1alpha1.TimeoutParameters{ + config: &contour_v1alpha1.TimeoutParameters{ ConnectionShutdownGracePeriod: ref.To("xxx"), }, errorMsg: "failed to parse connection shutdown grace period", }, "connect timeout invalid": { - config: &contour_api_v1alpha1.TimeoutParameters{ + config: &contour_v1alpha1.TimeoutParameters{ ConnectTimeout: ref.To("infinite"), }, errorMsg: "failed to parse connect timeout", diff --git a/internal/controller/backendtlspolicy.go b/internal/controller/backendtlspolicy.go index b8e7dca8865..68365934189 100644 --- a/internal/controller/backendtlspolicy.go +++ b/internal/controller/backendtlspolicy.go @@ -16,10 +16,9 @@ package controller import ( "context" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/errors" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -61,7 +60,7 @@ func (r *backendTLSPolicyReconciler) Reconcile(ctx context.Context, request reco err := r.client.Get(ctx, request.NamespacedName, backendTLSPolicy) if errors.IsNotFound(err) { r.eventHandler.OnDelete(&gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: request.Name, Namespace: request.Namespace, }, diff --git a/internal/controller/controller_test.go b/internal/controller/controller_test.go index 2169047989c..c8f21117505 100644 --- a/internal/controller/controller_test.go +++ b/internal/controller/controller_test.go @@ -17,13 +17,14 @@ import ( "testing" logr_testing "github.com/go-logr/logr/testing" - "github.com/projectcontour/contour/internal/controller" - "github.com/projectcontour/contour/internal/controller/mocks" - "github.com/projectcontour/contour/internal/fixture" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" "sigs.k8s.io/controller-runtime/pkg/config" "sigs.k8s.io/controller-runtime/pkg/manager" + + "github.com/projectcontour/contour/internal/controller" + "github.com/projectcontour/contour/internal/controller/mocks" + "github.com/projectcontour/contour/internal/fixture" ) func TestRegisterControllers(t *testing.T) { diff --git a/internal/controller/gateway.go b/internal/controller/gateway.go index decbd9a5568..0b8ae8a6b66 100644 --- a/internal/controller/gateway.go +++ b/internal/controller/gateway.go @@ -18,10 +18,8 @@ import ( "fmt" "time" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/leadership" "github.com/sirupsen/logrus" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/tools/cache" "sigs.k8s.io/controller-runtime/pkg/client" @@ -34,6 +32,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/source" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/leadership" ) type gatewayReconciler struct { @@ -212,7 +213,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Req if acceptedGatewayClass == nil { r.log.Info("No accepted gateway class found") r.eventHandler.OnDelete(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: request.Namespace, Name: request.Name, }, @@ -236,7 +237,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Req if len(gatewaysForClass) == 0 { r.log.Info("No gateways found for accepted gateway class") r.eventHandler.OnDelete(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: request.Namespace, Name: request.Name, }, @@ -301,7 +302,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Req func isAccepted(gatewayClass *gatewayapi_v1beta1.GatewayClass) bool { for _, cond := range gatewayClass.Status.Conditions { - if cond.Type == string(gatewayapi_v1.GatewayClassConditionStatusAccepted) && cond.Status == metav1.ConditionTrue { + if cond.Type == string(gatewayapi_v1.GatewayClassConditionStatusAccepted) && cond.Status == meta_v1.ConditionTrue { return true } } @@ -310,12 +311,12 @@ func isAccepted(gatewayClass *gatewayapi_v1beta1.GatewayClass) bool { } func setGatewayNotAccepted(gateway *gatewayapi_v1beta1.Gateway) *gatewayapi_v1beta1.Gateway { - newCond := metav1.Condition{ + newCond := meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayConditionAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "OlderGatewayExists", Message: "An older Gateway exists for the accepted GatewayClass", - LastTransitionTime: metav1.NewTime(time.Now()), + LastTransitionTime: meta_v1.NewTime(time.Now()), ObservedGeneration: gateway.Generation, } diff --git a/internal/controller/gatewayclass.go b/internal/controller/gatewayclass.go index bf2220f0485..9c16e44d9b3 100644 --- a/internal/controller/gatewayclass.go +++ b/internal/controller/gatewayclass.go @@ -17,11 +17,8 @@ import ( "context" "fmt" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/leadership" - "github.com/projectcontour/contour/internal/status" "github.com/sirupsen/logrus" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/tools/cache" "sigs.k8s.io/controller-runtime/pkg/client" @@ -33,6 +30,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/leadership" + "github.com/projectcontour/contour/internal/status" ) type gatewayClassReconciler struct { @@ -159,7 +160,7 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, request reconcil r.log.WithField("name", request.Name).Info("failed to find gatewayclass") r.eventHandler.OnDelete(&gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: request.Namespace, Name: request.Name, }, diff --git a/internal/controller/grpcroute.go b/internal/controller/grpcroute.go index 044e0ca863b..1f48924771c 100644 --- a/internal/controller/grpcroute.go +++ b/internal/controller/grpcroute.go @@ -16,10 +16,9 @@ package controller import ( "context" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/errors" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -61,7 +60,7 @@ func (r *grpcRouteReconciler) Reconcile(ctx context.Context, request reconcile.R err := r.client.Get(ctx, request.NamespacedName, grpcRoute) if errors.IsNotFound(err) { r.eventHandler.OnDelete(&gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: request.Name, Namespace: request.Namespace, }, diff --git a/internal/controller/httproute.go b/internal/controller/httproute.go index b0e758de1ae..04e9bb96e9e 100644 --- a/internal/controller/httproute.go +++ b/internal/controller/httproute.go @@ -16,10 +16,9 @@ package controller import ( "context" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/errors" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -61,7 +60,7 @@ func (r *httpRouteReconciler) Reconcile(ctx context.Context, request reconcile.R err := r.client.Get(ctx, request.NamespacedName, httpRoute) if errors.IsNotFound(err) { r.eventHandler.OnDelete(&gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: request.Name, Namespace: request.Namespace, }, diff --git a/internal/controller/tcproute.go b/internal/controller/tcproute.go index 507e6c9d134..42a05a6d7d7 100644 --- a/internal/controller/tcproute.go +++ b/internal/controller/tcproute.go @@ -16,10 +16,9 @@ package controller import ( "context" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/errors" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -61,7 +60,7 @@ func (r *tcpRouteReconciler) Reconcile(ctx context.Context, request reconcile.Re err := r.client.Get(ctx, request.NamespacedName, tcpRoute) if errors.IsNotFound(err) { r.eventHandler.OnDelete(&gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: request.Name, Namespace: request.Namespace, }, diff --git a/internal/controller/tlsroute.go b/internal/controller/tlsroute.go index 558dcb60f2b..7793d1191d2 100644 --- a/internal/controller/tlsroute.go +++ b/internal/controller/tlsroute.go @@ -16,10 +16,9 @@ package controller import ( "context" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "github.com/sirupsen/logrus" "k8s.io/apimachinery/pkg/api/errors" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" @@ -61,7 +60,7 @@ func (r *tlsRouteReconciler) Reconcile(ctx context.Context, request reconcile.Re err := r.client.Get(ctx, request.NamespacedName, tlsroute) if errors.IsNotFound(err) { r.eventHandler.OnDelete(&gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: request.Name, Namespace: request.Namespace, }, diff --git a/internal/dag/accessors.go b/internal/dag/accessors.go index bea91f36a3c..20a990b3433 100644 --- a/internal/dag/accessors.go +++ b/internal/dag/accessors.go @@ -18,11 +18,12 @@ import ( "strconv" "strings" - "github.com/projectcontour/contour/internal/annotation" - "github.com/projectcontour/contour/internal/xds" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/projectcontour/contour/internal/annotation" + "github.com/projectcontour/contour/internal/xds" ) // EnsureService looks for a Kubernetes service in the cache matching the provided @@ -72,7 +73,7 @@ func (d *DAG) EnsureService(meta types.NamespacedName, port, healthPort int, cac }, nil } -func validateExternalName(svc *v1.Service, enableExternalNameSvc bool) error { +func validateExternalName(svc *core_v1.Service, enableExternalNameSvc bool) error { // If this isn't an ExternalName Service, we're all good here. en := externalName(svc) if en == "" { @@ -118,7 +119,7 @@ func toContourProtocol(appProtocol string) (string, bool) { return proto, ok } -func upstreamProtocol(svc *v1.Service, port v1.ServicePort) string { +func upstreamProtocol(svc *core_v1.Service, port core_v1.ServicePort) string { // if appProtocol is not nil, check it only if port.AppProtocol != nil { proto, _ := toContourProtocol(*port.AppProtocol) @@ -133,8 +134,8 @@ func upstreamProtocol(svc *v1.Service, port v1.ServicePort) string { return proto } -func externalName(svc *v1.Service) string { - if svc.Spec.Type != v1.ServiceTypeExternalName { +func externalName(svc *core_v1.Service) string { + if svc.Spec.Type != core_v1.ServiceTypeExternalName { return "" } return svc.Spec.ExternalName diff --git a/internal/dag/accessors_test.go b/internal/dag/accessors_test.go index 1312a9191fb..6e6b64bbedc 100644 --- a/internal/dag/accessors_test.go +++ b/internal/dag/accessors_test.go @@ -17,19 +17,19 @@ import ( "errors" "testing" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/ref" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/ref" ) -func makeServicePort(name string, protocol v1.Protocol, port int32, extras ...any) v1.ServicePort { - p := v1.ServicePort{ +func makeServicePort(name string, protocol core_v1.Protocol, port int32, extras ...any) core_v1.ServicePort { + p := core_v1.ServicePort{ Name: name, Protocol: protocol, Port: port, @@ -47,58 +47,58 @@ func makeServicePort(name string, protocol v1.Protocol, port int32, extras ...an } func TestBuilderLookupService(t *testing.T) { - s1 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s1 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - s2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "includehealth", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080), makeServicePort("health", "TCP", 8998, 8998)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080), makeServicePort("health", "TCP", 8998, 8998)}, }, } - externalNameValid := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + externalNameValid := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "externalnamevalid", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Type: v1.ServiceTypeExternalName, + Spec: core_v1.ServiceSpec{ + Type: core_v1.ServiceTypeExternalName, ExternalName: "external.projectcontour.io", - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 80, 80)}, + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 80, 80)}, }, } - externalNameLocalhost := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + externalNameLocalhost := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "externalnamelocalhost", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Type: v1.ServiceTypeExternalName, + Spec: core_v1.ServiceSpec{ + Type: core_v1.ServiceTypeExternalName, ExternalName: "localhost", - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 80, 80)}, + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 80, 80)}, }, } - annotatedService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + annotatedService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "annotated-service", Namespace: "default", Annotations: map[string]string{"projectcontour.io/upstream-protocol.tls": "8443"}, }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "foo", Protocol: "TCP", Port: 8443, @@ -107,14 +107,14 @@ func TestBuilderLookupService(t *testing.T) { }, } - appProtoService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + appProtoService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "app-protocol-service", Namespace: "default", Annotations: map[string]string{"projectcontour.io/upstream-protocol.tls": "8443,8444"}, }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{ { Name: "k8s-h2c", Protocol: "TCP", @@ -131,7 +131,7 @@ func TestBuilderLookupService(t *testing.T) { }, } - services := map[types.NamespacedName]*v1.Service{ + services := map[types.NamespacedName]*core_v1.Service{ {Name: "service1", Namespace: "default"}: s1, {Name: "servicehealthcheck", Namespace: "default"}: s2, {Name: "externalnamevalid", Namespace: "default"}: externalNameValid, diff --git a/internal/dag/builder.go b/internal/dag/builder.go index 7c2afff54d0..192e65ec8c1 100644 --- a/internal/dag/builder.go +++ b/internal/dag/builder.go @@ -16,12 +16,13 @@ package dag import ( "sort" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/metrics" - "github.com/projectcontour/contour/internal/status" "github.com/prometheus/client_golang/prometheus" "k8s.io/apimachinery/pkg/types" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/metrics" + "github.com/projectcontour/contour/internal/status" ) // Processor constructs part of a DAG. diff --git a/internal/dag/builder_test.go b/internal/dag/builder_test.go index 78941f7bd7e..56b565e7c10 100644 --- a/internal/dag/builder_test.go +++ b/internal/dag/builder_test.go @@ -19,92 +19,93 @@ import ( "testing" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/internal/status" - "github.com/projectcontour/contour/internal/timeout" "github.com/stretchr/testify/assert" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/internal/status" + "github.com/projectcontour/contour/internal/timeout" ) func TestDAGInsertGatewayAPI(t *testing.T) { - kuardService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "projectcontour", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - kuardService2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard2", Namespace: "projectcontour", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - kuardService3 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService3 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard3", Namespace: "projectcontour", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - kuardServiceCustomNs := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardServiceCustomNs := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "custom", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - blogService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + blogService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blogsvc", Namespace: "projectcontour", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 80, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 80, 8080)}, }, } - tlsService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + tlsService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlssvc", Namespace: "projectcontour", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("https", "TCP", 443, 8443)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("https", "TCP", 443, 8443)}, }, } - tlsAndNonTLSService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + tlsAndNonTLSService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsandnontlssvc", Namespace: "projectcontour", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{ makeServicePort("http", "TCP", 80, 8080), makeServicePort("https", "TCP", 443, 8443), }, @@ -112,25 +113,25 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } validClass := &gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "test-validClass", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, } gatewayHTTPAllNamespaces := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -150,7 +151,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } gatewayHTTPSameNamespace := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -170,7 +171,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } gatewayHTTPNamespaceSelector := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -182,11 +183,11 @@ func TestDAGInsertGatewayAPI(t *testing.T) { AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ "app": "contour", }, - MatchExpressions: []metav1.LabelSelectorRequirement{{ + MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "type", Operator: "In", Values: []string{"controller"}, @@ -202,7 +203,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { wildcardHostname := gatewayapi_v1beta1.Hostname("*.projectcontour.io") gatewayHTTPWithHostname := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -222,7 +223,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } gatewayHTTPWithWildcardHostname := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -242,7 +243,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } gatewayHTTPWithAddresses := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -268,7 +269,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } gatewayTLSPassthroughAllNamespaces := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -290,7 +291,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } gatewayTLSPassthroughSameNamespace := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -312,7 +313,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } gatewayTLSPassthroughNamespaceSelector := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -327,7 +328,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"matching-label-key": "matching-label-value"}, }, }, @@ -336,29 +337,29 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - cert1 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + cert1 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "projectcontour", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.CERTIFICATE), }, } - cert2 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + cert2 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca2", Namespace: "projectcontour", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.EC_CERTIFICATE), }, } - configMapCert1 := &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + configMapCert1 := &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "projectcontour", }, @@ -367,26 +368,26 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - sec1 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + sec1 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "projectcontour", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), } - sec2 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + sec2 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "tls-cert-namespace", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), } gatewayTLSTerminateCertInDifferentNamespace := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -412,7 +413,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } gatewayHTTPSAllNamespaces := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -436,7 +437,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } gatewayHTTPAndHTTPS := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -473,7 +474,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } basicHTTPRoute := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -492,7 +493,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } basicTLSRoute := &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -508,7 +509,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { } basicGRPCRoute := &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -610,8 +611,8 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gatewayclass: validClass, gateway: gatewayHTTPNamespaceSelector, objs: []any{ - &v1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Namespace{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "custom", Labels: map[string]string{ "app": "contour", @@ -635,8 +636,8 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gatewayclass: validClass, gateway: gatewayHTTPNamespaceSelector, objs: []any{ - &v1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Namespace{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "custom", Labels: map[string]string{ "app": "notmatch", @@ -656,7 +657,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -687,7 +688,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardServiceCustomNs, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "custom", }, @@ -724,7 +725,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: gatewayTLSPassthroughSameNamespace.Namespace, }, @@ -761,7 +762,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardServiceCustomNs, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: kuardServiceCustomNs.Namespace, }, @@ -783,14 +784,14 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayTLSPassthroughNamespaceSelector, objs: []any{ kuardServiceCustomNs, - &v1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Namespace{ + ObjectMeta: meta_v1.ObjectMeta{ Name: kuardServiceCustomNs.Namespace, Labels: map[string]string{"matching-label-key": "matching-label-value"}, }, }, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: kuardServiceCustomNs.Namespace, }, @@ -826,14 +827,14 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayTLSPassthroughNamespaceSelector, objs: []any{ kuardServiceCustomNs, - &v1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Namespace{ + ObjectMeta: meta_v1.ObjectMeta{ Name: kuardServiceCustomNs.Namespace, Labels: map[string]string{"matching-label-key": "this-label-value-does-not-match"}, }, }, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: kuardServiceCustomNs.Namespace, }, @@ -867,7 +868,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: kuardService.Namespace, }, @@ -889,7 +890,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "TLS Listener with TLS.Mode=Passthrough is invalid if certificateRef is specified": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -920,7 +921,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "TLS Listener with TLS.Mode=Terminate is invalid if certificateRef is not specified": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -950,7 +951,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "TLS Listener with TLS not defined is invalid": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -975,7 +976,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "TLSRoute with invalid listener protocol of HTTP": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -1031,7 +1032,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "insert gateway with selector kind that doesn't match": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -1062,7 +1063,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "insert gateway with selector group that doesn't match": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -1146,7 +1147,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -1307,7 +1308,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, crossNSBackendHTTPRoute, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -1335,7 +1336,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, crossNSBackendHTTPRoute, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -1364,7 +1365,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, crossNSBackendHTTPRoute, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -1394,7 +1395,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, crossNSBackendHTTPRoute, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: "some-other-namespace", // would need to be "projectcontour" to be valid }, @@ -1424,7 +1425,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, crossNSBackendHTTPRoute, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -1454,7 +1455,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, crossNSBackendHTTPRoute, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -1554,7 +1555,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "insert basic single route, single hostname, gateway with TLS, HTTP protocol is ignored": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -1597,7 +1598,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "insert basic single route, single hostname, gateway with TLS, HTTPS protocol missing certificateRef": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -1656,12 +1657,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gatewayclass: validClass, gateway: gatewayHTTPSAllNamespaces, objs: []any{ - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlscert", Namespace: "projectcontour", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata("wrong", "wronger"), }, kuardService, @@ -1701,7 +1702,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "TLS Listener Gateway CertificateRef must be type core.Secret": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -1736,7 +1737,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "TLS Listener Gateway CertificateRef must be specified": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -1768,7 +1769,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ sec2, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-grant", Namespace: sec2.Namespace, }, @@ -1817,7 +1818,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ sec2, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-grant", Namespace: sec2.Namespace, }, @@ -1857,7 +1858,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ sec2, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-grant", Namespace: "wrong-namespace", }, @@ -1883,7 +1884,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ sec2, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-grant", Namespace: sec2.Namespace, }, @@ -1909,7 +1910,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ sec2, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-grant", Namespace: sec2.Namespace, }, @@ -1935,7 +1936,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ sec2, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-grant", Namespace: sec2.Namespace, }, @@ -1961,7 +1962,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ sec2, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-grant", Namespace: sec2.Namespace, }, @@ -1996,7 +1997,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "Invalid listener protocol type (TCP)": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -2018,7 +2019,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "Invalid listener protocol type (UDP)": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -2040,7 +2041,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "Invalid listener protocol type (custom)": { gatewayclass: validClass, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -2067,7 +2068,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, blogService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -2087,7 +2088,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, }, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basictls", Namespace: "projectcontour", }, @@ -3434,7 +3435,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { configMapCert1, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -3501,7 +3502,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { cert1, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -3569,7 +3570,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { cert2, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -3643,7 +3644,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { cert1, makeHTTPRoute("tls-basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/tls", "tlsandnontlssvc", 443, 1)), &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "non-tls-basic", Namespace: "projectcontour", }, @@ -3660,7 +3661,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, }, &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -3749,7 +3750,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { tlsService, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -3804,7 +3805,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { tlsService, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -3859,7 +3860,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { tlsService, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4041,7 +4042,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4078,7 +4079,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -4101,7 +4102,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -4126,7 +4127,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -4164,7 +4165,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -4189,7 +4190,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -4228,7 +4229,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -4253,7 +4254,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -4277,7 +4278,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -4302,7 +4303,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: "some-other-namespace", // would have to be "projectcontour" to be valid }, @@ -4326,7 +4327,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -4351,7 +4352,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -4375,7 +4376,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -4400,7 +4401,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -4425,7 +4426,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4482,7 +4483,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4531,7 +4532,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4558,7 +4559,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4593,7 +4594,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayTLSPassthroughAllNamespaces, objs: []any{ &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4618,7 +4619,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService2, kuardService3, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4665,7 +4666,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService2, kuardService3, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4712,7 +4713,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService2, kuardService3, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4807,7 +4808,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "different-ns-than-gateway", }, @@ -4835,7 +4836,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4867,7 +4868,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, blogService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4889,7 +4890,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, }, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basictls", Namespace: "projectcontour", }, @@ -4938,7 +4939,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -4980,7 +4981,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -5022,7 +5023,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -5063,7 +5064,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -5099,7 +5100,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -5176,7 +5177,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -5253,7 +5254,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -5310,7 +5311,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -5370,7 +5371,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, kuardService2, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -5412,7 +5413,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService2, kuardService3, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -5461,7 +5462,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5488,7 +5489,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: kuardService.Namespace, }, @@ -5554,102 +5555,102 @@ func TestDAGInsert(t *testing.T) { // The DAG is insensitive to ordering, adding an ingress, then a service, // should have the same result as adding a service, then an ingress. - sec1 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + sec1 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), } // Invalid cert in the secret - secInvalid := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + secInvalid := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata("wrong", "wronger"), } // weird secret with a blank ca.crt that // cert manager creates. #1644 - sec3 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + sec3 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{ - CACertificateKey: []byte(""), - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), + CACertificateKey: []byte(""), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), }, } - sec4 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + sec4 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "root", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), } - fallbackCertificateSecret := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + fallbackCertificateSecret := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbacksecret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), } - fallbackCertificateSecretRootNamespace := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + fallbackCertificateSecretRootNamespace := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbacksecret", Namespace: "root", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), } - cert1 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + cert1 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.CERTIFICATE), }, } - cert2 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + cert2 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "caCertOriginalNs", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.CERTIFICATE), }, } - crl := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + crl := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "crl", Namespace: "default", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CRLKey: []byte(fixture.CRL), }, } i1V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -5667,7 +5668,7 @@ func TestDAGInsert(t *testing.T) { } i1aV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -5689,7 +5690,7 @@ func TestDAGInsert(t *testing.T) { // i2V1 is functionally identical to i1V1 i2V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -5703,7 +5704,7 @@ func TestDAGInsert(t *testing.T) { // i2aV1 is missing a http key from the spec.rule. // see issue 606 i2aV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -5716,7 +5717,7 @@ func TestDAGInsert(t *testing.T) { // i3V1 is similar to i2V1 but includes a hostname on the ingress rule i3V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -5733,7 +5734,7 @@ func TestDAGInsert(t *testing.T) { } // i4V1 is like i1V1 except it uses a named service port i4V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -5752,7 +5753,7 @@ func TestDAGInsert(t *testing.T) { // i5V1 is functionally identical to i2V1 i5V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -5765,7 +5766,7 @@ func TestDAGInsert(t *testing.T) { // i6V1 contains two named vhosts which point to the same service // one of those has TLS i6V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "two-vhosts", Namespace: "default", }, @@ -5785,7 +5786,7 @@ func TestDAGInsert(t *testing.T) { } i6aV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "two-vhosts", Namespace: "default", Annotations: map[string]string{ @@ -5808,7 +5809,7 @@ func TestDAGInsert(t *testing.T) { } i6bV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "two-vhosts", Namespace: "default", Annotations: map[string]string{ @@ -5828,7 +5829,7 @@ func TestDAGInsert(t *testing.T) { } i6cV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "two-vhosts", Namespace: "default", Annotations: map[string]string{ @@ -5850,7 +5851,7 @@ func TestDAGInsert(t *testing.T) { // i7V1 contains a single vhost with two paths i7V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "two-paths", Namespace: "default", }, @@ -5877,7 +5878,7 @@ func TestDAGInsert(t *testing.T) { // i8V1 is identical to i7V1 but uses multiple IngressRules i8V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "two-rules", Namespace: "default", }, @@ -5910,7 +5911,7 @@ func TestDAGInsert(t *testing.T) { } // i9V1 is identical to i8V1 but disables non TLS connections i9V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "two-rules", Namespace: "default", Annotations: map[string]string{ @@ -5946,7 +5947,7 @@ func TestDAGInsert(t *testing.T) { } i10aV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "two-rules", Namespace: "default", Annotations: map[string]string{ @@ -5974,7 +5975,7 @@ func TestDAGInsert(t *testing.T) { // i11V1 has a websocket route i11V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "websocket", Namespace: "default", Annotations: map[string]string{ @@ -5999,7 +6000,7 @@ func TestDAGInsert(t *testing.T) { // i12aV1 has an invalid timeout i12aV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "timeout", Namespace: "default", Annotations: map[string]string{ @@ -6022,7 +6023,7 @@ func TestDAGInsert(t *testing.T) { // i12bV1 has a reasonable timeout i12bV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "timeout", Namespace: "default", Annotations: map[string]string{ @@ -6045,7 +6046,7 @@ func TestDAGInsert(t *testing.T) { // i12cV1 has an unreasonable timeout i12cV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "timeout", Namespace: "default", Annotations: map[string]string{ @@ -6067,7 +6068,7 @@ func TestDAGInsert(t *testing.T) { } i12dV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "timeout", Namespace: "default", Annotations: map[string]string{ @@ -6089,7 +6090,7 @@ func TestDAGInsert(t *testing.T) { } i12eV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "timeout", Namespace: "default", Annotations: map[string]string{ @@ -6111,7 +6112,7 @@ func TestDAGInsert(t *testing.T) { } i12fV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "timeout", Namespace: "default", Annotations: map[string]string{ @@ -6136,7 +6137,7 @@ func TestDAGInsert(t *testing.T) { // they represent a tricky way over 'overlaying' routes from one // ingress onto another i13aV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "app", Namespace: "default", Annotations: map[string]string{ @@ -6163,7 +6164,7 @@ func TestDAGInsert(t *testing.T) { } i13bV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{Name: "challenge", Namespace: "nginx-ingress"}, + ObjectMeta: meta_v1.ObjectMeta{Name: "challenge", Namespace: "nginx-ingress"}, Spec: networking_v1.IngressSpec{ Rules: []networking_v1.IngressRule{{ Host: "example.com", @@ -6180,7 +6181,7 @@ func TestDAGInsert(t *testing.T) { } i3aV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -6192,7 +6193,7 @@ func TestDAGInsert(t *testing.T) { } i14V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "timeout", Namespace: "default", Annotations: map[string]string{ @@ -6216,7 +6217,7 @@ func TestDAGInsert(t *testing.T) { } i15V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "regex", Namespace: "default", }, @@ -6235,7 +6236,7 @@ func TestDAGInsert(t *testing.T) { } i15InvalidRegexV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "regex", Namespace: "default", }, @@ -6254,7 +6255,7 @@ func TestDAGInsert(t *testing.T) { } i16V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "wildcards", Namespace: "default", }, @@ -6284,7 +6285,7 @@ func TestDAGInsert(t *testing.T) { } i17V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -6298,7 +6299,7 @@ func TestDAGInsert(t *testing.T) { // i18V1 is use secret from another namespace using annotation projectcontour.io/tls-cert-namespace i18V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-from-other-ns-annotation", Namespace: "default", Annotations: map[string]string{ @@ -6318,7 +6319,7 @@ func TestDAGInsert(t *testing.T) { } iPathMatchTypesV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "pathmatchtypes", Namespace: "default", }, @@ -6370,21 +6371,21 @@ func TestDAGInsert(t *testing.T) { } // s3a and b have http/2 protocol annotations - s3a := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s3a := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ "projectcontour.io/upstream-protocol.h2c": "80,http", }, }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 80, 8888)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 80, 8888)}, }, } - s3b := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s3b := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: s3a.Name, Namespace: s3a.Namespace, Annotations: map[string]string{ @@ -6394,8 +6395,8 @@ func TestDAGInsert(t *testing.T) { Spec: s3a.Spec, } - s3c := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s3c := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: s3b.Name, Namespace: s3b.Namespace, Annotations: map[string]string{ @@ -6405,49 +6406,49 @@ func TestDAGInsert(t *testing.T) { Spec: s3b.Spec, } - sec13 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + sec13 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-tls", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), } - s13a := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s13a := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "app-service", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - s13b := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s13b := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "challenge-service", Namespace: "nginx-ingress", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8009, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8009, 8080)}, }, } - proxyMultipleBackends := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyMultipleBackends := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }, { @@ -6458,25 +6459,25 @@ func TestDAGInsert(t *testing.T) { }, } - proxyTLS12 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTLS12 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, MinimumProtocolVersion: "1.2", MaximumProtocolVersion: "1.2", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6484,25 +6485,25 @@ func TestDAGInsert(t *testing.T) { }, } - proxyTLS13 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTLS13 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, MinimumProtocolVersion: "1.3", MaximumProtocolVersion: "1.3", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6510,25 +6511,25 @@ func TestDAGInsert(t *testing.T) { }, } - proxyTLSInvalid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTLSInvalid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, MinimumProtocolVersion: "0.999", MaximumProtocolVersion: "1.4", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6536,29 +6537,29 @@ func TestDAGInsert(t *testing.T) { }, } - proxyWeightsTwoRoutesDiffWeights := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWeightsTwoRoutesDiffWeights := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, Weight: 90, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/b", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, Weight: 60, @@ -6567,20 +6568,20 @@ func TestDAGInsert(t *testing.T) { }, } - proxyWeightsOneRouteDiffWeights := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWeightsOneRouteDiffWeights := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, Weight: 90, @@ -6593,24 +6594,24 @@ func TestDAGInsert(t *testing.T) { }, } - proxyRetryPolicyValidTimeout := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRetryPolicyValidTimeout := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "bar-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "bar.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - RetryPolicy: &contour_api_v1.RetryPolicy{ + RetryPolicy: &contour_v1.RetryPolicy{ NumRetries: 6, PerTryTimeout: "10s", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6618,24 +6619,24 @@ func TestDAGInsert(t *testing.T) { }, } - proxyRetryPolicyInvalidTimeout := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRetryPolicyInvalidTimeout := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "bar-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "bar.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - RetryPolicy: &contour_api_v1.RetryPolicy{ + RetryPolicy: &contour_v1.RetryPolicy{ NumRetries: 6, PerTryTimeout: "please", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6643,24 +6644,24 @@ func TestDAGInsert(t *testing.T) { }, } - proxyRetryPolicyZeroRetries := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRetryPolicyZeroRetries := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "bar-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "bar.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - RetryPolicy: &contour_api_v1.RetryPolicy{ + RetryPolicy: &contour_v1.RetryPolicy{ NumRetries: 0, PerTryTimeout: "10s", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6668,23 +6669,23 @@ func TestDAGInsert(t *testing.T) { }, } - proxyTimeoutPolicyInvalidResponse := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTimeoutPolicyInvalidResponse := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "bar-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "bar.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - TimeoutPolicy: &contour_api_v1.TimeoutPolicy{ + TimeoutPolicy: &contour_v1.TimeoutPolicy{ Response: "peanut", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6692,23 +6693,23 @@ func TestDAGInsert(t *testing.T) { }, } - proxyTimeoutPolicyValidResponse := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTimeoutPolicyValidResponse := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "bar-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "bar.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - TimeoutPolicy: &contour_api_v1.TimeoutPolicy{ + TimeoutPolicy: &contour_v1.TimeoutPolicy{ Response: "1m30s", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6716,23 +6717,23 @@ func TestDAGInsert(t *testing.T) { }, } - proxyTimeoutPolicyInfiniteResponse := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTimeoutPolicyInfiniteResponse := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "bar-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "bar.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - TimeoutPolicy: &contour_api_v1.TimeoutPolicy{ + TimeoutPolicy: &contour_v1.TimeoutPolicy{ Response: "infinite", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6740,20 +6741,20 @@ func TestDAGInsert(t *testing.T) { }, } - proxyWildcardFQDN := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWildcardFQDN := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "wildcard", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "*.projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6761,33 +6762,33 @@ func TestDAGInsert(t *testing.T) { }, } - s1 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s1 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } // s1a carries the tls annotation - s1a := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s1a := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ "projectcontour.io/upstream-protocol.tls": "8080", }, }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } // s1b carries all four ingress annotations{ - s1b := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s1b := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -6798,140 +6799,140 @@ func TestDAGInsert(t *testing.T) { "projectcontour.io/per-host-max-connections": "45", }, }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } // s2 is like s1 but with a different name - s2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuarder", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } // s2a is like s1 but with a different name again. // used in testing override priority. - s2a := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s2a := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuardest", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } // s3 is like s1 but has a different port - s3 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s3 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 9999, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 9999, 8080)}, }, } - s4 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s4 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blog", Namespace: "marketing", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - s9 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s9 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, }}, }, } - s10 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s10 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-passthrough", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("https", "TCP", 443, 443), makeServicePort("http", "TCP", 80, 80)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("https", "TCP", 443, 443), makeServicePort("http", "TCP", 80, 80)}, }, } - s11 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s11 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blog", Namespace: "it", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("blog", "TCP", 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("blog", "TCP", 8080)}, }, } - s12 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s12 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "teama", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - s13 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s13 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "teamb", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - s14 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s14 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: v1.ServiceSpec{ + Spec: core_v1.ServiceSpec{ ExternalName: "externalservice.io", - Ports: []v1.ServicePort{{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, }}, - Type: v1.ServiceTypeExternalName, + Type: core_v1.ServiceTypeExternalName, }, } - proxyDelegatedTLSSecret := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyDelegatedTLSSecret := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "app-with-tls-delegation", Namespace: s10.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "app-with-tls-delegation.127.0.0.1.nip.io", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "projectcontour/ssl-cert", // not delegated }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s10.Name, Port: 80, }}, @@ -6939,20 +6940,20 @@ func TestDAGInsert(t *testing.T) { }, } - proxy1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6961,20 +6962,20 @@ func TestDAGInsert(t *testing.T) { } // proxy1a tcp forwards traffic to default/kuard:8080 by TLS pass-through it. - proxy1a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard-tcp", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -6983,17 +6984,17 @@ func TestDAGInsert(t *testing.T) { } // proxy1b is a straight HTTP forward, no conditions. - proxy1b := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1b := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -7002,45 +7003,45 @@ func TestDAGInsert(t *testing.T) { } // proxy1c is a straight forward, with prefix and header conditions. - proxy1c := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1c := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", Present: true, }, }, { Prefix: "/kuard", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "e-tag", Contains: "abcdef", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-timeout", NotContains: "infinity", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "digest-auth", Exact: "scott", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "digest-password", NotExact: "tiger", }, }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -7050,26 +7051,26 @@ func TestDAGInsert(t *testing.T) { // proxy1d tcp forwards secure traffic to default/kuard:8080 by TLS pass-through it, // insecure traffic is 301 upgraded. - proxy1d := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1d := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard-tcp", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7079,27 +7080,27 @@ func TestDAGInsert(t *testing.T) { // proxy1e tcp forwards secure traffic to default/kuard:8080 by TLS pass-through it, // insecure traffic is not 301 upgraded because of the permitInsecure: true annotation. - proxy1e := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1e := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard-tcp", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ PermitInsecure: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s10.Name, Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: s10.Name, Port: 443, }}, @@ -7109,20 +7110,20 @@ func TestDAGInsert(t *testing.T) { // proxy1f is identical to proxy1 and ir1, except for a different service. // Used to test priority when importing ir then httproxy. - proxy1f := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1f := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s2a.Name, Port: 8080, }}, @@ -7130,28 +7131,28 @@ func TestDAGInsert(t *testing.T) { }, } - proxy2a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy2a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "kubesystem", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Includes: []contour_v1.Include{{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", Present: true, }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-timeout", NotContains: "infinity", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "digest-auth", Exact: "scott", }, @@ -7162,18 +7163,18 @@ func TestDAGInsert(t *testing.T) { // This second include has a similar set of conditions with // slight differences which should still ensure there is a // route programmed. - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", Present: true, }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-timeout", NotPresent: true, }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "digest-auth", Exact: "scott", }, @@ -7184,27 +7185,27 @@ func TestDAGInsert(t *testing.T) { }, } - proxy2b := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy2b := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/kuard", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "e-tag", Contains: "abcdef", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "digest-password", NotExact: "tiger", }, }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -7212,23 +7213,23 @@ func TestDAGInsert(t *testing.T) { }, } - proxy2c := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy2c := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - HealthCheckPolicy: &contour_api_v1.HTTPHealthCheckPolicy{ + HealthCheckPolicy: &contour_v1.HTTPHealthCheckPolicy{ Path: "/healthz", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -7238,20 +7239,20 @@ func TestDAGInsert(t *testing.T) { // proxy2d is a proxy with two routes that have the same prefix and a Contains header // condition on the same header, differing only in the value of the condition. - proxy2d := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy2d := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "e-tag", Contains: "abc", }, @@ -7260,15 +7261,15 @@ func TestDAGInsert(t *testing.T) { Prefix: "/", }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, }, { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "e-tag", Contains: "def", }, @@ -7277,7 +7278,7 @@ func TestDAGInsert(t *testing.T) { Prefix: "/", }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -7288,20 +7289,20 @@ func TestDAGInsert(t *testing.T) { // proxy2e is a proxy with two routes that both have a condition on the same // header, one using Contains and one using NotContains. - proxy2e := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy2e := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "e-tag", Contains: "abc", }, @@ -7310,15 +7311,15 @@ func TestDAGInsert(t *testing.T) { Prefix: "/", }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, }, { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "e-tag", NotContains: "abc", }, @@ -7327,7 +7328,7 @@ func TestDAGInsert(t *testing.T) { Prefix: "/", }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -7337,23 +7338,23 @@ func TestDAGInsert(t *testing.T) { } // proxy6 has TLS and does not specify min tls version - proxy6 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy6 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -7361,23 +7362,23 @@ func TestDAGInsert(t *testing.T) { }, } - proxy17 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy17 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: cert1.Name, SubjectName: "example.com", }, @@ -7386,24 +7387,24 @@ func TestDAGInsert(t *testing.T) { }, } protocolh2 := "h2" - proxy17h2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy17h2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, Protocol: &protocolh2, - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: cert1.Name, SubjectName: "example.com", }, @@ -7411,23 +7412,23 @@ func TestDAGInsert(t *testing.T) { }}, }, } - proxy17UpstreamCACertDelegation := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy17UpstreamCACertDelegation := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: fmt.Sprintf("%s/%s", cert2.Namespace, cert2.Name), SubjectName: "example.com", }, @@ -7437,26 +7438,26 @@ func TestDAGInsert(t *testing.T) { } // proxy18 is downstream validation, HTTP route - proxy18 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy18 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: cert1.Name, }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7465,23 +7466,23 @@ func TestDAGInsert(t *testing.T) { } // proxy19 is downstream validation, TCP proxying - proxy19 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy19 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: cert1.Name, }, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7490,29 +7491,29 @@ func TestDAGInsert(t *testing.T) { } // proxy10 has a websocket route - proxy10 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy10 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/websocket", }}, EnableWebsockets: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -7521,29 +7522,29 @@ func TestDAGInsert(t *testing.T) { } // proxy10b has a websocket route w/multiple upstreams - proxy10b := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy10b := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/websocket", }}, EnableWebsockets: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -7552,20 +7553,20 @@ func TestDAGInsert(t *testing.T) { } // proxy12 tests mirroring - proxy12 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy12 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }, { @@ -7578,20 +7579,20 @@ func TestDAGInsert(t *testing.T) { } // proxy13 has two mirrors, invalid. - proxy13 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy13 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }, { @@ -7611,26 +7612,26 @@ func TestDAGInsert(t *testing.T) { } // proxy20 is downstream validation, skip cert validation - proxy20 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy20 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ SkipClientCertValidation: true, }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7639,27 +7640,27 @@ func TestDAGInsert(t *testing.T) { } // proxy21 is downstream validation, skip cert validation, with a CA - proxy21 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy21 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ SkipClientCertValidation: true, CACertificate: cert1.Name, }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7668,27 +7669,27 @@ func TestDAGInsert(t *testing.T) { } // proxy22 is downstream validation with CRL check. - proxy22 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy22 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: cert1.Name, CertificateRevocationList: crl.Name, }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7697,28 +7698,28 @@ func TestDAGInsert(t *testing.T) { } // proxy22 is downstream validation with CRL check but only for leaf-certificate. - proxy23 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy23 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: cert1.Name, CertificateRevocationList: crl.Name, OnlyVerifyLeafCertCrl: true, }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7727,27 +7728,27 @@ func TestDAGInsert(t *testing.T) { } // proxy24 is downstream validation, optional cert validation - proxy24 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy24 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: cert1.Name, OptionalClientCertificate: true, }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7756,19 +7757,19 @@ func TestDAGInsert(t *testing.T) { } // proxy25 is downstream validation, fwd client cert details - proxy25 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy25 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: cert1.Name, - ForwardClientCertificate: &contour_api_v1.ClientCertificateDetails{ + ForwardClientCertificate: &contour_v1.ClientCertificateDetails{ Subject: true, Cert: true, Chain: true, @@ -7778,11 +7779,11 @@ func TestDAGInsert(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7792,24 +7793,24 @@ func TestDAGInsert(t *testing.T) { // invalid because tcpproxy both includes another and // has a list of services. - proxy37 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy37 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "passthrough.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Include: &contour_api_v1.TCPProxyInclude{ + TCPProxy: &contour_v1.TCPProxy{ + Include: &contour_v1.TCPProxyInclude{ Name: "foo", Namespace: "roots", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7819,38 +7820,38 @@ func TestDAGInsert(t *testing.T) { // Invalid because tcpproxy neither includes another httpproxy // nor has a list of services. - proxy37a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy37a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "passthrough.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{}, + TCPProxy: &contour_v1.TCPProxy{}, }, } // proxy38 is invalid when combined with proxy39 // as the latter is a root. - proxy38 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy38 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "passthrough.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Include: &contour_api_v1.TCPProxyInclude{ + TCPProxy: &contour_v1.TCPProxy{ + Include: &contour_v1.TCPProxyInclude{ Name: "foo", Namespace: s1.Namespace, }, @@ -7858,20 +7859,20 @@ func TestDAGInsert(t *testing.T) { }, } - proxy39 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy39 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7880,20 +7881,20 @@ func TestDAGInsert(t *testing.T) { } // proxy39broot is a valid TCPProxy which includes to another TCPProxy - proxy39broot := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy39broot := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Include: &contour_api_v1.TCPProxyInclude{ + TCPProxy: &contour_v1.TCPProxy{ + Include: &contour_v1.TCPProxyInclude{ Name: "foo", Namespace: s1.Namespace, }, @@ -7901,20 +7902,20 @@ func TestDAGInsert(t *testing.T) { }, } - proxy39brootplural := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy39brootplural := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - IncludesDeprecated: &contour_api_v1.TCPProxyInclude{ + TCPProxy: &contour_v1.TCPProxy{ + IncludesDeprecated: &contour_v1.TCPProxyInclude{ Name: "foo", Namespace: s1.Namespace, }, @@ -7922,14 +7923,14 @@ func TestDAGInsert(t *testing.T) { }, } - proxy39bchild := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy39bchild := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7937,14 +7938,14 @@ func TestDAGInsert(t *testing.T) { }, } - proxy40 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy40 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7953,17 +7954,17 @@ func TestDAGInsert(t *testing.T) { } // issue 2309, each route must have at least one service - proxy41 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy41 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "missing-service", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "missing-service.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, Services: nil, // missing @@ -7971,27 +7972,27 @@ func TestDAGInsert(t *testing.T) { }, } - proxy100 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy100 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "marketingwww", Namespace: "marketing", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -7999,14 +8000,14 @@ func TestDAGInsert(t *testing.T) { }, } - proxy100a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy100a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "marketingwww", Namespace: "marketing", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "blog", Port: 8080, }}, @@ -8014,17 +8015,17 @@ func TestDAGInsert(t *testing.T) { }, } - proxy100b := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy100b := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "marketingwww", Namespace: "marketing", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/infotech", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "blog", Port: 8080, }}, @@ -8032,29 +8033,29 @@ func TestDAGInsert(t *testing.T) { }, } - proxy100c := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy100c := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "marketingwww", Namespace: "marketing", }, - Spec: contour_api_v1.HTTPProxySpec{ - Includes: []contour_api_v1.Include{{ + Spec: contour_v1.HTTPProxySpec{ + Includes: []contour_v1.Include{{ Name: "marketingit", Namespace: "it", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/it", }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/infotech", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "blog", Port: 8080, }}, }, { - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "blog", Port: 8080, }}, @@ -8062,17 +8063,17 @@ func TestDAGInsert(t *testing.T) { }, } - proxy100d := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy100d := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "marketingit", Namespace: "it", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "blog", Port: 8080, }}, @@ -8081,26 +8082,26 @@ func TestDAGInsert(t *testing.T) { } // proxy101 and proxy101a test inclusion without a specified namespace. - proxy101 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy101 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "kuarder", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/kuarder", }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -8108,14 +8109,14 @@ func TestDAGInsert(t *testing.T) { }, } - proxy101a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy101a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuarder", Namespace: proxy101.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s2.Name, Port: 8080, }}, @@ -8124,22 +8125,22 @@ func TestDAGInsert(t *testing.T) { } // invalid because two prefix conditions on route. - proxy102 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy102 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/v1", }, { Prefix: "/api", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -8148,26 +8149,26 @@ func TestDAGInsert(t *testing.T) { } // invalid because two prefix conditions on include. - proxy103 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy103 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "www", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/v1", }, { Prefix: "/api", }}, }}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -8175,14 +8176,14 @@ func TestDAGInsert(t *testing.T) { }, } - proxy103a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy103a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: "teama", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s12.Name, Port: 8080, }}, @@ -8190,26 +8191,26 @@ func TestDAGInsert(t *testing.T) { }, } - proxy104 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy104 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "kuarder", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/kuarder", }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -8217,14 +8218,14 @@ func TestDAGInsert(t *testing.T) { }, } - proxy104a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy104a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuarder", Namespace: proxy104.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s2.Name, Port: 8080, }}, @@ -8232,26 +8233,26 @@ func TestDAGInsert(t *testing.T) { }, } - proxy105 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy105 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "kuarder", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/kuarder", }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -8259,17 +8260,17 @@ func TestDAGInsert(t *testing.T) { }, } - proxy105a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy105a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuarder", Namespace: proxy105.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s2.Name, Port: 8080, }}, @@ -8277,26 +8278,26 @@ func TestDAGInsert(t *testing.T) { }, } - proxy106 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy106 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "kuarder", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/kuarder/", }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -8304,17 +8305,17 @@ func TestDAGInsert(t *testing.T) { }, } - proxy106a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy106a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuarder", Namespace: proxy105.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s2.Name, Port: 8080, }}, @@ -8322,26 +8323,26 @@ func TestDAGInsert(t *testing.T) { }, } - proxy107 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy107 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "kuarder", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/kuarder", }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -8349,17 +8350,17 @@ func TestDAGInsert(t *testing.T) { }, } - proxy107a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy107a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuarder", Namespace: proxy105.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/withavengeance", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s2.Name, Port: 8080, }}, @@ -8368,21 +8369,21 @@ func TestDAGInsert(t *testing.T) { } // proxy108 and proxy108a test duplicate conditions on include - proxy108 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy108 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -8390,19 +8391,19 @@ func TestDAGInsert(t *testing.T) { }, { Name: "blogteama", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -8410,14 +8411,14 @@ func TestDAGInsert(t *testing.T) { }, } - proxy108a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy108a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blogteama", Namespace: "teama", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s12.Name, Port: 8080, }}, @@ -8425,14 +8426,14 @@ func TestDAGInsert(t *testing.T) { }, } - proxy108b := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy108b := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blogteamb", Namespace: "teamb", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s13.Name, Port: 8080, }}, @@ -8440,25 +8441,25 @@ func TestDAGInsert(t *testing.T) { }, } - proxyReplaceHostHeaderRoute := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyReplaceHostHeaderRoute := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "bar.com", }}, @@ -8467,24 +8468,24 @@ func TestDAGInsert(t *testing.T) { }, } - proxyReplaceHostHeaderService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyReplaceHostHeaderService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "bar.com", }}, @@ -8494,25 +8495,25 @@ func TestDAGInsert(t *testing.T) { }, } - proxyReplaceHostHeaderMultiple := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyReplaceHostHeaderMultiple := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "bar.com", }, { @@ -8527,25 +8528,25 @@ func TestDAGInsert(t *testing.T) { }, } - proxyReplaceNonHostHeader := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyReplaceNonHostHeader := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "x-header", Value: "bar.com", }}, @@ -8554,25 +8555,25 @@ func TestDAGInsert(t *testing.T) { }, } - proxyReplaceHeaderEmptyValue := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyReplaceHeaderEmptyValue := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "x-header", }}, }, @@ -8580,59 +8581,59 @@ func TestDAGInsert(t *testing.T) { }, } - proxyCookieLoadBalancer := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyCookieLoadBalancer := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "Cookie", }, }}, }, } - proxyLoadBalancerHashPolicyHeader := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyLoadBalancerHashPolicyHeader := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", - RequestHashPolicies: []contour_api_v1.RequestHashPolicy{ + RequestHashPolicies: []contour_v1.RequestHashPolicy{ { Terminal: true, - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "X-Some-Header", }, }, { // Lower case but duplicated, should be ignored. - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "x-some-header", }, }, @@ -8640,12 +8641,12 @@ func TestDAGInsert(t *testing.T) { HeaderHashOptions: nil, }, { - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "X-Some-Other-Header", }, }, { - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "", }, }, @@ -8655,29 +8656,29 @@ func TestDAGInsert(t *testing.T) { }, } - proxyLoadBalancerHashPolicyQueryParameter := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyLoadBalancerHashPolicyQueryParameter := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", - RequestHashPolicies: []contour_api_v1.RequestHashPolicy{ + RequestHashPolicies: []contour_v1.RequestHashPolicy{ { Terminal: true, - QueryParameterHashOptions: &contour_api_v1.QueryParameterHashOptions{ + QueryParameterHashOptions: &contour_v1.QueryParameterHashOptions{ ParameterName: "something", }, }, @@ -8685,12 +8686,12 @@ func TestDAGInsert(t *testing.T) { QueryParameterHashOptions: nil, }, { - QueryParameterHashOptions: &contour_api_v1.QueryParameterHashOptions{ + QueryParameterHashOptions: &contour_v1.QueryParameterHashOptions{ ParameterName: "other", }, }, { - QueryParameterHashOptions: &contour_api_v1.QueryParameterHashOptions{ + QueryParameterHashOptions: &contour_v1.QueryParameterHashOptions{ ParameterName: "", }, }, @@ -8700,30 +8701,30 @@ func TestDAGInsert(t *testing.T) { }, } - proxyLoadBalancerHashPolicySourceIP := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyLoadBalancerHashPolicySourceIP := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", - RequestHashPolicies: []contour_api_v1.RequestHashPolicy{ + RequestHashPolicies: []contour_v1.RequestHashPolicy{ { // Ensure header hash policies and source IP hashing // can coexist. - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "X-Some-Header", }, }, @@ -8741,59 +8742,59 @@ func TestDAGInsert(t *testing.T) { }, } - proxyLoadBalancerHashPolicyAllInvalid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyLoadBalancerHashPolicyAllInvalid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", - RequestHashPolicies: []contour_api_v1.RequestHashPolicy{ + RequestHashPolicies: []contour_v1.RequestHashPolicy{ { HeaderHashOptions: nil, }, { - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "", }, }, { - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "X-Foo", }, HashSourceIP: true, }, { - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "X-Foo", }, - QueryParameterHashOptions: &contour_api_v1.QueryParameterHashOptions{ + QueryParameterHashOptions: &contour_v1.QueryParameterHashOptions{ ParameterName: "something", }, }, { - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "X-Foo", }, - QueryParameterHashOptions: &contour_api_v1.QueryParameterHashOptions{ + QueryParameterHashOptions: &contour_v1.QueryParameterHashOptions{ ParameterName: "something", }, HashSourceIP: true, }, { - QueryParameterHashOptions: &contour_api_v1.QueryParameterHashOptions{ + QueryParameterHashOptions: &contour_v1.QueryParameterHashOptions{ ParameterName: "something", }, HashSourceIP: true, @@ -8802,7 +8803,7 @@ func TestDAGInsert(t *testing.T) { QueryParameterHashOptions: nil, }, { - QueryParameterHashOptions: &contour_api_v1.QueryParameterHashOptions{ + QueryParameterHashOptions: &contour_v1.QueryParameterHashOptions{ ParameterName: "", }, }, @@ -8813,25 +8814,25 @@ func TestDAGInsert(t *testing.T) { } // proxy109 has a route that rewrites headers. - proxy109 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy109 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "In-Foo", Value: "bar", }}, @@ -8839,8 +8840,8 @@ func TestDAGInsert(t *testing.T) { "In-Baz", }, }, - ResponseHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Out-Foo", Value: "bar", }}, @@ -8852,25 +8853,25 @@ func TestDAGInsert(t *testing.T) { }, } // proxy111 has a route that rewrites headers. - proxy111 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy111 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, - ResponseHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "bar.baz", }}, @@ -8879,24 +8880,24 @@ func TestDAGInsert(t *testing.T) { }, } // proxy112 has a route that rewrites headers. - proxy112 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy112 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, - ResponseHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "bar.baz", }}, @@ -8907,60 +8908,60 @@ func TestDAGInsert(t *testing.T) { } // Invalid because has exact in include match conditions - proxy113 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy113 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example113-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example113.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "kuarder", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Exact: "/kuarder", }}, }}, }, } - proxy114 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy114 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example114-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example114.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "proxy114a", Namespace: s1.Namespace, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }, { Name: "proxy114b", Namespace: s2.Namespace, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/bar", }}, }}, }, } - proxy114a := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy114a := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "proxy114a", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Exact: "/exact", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -8968,17 +8969,17 @@ func TestDAGInsert(t *testing.T) { }, } - proxy114b := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy114b := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "proxy114b", Namespace: s2.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/prefix", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s2.Name, Port: 8080, }}, @@ -8986,26 +8987,26 @@ func TestDAGInsert(t *testing.T) { }, } - cookieRewritePoliciesRoute := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + cookieRewritePoliciesRoute := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - CookieRewritePolicies: []contour_api_v1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "some-cookie", - PathRewrite: &contour_api_v1.CookiePathRewrite{ + PathRewrite: &contour_v1.CookiePathRewrite{ Value: "/foo", }, - DomainRewrite: &contour_api_v1.CookieDomainRewrite{ + DomainRewrite: &contour_v1.CookieDomainRewrite{ Value: "example.com", }, Secure: ref.To(true), @@ -9017,7 +9018,7 @@ func TestDAGInsert(t *testing.T) { Secure: ref.To(false), }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -9025,29 +9026,29 @@ func TestDAGInsert(t *testing.T) { }, } - cookieRewritePoliciesService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + cookieRewritePoliciesService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, - CookieRewritePolicies: []contour_api_v1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "some-cookie", - PathRewrite: &contour_api_v1.CookiePathRewrite{ + PathRewrite: &contour_v1.CookiePathRewrite{ Value: "/foo", }, - DomainRewrite: &contour_api_v1.CookieDomainRewrite{ + DomainRewrite: &contour_v1.CookieDomainRewrite{ Value: "example.com", }, Secure: ref.To(true), @@ -9063,20 +9064,20 @@ func TestDAGInsert(t *testing.T) { }, } - duplicateCookieRewritePoliciesRoute := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + duplicateCookieRewritePoliciesRoute := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - CookieRewritePolicies: []contour_api_v1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "some-cookie", Secure: ref.To(true), @@ -9086,7 +9087,7 @@ func TestDAGInsert(t *testing.T) { SameSite: ref.To("Lax"), }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -9094,23 +9095,23 @@ func TestDAGInsert(t *testing.T) { }, } - duplicateCookieRewritePoliciesService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + duplicateCookieRewritePoliciesService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, - CookieRewritePolicies: []contour_api_v1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "some-cookie", Secure: ref.To(true), @@ -9125,25 +9126,25 @@ func TestDAGInsert(t *testing.T) { }, } - emptyCookieRewritePolicyRoute := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + emptyCookieRewritePolicyRoute := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - CookieRewritePolicies: []contour_api_v1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "some-cookie", }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -9151,23 +9152,23 @@ func TestDAGInsert(t *testing.T) { }, } - emptyCookieRewritePolicyService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + emptyCookieRewritePolicyService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, - CookieRewritePolicies: []contour_api_v1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "some-cookie", }, @@ -9178,20 +9179,20 @@ func TestDAGInsert(t *testing.T) { } protocol := "h2c" - proxy110 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy110 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, Protocol: &protocol, @@ -9201,7 +9202,7 @@ func TestDAGInsert(t *testing.T) { } ingressExternalNameService := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "externalname", Namespace: "default", }, @@ -9219,20 +9220,20 @@ func TestDAGInsert(t *testing.T) { }, } - proxyExternalNameService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyExternalNameService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s14.GetName(), Port: 80, }}, @@ -9240,20 +9241,20 @@ func TestDAGInsert(t *testing.T) { }, } - tcpProxyExternalNameService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + tcpProxyExternalNameService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: s14.GetName(), Port: 80, Protocol: ref.To("tls"), @@ -9263,60 +9264,60 @@ func TestDAGInsert(t *testing.T) { } // Invalid proxy because the regex match is in the includes block. - proxyInvalidRegexPath := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidRegexPath := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-invalid-regexpath-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.invalid.regexpath.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "path", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Regex: "/.*/path", }}, }}, }, } - proxyRegexPath := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRegexPath := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-valid-regexpath-com", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.valid.regexpath.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "child1", Namespace: s1.Namespace, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }, { Name: "child2", Namespace: s2.Namespace, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/bar", }}, }}, }, } - child1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + child1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "child1", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Regex: "/regex/.*", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -9324,17 +9325,17 @@ func TestDAGInsert(t *testing.T) { }, } - child2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + child2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "child2", Namespace: s2.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/prefix", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s2.Name, Port: 8080, }}, @@ -10649,17 +10650,17 @@ func TestDAGInsert(t *testing.T) { }, "insert httproxy with invalid include": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "example-com", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ - Conditions: []contour_api_v1.MatchCondition{{ + Includes: []contour_v1.Include{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/finance", }}, Name: "non-existent", @@ -10685,17 +10686,17 @@ func TestDAGInsert(t *testing.T) { }, "insert httproxy with include references another root": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "example-com", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ - Conditions: []contour_api_v1.MatchCondition{{ + Includes: []contour_v1.Include{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/finance", }}, Name: "other-root", @@ -10703,13 +10704,13 @@ func TestDAGInsert(t *testing.T) { }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "other-root", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example2.com", }, }, @@ -11058,13 +11059,13 @@ func TestDAGInsert(t *testing.T) { "insert httpproxy expecting upstream verification, CA secret in different namespace is delegated": { objs: []any{ cert2, s1a, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "CACertDelagation", Namespace: cert2.Namespace, }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: cert2.Name, TargetNamespaces: []string{"*"}, }}, @@ -12078,7 +12079,7 @@ func TestDAGInsert(t *testing.T) { sec1, s9, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, @@ -12093,20 +12094,20 @@ func TestDAGInsert(t *testing.T) { }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: s9.Name, Port: 80, }}, @@ -12147,27 +12148,27 @@ func TestDAGInsert(t *testing.T) { objs: []any{ sec1, s9, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ PermitInsecure: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s9.Name, Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: s9.Name, Port: 80, }}, @@ -12207,27 +12208,27 @@ func TestDAGInsert(t *testing.T) { "httpproxy tcpproxy + tlspassthrough + permitinsecure": { objs: []any{ s9, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ PermitInsecure: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s9.Name, Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: s9.Name, Port: 80, }}, @@ -12264,20 +12265,20 @@ func TestDAGInsert(t *testing.T) { "HTTPProxy request redirect policy": { objs: []any{ s1, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "redirect", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Scheme: ref.To("https"), Hostname: ref.To("envoyproxy.io"), Port: ref.To(int32(443)), @@ -12307,20 +12308,20 @@ func TestDAGInsert(t *testing.T) { }, "HTTPProxy request redirect policy - no services": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "redirect", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Scheme: ref.To("https"), Hostname: ref.To("envoyproxy.io"), Port: ref.To(int32(443)), @@ -12351,28 +12352,28 @@ func TestDAGInsert(t *testing.T) { "HTTPProxy request redirect policy with multiple matches": { objs: []any{ s1, s2, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "redirect", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s2.Name, Port: 8080, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Scheme: ref.To("https"), Hostname: ref.To("envoyproxy.io"), Port: ref.To(int32(443)), @@ -12417,20 +12418,20 @@ func TestDAGInsert(t *testing.T) { "HTTPProxy DirectResponse policy - code 200": { objs: []any{ s1, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "direct-response", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - DirectResponsePolicy: &contour_api_v1.HTTPDirectResponsePolicy{ + DirectResponsePolicy: &contour_v1.HTTPDirectResponsePolicy{ StatusCode: 200, Body: "success", }, @@ -12457,20 +12458,20 @@ func TestDAGInsert(t *testing.T) { "HTTPProxy DirectResponse policy - no body": { objs: []any{ s1, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "direct-response", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - DirectResponsePolicy: &contour_api_v1.HTTPDirectResponsePolicy{ + DirectResponsePolicy: &contour_v1.HTTPDirectResponsePolicy{ StatusCode: 503, }, }}, @@ -12495,37 +12496,37 @@ func TestDAGInsert(t *testing.T) { "HTTPProxy DirectResponse policy with multiple matches": { objs: []any{ s1, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "direct-response", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "projectcontour.io", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/direct", }}, - DirectResponsePolicy: &contour_api_v1.HTTPDirectResponsePolicy{ + DirectResponsePolicy: &contour_v1.HTTPDirectResponsePolicy{ StatusCode: 404, Body: "page not found", }, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/redirect", }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Scheme: ref.To("https"), Hostname: ref.To("envoyproxy.io"), Port: ref.To(int32(443)), @@ -12613,13 +12614,13 @@ func TestDAGInsert(t *testing.T) { objs: []any{ s1, sec4, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "CertDelagation", Namespace: sec4.Namespace, }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: sec4.Name, TargetNamespaces: []string{"*"}, }}, @@ -13215,21 +13216,21 @@ func TestDAGInsert(t *testing.T) { sec1, s9, fallbackCertificateSecret, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -13271,21 +13272,21 @@ func TestDAGInsert(t *testing.T) { sec4, s9, fallbackCertificateSecret, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -13302,33 +13303,33 @@ func TestDAGInsert(t *testing.T) { sec1, s9, fallbackCertificateSecretRootNamespace, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbackcertdelegation", Namespace: "root", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: "fallbacksecret", TargetNamespaces: []string{"*"}, }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -13369,33 +13370,33 @@ func TestDAGInsert(t *testing.T) { sec1, s9, fallbackCertificateSecretRootNamespace, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbackcertdelegation", Namespace: "root", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: "fallbacksecret", TargetNamespaces: []string{"default"}, }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -13437,20 +13438,20 @@ func TestDAGInsert(t *testing.T) { sec1, s9, fallbackCertificateSecret, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -13467,23 +13468,23 @@ func TestDAGInsert(t *testing.T) { sec1, s9, fallbackCertificateSecret, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ EnableFallbackCertificate: true, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: cert1.Name, }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -13500,42 +13501,42 @@ func TestDAGInsert(t *testing.T) { sec1, s9, fallbackCertificateSecret, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx-disabled", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "projectcontour.io", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, EnableFallbackCertificate: false, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -13587,20 +13588,20 @@ func TestDAGInsert(t *testing.T) { sec1, s9, fallbackCertificateSecret, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -13642,21 +13643,21 @@ func TestDAGInsert(t *testing.T) { sec1, s9, fallbackCertificateSecret, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, EnableFallbackCertificate: false, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "nginx", Port: 80, }}, @@ -13693,20 +13694,20 @@ func TestDAGInsert(t *testing.T) { "httpproxy with tcpproxy with multiple services, no explicit weights": { objs: []any{ s1, s2, s9, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "weighted-tcpproxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{ {Name: s1.Name, Port: int(s1.Spec.Ports[0].Port)}, {Name: s2.Name, Port: int(s2.Spec.Ports[0].Port)}, {Name: s9.Name, Port: int(s9.Spec.Ports[0].Port)}, @@ -13735,20 +13736,20 @@ func TestDAGInsert(t *testing.T) { "httpproxy with tcpproxy with multiple weighted services": { objs: []any{ s1, s2, s9, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "weighted-tcpproxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{ {Name: s1.Name, Port: int(s1.Spec.Ports[0].Port), Weight: 1}, {Name: s2.Name, Port: int(s2.Spec.Ports[0].Port), Weight: 2}, {Name: s9.Name, Port: int(s9.Spec.Ports[0].Port), Weight: 3}, @@ -13782,20 +13783,20 @@ func TestDAGInsert(t *testing.T) { "httpproxy with tcpproxy with multiple services, some weighted, some not": { objs: []any{ s1, s2, s9, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "weighted-tcpproxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{ {Name: s1.Name, Port: int(s1.Spec.Ports[0].Port), Weight: 1}, {Name: s2.Name, Port: int(s2.Spec.Ports[0].Port), Weight: 0}, {Name: s9.Name, Port: int(s9.Spec.Ports[0].Port), Weight: 3}, @@ -13899,21 +13900,21 @@ func TestDAGInsert(t *testing.T) { } func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { - kuardService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "projectcontour", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - sec1 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + sec1 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "projectcontour", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), } @@ -13924,7 +13925,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }{ "HTTPProxy attached to HTTP-only Gateway": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -13946,23 +13947,23 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, objs: []any{ kuardService, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.projectcontour.io", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "kuard", Port: 8080, @@ -13984,7 +13985,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "HTTPProxy attached to Gateway with multiple HTTP listeners": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14016,23 +14017,23 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, objs: []any{ kuardService, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.projectcontour.io", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "kuard", Port: 8080, @@ -14047,7 +14048,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "HTTPProxy attached to Gateway with HTTP and HTTPS listener": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14082,23 +14083,23 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, objs: []any{ kuardService, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.projectcontour.io", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "kuard", Port: 8080, @@ -14120,7 +14121,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "HTTPProxy with TLS attached to Gateway with HTTP and HTTPS listener": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14156,26 +14157,26 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { objs: []any{ kuardService, sec1, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.projectcontour.io", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "kuard", Port: 8080, @@ -14203,7 +14204,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "HTTPProxy with TLS attached to Gateway with HTTP and HTTPS listener using projectcontour.io/https protocol": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14236,26 +14237,26 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { objs: []any{ kuardService, sec1, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.projectcontour.io", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "kuard", Port: 8080, @@ -14283,7 +14284,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "HTTPProxy with TLS attached to Gateway with no HTTPS listener": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14306,26 +14307,26 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { objs: []any{ kuardService, sec1, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.projectcontour.io", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Name, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "kuard", Port: 8080, @@ -14341,7 +14342,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { "Ingress attached to HTTP-only Gateway": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14364,7 +14365,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { objs: []any{ kuardService, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-ingress", }, @@ -14397,7 +14398,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "Ingress attached to Gateway with multiple HTTP listeners": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14430,7 +14431,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { objs: []any{ kuardService, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-ingress", }, @@ -14456,7 +14457,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "Ingress attached to Gateway with HTTP and HTTPS listener": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14492,7 +14493,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { objs: []any{ kuardService, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-ingress", }, @@ -14525,7 +14526,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "Ingress with TLS attached to Gateway with HTTP and HTTPS listener": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14562,7 +14563,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { kuardService, sec1, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-ingress", }, @@ -14607,7 +14608,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "Ingress with TLS attached to Gateway with HTTP and HTTPS listener using projectcontour.io/https protocol": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14641,7 +14642,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { kuardService, sec1, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-ingress", }, @@ -14686,7 +14687,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "Ingress with TLS (with HTTP not allowed) attached to Gateway with no HTTPS listener": { gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -14710,7 +14711,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { kuardService, sec1, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "kuard-ingress", Annotations: map[string]string{ @@ -14748,7 +14749,7 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { gc := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour-gc", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -14826,17 +14827,17 @@ func ingressrulev1value(backend *networking_v1.IngressBackend) networking_v1.Ing } func TestDAGRootNamespaces(t *testing.T) { - proxy1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "allowed1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -14845,17 +14846,17 @@ func TestDAGRootNamespaces(t *testing.T) { } // proxy2 is like proxy1, but in a different namespace - proxy2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "allowed2", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example2.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -14863,23 +14864,23 @@ func TestDAGRootNamespaces(t *testing.T) { }, } - s2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "allowed1", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080)}, }, } - s3 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s3 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "allowed2", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080)}, }, } @@ -14980,7 +14981,7 @@ func TestHTTPProxyConficts(t *testing.T) { type testcase struct { objs []any wantListeners []*Listener - wantStatus map[types.NamespacedName]contour_api_v1.DetailedCondition + wantStatus map[types.NamespacedName]contour_v1.DetailedCondition } run := func(t *testing.T, name string, tc testcase) { @@ -15012,7 +15013,7 @@ func TestHTTPProxyConficts(t *testing.T) { } assert.Equal(t, want, gotListeners) - gotStatus := make(map[types.NamespacedName]contour_api_v1.DetailedCondition) + gotStatus := make(map[types.NamespacedName]contour_v1.DetailedCondition) for _, pu := range dag.StatusCache.GetProxyUpdates() { gotStatus[pu.Fullname] = *pu.Conditions[status.ValidCondition] } @@ -15021,39 +15022,39 @@ func TestHTTPProxyConficts(t *testing.T) { }) } - existingService1 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + existingService1 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "existing-service-1", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - existingService2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + existingService2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "existing-service-2", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } run(t, "root proxy with no route conditions refers to a missing service", testcase{ objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "missing-service", Port: 8080, }}, @@ -15070,24 +15071,24 @@ func TestHTTPProxyConficts(t *testing.T) { ), }, ), - wantStatus: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + wantStatus: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: "root-proxy", Namespace: "default"}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), + WithError(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), }, }) run(t, "root proxy with no route conditions refers to a missing include", testcase{ objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "missing-httpproxy", Namespace: "default", }}, @@ -15095,25 +15096,25 @@ func TestHTTPProxyConficts(t *testing.T) { }, }, wantListeners: listeners(), // No listeners and direct response since we have no route conditions to program. - wantStatus: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + wantStatus: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: "root-proxy", Namespace: "default"}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "IncludeNotFound", `include default/missing-httpproxy not found`), + WithError(contour_v1.ConditionTypeIncludeError, "IncludeNotFound", `include default/missing-httpproxy not found`), }, }) run(t, "root proxy with prefix route condition refers to a missing include", testcase{ objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ - Conditions: []contour_api_v1.MatchCondition{{ + Includes: []contour_v1.Include{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, Name: "missing-child-proxy", @@ -15131,33 +15132,33 @@ func TestHTTPProxyConficts(t *testing.T) { ), }, ), - wantStatus: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + wantStatus: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: "root-proxy", Namespace: "default"}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "IncludeNotFound", `include default/missing-child-proxy not found`), + WithError(contour_v1.ConditionTypeIncludeError, "IncludeNotFound", `include default/missing-child-proxy not found`), }, }) run(t, "root proxy refers to two services, one is missing", testcase{ objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/"}}, - Services: []contour_api_v1.Service{{ + Conditions: []contour_v1.MatchCondition{{Prefix: "/"}}, + Services: []contour_v1.Service{{ Name: "missing-service", Port: 8080, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/valid"}}, - Services: []contour_api_v1.Service{{ + Conditions: []contour_v1.MatchCondition{{Prefix: "/valid"}}, + Services: []contour_v1.Service{{ Name: "existing-service-1", Port: 8080, }}, @@ -15178,27 +15179,27 @@ func TestHTTPProxyConficts(t *testing.T) { ), }, ), - wantStatus: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + wantStatus: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: "root-proxy", Namespace: "default"}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), + WithError(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), }, }) run(t, "root proxy refers to three services with weights, one is missing", testcase{ objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/"}}, - Services: []contour_api_v1.Service{{ + Conditions: []contour_v1.MatchCondition{{Prefix: "/"}}, + Services: []contour_v1.Service{{ Name: "missing-service", Port: 8080, Weight: 50, @@ -15237,31 +15238,31 @@ func TestHTTPProxyConficts(t *testing.T) { ), }, ), - wantStatus: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + wantStatus: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: "root-proxy", Namespace: "default"}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), + WithError(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), }, }) run(t, "root proxy with two includes, one refers to a missing child proxy", testcase{ objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ - Conditions: []contour_api_v1.MatchCondition{{ + Includes: []contour_v1.Include{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, Name: "missing-child-proxy", Namespace: "default", }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/valid", }}, Name: "valid-child-proxy", @@ -15269,14 +15270,14 @@ func TestHTTPProxyConficts(t *testing.T) { }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "valid-child-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "existing-service-1", Port: 8080, }}, @@ -15297,39 +15298,39 @@ func TestHTTPProxyConficts(t *testing.T) { ), }, ), - wantStatus: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + wantStatus: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: "valid-child-proxy", Namespace: "default"}: fixture.NewValidCondition().Valid(), {Name: "root-proxy", Namespace: "default"}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "IncludeNotFound", `include default/missing-child-proxy not found`), + WithError(contour_v1.ConditionTypeIncludeError, "IncludeNotFound", `include default/missing-child-proxy not found`), }, }) run(t, "root proxy includes child proxy that refers to a missing service", testcase{ objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "invalid-child-proxy", Namespace: "default", - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/missing"}}, + Conditions: []contour_v1.MatchCondition{{Prefix: "/missing"}}, }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid-child-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "missing-service", Port: 8080, }}, @@ -15346,57 +15347,57 @@ func TestHTTPProxyConficts(t *testing.T) { ), }, ), - wantStatus: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + wantStatus: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: "invalid-child-proxy", Namespace: "default"}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), + WithError(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), {Name: "root-proxy", Namespace: "default"}: fixture.NewValidCondition().Valid(), }, }) run(t, "root proxy includes two child proxies, one refers to a missing service", testcase{ objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "invalid-child-proxy", Namespace: "default", - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/missing"}}, + Conditions: []contour_v1.MatchCondition{{Prefix: "/missing"}}, }, { Name: "valid-child-proxy", Namespace: "default", - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/existing"}}, + Conditions: []contour_v1.MatchCondition{{Prefix: "/existing"}}, }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid-child-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "missing-service", Port: 8080, }}, }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "valid-child-proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "existing-service-1", Port: 8080, }}, @@ -15416,9 +15417,9 @@ func TestHTTPProxyConficts(t *testing.T) { }, }, ), - wantStatus: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + wantStatus: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: "invalid-child-proxy", Namespace: "default"}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), + WithError(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "default/missing-service" not found`), {Name: "valid-child-proxy", Namespace: "default"}: fixture.NewValidCondition().Valid(), {Name: "root-proxy", Namespace: "default"}: fixture.NewValidCondition().Valid(), }, @@ -15428,7 +15429,7 @@ func TestHTTPProxyConficts(t *testing.T) { func TestDefaultHeadersPolicies(t *testing.T) { // i2V1 is functionally identical to i1V1 i2V1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -15439,20 +15440,20 @@ func TestDefaultHeadersPolicies(t *testing.T) { }, } - proxyMultipleBackends := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyMultipleBackends := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }, { @@ -15463,24 +15464,24 @@ func TestDefaultHeadersPolicies(t *testing.T) { }, } - s1 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s1 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } // s2 is like s1 but with a different name - s2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuarder", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } @@ -15818,11 +15819,11 @@ func clustersWeight(services ...*Service) (c []*Cluster) { return c } -func service(s *v1.Service) *Service { +func service(s *core_v1.Service) *Service { return weightedService(s, 1) } -func appProtcolService(s *v1.Service, protocol string, portIndex ...int) *Service { +func appProtcolService(s *core_v1.Service, protocol string, portIndex ...int) *Service { idx := 0 if len(portIndex) > 0 { idx = portIndex[0] @@ -15839,7 +15840,7 @@ func appProtcolService(s *v1.Service, protocol string, portIndex ...int) *Servic } } -func weightedService(s *v1.Service, weight uint32) *Service { +func weightedService(s *core_v1.Service, weight uint32) *Service { return &Service{ Weighted: WeightedService{ Weight: weight, @@ -15851,7 +15852,7 @@ func weightedService(s *v1.Service, weight uint32) *Service { } } -func grpcService(s *v1.Service, protocol string) *Service { +func grpcService(s *core_v1.Service, protocol string) *Service { return &Service{ Protocol: protocol, Weighted: WeightedService{ @@ -15864,11 +15865,11 @@ func grpcService(s *v1.Service, protocol string) *Service { } } -func healthService(s *v1.Service) *Service { +func healthService(s *core_v1.Service) *Service { return weightedHealthService(s, 1) } -func weightedHealthService(s *v1.Service, weight uint32) *Service { +func weightedHealthService(s *core_v1.Service, weight uint32) *Service { return &Service{ Weighted: WeightedService{ Weight: weight, @@ -15880,7 +15881,7 @@ func weightedHealthService(s *v1.Service, weight uint32) *Service { } } -func clustermap(services ...*v1.Service) []*Cluster { +func clustermap(services ...*core_v1.Service) []*Cluster { var c []*Cluster for _, s := range services { c = append(c, &Cluster{ @@ -15890,21 +15891,21 @@ func clustermap(services ...*v1.Service) []*Cluster { return c } -func secret(s *v1.Secret) *Secret { +func secret(s *core_v1.Secret) *Secret { return &Secret{ Object: s, ValidTLSSecret: &SecretValidationStatus{}, } } -func caSecret(s *v1.Secret) *Secret { +func caSecret(s *core_v1.Secret) *Secret { return &Secret{ Object: s, ValidCASecret: &SecretValidationStatus{}, } } -func crlSecret(s *v1.Secret) *Secret { +func crlSecret(s *core_v1.Secret) *Secret { return &Secret{ Object: s, ValidCRLSecret: &SecretValidationStatus{}, @@ -15926,7 +15927,7 @@ func virtualhost(name string, first *Route, rest ...*Route) *VirtualHost { } } -func securevirtualhost(name string, sec *v1.Secret, first *Route, rest ...*Route) *SecureVirtualHost { +func securevirtualhost(name string, sec *core_v1.Secret, first *Route, rest ...*Route) *SecureVirtualHost { return &SecureVirtualHost{ VirtualHost: VirtualHost{ Name: name, @@ -16004,7 +16005,7 @@ func makeHTTPRouteTimeouts(request, backendRequest string) *gatewayapi_v1.HTTPRo func makeHTTPRouteWithTimeouts(request, backendRequest string) *gatewayapi_v1beta1.HTTPRoute { return &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -16036,7 +16037,7 @@ func makeHTTPRoute(name, namespace, hostname string, firstRule gatewayapi_v1beta } } return &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, diff --git a/internal/dag/cache.go b/internal/dag/cache.go index a194e9364ca..387e33f153e 100644 --- a/internal/dag/cache.go +++ b/internal/dag/cache.go @@ -19,25 +19,25 @@ import ( "fmt" "sync" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/annotation" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ingressclass" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/metrics" - "github.com/projectcontour/contour/internal/ref" - "github.com/sirupsen/logrus" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/tools/cache" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/annotation" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ingressclass" + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/metrics" + "github.com/projectcontour/contour/internal/ref" ) // A KubernetesCache holds Kubernetes objects and associated configuration and produces @@ -61,12 +61,12 @@ type KubernetesCache struct { ConfiguredSecretRefs []*types.NamespacedName ingresses map[types.NamespacedName]*networking_v1.Ingress - httpproxies map[types.NamespacedName]*contour_api_v1.HTTPProxy + httpproxies map[types.NamespacedName]*contour_v1.HTTPProxy secrets map[types.NamespacedName]*Secret configmapsecrets map[types.NamespacedName]*Secret - tlscertificatedelegations map[types.NamespacedName]*contour_api_v1.TLSCertificateDelegation - services map[types.NamespacedName]*v1.Service - namespaces map[string]*v1.Namespace + tlscertificatedelegations map[types.NamespacedName]*contour_v1.TLSCertificateDelegation + services map[types.NamespacedName]*core_v1.Service + namespaces map[string]*core_v1.Namespace gatewayclass *gatewayapi_v1beta1.GatewayClass gateway *gatewayapi_v1beta1.Gateway httproutes map[types.NamespacedName]*gatewayapi_v1beta1.HTTPRoute @@ -75,7 +75,7 @@ type KubernetesCache struct { tcproutes map[types.NamespacedName]*gatewayapi_v1alpha2.TCPRoute referencegrants map[types.NamespacedName]*gatewayapi_v1beta1.ReferenceGrant backendtlspolicies map[types.NamespacedName]*gatewayapi_v1alpha2.BackendTLSPolicy - extensions map[types.NamespacedName]*contour_api_v1alpha1.ExtensionService + extensions map[types.NamespacedName]*contour_v1alpha1.ExtensionService // Metrics contains Prometheus metrics. Metrics *metrics.Metrics @@ -99,19 +99,19 @@ func NewDelegationNotPermittedError(err error) DelegationNotPermittedError { // init creates the internal cache storage. It is called implicitly from the public API. func (kc *KubernetesCache) init() { kc.ingresses = make(map[types.NamespacedName]*networking_v1.Ingress) - kc.httpproxies = make(map[types.NamespacedName]*contour_api_v1.HTTPProxy) + kc.httpproxies = make(map[types.NamespacedName]*contour_v1.HTTPProxy) kc.secrets = make(map[types.NamespacedName]*Secret) kc.configmapsecrets = make(map[types.NamespacedName]*Secret) - kc.tlscertificatedelegations = make(map[types.NamespacedName]*contour_api_v1.TLSCertificateDelegation) - kc.services = make(map[types.NamespacedName]*v1.Service) - kc.namespaces = make(map[string]*v1.Namespace) + kc.tlscertificatedelegations = make(map[types.NamespacedName]*contour_v1.TLSCertificateDelegation) + kc.services = make(map[types.NamespacedName]*core_v1.Service) + kc.namespaces = make(map[string]*core_v1.Namespace) kc.httproutes = make(map[types.NamespacedName]*gatewayapi_v1beta1.HTTPRoute) kc.referencegrants = make(map[types.NamespacedName]*gatewayapi_v1beta1.ReferenceGrant) kc.tlsroutes = make(map[types.NamespacedName]*gatewayapi_v1alpha2.TLSRoute) kc.grpcroutes = make(map[types.NamespacedName]*gatewayapi_v1alpha2.GRPCRoute) kc.tcproutes = make(map[types.NamespacedName]*gatewayapi_v1alpha2.TCPRoute) kc.backendtlspolicies = make(map[types.NamespacedName]*gatewayapi_v1alpha2.BackendTLSPolicy) - kc.extensions = make(map[types.NamespacedName]*contour_api_v1alpha1.ExtensionService) + kc.extensions = make(map[types.NamespacedName]*contour_v1alpha1.ExtensionService) } // Insert inserts obj into the KubernetesCache. @@ -123,13 +123,13 @@ func (kc *KubernetesCache) Insert(obj any) bool { maybeInsert := func(obj any) (bool, int) { switch obj := obj.(type) { - case *v1.Secret: + case *core_v1.Secret: // Secret validation status is intentionally cleared, it needs // to be re-validated after an insert. kc.secrets[k8s.NamespacedNameOf(obj)] = &Secret{Object: obj} return kc.secretTriggersRebuild(obj), len(kc.secrets) - case *v1.ConfigMap: + case *core_v1.ConfigMap: // Only insert configmaps that are CA certs, i.e has 'ca.crt' key, // into cache. if secret, isCA := kc.convertCACertConfigMapToSecret(obj); isCA { @@ -138,11 +138,11 @@ func (kc *KubernetesCache) Insert(obj any) bool { } return false, len(kc.configmapsecrets) - case *v1.Service: + case *core_v1.Service: kc.services[k8s.NamespacedNameOf(obj)] = obj return kc.serviceTriggersRebuild(obj), len(kc.services) - case *v1.Namespace: + case *core_v1.Namespace: kc.namespaces[obj.Name] = obj return true, len(kc.namespaces) @@ -161,7 +161,7 @@ func (kc *KubernetesCache) Insert(obj any) bool { kc.ingresses[k8s.NamespacedNameOf(obj)] = obj return true, len(kc.ingresses) - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: if !ingressclass.MatchesHTTPProxy(obj, kc.IngressClassNames) { // We didn't get a match so report this object is being ignored. kc.WithField("name", obj.GetName()). @@ -177,7 +177,7 @@ func (kc *KubernetesCache) Insert(obj any) bool { kc.httpproxies[k8s.NamespacedNameOf(obj)] = obj return true, len(kc.httpproxies) - case *contour_api_v1.TLSCertificateDelegation: + case *contour_v1.TLSCertificateDelegation: kc.tlscertificatedelegations[k8s.NamespacedNameOf(obj)] = obj return true, len(kc.tlscertificatedelegations) @@ -253,7 +253,7 @@ func (kc *KubernetesCache) Insert(obj any) bool { kc.backendtlspolicies[k8s.NamespacedNameOf(obj)] = obj return true, len(kc.backendtlspolicies) - case *contour_api_v1alpha1.ExtensionService: + case *contour_v1alpha1.ExtensionService: kc.extensions[k8s.NamespacedNameOf(obj)] = obj return true, len(kc.extensions) @@ -271,7 +271,7 @@ func (kc *KubernetesCache) Insert(obj any) bool { // Only check annotations if we actually inserted // the object in our cache; uninteresting objects // should not be checked. - if obj, ok := obj.(metav1.Object); ok { + if obj, ok := obj.(meta_v1.Object); ok { for key := range obj.GetAnnotations() { // Emit a warning if this is a known annotation that has // been applied to an invalid object kind. Note that we @@ -315,22 +315,22 @@ func (kc *KubernetesCache) Remove(obj any) bool { func (kc *KubernetesCache) remove(obj any) (bool, int) { switch obj := obj.(type) { - case *v1.Secret: + case *core_v1.Secret: m := k8s.NamespacedNameOf(obj) delete(kc.secrets, m) return kc.secretTriggersRebuild(obj), len(kc.secrets) - case *v1.ConfigMap: + case *core_v1.ConfigMap: m := k8s.NamespacedNameOf(obj) delete(kc.configmapsecrets, m) return kc.configMapTriggersRebuild(obj), len(kc.configmapsecrets) - case *v1.Service: + case *core_v1.Service: m := k8s.NamespacedNameOf(obj) delete(kc.services, m) return kc.serviceTriggersRebuild(obj), len(kc.services) - case *v1.Namespace: + case *core_v1.Namespace: _, ok := kc.namespaces[obj.Name] delete(kc.namespaces, obj.Name) return ok, len(kc.namespaces) @@ -341,13 +341,13 @@ func (kc *KubernetesCache) remove(obj any) (bool, int) { delete(kc.ingresses, m) return ok, len(kc.ingresses) - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: m := k8s.NamespacedNameOf(obj) _, ok := kc.httpproxies[m] delete(kc.httpproxies, m) return ok, len(kc.httpproxies) - case *contour_api_v1.TLSCertificateDelegation: + case *contour_v1.TLSCertificateDelegation: m := k8s.NamespacedNameOf(obj) _, ok := kc.tlscertificatedelegations[m] delete(kc.tlscertificatedelegations, m) @@ -417,7 +417,7 @@ func (kc *KubernetesCache) remove(obj any) (bool, int) { delete(kc.backendtlspolicies, m) return ok, len(kc.backendtlspolicies) - case *contour_api_v1alpha1.ExtensionService: + case *contour_v1alpha1.ExtensionService: m := k8s.NamespacedNameOf(obj) _, ok := kc.extensions[m] delete(kc.extensions, m) @@ -432,7 +432,7 @@ func (kc *KubernetesCache) remove(obj any) (bool, int) { // serviceTriggersRebuild returns true if this service is referenced // by an Ingress or HTTPProxy in this cache. -func (kc *KubernetesCache) serviceTriggersRebuild(service *v1.Service) bool { +func (kc *KubernetesCache) serviceTriggersRebuild(service *core_v1.Service) bool { for _, ingress := range kc.ingresses { if ingress.Namespace != service.Namespace { continue @@ -519,7 +519,7 @@ func (kc *KubernetesCache) serviceTriggersRebuild(service *v1.Service) bool { return false } -func isRefToService(ref gatewayapi_v1beta1.BackendObjectReference, service *v1.Service, routeNamespace string) bool { +func isRefToService(ref gatewayapi_v1beta1.BackendObjectReference, service *core_v1.Service, routeNamespace string) bool { return ref.Group != nil && *ref.Group == "" && ref.Kind != nil && *ref.Kind == "Service" && ((ref.Namespace != nil && string(*ref.Namespace) == service.Namespace) || (ref.Namespace == nil && routeNamespace == service.Namespace)) && @@ -531,7 +531,7 @@ func isRefToService(ref gatewayapi_v1beta1.BackendObjectReference, service *v1.S // If the secret is not in the same namespace the function ignores TLSCertificateDelegation. // As a result, it may trigger rebuild even if the reference is invalid, which should be rare and not worth the added complexity. // Permission is checked when the secret is actually accessed. -func (kc *KubernetesCache) secretTriggersRebuild(secretObj *v1.Secret) bool { +func (kc *KubernetesCache) secretTriggersRebuild(secretObj *core_v1.Secret) bool { if _, isCA := secretObj.Data[CACertificateKey]; isCA { // locating a secret validation usage involves traversing each // proxy object, determining if there is a valid delegation, @@ -600,7 +600,7 @@ func (kc *KubernetesCache) secretTriggersRebuild(secretObj *v1.Secret) bool { return false } -func isRefToSecret(ref gatewayapi_v1beta1.SecretObjectReference, secret *v1.Secret, gatewayNamespace string) bool { +func isRefToSecret(ref gatewayapi_v1beta1.SecretObjectReference, secret *core_v1.Secret, gatewayNamespace string) bool { return ref.Group != nil && *ref.Group == "" && ref.Kind != nil && *ref.Kind == "Secret" && ((ref.Namespace != nil && *ref.Namespace == gatewayapi_v1beta1.Namespace(secret.Namespace)) || (ref.Namespace == nil && gatewayNamespace == secret.Namespace)) && @@ -609,7 +609,7 @@ func isRefToSecret(ref gatewayapi_v1beta1.SecretObjectReference, secret *v1.Secr // configMapTriggersRebuild returns true if this configmap is referenced by a // BackendTLSPolicy object. -func (kc *KubernetesCache) configMapTriggersRebuild(configMapObj *v1.ConfigMap) bool { +func (kc *KubernetesCache) configMapTriggersRebuild(configMapObj *core_v1.ConfigMap) bool { configMap := types.NamespacedName{ Namespace: configMapObj.Namespace, Name: configMapObj.Name, @@ -736,7 +736,7 @@ func (kc *KubernetesCache) LookupCRLSecret(name types.NamespacedName, targetName // LookupUpstreamValidation constructs PeerValidationContext with CA certificate from the cache. // If name (referred Secret) is in different namespace than targetNamespace (the referring object), // then delegation check is performed. -func (kc *KubernetesCache) LookupUpstreamValidation(uv *contour_api_v1.UpstreamValidation, caCertificate types.NamespacedName, targetNamespace string) (*PeerValidationContext, error) { +func (kc *KubernetesCache) LookupUpstreamValidation(uv *contour_v1.UpstreamValidation, caCertificate types.NamespacedName, targetNamespace string) (*PeerValidationContext, error) { if uv == nil { // no upstream validation requested, nothing to do return nil, nil @@ -834,25 +834,25 @@ func (kc *KubernetesCache) delegationPermitted(secret types.NamespacedName, targ // LookupService returns the Kubernetes service and port matching the provided parameters, // or an error if a match can't be found. -func (kc *KubernetesCache) LookupService(meta types.NamespacedName, port intstr.IntOrString) (*v1.Service, v1.ServicePort, error) { +func (kc *KubernetesCache) LookupService(meta types.NamespacedName, port intstr.IntOrString) (*core_v1.Service, core_v1.ServicePort, error) { svc, ok := kc.services[meta] if !ok { - return nil, v1.ServicePort{}, fmt.Errorf("service %q not found", meta) + return nil, core_v1.ServicePort{}, fmt.Errorf("service %q not found", meta) } for i := range svc.Spec.Ports { p := svc.Spec.Ports[i] if int(p.Port) == port.IntValue() || port.String() == p.Name { switch p.Protocol { - case "", v1.ProtocolTCP: + case "", core_v1.ProtocolTCP: return svc, p, nil default: - return nil, v1.ServicePort{}, fmt.Errorf("unsupported service protocol %q", p.Protocol) + return nil, core_v1.ServicePort{}, fmt.Errorf("unsupported service protocol %q", p.Protocol) } } } - return nil, v1.ServicePort{}, fmt.Errorf("port %q on service %q not matched", port.String(), meta) + return nil, core_v1.ServicePort{}, fmt.Errorf("port %q on service %q not matched", port.String(), meta) } // LookupBackendTLSPolicyByTargetRef returns the Kubernetes BackendTLSPolicies that matches the provided targetRef with @@ -905,16 +905,16 @@ func (kc *KubernetesCache) LookupBackendTLSPolicyByTargetRef(targetRef gatewayap return nil, false } -func (kc *KubernetesCache) convertCACertConfigMapToSecret(configMap *v1.ConfigMap) (*v1.Secret, bool) { +func (kc *KubernetesCache) convertCACertConfigMapToSecret(configMap *core_v1.ConfigMap) (*core_v1.Secret, bool) { if _, ok := configMap.Data[CACertificateKey]; !ok { return nil, false } - return &v1.Secret{ + return &core_v1.Secret{ ObjectMeta: configMap.ObjectMeta, Data: map[string][]byte{ CACertificateKey: []byte(configMap.Data[CACertificateKey]), }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, }, true } diff --git a/internal/dag/cache_test.go b/internal/dag/cache_test.go index e50b5474a3b..3041b1e99a0 100644 --- a/internal/dag/cache_test.go +++ b/internal/dag/cache_test.go @@ -18,24 +18,24 @@ import ( "errors" "testing" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ingressclass" - "github.com/projectcontour/contour/internal/ref" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1beta1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ingressclass" + "github.com/projectcontour/contour/internal/ref" ) func TestKubernetesCacheInsert(t *testing.T) { @@ -46,27 +46,27 @@ func TestKubernetesCacheInsert(t *testing.T) { want bool }{ "insert TLS secret not referenced": { - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, want: false, }, "insert secret w/ blank ca.crt": { - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{ - CACertificateKey: []byte(""), - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), + CACertificateKey: []byte(""), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), }, }, want: true, @@ -74,7 +74,7 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert secret referenced by ingress": { pre: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: "default", }, @@ -85,12 +85,12 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, want: true, @@ -98,7 +98,7 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert secret w/ wrong type referenced by ingress": { pre: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: "default", }, @@ -109,8 +109,8 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, @@ -121,7 +121,7 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert secret referenced by ingress via tls delegation": { pre: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: "extra", Annotations: map[string]string{ @@ -134,13 +134,13 @@ func TestKubernetesCacheInsert(t *testing.T) { }}, }, }, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "delegation", Namespace: "default", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: "secret", TargetNamespaces: []string{ "extra", @@ -149,12 +149,12 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, want: true, @@ -162,7 +162,7 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert secret referenced by ingress via wildcard tls delegation": { pre: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: "extra", Annotations: map[string]string{ @@ -176,13 +176,13 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "delegation", Namespace: "default", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: "secret", TargetNamespaces: []string{ "*", @@ -191,64 +191,64 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, want: true, }, "insert secret referenced by httpproxy": { pre: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - TLS: &contour_api_v1.TLS{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, }, }, }, - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, want: true, }, "insert secret referenced by httpproxy via tls delegation": { pre: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "extra", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - TLS: &contour_api_v1.TLS{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + TLS: &contour_v1.TLS{ SecretName: "default/secret", }, }, }, }, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "delegation", Namespace: "default", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: "secret", TargetNamespaces: []string{ "extra", @@ -257,38 +257,38 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, want: true, }, "insert secret referenced by httpproxy via wildcard tls delegation": { pre: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "extra", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - TLS: &contour_api_v1.TLS{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + TLS: &contour_v1.TLS{ SecretName: "default/secret", }, }, }, }, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "delegation", Namespace: "default", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: "secret", TargetNamespaces: []string{ "*", @@ -297,23 +297,23 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, want: true, }, "insert certificate secret not referenced": { - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.CERTIFICATE), }, @@ -326,23 +326,23 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert certificate secret referenced by httpproxy": { pre: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "ca", SubjectName: "example.com", }, @@ -351,12 +351,12 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.CERTIFICATE), }, @@ -366,7 +366,7 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert certificate secret referenced by BackendTLSPolicy": { pre: []any{ &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-btp", Namespace: "default", }, @@ -382,12 +382,12 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.CERTIFICATE), }, @@ -395,8 +395,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert certificate configmap not referenced": { - obj: &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, @@ -407,8 +407,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: false, }, "insert generic configmap not referenced": { - obj: &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, @@ -421,7 +421,7 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert certificate configmap referenced by BackendTLSPolicy": { pre: []any{ &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-btp", Namespace: "default", }, @@ -437,8 +437,8 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, @@ -450,7 +450,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 empty ingress class": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "correct", Namespace: "default", }, @@ -459,7 +459,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 incorrect ingress class name": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "incorrect", Namespace: "default", }, @@ -471,7 +471,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 explicit ingress class name": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "explicit", Namespace: "default", }, @@ -483,7 +483,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 incorrect kubernetes.io/ingress.class": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "incorrect", Namespace: "default", Annotations: map[string]string{ @@ -495,7 +495,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 incorrect projectcontour.io/ingress.class": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "incorrect", Namespace: "default", Annotations: map[string]string{ @@ -507,7 +507,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 explicit kubernetes.io/ingress.class": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "explicit", Namespace: "default", Annotations: map[string]string{ @@ -519,7 +519,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 explicit projectcontour.io/ingress.class": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "explicit", Namespace: "default", Annotations: map[string]string{ @@ -531,7 +531,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 projectcontour.io ingress class annotation overrides kubernetes.io incorrect": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "override", Namespace: "default", Annotations: map[string]string{ @@ -544,7 +544,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 projectcontour.io ingress class annotation overrides kubernetes.io correct": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "override", Namespace: "default", Annotations: map[string]string{ @@ -557,7 +557,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 ingress class annotation overrides spec incorrect": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "override", Namespace: "default", Annotations: map[string]string{ @@ -572,7 +572,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert ingressv1 ingress class annotation overrides spec correct": { obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "override", Namespace: "default", Annotations: map[string]string{ @@ -586,8 +586,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert httpproxy empty ingress class": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -595,32 +595,32 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert httpproxy incorrect ingress class": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ + Spec: contour_v1.HTTPProxySpec{ IngressClassName: "nginx", }, }, want: false, }, "insert httpproxy explicit ingress class": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ + Spec: contour_v1.HTTPProxySpec{ IngressClassName: "contour", }, }, want: true, }, "insert httpproxy incorrect kubernetes.io/ingress.class": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", Annotations: map[string]string{ @@ -631,8 +631,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: false, }, "insert httpproxy incorrect projectcontour.io/ingress.class": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", Annotations: map[string]string{ @@ -643,8 +643,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: false, }, "insert httpproxy explicit kubernetes.io/ingress.class": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -655,8 +655,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert httpproxy explicit projectcontour.io/ingress.class": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -667,8 +667,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert httpproxy projectcontour.io ingress class annotation overrides kubernetes.io incorrect": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "override", Namespace: "default", Annotations: map[string]string{ @@ -680,8 +680,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: false, }, "insert httpproxy projectcontour.io ingress class annotation overrides kubernetes.io correct": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "override", Namespace: "default", Annotations: map[string]string{ @@ -693,38 +693,38 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert httpproxy ingress class annotation overrides spec incorrect": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "override", Namespace: "default", Annotations: map[string]string{ "projectcontour.io/ingress.class": "nginx", }, }, - Spec: contour_api_v1.HTTPProxySpec{ + Spec: contour_v1.HTTPProxySpec{ IngressClassName: "contour", }, }, want: false, }, "insert httpproxy ingress class annotation overrides spec correct": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "override", Namespace: "default", Annotations: map[string]string{ "projectcontour.io/ingress.class": ingressclass.DefaultClassName, }, }, - Spec: contour_api_v1.HTTPProxySpec{ + Spec: contour_v1.HTTPProxySpec{ IngressClassName: "nginx", }, }, want: true, }, - "insert tls contour_api_v1/v1.certificatedelegation": { - obj: &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + "insert tls contour_v1/v1.certificatedelegation": { + obj: &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "delegate", Namespace: "default", }, @@ -732,8 +732,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert httpproxy": { - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httpproxy", Namespace: "default", }, @@ -745,8 +745,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: false, }, "insert service": { - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -756,7 +756,7 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert service referenced by ingress backend": { pre: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: "default", }, @@ -769,8 +769,8 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -780,7 +780,7 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert service in different namespace": { pre: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: "kube-system", }, @@ -793,8 +793,8 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, }, - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -804,8 +804,8 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert service referenced by tlsRoute": { pre: []any{ &gatewayapi_v1alpha2.TLSRoute{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, @@ -822,8 +822,8 @@ func TestKubernetesCacheInsert(t *testing.T) { Status: gatewayapi_v1alpha2.TLSRouteStatus{}, }, }, - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -833,8 +833,8 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert service referenced by tlsRoute w/ mismatch namespace": { pre: []any{ &gatewayapi_v1alpha2.TLSRoute{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "tlsroute", }, @@ -851,8 +851,8 @@ func TestKubernetesCacheInsert(t *testing.T) { Status: gatewayapi_v1alpha2.TLSRouteStatus{}, }, }, - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -862,8 +862,8 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert service referenced by tlsRoute w/ mismatch name": { pre: []any{ &gatewayapi_v1alpha2.TLSRoute{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, @@ -880,8 +880,8 @@ func TestKubernetesCacheInsert(t *testing.T) { Status: gatewayapi_v1alpha2.TLSRouteStatus{}, }, }, - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -890,22 +890,22 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert service referenced by httpproxy": { pre: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "service", }}, }}, }, }, }, - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -914,22 +914,22 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert service referenced by httpproxy tcpproxy": { pre: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: "service", }}, }, }, }, }, - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -937,8 +937,8 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert namespace": { - obj: &v1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Namespace{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "namespace", Namespace: "default", }, @@ -949,7 +949,7 @@ func TestKubernetesCacheInsert(t *testing.T) { // uses a predicate to filter events before they're given to the EventHandler. "insert valid gatewayclass": { obj: &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, }, @@ -957,7 +957,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert gateway-api Gateway": { obj: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -966,7 +966,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert gateway-api HTTPRoute, no reference to Gateway": { obj: &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, @@ -976,14 +976,14 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert gateway-api HTTPRoute, has reference to Gateway": { pre: []any{ &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, }, }, obj: &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, @@ -999,7 +999,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert gateway-api TLSRoute, no reference to Gateway": { obj: &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, @@ -1009,14 +1009,14 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert gateway-api TLSRoute, has reference to Gateway": { pre: []any{ &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, }, }, obj: &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, @@ -1032,7 +1032,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert gateway-api GRPCRoute, no reference to Gateway": { obj: &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "grpcroute", Namespace: "default", }, @@ -1042,14 +1042,14 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert gateway-api GRPCRoute, has reference to Gateway": { pre: []any{ &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, }, }, obj: &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "grpcroute", Namespace: "default", }, @@ -1065,7 +1065,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert gateway-api TCPRoute, no reference to Gateway": { obj: &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tcproute", Namespace: "default", }, @@ -1075,14 +1075,14 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert gateway-api TCPRoute, has reference to Gateway": { pre: []any{ &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, }, }, obj: &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tcproute", Namespace: "default", }, @@ -1098,7 +1098,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert gateway-api ReferenceGrant": { obj: &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "referencegrant-1", Namespace: "default", }, @@ -1106,18 +1106,18 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert extension service": { - obj: &contour_api_v1alpha1.ExtensionService{ + obj: &contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("default/extension"), }, want: true, }, "insert secret that is referred by configuration file": { - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secretReferredByConfigFile", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, want: true, @@ -1125,7 +1125,7 @@ func TestKubernetesCacheInsert(t *testing.T) { "insert backendtlspolicy targeting backend Service": { pre: []any{ &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, @@ -1140,15 +1140,15 @@ func TestKubernetesCacheInsert(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, }, }, obj: &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtlspolicy", Namespace: "default", }, @@ -1172,7 +1172,7 @@ func TestKubernetesCacheInsert(t *testing.T) { Name: "gateway-name", }, obj: &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, }, @@ -1185,7 +1185,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, pre: []any{ &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, @@ -1195,7 +1195,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, obj: &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, }, @@ -1208,7 +1208,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, pre: []any{ &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, @@ -1218,7 +1218,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, }, obj: &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, }, @@ -1230,7 +1230,7 @@ func TestKubernetesCacheInsert(t *testing.T) { Name: "gateway-name", }, obj: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "some-other-gateway-name", }, @@ -1243,7 +1243,7 @@ func TestKubernetesCacheInsert(t *testing.T) { Name: "gateway-name", }, obj: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, @@ -1304,29 +1304,29 @@ func TestKubernetesCacheRemove(t *testing.T) { want bool }{ "remove secret": { - cache: cache(&v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + cache: cache(&core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), }, }), - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, }, want: false, }, "remove configmap": { - cache: cache(&v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + cache: cache(&core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "configmap", Namespace: "default", }, @@ -1334,8 +1334,8 @@ func TestKubernetesCacheRemove(t *testing.T) { CACertificateKey: fixture.CERTIFICATE, }, }), - obj: &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "configmap", Namespace: "default", }, @@ -1343,14 +1343,14 @@ func TestKubernetesCacheRemove(t *testing.T) { want: false, }, "remove service": { - cache: cache(&v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + cache: cache(&core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, }), - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -1359,15 +1359,15 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove service with reference to TLSRoute": { cache: cache( - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, }, &gatewayapi_v1alpha2.TLSRoute{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, @@ -1384,8 +1384,8 @@ func TestKubernetesCacheRemove(t *testing.T) { Status: gatewayapi_v1alpha2.TLSRouteStatus{}, }, ), - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -1394,15 +1394,15 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove service without valid reference to TLSRoute": { cache: cache( - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, }, &gatewayapi_v1alpha2.TLSRoute{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, @@ -1419,8 +1419,8 @@ func TestKubernetesCacheRemove(t *testing.T) { Status: gatewayapi_v1alpha2.TLSRouteStatus{}, }, ), - obj: &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "service", Namespace: "default", }, @@ -1429,14 +1429,14 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove namespace": { - cache: cache(&v1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ + cache: cache(&core_v1.Namespace{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "namespace", Namespace: "default", }, }), - obj: &v1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Namespace{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "namespace", Namespace: "default", }, @@ -1445,13 +1445,13 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove ingress": { cache: cache(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ingress", Namespace: "default", }, }), obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ingress", Namespace: "default", }, @@ -1460,13 +1460,13 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove ingressv1": { cache: cache(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ingress", Namespace: "default", }, }), obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ingress", Namespace: "default", }, @@ -1475,7 +1475,7 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove ingress incorrect ingressclass": { cache: cache(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ingress", Namespace: "default", Annotations: map[string]string{ @@ -1484,7 +1484,7 @@ func TestKubernetesCacheRemove(t *testing.T) { }, }), obj: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ingress", Namespace: "default", Annotations: map[string]string{ @@ -1495,14 +1495,14 @@ func TestKubernetesCacheRemove(t *testing.T) { want: false, }, "remove httpproxy": { - cache: cache(&contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + cache: cache(&contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httpproxy", Namespace: "default", }, }), - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httpproxy", Namespace: "default", }, @@ -1510,8 +1510,8 @@ func TestKubernetesCacheRemove(t *testing.T) { want: true, }, "remove httpproxy incorrect ingressclass": { - cache: cache(&contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + cache: cache(&contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httpproxy", Namespace: "default", Annotations: map[string]string{ @@ -1519,8 +1519,8 @@ func TestKubernetesCacheRemove(t *testing.T) { }, }, }), - obj: &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + obj: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httpproxy", Namespace: "default", Annotations: map[string]string{ @@ -1532,12 +1532,12 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gatewayclass": { cache: cache(&gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, }), obj: &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, }, @@ -1545,13 +1545,13 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api Gateway": { cache: cache(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, }), obj: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -1560,20 +1560,20 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api HTTPRoute with no parentRef": { cache: cache(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "Gateway", Namespace: "default", }, }, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, }, ), obj: &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, @@ -1582,13 +1582,13 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api HTTPRoute with parentRef": { cache: cache(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gateway", Namespace: "default", }, }, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, @@ -1602,7 +1602,7 @@ func TestKubernetesCacheRemove(t *testing.T) { }, ), obj: &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, @@ -1618,19 +1618,19 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api TLSRoute with no parentRef": { cache: cache(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "Gateway", Namespace: "default", }, }, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, }), obj: &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, @@ -1639,13 +1639,13 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api TLSRoute with parentRef": { cache: cache(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gateway", Namespace: "default", }, }, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, @@ -1659,7 +1659,7 @@ func TestKubernetesCacheRemove(t *testing.T) { }, ), obj: &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, @@ -1675,19 +1675,19 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api GRPCRoute with no parentRef": { cache: cache(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "Gateway", Namespace: "default", }, }, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "grpcroute", Namespace: "default", }, }), obj: &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "grpcroute", Namespace: "default", }, @@ -1696,13 +1696,13 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api GRPCRoute with parentRef": { cache: cache(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gateway", Namespace: "default", }, }, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "grpcroute", Namespace: "default", }, @@ -1716,7 +1716,7 @@ func TestKubernetesCacheRemove(t *testing.T) { }, ), obj: &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "grpcroute", Namespace: "default", }, @@ -1732,19 +1732,19 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api TCPRoute with no parentRef": { cache: cache(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "Gateway", Namespace: "default", }, }, &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tcproute", Namespace: "default", }, }), obj: &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tcproute", Namespace: "default", }, @@ -1753,13 +1753,13 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api TCPRoute with parentRef": { cache: cache(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gateway", Namespace: "default", }, }, &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tcproute", Namespace: "default", }, @@ -1773,7 +1773,7 @@ func TestKubernetesCacheRemove(t *testing.T) { }, ), obj: &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tcproute", Namespace: "default", }, @@ -1789,13 +1789,13 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api ReferenceGrant": { cache: cache(&gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "referencegrant", Namespace: "default", }, }), obj: &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "referencegrant", Namespace: "default", }, @@ -1804,13 +1804,13 @@ func TestKubernetesCacheRemove(t *testing.T) { }, "remove gateway-api BackendTLSPolicy": { cache: cache(&gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtlspolicy", Namespace: "default", }, }), obj: &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtlspolicy", Namespace: "default", }, @@ -1820,13 +1820,13 @@ func TestKubernetesCacheRemove(t *testing.T) { "remove secret that is referenced by gateway-api BackendTLSPolicy": { cache: cache( &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtlspolicy", Namespace: "default", }, Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ - CACertRefs: []v1beta1.LocalObjectReference{ + CACertRefs: []gatewayapi_v1beta1.LocalObjectReference{ { Kind: "Secret", Name: "ca", @@ -1835,23 +1835,23 @@ func TestKubernetesCacheRemove(t *testing.T) { }, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.CERTIFICATE), }, }, ), - obj: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.CERTIFICATE), }, @@ -1861,13 +1861,13 @@ func TestKubernetesCacheRemove(t *testing.T) { "remove configmap that is referenced by gateway-api BackendTLSPolicy": { cache: cache( &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtlspolicy", Namespace: "default", }, Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ - CACertRefs: []v1beta1.LocalObjectReference{ + CACertRefs: []gatewayapi_v1beta1.LocalObjectReference{ { Kind: "ConfigMap", Name: "configmap", @@ -1876,8 +1876,8 @@ func TestKubernetesCacheRemove(t *testing.T) { }, }, }, - &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "configmap", Namespace: "default", }, @@ -1886,8 +1886,8 @@ func TestKubernetesCacheRemove(t *testing.T) { }, }, ), - obj: &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + obj: &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "configmap", Namespace: "default", }, @@ -1895,10 +1895,10 @@ func TestKubernetesCacheRemove(t *testing.T) { want: true, }, "remove extension service": { - cache: cache(&contour_api_v1alpha1.ExtensionService{ + cache: cache(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("default/extension"), }), - obj: &contour_api_v1alpha1.ExtensionService{ + obj: &contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("default/extension"), }, want: true, @@ -1913,7 +1913,7 @@ func TestKubernetesCacheRemove(t *testing.T) { ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, }, obj: &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, }, @@ -1923,13 +1923,13 @@ func TestKubernetesCacheRemove(t *testing.T) { cache: &KubernetesCache{ ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, gatewayclass: &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, }, }, obj: &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "some-other-gatewayclass", }, }, @@ -1939,13 +1939,13 @@ func TestKubernetesCacheRemove(t *testing.T) { cache: &KubernetesCache{ ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, gatewayclass: &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, }, }, obj: &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, }, @@ -1956,7 +1956,7 @@ func TestKubernetesCacheRemove(t *testing.T) { ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, }, obj: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, @@ -1967,14 +1967,14 @@ func TestKubernetesCacheRemove(t *testing.T) { cache: &KubernetesCache{ ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, }, }, obj: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "some-other-gateway", }, @@ -1985,14 +1985,14 @@ func TestKubernetesCacheRemove(t *testing.T) { cache: &KubernetesCache{ ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, }, }, obj: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, @@ -2020,13 +2020,13 @@ func TestLookupService(t *testing.T) { return &cache } - service := func(ns, name string, ports ...v1.ServicePort) *v1.Service { - return &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + service := func(ns, name string, ports ...core_v1.ServicePort) *core_v1.Service { + return &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: ns, }, - Spec: v1.ServiceSpec{ + Spec: core_v1.ServiceSpec{ Ports: ports, }, } @@ -2036,45 +2036,45 @@ func TestLookupService(t *testing.T) { cache *KubernetesCache meta types.NamespacedName port intstr.IntOrString - wantSvc *v1.Service - wantPort v1.ServicePort + wantSvc *core_v1.Service + wantPort core_v1.ServicePort wantErr error }{ "service and port exist with valid service protocol, lookup by port num": { - cache: cache(service("default", "service-1", makeServicePort("http", v1.ProtocolTCP, 80))), + cache: cache(service("default", "service-1", makeServicePort("http", core_v1.ProtocolTCP, 80))), meta: types.NamespacedName{Namespace: "default", Name: "service-1"}, port: intstr.FromInt(80), - wantSvc: service("default", "service-1", makeServicePort("http", v1.ProtocolTCP, 80)), - wantPort: makeServicePort("http", v1.ProtocolTCP, 80), + wantSvc: service("default", "service-1", makeServicePort("http", core_v1.ProtocolTCP, 80)), + wantPort: makeServicePort("http", core_v1.ProtocolTCP, 80), }, "service and port exist with valid service protocol, lookup by port name": { - cache: cache(service("default", "service-1", makeServicePort("http", v1.ProtocolTCP, 80))), + cache: cache(service("default", "service-1", makeServicePort("http", core_v1.ProtocolTCP, 80))), meta: types.NamespacedName{Namespace: "default", Name: "service-1"}, port: intstr.FromString("http"), - wantSvc: service("default", "service-1", makeServicePort("http", v1.ProtocolTCP, 80)), - wantPort: makeServicePort("http", v1.ProtocolTCP, 80), + wantSvc: service("default", "service-1", makeServicePort("http", core_v1.ProtocolTCP, 80)), + wantPort: makeServicePort("http", core_v1.ProtocolTCP, 80), }, "service and port exist with valid service protocol, lookup by wrong port num": { - cache: cache(service("default", "service-1", makeServicePort("http", v1.ProtocolTCP, 80))), + cache: cache(service("default", "service-1", makeServicePort("http", core_v1.ProtocolTCP, 80))), meta: types.NamespacedName{Namespace: "default", Name: "service-1"}, port: intstr.FromInt(9999), wantErr: errors.New(`port "9999" on service "default/service-1" not matched`), }, "service and port exist with valid service protocol, lookup by wrong port name": { - cache: cache(service("default", "service-1", makeServicePort("http", v1.ProtocolTCP, 80))), + cache: cache(service("default", "service-1", makeServicePort("http", core_v1.ProtocolTCP, 80))), meta: types.NamespacedName{Namespace: "default", Name: "service-1"}, port: intstr.FromString("wrong-port-name"), wantErr: errors.New(`port "wrong-port-name" on service "default/service-1" not matched`), }, "service and port exist, invalid service protocol": { - cache: cache(service("default", "service-1", makeServicePort("http", v1.ProtocolUDP, 80))), + cache: cache(service("default", "service-1", makeServicePort("http", core_v1.ProtocolUDP, 80))), meta: types.NamespacedName{Namespace: "default", Name: "service-1"}, port: intstr.FromString("http"), - wantSvc: service("default", "service-1", makeServicePort("http", v1.ProtocolTCP, 80)), + wantSvc: service("default", "service-1", makeServicePort("http", core_v1.ProtocolTCP, 80)), wantErr: errors.New(`unsupported service protocol "UDP"`), }, "service does not exist": { - cache: cache(service("default", "service-1", makeServicePort("http", v1.ProtocolTCP, 80))), + cache: cache(service("default", "service-1", makeServicePort("http", core_v1.ProtocolTCP, 80))), meta: types.NamespacedName{Namespace: "default", Name: "nonexistent-service"}, port: intstr.FromInt(80), wantErr: errors.New(`service "default/nonexistent-service" not found`), @@ -2109,9 +2109,9 @@ func TestServiceTriggersRebuild(t *testing.T) { return &cache } - service := func(namespace, name string) *v1.Service { - return &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + service := func(namespace, name string) *core_v1.Service { + return &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2120,7 +2120,7 @@ func TestServiceTriggersRebuild(t *testing.T) { ingressBackendService := func(namespace, name string) *networking_v1.Ingress { return &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2148,7 +2148,7 @@ func TestServiceTriggersRebuild(t *testing.T) { ingressDefaultBackend := func(namespace, name string) *networking_v1.Ingress { return &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2161,15 +2161,15 @@ func TestServiceTriggersRebuild(t *testing.T) { } } - httpProxy := func(namespace, name string) *contour_api_v1.HTTPProxy { - return &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + httpProxy := func(namespace, name string) *contour_v1.HTTPProxy { + return &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: name, Port: 80, }}, @@ -2180,15 +2180,15 @@ func TestServiceTriggersRebuild(t *testing.T) { } } - tcpProxy := func(namespace, name string) *contour_api_v1.HTTPProxy { - return &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + tcpProxy := func(namespace, name string) *contour_v1.HTTPProxy { + return &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: name, Port: 90, }}, @@ -2200,7 +2200,7 @@ func TestServiceTriggersRebuild(t *testing.T) { grpcRoute := func(namespace, name string) *gatewayapi_v1alpha2.GRPCRoute { return &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2214,7 +2214,7 @@ func TestServiceTriggersRebuild(t *testing.T) { httpRoute := func(namespace, name string) *gatewayapi_v1beta1.HTTPRoute { return &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2228,7 +2228,7 @@ func TestServiceTriggersRebuild(t *testing.T) { tlsRoute := func(namespace, name string) *gatewayapi_v1alpha2.TLSRoute { return &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2247,7 +2247,7 @@ func TestServiceTriggersRebuild(t *testing.T) { tcpRoute := func(namespace, name string) *gatewayapi_v1alpha2.TCPRoute { return &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2266,7 +2266,7 @@ func TestServiceTriggersRebuild(t *testing.T) { tests := map[string]struct { cache *KubernetesCache - svc *v1.Service + svc *core_v1.Service want bool }{ "empty cache does not trigger rebuild": { @@ -2436,19 +2436,19 @@ func TestServiceTriggersRebuild(t *testing.T) { } func TestSecretTriggersRebuild(t *testing.T) { - secret := func(namespace, name string) *v1.Secret { - return &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + secret := func(namespace, name string) *core_v1.Secret { + return &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), } } - caSecret := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + caSecret := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, @@ -2457,14 +2457,14 @@ func TestSecretTriggersRebuild(t *testing.T) { }, } - tlsCertificateDelegation := func(namespace, name string, targetNamespaces ...string) *contour_api_v1.TLSCertificateDelegation { - return &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + tlsCertificateDelegation := func(namespace, name string, targetNamespaces ...string) *contour_v1.TLSCertificateDelegation { + return &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: name, TargetNamespaces: targetNamespaces, }}, @@ -2474,7 +2474,7 @@ func TestSecretTriggersRebuild(t *testing.T) { ingress := func(namespace, name, secretName, secretNamespace string) *networking_v1.Ingress { i := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2503,16 +2503,16 @@ func TestSecretTriggersRebuild(t *testing.T) { return &cache } - httpProxy := func(namespace, name, secretName string) *contour_api_v1.HTTPProxy { - return &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + httpProxy := func(namespace, name, secretName string) *contour_v1.HTTPProxy { + return &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: secretName, }, }, @@ -2520,18 +2520,18 @@ func TestSecretTriggersRebuild(t *testing.T) { } } - httpProxyWithClientValidation := func(namespace, name, crlSecretName string) *contour_api_v1.HTTPProxy { - return &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + httpProxyWithClientValidation := func(namespace, name, crlSecretName string) *contour_v1.HTTPProxy { + return &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "tlscert", - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "ca", CertificateRevocationList: crlSecretName, }, @@ -2543,7 +2543,7 @@ func TestSecretTriggersRebuild(t *testing.T) { tests := map[string]struct { cache *KubernetesCache - secret *v1.Secret + secret *core_v1.Secret want bool }{ "empty cache does not trigger rebuild": { @@ -2573,12 +2573,12 @@ func TestSecretTriggersRebuild(t *testing.T) { }, "httpproxy empty vhost does not trigger rebuild": { cache: cache( - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{}, + Spec: contour_v1.HTTPProxySpec{}, }, ), secret: secret("default", "tlscert"), @@ -2586,13 +2586,13 @@ func TestSecretTriggersRebuild(t *testing.T) { }, "httpproxy empty TLS does not trigger rebuild": { cache: cache( - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "proxy", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "test.projectcontour.io", }, }, @@ -2638,7 +2638,7 @@ func TestSecretTriggersRebuild(t *testing.T) { "gateway does not define TLS on listener, does not trigger rebuild": { cache: cache( &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -2655,7 +2655,7 @@ func TestSecretTriggersRebuild(t *testing.T) { "gateway does not define TLS.CertificateRef on listener, does not trigger rebuild": { cache: cache( &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -2674,7 +2674,7 @@ func TestSecretTriggersRebuild(t *testing.T) { "gateway listener references secret, triggers rebuild (core Group)": { cache: cache( &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -2695,7 +2695,7 @@ func TestSecretTriggersRebuild(t *testing.T) { "gateway listener references secret, triggers rebuild (v1 Group)": { cache: cache( &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -2747,7 +2747,7 @@ func TestRouteTriggersRebuild(t *testing.T) { httpRoute := func(namespace, name, parentRefNamespace, parentRefName string) *gatewayapi_v1beta1.HTTPRoute { return &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2766,7 +2766,7 @@ func TestRouteTriggersRebuild(t *testing.T) { tlsRoute := func(namespace, name, parentRefNamespace, parentRefName string) *gatewayapi_v1alpha2.TLSRoute { return &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2785,7 +2785,7 @@ func TestRouteTriggersRebuild(t *testing.T) { gateway := func(namespace, name string) *gatewayapi_v1beta1.Gateway { return &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -2808,7 +2808,7 @@ func TestRouteTriggersRebuild(t *testing.T) { gateway("default", "gateway"), ), httproute: &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, @@ -2851,7 +2851,7 @@ func TestRouteTriggersRebuild(t *testing.T) { gateway("default", "gateway"), ), tlsroute: &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: "default", }, @@ -2909,21 +2909,21 @@ func TestLookupUpstreamValidation(t *testing.T) { return &cache } - uv := func(subjectName string, subjectNames []string) *contour_api_v1.UpstreamValidation { - return &contour_api_v1.UpstreamValidation{ + uv := func(subjectName string, subjectNames []string) *contour_v1.UpstreamValidation { + return &contour_v1.UpstreamValidation{ CACertificate: "ca", SubjectName: subjectName, SubjectNames: subjectNames, } } - secret := func() *v1.Secret { - return &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + secret := func() *core_v1.Secret { + return &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "default", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.CERTIFICATE), }, @@ -2945,7 +2945,7 @@ func TestLookupUpstreamValidation(t *testing.T) { tests := map[string]struct { cache *KubernetesCache meta types.NamespacedName - uv *contour_api_v1.UpstreamValidation + uv *contour_v1.UpstreamValidation wantPvc *PeerValidationContext wantErr error }{ @@ -3016,7 +3016,7 @@ func TestLookupBackendTLSPolicyByTargetRef(t *testing.T) { backendTLSPolicy := func(name, namespace, serviceName string, targetNamespace, sectionName *string) *gatewayapi_v1alpha2.BackendTLSPolicy { return &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -3183,9 +3183,9 @@ func TestLookupCAConfigMap(t *testing.T) { return &cache } - configmap := func(name, namespace, data string) *v1.ConfigMap { - return &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + configmap := func(name, namespace, data string) *core_v1.ConfigMap { + return &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, @@ -3197,12 +3197,12 @@ func TestLookupCAConfigMap(t *testing.T) { secret := func(name, namespace, data string) *Secret { return &Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(data), }, diff --git a/internal/dag/conditions.go b/internal/dag/conditions.go index 19f5c62d718..8b4f542ce9c 100644 --- a/internal/dag/conditions.go +++ b/internal/dag/conditions.go @@ -19,7 +19,7 @@ import ( "regexp" "strings" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) // mergePathMatchConditions merges the given slice of prefix, regex or exact MatchConditions into a single @@ -29,7 +29,7 @@ import ( // In case there is a regex condition present the entire condition becomes a regex condition. // pathMatchConditionsValid guarantees that if a prefix is present, it will start with a // / character, so we can simply concatenate. -func mergePathMatchConditions(conds []contour_api_v1.MatchCondition) MatchCondition { +func mergePathMatchConditions(conds []contour_v1.MatchCondition) MatchCondition { mergedPath := "" isRegex := false @@ -84,7 +84,7 @@ func mergePathMatchConditions(conds []contour_api_v1.MatchCondition) MatchCondit // pathMatchConditionsValid validates a slice of MatchConditions can be correctly merged. // It encodes the business rules about what is allowed for MatchConditions. -func pathMatchConditionsValid(conds []contour_api_v1.MatchCondition) error { +func pathMatchConditionsValid(conds []contour_v1.MatchCondition) error { prefixCount := 0 exactCount := 0 regexCount := 0 @@ -121,7 +121,7 @@ func pathMatchConditionsValid(conds []contour_api_v1.MatchCondition) error { } // includeMatchConditionsValid validates the MatchConditions supplied in the includes -func includeMatchConditionsValid(conds []contour_api_v1.MatchCondition) error { +func includeMatchConditionsValid(conds []contour_v1.MatchCondition) error { for _, cond := range conds { if cond.Exact != "" { return fmt.Errorf("exact conditions are not allowed in includes block") @@ -134,8 +134,8 @@ func includeMatchConditionsValid(conds []contour_api_v1.MatchCondition) error { return nil } -func mergeHeaderMatchConditions(conds []contour_api_v1.MatchCondition) []HeaderMatchCondition { - var headerConditions []contour_api_v1.HeaderMatchCondition +func mergeHeaderMatchConditions(conds []contour_v1.MatchCondition) []HeaderMatchCondition { + var headerConditions []contour_v1.HeaderMatchCondition for _, cond := range conds { if cond.Header != nil { headerConditions = append(headerConditions, *cond.Header) @@ -145,8 +145,8 @@ func mergeHeaderMatchConditions(conds []contour_api_v1.MatchCondition) []HeaderM return headerMatchConditions(headerConditions) } -func mergeQueryParamMatchConditions(conds []contour_api_v1.MatchCondition) []QueryParamMatchCondition { - var queryParameterConditions []contour_api_v1.QueryParameterMatchCondition +func mergeQueryParamMatchConditions(conds []contour_v1.MatchCondition) []QueryParamMatchCondition { + var queryParameterConditions []contour_v1.QueryParameterMatchCondition for _, cond := range conds { if cond.QueryParameter != nil { queryParameterConditions = append(queryParameterConditions, *cond.QueryParameter) @@ -156,7 +156,7 @@ func mergeQueryParamMatchConditions(conds []contour_api_v1.MatchCondition) []Que return queryParameterMatchConditions(queryParameterConditions) } -func headerMatchConditions(conditions []contour_api_v1.HeaderMatchCondition) []HeaderMatchCondition { +func headerMatchConditions(conditions []contour_v1.HeaderMatchCondition) []HeaderMatchCondition { var hc []HeaderMatchCondition for _, cond := range conditions { @@ -215,7 +215,7 @@ func headerMatchConditions(conditions []contour_api_v1.HeaderMatchCondition) []H return hc } -func queryParameterMatchConditions(conditions []contour_api_v1.QueryParameterMatchCondition) []QueryParamMatchCondition { +func queryParameterMatchConditions(conditions []contour_v1.QueryParameterMatchCondition) []QueryParamMatchCondition { var qpc []QueryParamMatchCondition for _, cond := range conditions { @@ -276,8 +276,8 @@ func queryParameterMatchConditions(conditions []contour_api_v1.QueryParameterMat // // Note that there are additional, more complex scenarios that we could check for here. For // example, "exact: foo" and "notcontains: " are contradictory. -func headerMatchConditionsValid(conditions []contour_api_v1.MatchCondition) error { - seenMatchConditions := map[contour_api_v1.HeaderMatchCondition]bool{} +func headerMatchConditionsValid(conditions []contour_v1.MatchCondition) error { + seenMatchConditions := map[contour_v1.HeaderMatchCondition]bool{} headersWithExactMatch := map[string]bool{} for _, v := range conditions { @@ -288,14 +288,14 @@ func headerMatchConditionsValid(conditions []contour_api_v1.MatchCondition) erro headerName := strings.ToLower(v.Header.Name) switch { case v.Header.Present: - if seenMatchConditions[contour_api_v1.HeaderMatchCondition{ + if seenMatchConditions[contour_v1.HeaderMatchCondition{ Name: headerName, NotPresent: true, }] { return errors.New("cannot specify contradictory 'present' and 'notpresent' conditions for the same route and header") } case v.Header.NotPresent: - if seenMatchConditions[contour_api_v1.HeaderMatchCondition{ + if seenMatchConditions[contour_v1.HeaderMatchCondition{ Name: headerName, Present: true, }] { @@ -309,7 +309,7 @@ func headerMatchConditionsValid(conditions []contour_api_v1.MatchCondition) erro headersWithExactMatch[headerName] = true // look for a NotExact condition on the same header with the same value - if seenMatchConditions[contour_api_v1.HeaderMatchCondition{ + if seenMatchConditions[contour_v1.HeaderMatchCondition{ Name: headerName, NotExact: v.Header.Exact, }] { @@ -317,7 +317,7 @@ func headerMatchConditionsValid(conditions []contour_api_v1.MatchCondition) erro } case v.Header.NotExact != "": // look for an Exact condition on the same header with the same value - if seenMatchConditions[contour_api_v1.HeaderMatchCondition{ + if seenMatchConditions[contour_v1.HeaderMatchCondition{ Name: headerName, Exact: v.Header.NotExact, }] { @@ -325,7 +325,7 @@ func headerMatchConditionsValid(conditions []contour_api_v1.MatchCondition) erro } case v.Header.Contains != "": // look for a NotContains condition on the same header with the same value - if seenMatchConditions[contour_api_v1.HeaderMatchCondition{ + if seenMatchConditions[contour_v1.HeaderMatchCondition{ Name: headerName, NotContains: v.Header.Contains, }] { @@ -333,7 +333,7 @@ func headerMatchConditionsValid(conditions []contour_api_v1.MatchCondition) erro } case v.Header.NotContains != "": // look for a Contains condition on the same header with the same value - if seenMatchConditions[contour_api_v1.HeaderMatchCondition{ + if seenMatchConditions[contour_v1.HeaderMatchCondition{ Name: headerName, Contains: v.Header.NotContains, }] { @@ -361,7 +361,7 @@ func headerMatchConditionsValid(conditions []contour_api_v1.MatchCondition) erro // - more than one condition is set in the same match condition branch // - more than 1 'exact' condition for the same query parameter // - invalid regular expression is specified for the Regex condition -func queryParameterMatchConditionsValid(conditions []contour_api_v1.MatchCondition) error { +func queryParameterMatchConditionsValid(conditions []contour_v1.MatchCondition) error { queryParametersWithExactMatch := map[string]bool{} for _, v := range conditions { diff --git a/internal/dag/conditions_test.go b/internal/dag/conditions_test.go index d9c9231959f..96fbf7295fe 100644 --- a/internal/dag/conditions_test.go +++ b/internal/dag/conditions_test.go @@ -16,14 +16,15 @@ package dag import ( "testing" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) func TestPathMatchCondition(t *testing.T) { tests := map[string]struct { - matchconditions []contour_api_v1.MatchCondition + matchconditions []contour_v1.MatchCondition want MatchCondition }{ "empty condition list": { @@ -31,37 +32,37 @@ func TestPathMatchCondition(t *testing.T) { want: &PrefixMatchCondition{Prefix: "/"}, }, "single slash prefix": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, want: &PrefixMatchCondition{Prefix: "/"}, }, "single slash exact": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "/", }}, want: &ExactMatchCondition{Path: "/"}, }, "empty exact": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "", }}, want: &PrefixMatchCondition{Prefix: "/"}, }, "prefix match": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, want: &PrefixMatchCondition{Prefix: "/a"}, }, "exact match": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "/a", }}, want: &ExactMatchCondition{Path: "/a"}, }, "two slashes": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/", }, { Prefix: "/", @@ -69,7 +70,7 @@ func TestPathMatchCondition(t *testing.T) { want: &PrefixMatchCondition{Prefix: "/"}, }, "prefix-exact mixed two slashes": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/", }, { Exact: "/", @@ -77,7 +78,7 @@ func TestPathMatchCondition(t *testing.T) { want: &ExactMatchCondition{Path: "/"}, }, "mixed matchconditions": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/a/", }, { Prefix: "/b", @@ -85,7 +86,7 @@ func TestPathMatchCondition(t *testing.T) { want: &PrefixMatchCondition{Prefix: "/a/b"}, }, "prefix-exact mixed matchconditions": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/a/", }, { Exact: "/b", @@ -93,19 +94,19 @@ func TestPathMatchCondition(t *testing.T) { want: &ExactMatchCondition{Path: "/a/b"}, }, "trailing slash prefix": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/a/", }}, want: &PrefixMatchCondition{Prefix: "/a/"}, }, "trailing slash exact": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "/a/", }}, want: &ExactMatchCondition{Path: "/a/"}, }, "trailing slash on second prefix condition": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { Prefix: "/a", }, @@ -116,7 +117,7 @@ func TestPathMatchCondition(t *testing.T) { want: &PrefixMatchCondition{Prefix: "/a/b/"}, }, "nothing but slashes prefix": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { Prefix: "///", }, @@ -127,7 +128,7 @@ func TestPathMatchCondition(t *testing.T) { want: &PrefixMatchCondition{Prefix: "/"}, }, "nothing but slashes one exact": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { Exact: "///", }, @@ -135,7 +136,7 @@ func TestPathMatchCondition(t *testing.T) { want: &ExactMatchCondition{Path: "/"}, }, "nothing but slashes mixed": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { Prefix: "///", }, @@ -146,25 +147,25 @@ func TestPathMatchCondition(t *testing.T) { want: &ExactMatchCondition{Path: "/"}, }, "regex": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Regex: "/.*", }}, want: &RegexMatchCondition{Regex: "/.*"}, }, "empty regexp": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Regex: "", }}, want: &PrefixMatchCondition{Prefix: "/"}, }, "regex /": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Regex: "/", }}, want: &RegexMatchCondition{Regex: "/"}, }, "regex-prefix match conditions": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/", }, { Regex: "/.*", @@ -172,7 +173,7 @@ func TestPathMatchCondition(t *testing.T) { want: &RegexMatchCondition{Regex: "/.*"}, }, "regex-prefix with trailing slash match conditions": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/api/", }, { Regex: "/v[0-9]+", @@ -180,14 +181,14 @@ func TestPathMatchCondition(t *testing.T) { want: &RegexMatchCondition{Regex: "/api/v[0-9]+"}, }, "header condition": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: new(contour_api_v1.HeaderMatchCondition), + matchconditions: []contour_v1.MatchCondition{{ + Header: new(contour_v1.HeaderMatchCondition), }}, want: &PrefixMatchCondition{Prefix: "/"}, }, "header condition with exact": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: new(contour_api_v1.HeaderMatchCondition), + matchconditions: []contour_v1.MatchCondition{{ + Header: new(contour_v1.HeaderMatchCondition), Exact: "/a", }}, want: &ExactMatchCondition{Path: "/a"}, @@ -204,7 +205,7 @@ func TestPathMatchCondition(t *testing.T) { func TestHeaderMatchConditions(t *testing.T) { tests := map[string]struct { - matchconditions []contour_api_v1.MatchCondition + matchconditions []contour_v1.MatchCondition want []HeaderMatchCondition }{ "empty condition list": { @@ -212,20 +213,20 @@ func TestHeaderMatchConditions(t *testing.T) { want: nil, }, "prefix": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, want: nil, }, "header condition empty": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: new(contour_api_v1.HeaderMatchCondition), + matchconditions: []contour_v1.MatchCondition{{ + Header: new(contour_v1.HeaderMatchCondition), }}, want: nil, }, "header present": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + matchconditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", Present: true, }, @@ -236,8 +237,8 @@ func TestHeaderMatchConditions(t *testing.T) { }}, }, "header not present": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + matchconditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", NotPresent: true, }, @@ -249,8 +250,8 @@ func TestHeaderMatchConditions(t *testing.T) { }}, }, "header name but missing condition": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + matchconditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", }, }}, @@ -259,8 +260,8 @@ func TestHeaderMatchConditions(t *testing.T) { want: nil, }, "header contains": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + matchconditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", Contains: "abcdef", }, @@ -272,8 +273,8 @@ func TestHeaderMatchConditions(t *testing.T) { }}, }, "header not contains": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + matchconditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", NotContains: "abcdef", }, @@ -286,8 +287,8 @@ func TestHeaderMatchConditions(t *testing.T) { }}, }, "header exact": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + matchconditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", Exact: "abcdef", }, @@ -299,8 +300,8 @@ func TestHeaderMatchConditions(t *testing.T) { }}, }, "header not exact": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + matchconditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", NotExact: "abcdef", }, @@ -313,13 +314,13 @@ func TestHeaderMatchConditions(t *testing.T) { }}, }, "two header contains": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + matchconditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", Contains: "abcdef", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", Contains: "cedfg", }, @@ -335,13 +336,13 @@ func TestHeaderMatchConditions(t *testing.T) { }}, }, "two header contains different case": { - matchconditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + matchconditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-request-id", Contains: "abcdef", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "X-Request-Id", Contains: "abcdef", }, @@ -368,7 +369,7 @@ func TestHeaderMatchConditions(t *testing.T) { func TestPrefixMatchConditionsValid(t *testing.T) { tests := map[string]struct { - matchconditions []contour_api_v1.MatchCondition + matchconditions []contour_v1.MatchCondition want bool }{ "empty condition list": { @@ -376,15 +377,15 @@ func TestPrefixMatchConditionsValid(t *testing.T) { want: true, }, "valid path condition only": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/api", }}, want: true, }, "valid path condition with headers": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/api", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -392,7 +393,7 @@ func TestPrefixMatchConditionsValid(t *testing.T) { want: true, }, "two prefix matchconditions": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/api", }, { Prefix: "/v1", @@ -400,9 +401,9 @@ func TestPrefixMatchConditionsValid(t *testing.T) { want: false, }, "two prefix matchconditions with headers": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "/api", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -412,15 +413,15 @@ func TestPrefixMatchConditionsValid(t *testing.T) { want: false, }, "invalid prefix condition": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "api", }}, want: false, }, "invalid prefix condition with headers": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Prefix: "api", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -439,19 +440,19 @@ func TestPrefixMatchConditionsValid(t *testing.T) { func TestExactMatchConditionsValid(t *testing.T) { tests := map[string]struct { - matchconditions []contour_api_v1.MatchCondition + matchconditions []contour_v1.MatchCondition want bool }{ "valid exact condition only": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "/api", }}, want: true, }, "valid exact condition with headers": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "/api", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -459,7 +460,7 @@ func TestExactMatchConditionsValid(t *testing.T) { want: true, }, "two exact matchconditions": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "/api", }, { Exact: "/v1", @@ -467,7 +468,7 @@ func TestExactMatchConditionsValid(t *testing.T) { want: false, }, "exact-prefix two matchconditions": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "/api", }, { Prefix: "/v1", @@ -475,9 +476,9 @@ func TestExactMatchConditionsValid(t *testing.T) { want: false, }, "two exact matchconditions with headers": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "/api", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -487,15 +488,15 @@ func TestExactMatchConditionsValid(t *testing.T) { want: false, }, "invalid exact condition": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "api", }}, want: false, }, "invalid exact condition with headers": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Exact: "api", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -514,7 +515,7 @@ func TestExactMatchConditionsValid(t *testing.T) { func TestValidateHeaderMatchConditions(t *testing.T) { tests := map[string]struct { - matchconditions []contour_api_v1.MatchCondition + matchconditions []contour_v1.MatchCondition wantErr bool }{ "empty condition list": { @@ -522,7 +523,7 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: false, }, "prefix only": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { Prefix: "/blog", }, @@ -530,9 +531,9 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: false, }, "valid matchconditions": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -541,16 +542,16 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: false, }, "prefix matchconditions + valid headers": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { Prefix: "/blog", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", NotContains: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "another-header", NotContains: "123", }, @@ -559,14 +560,14 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: false, }, "multiple 'exact' matchconditions for the same header are invalid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "123", }, @@ -575,14 +576,14 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: true, }, "multiple 'exact' matchconditions for different headers are valid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-different-header", Exact: "123", }, @@ -591,14 +592,14 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: false, }, "'exact' and 'notexact' matchconditions for the same header with the same value are invalid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", NotExact: "abc", }, @@ -607,14 +608,14 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: true, }, "'exact' and 'notexact' matchconditions for the same header with different values are valid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", NotExact: "def", }, @@ -623,14 +624,14 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: false, }, "'exact' and 'notexact' matchconditions for different headers with the same value are valid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-another-header", NotExact: "abc", }, @@ -639,14 +640,14 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: false, }, "'contains' and 'notcontains' matchconditions for the same header with the same value are invalid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", NotContains: "abc", }, @@ -655,14 +656,14 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: true, }, "'contains' and 'notcontains' matchconditions for the same header with different values are valid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", NotContains: "def", }, @@ -671,14 +672,14 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: false, }, "'contains' and 'notcontains' matchconditions for different headers with the same value are valid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-another-header", NotContains: "abc", }, @@ -687,14 +688,14 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: false, }, "'present' and 'notpresent' matchconditions for the same header are invalid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Present: true, }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", NotPresent: true, }, @@ -703,14 +704,14 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: true, }, "'present' and 'notpresent' matchconditions for different headers are valid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Present: true, }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-different-header", NotPresent: true, }, @@ -719,9 +720,9 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: false, }, "invalid 'regex' value specified": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-different-header", Regex: "[", }, @@ -730,9 +731,9 @@ func TestValidateHeaderMatchConditions(t *testing.T) { wantErr: true, }, "valid 'regex' value specified": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-different-header", Regex: "foo.*", }, @@ -759,7 +760,7 @@ func TestValidateHeaderMatchConditions(t *testing.T) { func TestValidateQueryParameterMatchConditions(t *testing.T) { tests := map[string]struct { - matchconditions []contour_api_v1.MatchCondition + matchconditions []contour_v1.MatchCondition wantErr bool }{ "empty condition list": { @@ -767,7 +768,7 @@ func TestValidateQueryParameterMatchConditions(t *testing.T) { wantErr: false, }, "prefix only": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { Prefix: "/blog", }, @@ -775,9 +776,9 @@ func TestValidateQueryParameterMatchConditions(t *testing.T) { wantErr: false, }, "valid matchconditions": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Contains: "abc", }, @@ -786,16 +787,16 @@ func TestValidateQueryParameterMatchConditions(t *testing.T) { wantErr: false, }, "prefix matchconditions + valid query parameter": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { Prefix: "/blog", }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "abc", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "another-param", Contains: "123", }, @@ -804,9 +805,9 @@ func TestValidateQueryParameterMatchConditions(t *testing.T) { wantErr: false, }, "no query parameter matchcondition specified is invalid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", }, }, @@ -814,9 +815,9 @@ func TestValidateQueryParameterMatchConditions(t *testing.T) { wantErr: true, }, "multiple query parameter matchconditions in the same branch is invalid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "abc", Present: true, @@ -826,15 +827,15 @@ func TestValidateQueryParameterMatchConditions(t *testing.T) { wantErr: true, }, "more than one 'exact' condition for the same query parameter is invalid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "abc", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "def", }, @@ -843,15 +844,15 @@ func TestValidateQueryParameterMatchConditions(t *testing.T) { wantErr: true, }, "more than one 'exact' condition for different query parameter is valid": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param1", Exact: "abc", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param2", Exact: "def", }, @@ -860,9 +861,9 @@ func TestValidateQueryParameterMatchConditions(t *testing.T) { wantErr: false, }, "invalid 'regex' value specified": { - matchconditions: []contour_api_v1.MatchCondition{ + matchconditions: []contour_v1.MatchCondition{ { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "x-header", Regex: "[", }, @@ -889,17 +890,17 @@ func TestValidateQueryParameterMatchConditions(t *testing.T) { func TestRegexMatchConditionsValid(t *testing.T) { tests := map[string]struct { - matchconditions []contour_api_v1.MatchCondition + matchconditions []contour_v1.MatchCondition want bool }{ "valid regex match condition": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Regex: "/.*/api", }}, want: true, }, "two regex conditions": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Regex: "/.*/api", }, { Regex: "/.*", @@ -907,7 +908,7 @@ func TestRegexMatchConditionsValid(t *testing.T) { want: false, }, "Regex and Prefix conditions set": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Regex: "/.*/api", }, { Prefix: "/v1", @@ -915,13 +916,13 @@ func TestRegexMatchConditionsValid(t *testing.T) { want: false, }, "invalid regex, no slash": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Regex: "234", }}, want: false, }, "invalid regex, ": { - matchconditions: []contour_api_v1.MatchCondition{{ + matchconditions: []contour_v1.MatchCondition{{ Regex: "/[a-zA-Z+", }}, want: false, diff --git a/internal/dag/dag.go b/internal/dag/dag.go index e85b1e7808f..85fb54a6a34 100644 --- a/internal/dag/dag.go +++ b/internal/dag/dag.go @@ -24,10 +24,11 @@ import ( "strings" "time" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + "github.com/projectcontour/contour/internal/status" "github.com/projectcontour/contour/internal/timeout" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" ) // Observer is an interface for receiving notification of DAG updates. @@ -777,10 +778,10 @@ func (v *VirtualHost) Valid() bool { type SecureVirtualHost struct { VirtualHost - // TLS minimum protocol version. Defaults to envoy_tls_v3.TlsParameters_TLS_AUTO + // TLS minimum protocol version. Defaults to envoy_transport_socket_tls_v3.TlsParameters_TLS_AUTO MinTLSVersion string - // TLS maximum protocol version. Defaults to envoy_tls_v3.TlsParameters_TLSv1_3 + // TLS maximum protocol version. Defaults to envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3 MaxTLSVersion string // The cert and key for this host. @@ -1059,18 +1060,18 @@ type Cluster struct { } // WeightedService represents the load balancing weight of a -// particular v1.Weighted port. +// particular core_v1.Weighted port. type WeightedService struct { // Weight is the integral load balancing weight. Weight uint32 - // ServiceName is the v1.Service name. + // ServiceName is the core_v1.Service name. ServiceName string - // ServiceNamespace is the v1.Service namespace. + // ServiceNamespace is the core_v1.Service namespace. ServiceNamespace string // ServicePort is the port to which we forward traffic. - ServicePort v1.ServicePort + ServicePort core_v1.ServicePort // HealthPort is the port for healthcheck. - HealthPort v1.ServicePort + HealthPort core_v1.ServicePort } // ServiceCluster capture the set of Kubernetes Services that will @@ -1125,12 +1126,12 @@ func (s *ServiceCluster) Validate() error { } // AddService adds the given service with a default weight of 1. -func (s *ServiceCluster) AddService(name types.NamespacedName, port v1.ServicePort) { +func (s *ServiceCluster) AddService(name types.NamespacedName, port core_v1.ServicePort) { s.AddWeightedService(1, name, port) } // AddWeightedService adds the given service with the given weight. -func (s *ServiceCluster) AddWeightedService(weight uint32, name types.NamespacedName, port v1.ServicePort) { +func (s *ServiceCluster) AddWeightedService(weight uint32, name types.NamespacedName, port core_v1.ServicePort) { w := WeightedService{ Weight: weight, ServiceName: name.Name, @@ -1162,7 +1163,7 @@ func (s *ServiceCluster) Rebalance() { // Secret represents a K8s Secret for TLS usage as a DAG Vertex. A Secret is // a leaf in the DAG. type Secret struct { - Object *v1.Secret + Object *core_v1.Secret ValidTLSSecret *SecretValidationStatus ValidCASecret *SecretValidationStatus ValidCRLSecret *SecretValidationStatus @@ -1178,12 +1179,12 @@ func (s *Secret) Data() map[string][]byte { // Cert returns the secret's tls certificate func (s *Secret) Cert() []byte { - return s.Object.Data[v1.TLSCertKey] + return s.Object.Data[core_v1.TLSCertKey] } // PrivateKey returns the secret's tls private key func (s *Secret) PrivateKey() []byte { - return s.Object.Data[v1.TLSPrivateKeyKey] + return s.Object.Data[core_v1.TLSPrivateKeyKey] } type SecretValidationStatus struct { diff --git a/internal/dag/dag_test.go b/internal/dag/dag_test.go index 7c8edb67eaf..3849ce71e50 100644 --- a/internal/dag/dag_test.go +++ b/internal/dag/dag_test.go @@ -18,7 +18,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" ) @@ -78,7 +78,7 @@ func TestPeerValidationContext(t *testing.T) { pvc1 := PeerValidationContext{ CACertificates: []*Secret{ { - Object: &v1.Secret{ + Object: &core_v1.Secret{ Data: map[string][]byte{ CACertificateKey: []byte("cacert"), }, @@ -92,21 +92,21 @@ func TestPeerValidationContext(t *testing.T) { pvc4 := PeerValidationContext{ CACertificates: []*Secret{ { - Object: &v1.Secret{ + Object: &core_v1.Secret{ Data: map[string][]byte{ CACertificateKey: []byte("-cacert-"), }, }, }, { - Object: &v1.Secret{ + Object: &core_v1.Secret{ Data: map[string][]byte{ CACertificateKey: []byte("-cacert2-"), }, }, }, { - Object: &v1.Secret{ + Object: &core_v1.Secret{ Data: map[string][]byte{}, }, }, diff --git a/internal/dag/extension_processor.go b/internal/dag/extension_processor.go index 1ccd293662e..d954f89d300 100644 --- a/internal/dag/extension_processor.go +++ b/internal/dag/extension_processor.go @@ -18,15 +18,16 @@ import ( "strings" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/status" - "github.com/projectcontour/contour/internal/xds" "github.com/sirupsen/logrus" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/status" + "github.com/projectcontour/contour/internal/xds" ) type ExtensionServiceProcessor struct { @@ -59,7 +60,7 @@ func (p *ExtensionServiceProcessor) Run(dag *DAG, cache *KubernetesCache) { } if len(validCondition.Errors) == 0 { - validCondition.Status = contour_api_v1.ConditionTrue + validCondition.Status = contour_v1.ConditionTrue validCondition.Reason = "Valid" validCondition.Message = "Valid ExtensionService" } @@ -85,12 +86,12 @@ func ExtensionClusterName(meta types.NamespacedName) string { // on the corresponding CRD. func (p *ExtensionServiceProcessor) buildExtensionService( cache *KubernetesCache, - ext *contour_api_v1alpha1.ExtensionService, - validCondition *contour_api_v1.DetailedCondition, + ext *contour_v1alpha1.ExtensionService, + validCondition *contour_v1.DetailedCondition, ) *ExtensionCluster { rtp, ctp, err := timeoutPolicy(ext.Spec.TimeoutPolicy, p.ConnectTimeout) if err != nil { - validCondition.AddErrorf(contour_api_v1.ConditionTypeSpecError, "TimeoutPolicyNotValid", + validCondition.AddErrorf(contour_v1.ConditionTypeSpecError, "TimeoutPolicyNotValid", "spec.timeoutPolicy failed to parse: %s", err) } @@ -99,7 +100,7 @@ func (p *ExtensionServiceProcessor) buildExtensionService( // Since the client certificate is configured by admin, explicit delegation is not required. clientCertSecret, err = cache.LookupTLSSecretInsecure(*p.ClientCertificate) if err != nil { - validCondition.AddErrorf(contour_api_v1.ConditionTypeTLSError, "SecretNotValid", + validCondition.AddErrorf(contour_v1.ConditionTypeTLSError, "SecretNotValid", "tls.envoy-client-certificate Secret %q is invalid: %s", p.ClientCertificate, err) } } @@ -124,7 +125,7 @@ func (p *ExtensionServiceProcessor) buildExtensionService( lbPolicy := loadBalancerPolicy(ext.Spec.LoadBalancerPolicy) switch lbPolicy { case LoadBalancerPolicyCookie, LoadBalancerPolicyRequestHash: - validCondition.AddWarningf(contour_api_v1.ConditionTypeSpecError, "IgnoredField", + validCondition.AddWarningf(contour_v1.ConditionTypeSpecError, "IgnoredField", "ignoring field %q; %s load balancer policy is not supported for ExtensionClusters", ".Spec.LoadBalancerPolicy", lbPolicy) // Reset load balancer policy to ensure the default. @@ -156,10 +157,10 @@ func (p *ExtensionServiceProcessor) buildExtensionService( uv, err := cache.LookupUpstreamValidation(v, caCertNamespacedName, ext.Namespace) if err != nil { if _, ok := err.(DelegationNotPermittedError); ok { - validCondition.AddErrorf(contour_api_v1.ConditionTypeTLSError, "CACertificateNotDelegated", + validCondition.AddErrorf(contour_v1.ConditionTypeTLSError, "CACertificateNotDelegated", "service.UpstreamValidation.CACertificate Secret %q is not configured for certificate delegation", caCertNamespacedName) } else { - validCondition.AddErrorf(contour_api_v1.ConditionTypeSpecError, "TLSUpstreamValidation", + validCondition.AddErrorf(contour_v1.ConditionTypeSpecError, "TLSUpstreamValidation", "TLS upstream validation policy error: %s", err.Error()) } return nil @@ -177,7 +178,7 @@ func (p *ExtensionServiceProcessor) buildExtensionService( extension.SNI = uv.SubjectNames[0] if extension.Protocol != "h2" { - validCondition.AddErrorf(contour_api_v1.ConditionTypeSpecError, "InconsistentProtocol", + validCondition.AddErrorf(contour_v1.ConditionTypeSpecError, "InconsistentProtocol", "upstream TLS validation not supported for %q protocol", extension.Protocol) } } @@ -194,7 +195,7 @@ func (p *ExtensionServiceProcessor) buildExtensionService( svc, port, err := cache.LookupService(svcName, intstr.FromInt(target.Port)) if err != nil { - validCondition.AddErrorf(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", + validCondition.AddErrorf(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", "unresolved service %q: %s", svcName, err) continue } @@ -203,8 +204,8 @@ func (p *ExtensionServiceProcessor) buildExtensionService( // TODO(youngnick): If ExternalName support is added, we must pass down the EnableExternalNameService bool // and check it first. if svc.Spec.ExternalName != "" { - validCondition.AddErrorf(contour_api_v1.ConditionTypeServiceError, "UnsupportedServiceType", - "Service %q is of unsupported type %q.", svcName, corev1.ServiceTypeExternalName) + validCondition.AddErrorf(contour_v1.ConditionTypeServiceError, "UnsupportedServiceType", + "Service %q is of unsupported type %q.", svcName, core_v1.ServiceTypeExternalName) continue } diff --git a/internal/dag/gatewayapi_processor.go b/internal/dag/gatewayapi_processor.go index 0a2f8cd6957..355d9eb6dd7 100644 --- a/internal/dag/gatewayapi_processor.go +++ b/internal/dag/gatewayapi_processor.go @@ -21,16 +21,9 @@ import ( "strings" "time" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/internal/status" - "github.com/projectcontour/contour/internal/timeout" - "github.com/sirupsen/logrus" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/sets" @@ -39,6 +32,13 @@ import ( gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/internal/status" + "github.com/projectcontour/contour/internal/timeout" ) const ( @@ -78,7 +78,7 @@ type GatewayAPIProcessor struct { SetSourceMetadataOnRoutes bool // GlobalCircuitBreakerDefaults defines global circuit breaker defaults. - GlobalCircuitBreakerDefaults *contour_api_v1alpha1.GlobalCircuitBreakerDefaults + GlobalCircuitBreakerDefaults *contour_v1alpha1.GlobalCircuitBreakerDefaults // UpstreamTLS defines the TLS settings like min/max version // and cipher suites for upstream connections. @@ -121,13 +121,13 @@ func (p *GatewayAPIProcessor) Run(dag *DAG, source *KubernetesCache) { ) defer commit() - var gatewayNotProgrammedCondition *metav1.Condition + var gatewayNotProgrammedCondition *meta_v1.Condition if !isAddressAssigned(p.source.gateway.Spec.Addresses, p.source.gateway.Status.Addresses) { // TODO(sk) resolve condition type-reason mismatch - gatewayNotProgrammedCondition = &metav1.Condition{ + gatewayNotProgrammedCondition = &meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonAddressNotAssigned), Message: "None of the addresses in Spec.Addresses have been assigned to the Gateway", } @@ -187,7 +187,7 @@ func (p *GatewayAPIProcessor) processRoute( routeKind gatewayapi_v1beta1.Kind, route client.Object, parentRefs []gatewayapi_v1beta1.ParentReference, - gatewayNotProgrammedCondition *metav1.Condition, + gatewayNotProgrammedCondition *meta_v1.Condition, listeners []*listenerInfo, listenerAttachedRoutes map[string]int, emptyResource client.Object, @@ -208,7 +208,7 @@ func (p *GatewayAPIProcessor) processRoute( routeParentStatus := routeStatus.StatusUpdateFor(routeParentRef) // If the Gateway is invalid, set status on the route and we're done. if gatewayNotProgrammedCondition != nil { - routeParentStatus.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, metav1.ConditionFalse, status.ReasonInvalidGateway, "Invalid Gateway") + routeParentStatus.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, status.ReasonInvalidGateway, "Invalid Gateway") continue } @@ -250,7 +250,7 @@ func (p *GatewayAPIProcessor) processRoute( // invalid hostnames make it through, we're using our best judgment here. // Theoretically these should be prevented by the combination of kubebuilder // and admission webhook validations. - routeParentStatus.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, err.Error()) + routeParentStatus.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, err.Error()) } // If there were no intersections between the listener hostname and the @@ -277,7 +277,7 @@ func (p *GatewayAPIProcessor) processRoute( if routeKind != KindTCPRoute && hostCount == 0 && !routeParentStatus.ConditionExists(gatewayapi_v1beta1.RouteConditionAccepted) { routeParentStatus.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonNoMatchingListenerHostname, "No intersecting hostnames were found between the listener and the route.", ) @@ -288,7 +288,7 @@ func (p *GatewayAPIProcessor) processRoute( if !routeParentStatus.ConditionExists(gatewayapi_v1beta1.RouteConditionResolvedRefs) { routeParentStatus.AddCondition( gatewayapi_v1beta1.RouteConditionResolvedRefs, - metav1.ConditionTrue, + meta_v1.ConditionTrue, gatewayapi_v1beta1.RouteReasonResolvedRefs, "References resolved") } @@ -298,7 +298,7 @@ func (p *GatewayAPIProcessor) processRoute( if !routeParentStatus.ConditionExists(gatewayapi_v1beta1.RouteConditionAccepted) { routeParentStatus.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionTrue, + meta_v1.ConditionTrue, gatewayapi_v1beta1.RouteReasonAccepted, fmt.Sprintf("Accepted %s", routeKind), ) @@ -363,7 +363,7 @@ func (p *GatewayAPIProcessor) getListenersForRouteParentRef( if readyListenerCount == 0 { routeParentStatusAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1.RouteReasonNoMatchingParent, "No listeners match this parent ref", ) @@ -373,7 +373,7 @@ func (p *GatewayAPIProcessor) getListenersForRouteParentRef( if len(allowedListeners) == 0 { routeParentStatusAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonNotAllowedByListeners, "No listeners included by this parent ref allowed this attachment.", ) @@ -447,7 +447,7 @@ func (p *GatewayAPIProcessor) computeListener( gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionProgrammed, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalid, msg, ) @@ -462,21 +462,21 @@ func (p *GatewayAPIProcessor) computeListener( gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionProgrammed, - metav1.ConditionTrue, + meta_v1.ConditionTrue, gatewayapi_v1.ListenerReasonProgrammed, "Valid listener", ) gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionAccepted, - metav1.ConditionTrue, + meta_v1.ConditionTrue, gatewayapi_v1.ListenerReasonAccepted, "Listener accepted", ) gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionResolvedRefs, - metav1.ConditionTrue, + meta_v1.ConditionTrue, gatewayapi_v1.ListenerReasonResolvedRefs, "Listener references resolved", ) @@ -510,7 +510,7 @@ func (p *GatewayAPIProcessor) computeListener( gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionAccepted, - metav1.ConditionTrue, + meta_v1.ConditionTrue, gatewayapi_v1.ListenerReasonAccepted, "Listener accepted", ) @@ -521,7 +521,7 @@ func (p *GatewayAPIProcessor) computeListener( gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionResolvedRefs, - metav1.ConditionTrue, + meta_v1.ConditionTrue, gatewayapi_v1.ListenerReasonResolvedRefs, "Listener references resolved", ) @@ -547,7 +547,7 @@ func (p *GatewayAPIProcessor) computeListener( } var err error - info.namespaceSelector, err = metav1.LabelSelectorAsSelector(listener.AllowedRoutes.Namespaces.Selector) + info.namespaceSelector, err = meta_v1.LabelSelectorAsSelector(listener.AllowedRoutes.Namespaces.Selector) if err != nil { addInvalidListenerCondition(fmt.Sprintf("Error parsing Listener.AllowedRoutes.Namespaces.Selector: %v.", err)) return info @@ -643,7 +643,7 @@ func (p *GatewayAPIProcessor) getListenerRouteKinds(listener gatewayapi_v1beta1. gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionResolvedRefs, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalidRouteKinds, fmt.Sprintf("Group %q is not supported, group must be %q", *routeKind.Group, gatewayapi_v1beta1.GroupName), ) @@ -653,7 +653,7 @@ func (p *GatewayAPIProcessor) getListenerRouteKinds(listener gatewayapi_v1beta1. gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionResolvedRefs, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalidRouteKinds, fmt.Sprintf("Kind %q is not supported, kind must be %q, %q, %q or %q", routeKind.Kind, KindHTTPRoute, KindTLSRoute, KindGRPCRoute, KindTCPRoute), ) @@ -663,7 +663,7 @@ func (p *GatewayAPIProcessor) getListenerRouteKinds(listener gatewayapi_v1beta1. gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionResolvedRefs, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalidRouteKinds, fmt.Sprintf("TLSRoutes are incompatible with listener protocol %q", listener.Protocol), ) @@ -673,7 +673,7 @@ func (p *GatewayAPIProcessor) getListenerRouteKinds(listener gatewayapi_v1beta1. gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionResolvedRefs, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalidRouteKinds, fmt.Sprintf("TCPRoutes are incompatible with listener protocol %q", listener.Protocol), ) @@ -688,7 +688,7 @@ func (p *GatewayAPIProcessor) getListenerRouteKinds(listener gatewayapi_v1beta1. // resolveListenerSecret validates and resolves a Listener TLS secret // from a given list of certificateRefs. There must be exactly one -// certificate ref, to a v1.Secret, that exists, is allowed to be referenced +// certificate ref, to a core_v1.Secret, that exists, is allowed to be referenced // based on namespace and ReferenceGrants, and is a valid TLS secret. // Conditions are set if any of these requirements are not met. func (p *GatewayAPIProcessor) resolveListenerSecret(certificateRefs []gatewayapi_v1beta1.SecretObjectReference, listenerName string, gwAccessor *status.GatewayStatusUpdate) *Secret { @@ -696,7 +696,7 @@ func (p *GatewayAPIProcessor) resolveListenerSecret(certificateRefs []gatewayapi gwAccessor.AddListenerCondition( listenerName, gatewayapi_v1.ListenerConditionProgrammed, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalid, "Listener.TLS.CertificateRefs must contain exactly one entry", ) @@ -705,13 +705,13 @@ func (p *GatewayAPIProcessor) resolveListenerSecret(certificateRefs []gatewayapi certificateRef := certificateRefs[0] - // Validate a v1.Secret is referenced which can be kind: secret & group: core. + // Validate a core_v1.Secret is referenced which can be kind: secret & group: core. // ref: https://github.com/kubernetes-sigs/gateway-api/pull/562 if !isSecretRef(certificateRef) { gwAccessor.AddListenerCondition( listenerName, gatewayapi_v1.ListenerConditionResolvedRefs, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalidCertificateRef, fmt.Sprintf("Spec.VirtualHost.TLS.CertificateRefs %q must contain a reference to a core.Secret", certificateRef.Name), ) @@ -737,7 +737,7 @@ func (p *GatewayAPIProcessor) resolveListenerSecret(certificateRefs []gatewayapi gwAccessor.AddListenerCondition( listenerName, gatewayapi_v1.ListenerConditionResolvedRefs, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonRefNotPermitted, fmt.Sprintf("Spec.VirtualHost.TLS.CertificateRefs %q namespace must match the Gateway's namespace or be covered by a ReferenceGrant", certificateRef.Name), ) @@ -759,7 +759,7 @@ func (p *GatewayAPIProcessor) resolveListenerSecret(certificateRefs []gatewayapi gwAccessor.AddListenerCondition( listenerName, gatewayapi_v1.ListenerConditionResolvedRefs, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalidCertificateRef, fmt.Sprintf("Spec.VirtualHost.TLS.CertificateRefs %q referent is invalid: %s", certificateRef.Name, err), ) @@ -937,11 +937,11 @@ func (p *GatewayAPIProcessor) namespaceMatches(namespaces *gatewayapi_v1beta1.Ro return true } -func (p *GatewayAPIProcessor) computeGatewayConditions(gwAccessor *status.GatewayStatusUpdate, gatewayNotProgrammedCondition *metav1.Condition) { +func (p *GatewayAPIProcessor) computeGatewayConditions(gwAccessor *status.GatewayStatusUpdate, gatewayNotProgrammedCondition *meta_v1.Condition) { // If Contour's running, the Gateway is considered accepted. gwAccessor.AddCondition( gatewayapi_v1.GatewayConditionAccepted, - metav1.ConditionTrue, + meta_v1.ConditionTrue, gatewayapi_v1.GatewayReasonAccepted, "Gateway is accepted", ) @@ -963,7 +963,7 @@ func (p *GatewayAPIProcessor) computeGatewayConditions(gwAccessor *status.Gatewa } for _, cond := range ls.Conditions { - if cond.Type == string(gatewayapi_v1.ListenerConditionProgrammed) && cond.Status == metav1.ConditionFalse { + if cond.Type == string(gatewayapi_v1.ListenerConditionProgrammed) && cond.Status == meta_v1.ConditionFalse { allListenersProgrammed = false break } @@ -977,10 +977,10 @@ func (p *GatewayAPIProcessor) computeGatewayConditions(gwAccessor *status.Gatewa if !allListenersProgrammed { // If we have invalid listeners, set Programmed=false. // TODO(sk) resolve condition type-reason mismatch - gwAccessor.AddCondition(gatewayapi_v1.GatewayConditionProgrammed, metav1.ConditionFalse, gatewayapi_v1.GatewayReasonListenersNotValid, "Listeners are not valid") + gwAccessor.AddCondition(gatewayapi_v1.GatewayConditionProgrammed, meta_v1.ConditionFalse, gatewayapi_v1.GatewayReasonListenersNotValid, "Listeners are not valid") } else { // Otherwise, Programmed=true. - gwAccessor.AddCondition(gatewayapi_v1.GatewayConditionProgrammed, metav1.ConditionTrue, gatewayapi_v1.GatewayReasonProgrammed, status.MessageValidGateway) + gwAccessor.AddCondition(gatewayapi_v1.GatewayConditionProgrammed, meta_v1.ConditionTrue, gatewayapi_v1.GatewayReasonProgrammed, status.MessageValidGateway) } } } @@ -989,7 +989,7 @@ func (p *GatewayAPIProcessor) computeTLSRouteForListener(route *gatewayapi_v1alp var programmed bool for _, rule := range route.Spec.Rules { if len(rule.BackendRefs) == 0 { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") continue } @@ -1035,7 +1035,7 @@ func (p *GatewayAPIProcessor) computeTLSRouteForListener(route *gatewayapi_v1alp // If we have valid clusters but they all have a zero // weight, reject the route. if totalWeight == 0 { - routeAccessor.AddCondition(status.ConditionValidBackendRefs, metav1.ConditionFalse, status.ReasonAllBackendRefsHaveZeroWeights, "At least one Spec.Rules.BackendRef must have a non-zero weight.") + routeAccessor.AddCondition(status.ConditionValidBackendRefs, meta_v1.ConditionFalse, status.ReasonAllBackendRefsHaveZeroWeights, "At least one Spec.Rules.BackendRef must have a non-zero weight.") continue } @@ -1162,7 +1162,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( headerMatches, err := gatewayHeaderMatchConditions(match.Headers) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, metav1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) continue } @@ -1178,7 +1178,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( queryParamMatches, err := gatewayQueryParamMatchConditions(match.QueryParams) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, metav1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) continue } @@ -1203,7 +1203,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( timeoutPolicy, err = parseHTTPRouteTimeouts(rule.Timeouts) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, metav1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) continue } @@ -1222,7 +1222,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( var err error requestHeaderPolicy, err = headersPolicyGatewayAPI(filter.RequestHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) } case gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier: if filter.ResponseHeaderModifier == nil || responseHeaderPolicy != nil { @@ -1232,7 +1232,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( var err error responseHeaderPolicy, err = headersPolicyGatewayAPI(filter.ResponseHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) } case gatewayapi_v1.HTTPRouteFilterRequestRedirect: if filter.RequestRedirect == nil || redirect != nil { @@ -1280,7 +1280,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( default: routeAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, fmt.Sprintf("HTTPRoute.Spec.Rules.Filters.RequestRedirect.Path.Type: invalid type %q: only ReplacePrefixMatch and ReplaceFullPath are supported.", filter.RequestRedirect.Path.Type), ) @@ -1347,7 +1347,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( default: routeAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, fmt.Sprintf("HTTPRoute.Spec.Rules.Filters.URLRewrite.Path.Type: invalid type %q: only ReplacePrefixMatch and ReplaceFullPath are supported.", filter.URLRewrite.Path.Type), ) @@ -1361,7 +1361,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( default: routeAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, fmt.Sprintf("HTTPRoute.Spec.Rules.Filters: invalid type %q: only RequestHeaderModifier, ResponseHeaderModifier, RequestRedirect, RequestMirror and URLRewrite are supported.", filter.Type), ) @@ -1458,7 +1458,7 @@ func (p *GatewayAPIProcessor) computeGRPCRouteForListener(route *gatewayapi_v1al headerMatches, err := gatewayGRPCHeaderMatchConditions(match.Headers) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1alpha2.RouteConditionAccepted, metav1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) + routeAccessor.AddCondition(gatewayapi_v1alpha2.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) continue } @@ -1496,7 +1496,7 @@ func (p *GatewayAPIProcessor) computeGRPCRouteForListener(route *gatewayapi_v1al var err error requestHeaderPolicy, err = headersPolicyGatewayAPI(filter.RequestHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) } case gatewayapi_v1alpha2.GRPCRouteFilterResponseHeaderModifier: if filter.ResponseHeaderModifier == nil || responseHeaderPolicy != nil { @@ -1506,7 +1506,7 @@ func (p *GatewayAPIProcessor) computeGRPCRouteForListener(route *gatewayapi_v1al var err error responseHeaderPolicy, err = headersPolicyGatewayAPI(filter.ResponseHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) } case gatewayapi_v1alpha2.GRPCRouteFilterRequestMirror: if filter.RequestMirror == nil { @@ -1529,7 +1529,7 @@ func (p *GatewayAPIProcessor) computeGRPCRouteForListener(route *gatewayapi_v1al default: routeAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, fmt.Sprintf("GRPCRoute.Spec.Rules.Filters: invalid type %q: only RequestHeaderModifier, ResponseHeaderModifier and RequestMirror are supported.", filter.Type), ) @@ -1602,12 +1602,12 @@ func gatewayGRPCMethodMatchCondition(match *gatewayapi_v1alpha2.GRPCMethodMatch, // Support "Exact" match type only. If match type is not specified, use "Exact" as default. if match.Type != nil && *match.Type != gatewayapi_v1alpha2.GRPCMethodMatchExact { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, metav1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, "GRPCRoute.Spec.Rules.Matches.Method: Only Exact match type is supported.") + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, "GRPCRoute.Spec.Rules.Matches.Method: Only Exact match type is supported.") return nil, false } if match.Service == nil || isBlank(*match.Service) || match.Method == nil || isBlank(*match.Method) { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, metav1.ConditionFalse, status.ReasonInvalidMethodMatch, "GRPCRoute.Spec.Rules.Matches.Method: Both Service and Method need be configured.") + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, status.ReasonInvalidMethodMatch, "GRPCRoute.Spec.Rules.Matches.Method: Both Service and Method need be configured.") return nil, false } @@ -1658,7 +1658,7 @@ func (p *GatewayAPIProcessor) computeTCPRouteForListener(route *gatewayapi_v1alp if len(route.Spec.Rules) != 1 { routeAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, "InvalidRouteRules", "TCPRoute must have only a single rule defined", ) @@ -1671,7 +1671,7 @@ func (p *GatewayAPIProcessor) computeTCPRouteForListener(route *gatewayapi_v1alp if len(rule.BackendRefs) == 0 { routeAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionResolvedRefs, - metav1.ConditionFalse, + meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.", ) @@ -1726,7 +1726,7 @@ func (p *GatewayAPIProcessor) computeTCPRouteForListener(route *gatewayapi_v1alp if totalWeight == 0 { routeAccessor.AddCondition( status.ConditionValidBackendRefs, - metav1.ConditionFalse, + meta_v1.ConditionFalse, status.ReasonAllBackendRefsHaveZeroWeights, "At least one Spec.Rules.BackendRef must have a non-zero weight.", ) @@ -1745,30 +1745,30 @@ func (p *GatewayAPIProcessor) computeTCPRouteForListener(route *gatewayapi_v1alp } // validateBackendRef verifies that the specified BackendRef is valid. -// Returns a metav1.Condition for the route if any errors are detected. -func (p *GatewayAPIProcessor) validateBackendRef(backendRef gatewayapi_v1beta1.BackendRef, routeKind, routeNamespace string) (*Service, *metav1.Condition) { +// Returns a meta_v1.Condition for the route if any errors are detected. +func (p *GatewayAPIProcessor) validateBackendRef(backendRef gatewayapi_v1beta1.BackendRef, routeKind, routeNamespace string) (*Service, *meta_v1.Condition) { return p.validateBackendObjectRef(backendRef.BackendObjectReference, "Spec.Rules.BackendRef", routeKind, routeNamespace) } -func resolvedRefsFalse(reason gatewayapi_v1beta1.RouteConditionReason, msg string) metav1.Condition { - return metav1.Condition{ +func resolvedRefsFalse(reason gatewayapi_v1beta1.RouteConditionReason, msg string) meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1beta1.RouteConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(reason), Message: msg, } } // validateBackendObjectRef verifies that the specified BackendObjectReference -// is valid. Returns a metav1.Condition for the route if any errors are detected. +// is valid. Returns a meta_v1.Condition for the route if any errors are detected. // As BackendObjectReference is used in multiple fields, the given field is used -// to build the message in metav1.Condition. +// to build the message in meta_v1.Condition. func (p *GatewayAPIProcessor) validateBackendObjectRef( backendObjectRef gatewayapi_v1beta1.BackendObjectReference, field string, routeKind string, routeNamespace string, -) (*Service, *metav1.Condition) { +) (*Service, *meta_v1.Condition) { if !(backendObjectRef.Group == nil || *backendObjectRef.Group == "") { return nil, ref.To(resolvedRefsFalse(gatewayapi_v1beta1.RouteReasonInvalidKind, fmt.Sprintf("%s.Group must be \"\"", field))) } @@ -1825,7 +1825,7 @@ func (p *GatewayAPIProcessor) validateBackendObjectRef( return service, nil } -func validateAppProtocol(svc *v1.ServicePort) error { +func validateAppProtocol(svc *core_v1.ServicePort) error { if svc.AppProtocol == nil { return nil } @@ -1845,11 +1845,11 @@ func gatewayPathMatchCondition(match *gatewayapi_v1beta1.HTTPPathMatch, routeAcc // If path match type is not defined, default to 'PathPrefix'. if match.Type == nil || *match.Type == gatewayapi_v1.PathMatchPathPrefix { if !strings.HasPrefix(path, "/") { - routeAccessor.AddCondition(status.ConditionValidMatches, metav1.ConditionFalse, status.ReasonInvalidPathMatch, "Match.Path.Value must start with '/'.") + routeAccessor.AddCondition(status.ConditionValidMatches, meta_v1.ConditionFalse, status.ReasonInvalidPathMatch, "Match.Path.Value must start with '/'.") return nil } if strings.Contains(path, "//") { - routeAccessor.AddCondition(status.ConditionValidMatches, metav1.ConditionFalse, status.ReasonInvalidPathMatch, "Match.Path.Value must not contain consecutive '/' characters.") + routeAccessor.AddCondition(status.ConditionValidMatches, meta_v1.ConditionFalse, status.ReasonInvalidPathMatch, "Match.Path.Value must not contain consecutive '/' characters.") return nil } @@ -1864,11 +1864,11 @@ func gatewayPathMatchCondition(match *gatewayapi_v1beta1.HTTPPathMatch, routeAcc if *match.Type == gatewayapi_v1.PathMatchExact { if !strings.HasPrefix(path, "/") { - routeAccessor.AddCondition(status.ConditionValidMatches, metav1.ConditionFalse, status.ReasonInvalidPathMatch, "Match.Path.Value must start with '/'.") + routeAccessor.AddCondition(status.ConditionValidMatches, meta_v1.ConditionFalse, status.ReasonInvalidPathMatch, "Match.Path.Value must start with '/'.") return nil } if strings.Contains(path, "//") { - routeAccessor.AddCondition(status.ConditionValidMatches, metav1.ConditionFalse, status.ReasonInvalidPathMatch, "Match.Path.Value must not contain consecutive '/' characters.") + routeAccessor.AddCondition(status.ConditionValidMatches, meta_v1.ConditionFalse, status.ReasonInvalidPathMatch, "Match.Path.Value must not contain consecutive '/' characters.") return nil } return &ExactMatchCondition{Path: path} @@ -1876,7 +1876,7 @@ func gatewayPathMatchCondition(match *gatewayapi_v1beta1.HTTPPathMatch, routeAcc if *match.Type == gatewayapi_v1.PathMatchRegularExpression { if err := ValidateRegex(*match.Value); err != nil { - routeAccessor.AddCondition(status.ConditionValidMatches, metav1.ConditionFalse, status.ReasonInvalidPathMatch, "Match.Path.Value is invalid for RegularExpression match type.") + routeAccessor.AddCondition(status.ConditionValidMatches, meta_v1.ConditionFalse, status.ReasonInvalidPathMatch, "Match.Path.Value is invalid for RegularExpression match type.") return nil } return &RegexMatchCondition{Regex: path} @@ -1884,7 +1884,7 @@ func gatewayPathMatchCondition(match *gatewayapi_v1beta1.HTTPPathMatch, routeAcc routeAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.PathMatch: Only Prefix match type, Exact match type and RegularExpression match type are supported.", ) @@ -1968,7 +1968,7 @@ func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs [] totalWeight := uint32(0) if len(backendRefs) == 0 { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") return nil, totalWeight, false } @@ -2005,7 +2005,7 @@ func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs [] var err error clusterRequestHeaderPolicy, err = headersPolicyGatewayAPI(filter.RequestHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) } case gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier: if filter.ResponseHeaderModifier == nil || clusterResponseHeaderPolicy != nil { @@ -2015,12 +2015,12 @@ func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs [] var err error clusterResponseHeaderPolicy, err = headersPolicyGatewayAPI(filter.ResponseHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) } default: routeAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.BackendRef.Filters: Only RequestHeaderModifier and ResponseHeaderModifier type is supported.", ) @@ -2104,17 +2104,17 @@ func (p *GatewayAPIProcessor) computeBackendTLSPolicies(routeNamespace string, b backendTLSPolicyAncestorStatus := backendTLSPolicyAccessor.StatusUpdateFor(routeParentRef) if backendTLSPolicy.Spec.TLS.WellKnownCACerts != nil && *backendTLSPolicy.Spec.TLS.WellKnownCACerts != "" { - backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, "BackendTLSPolicy.Spec.TLS.WellKnownCACerts is unsupported.") + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, "BackendTLSPolicy.Spec.TLS.WellKnownCACerts is unsupported.") return nil, nil } if err := gatewayapi.IsValidHostname(string(backendTLSPolicy.Spec.TLS.Hostname)); err != nil { - backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("BackendTLSPolicy.Spec.TLS.Hostname %q is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", backendTLSPolicy.Spec.TLS.Hostname)) + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("BackendTLSPolicy.Spec.TLS.Hostname %q is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", backendTLSPolicy.Spec.TLS.Hostname)) return nil, nil } if strings.Contains(string(backendTLSPolicy.Spec.TLS.Hostname), "*") { - backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("BackendTLSPolicy.Spec.TLS.Hostname %q is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", backendTLSPolicy.Spec.TLS.Hostname)) + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("BackendTLSPolicy.Spec.TLS.Hostname %q is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", backendTLSPolicy.Spec.TLS.Hostname)) return nil, nil } @@ -2128,7 +2128,7 @@ func (p *GatewayAPIProcessor) computeBackendTLSPolicies(routeNamespace string, b Namespace: backendTLSPolicy.Namespace, }, backendTLSPolicy.Namespace) if err != nil { - backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("Could not find CACertRef Secret: %s/%s", backendTLSPolicy.Namespace, certRef.Name)) + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("Could not find CACertRef Secret: %s/%s", backendTLSPolicy.Namespace, certRef.Name)) isInvalidCertChain = true continue } @@ -2139,13 +2139,13 @@ func (p *GatewayAPIProcessor) computeBackendTLSPolicies(routeNamespace string, b Namespace: backendTLSPolicy.Namespace, }) if err != nil { - backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("Could not find CACertRef ConfigMap: %s/%s", backendTLSPolicy.Namespace, certRef.Name)) + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("Could not find CACertRef ConfigMap: %s/%s", backendTLSPolicy.Namespace, certRef.Name)) isInvalidCertChain = true continue } caSecrets = append(caSecrets, caSecret) default: - backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("BackendTLSPolicy.Spec.TLS.CACertRef.Kind %q is unsupported. Only ConfigMap or Secret Kind is supported.", certRef.Kind)) + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1alpha2.PolicyReasonInvalid, fmt.Sprintf("BackendTLSPolicy.Spec.TLS.CACertRef.Kind %q is unsupported. Only ConfigMap or Secret Kind is supported.", certRef.Kind)) isInvalidCertChain = true continue } @@ -2163,7 +2163,7 @@ func (p *GatewayAPIProcessor) computeBackendTLSPolicies(routeNamespace string, b upstreamTLS = p.UpstreamTLS - backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionTrue, gatewayapi_v1alpha2.PolicyReasonAccepted, "Accepted BackendTLSPolicy") + backendTLSPolicyAncestorStatus.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, meta_v1.ConditionTrue, gatewayapi_v1alpha2.PolicyReasonAccepted, "Accepted BackendTLSPolicy") } } @@ -2175,7 +2175,7 @@ func (p *GatewayAPIProcessor) grpcClusters(routeNamespace string, backendRefs [] totalWeight := uint32(0) if len(backendRefs) == 0 { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") return nil, totalWeight, false } @@ -2206,7 +2206,7 @@ func (p *GatewayAPIProcessor) grpcClusters(routeNamespace string, backendRefs [] var err error clusterRequestHeaderPolicy, err = headersPolicyGatewayAPI(filter.RequestHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) } case gatewayapi_v1alpha2.GRPCRouteFilterResponseHeaderModifier: if filter.ResponseHeaderModifier == nil || clusterResponseHeaderPolicy != nil { @@ -2216,12 +2216,12 @@ func (p *GatewayAPIProcessor) grpcClusters(routeNamespace string, backendRefs [] var err error clusterResponseHeaderPolicy, err = headersPolicyGatewayAPI(filter.ResponseHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, metav1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) + routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) } default: routeAccessor.AddCondition( gatewayapi_v1beta1.RouteConditionAccepted, - metav1.ConditionFalse, + meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, "GRPCRoute.Spec.Rules.BackendRef.Filters: Only RequestHeaderModifier and ResponseHeaderModifier type is supported.", ) diff --git a/internal/dag/gatewayapi_processor_test.go b/internal/dag/gatewayapi_processor_test.go index 2fe5db99e11..2ded545331c 100644 --- a/internal/dag/gatewayapi_processor_test.go +++ b/internal/dag/gatewayapi_processor_test.go @@ -17,18 +17,19 @@ import ( "fmt" "testing" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/internal/status" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/sets" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/internal/status" ) func TestComputeHosts(t *testing.T) { @@ -285,7 +286,7 @@ func TestNamespaceMatches(t *testing.T) { "From.NamespacesFromSelector matches labels, same ns as gateway": { namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ "app": "production", }, @@ -297,7 +298,7 @@ func TestNamespaceMatches(t *testing.T) { "From.NamespacesFromSelector matches labels, different ns as gateway": { namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ "something": "special", }, @@ -309,7 +310,7 @@ func TestNamespaceMatches(t *testing.T) { "From.NamespacesFromSelector doesn't matches labels, different ns as gateway": { namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ "something": "special", }, @@ -321,10 +322,10 @@ func TestNamespaceMatches(t *testing.T) { "From.NamespacesFromSelector matches expression 'In', different ns as gateway": { namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ - MatchExpressions: []metav1.LabelSelectorRequirement{{ + Selector: &meta_v1.LabelSelector{ + MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "something", - Operator: metav1.LabelSelectorOpIn, + Operator: meta_v1.LabelSelectorOpIn, Values: []string{"special"}, }}, }, @@ -335,10 +336,10 @@ func TestNamespaceMatches(t *testing.T) { "From.NamespacesFromSelector matches expression 'DoesNotExist', different ns as gateway": { namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ - MatchExpressions: []metav1.LabelSelectorRequirement{{ + Selector: &meta_v1.LabelSelector{ + MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "notthere", - Operator: metav1.LabelSelectorOpDoesNotExist, + Operator: meta_v1.LabelSelectorOpDoesNotExist, }}, }, }, @@ -348,10 +349,10 @@ func TestNamespaceMatches(t *testing.T) { "From.NamespacesFromSelector doesn't match expression 'DoesNotExist', different ns as gateway": { namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ - MatchExpressions: []metav1.LabelSelectorRequirement{{ + Selector: &meta_v1.LabelSelector{ + MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "something", - Operator: metav1.LabelSelectorOpDoesNotExist, + Operator: meta_v1.LabelSelectorOpDoesNotExist, }}, }, }, @@ -361,10 +362,10 @@ func TestNamespaceMatches(t *testing.T) { "From.NamespacesFromSelector matches expression 'Exists', different ns as gateway": { namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ - MatchExpressions: []metav1.LabelSelectorRequirement{{ + Selector: &meta_v1.LabelSelector{ + MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "notthere", - Operator: metav1.LabelSelectorOpExists, + Operator: meta_v1.LabelSelectorOpExists, }}, }, }, @@ -374,10 +375,10 @@ func TestNamespaceMatches(t *testing.T) { "From.NamespacesFromSelector doesn't match expression 'Exists', different ns as gateway": { namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ - MatchExpressions: []metav1.LabelSelectorRequirement{{ + Selector: &meta_v1.LabelSelector{ + MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "something", - Operator: metav1.LabelSelectorOpExists, + Operator: meta_v1.LabelSelectorOpExists, }}, }, }, @@ -392,14 +393,14 @@ func TestNamespaceMatches(t *testing.T) { FieldLogger: fixture.NewTestLogger(t), source: &KubernetesCache{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, }, - namespaces: map[string]*v1.Namespace{ + namespaces: map[string]*core_v1.Namespace{ "projectcontour": { - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "projectcontour", Labels: map[string]string{ "app": "production", @@ -407,7 +408,7 @@ func TestNamespaceMatches(t *testing.T) { }, }, "custom": { - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "custom", Labels: map[string]string{ "something": "special", @@ -417,7 +418,7 @@ func TestNamespaceMatches(t *testing.T) { }, }, "customsimilar": { - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "custom", Labels: map[string]string{ "something": "special", @@ -431,7 +432,7 @@ func TestNamespaceMatches(t *testing.T) { var selector labels.Selector var err error if tc.namespaces != nil && tc.namespaces.Selector != nil { - selector, err = metav1.LabelSelectorAsSelector(tc.namespaces.Selector) + selector, err = meta_v1.LabelSelectorAsSelector(tc.namespaces.Selector) require.NoError(t, err) } @@ -740,7 +741,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { FieldLogger: fixture.NewTestLogger(t), source: &KubernetesCache{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, diff --git a/internal/dag/httpproxy_processor.go b/internal/dag/httpproxy_processor.go index 8fd38718c7a..7dac1510315 100644 --- a/internal/dag/httpproxy_processor.go +++ b/internal/dag/httpproxy_processor.go @@ -25,23 +25,24 @@ import ( "strings" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/apimachinery/pkg/util/sets" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/annotation" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/status" "github.com/projectcontour/contour/internal/timeout" - "k8s.io/apimachinery/pkg/types" - "k8s.io/apimachinery/pkg/util/sets" ) // defaultMaxRequestBytes specifies default value maxRequestBytes for AuthorizationServer const defaultMaxRequestBytes uint32 = 1024 // defaultExtensionRef populates the unset fields in ref with default values. -func defaultExtensionRef(ref contour_api_v1.ExtensionServiceReference) contour_api_v1.ExtensionServiceReference { +func defaultExtensionRef(ref contour_v1.ExtensionServiceReference) contour_v1.ExtensionServiceReference { if ref.APIVersion == "" { - ref.APIVersion = contour_api_v1alpha1.GroupVersion.String() + ref.APIVersion = contour_v1alpha1.GroupVersion.String() } return ref @@ -79,7 +80,7 @@ type HTTPProxyProcessor struct { // When this is used, Happy Eyeballs will be enabled for upstream connections. // Refer to Happy Eyeballs Support for more information. // Note: This only applies to externalName clusters. - DNSLookupFamily contour_api_v1alpha1.ClusterDNSFamilyType + DNSLookupFamily contour_v1alpha1.ClusterDNSFamilyType // ClientCertificate is the optional identifier of the TLS secret containing client certificate and // private key to be used when establishing TLS connection to upstream cluster. @@ -92,7 +93,7 @@ type HTTPProxyProcessor struct { ResponseHeadersPolicy *HeadersPolicy // GlobalExternalAuthorization defines how requests will be authorized. - GlobalExternalAuthorization *contour_api_v1.AuthorizationServer + GlobalExternalAuthorization *contour_v1.AuthorizationServer // ConnectTimeout defines how long the proxy should wait when establishing connection to upstream service. ConnectTimeout time.Duration @@ -104,7 +105,7 @@ type HTTPProxyProcessor struct { PerConnectionBufferLimitBytes *uint32 // GlobalRateLimitService defines Envoy's Global RateLimit Service configuration. - GlobalRateLimitService *contour_api_v1alpha1.RateLimitServiceConfig + GlobalRateLimitService *contour_v1alpha1.RateLimitServiceConfig // SetSourceMetadataOnRoutes defines whether to set the Kind, // Namespace and Name fields on generated DAG routes. This is @@ -113,7 +114,7 @@ type HTTPProxyProcessor struct { SetSourceMetadataOnRoutes bool // GlobalCircuitBreakerDefaults defines global circuit breaker defaults. - GlobalCircuitBreakerDefaults *contour_api_v1alpha1.GlobalCircuitBreakerDefaults + GlobalCircuitBreakerDefaults *contour_v1alpha1.GlobalCircuitBreakerDefaults // UpstreamTLS defines the TLS settings like min/max version // and cipher suites for upstream connections. @@ -142,7 +143,7 @@ func (p *HTTPProxyProcessor) Run(dag *DAG, source *KubernetesCache) { proxy, ok := p.source.httpproxies[meta] if ok { pa, commit := p.dag.StatusCache.ProxyAccessor(proxy) - pa.ConditionFor(status.ValidCondition).AddError(contour_api_v1.ConditionTypeOrphanedError, + pa.ConditionFor(status.ValidCondition).AddError(contour_v1.ConditionTypeOrphanedError, "Orphaned", "this HTTPProxy is not part of a delegation chain from a root HTTPProxy") commit() @@ -150,7 +151,7 @@ func (p *HTTPProxyProcessor) Run(dag *DAG, source *KubernetesCache) { } } -func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { +func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_v1.HTTPProxy) { pa, commit := p.dag.StatusCache.ProxyAccessor(proxy) validCond := pa.ConditionFor(status.ValidCondition) @@ -166,7 +167,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { host := proxy.Spec.VirtualHost.Fqdn if isBlank(host) { - validCond.AddError(contour_api_v1.ConditionTypeVirtualHostError, "FQDNNotSpecified", + validCond.AddError(contour_v1.ConditionTypeVirtualHostError, "FQDNNotSpecified", "Spec.VirtualHost.Fqdn must be specified") return } @@ -176,33 +177,33 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { // Ensure root httpproxy lives in allowed namespace. // This check must be after we can determine the vhost in order to be able to calculate metrics correctly. if !p.rootAllowed(proxy.Namespace) { - validCond.AddError(contour_api_v1.ConditionTypeRootNamespaceError, "RootProxyNotAllowedInNamespace", + validCond.AddError(contour_v1.ConditionTypeRootNamespaceError, "RootProxyNotAllowedInNamespace", "root HTTPProxy cannot be defined in this namespace") return } if len(proxy.Spec.Routes) == 0 && len(proxy.Spec.Includes) == 0 && proxy.Spec.TCPProxy == nil { - validCond.AddError(contour_api_v1.ConditionTypeSpecError, "NothingDefined", + validCond.AddError(contour_v1.ConditionTypeSpecError, "NothingDefined", "HTTPProxy.Spec must have at least one Route, Include, or a TCPProxy") return } if len(proxy.Spec.VirtualHost.JWTProviders) > 0 { if proxy.Spec.VirtualHost.TLS == nil || len(proxy.Spec.VirtualHost.TLS.SecretName) == 0 { - validCond.AddError(contour_api_v1.ConditionTypeJWTVerificationError, "JWTVerificationNotPermitted", + validCond.AddError(contour_v1.ConditionTypeJWTVerificationError, "JWTVerificationNotPermitted", "Spec.VirtualHost.JWTProviders can only be defined for root HTTPProxies that terminate TLS") return } } if proxy.Spec.VirtualHost.TLS == nil && proxy.Spec.VirtualHost.Authorization != nil && len(proxy.Spec.VirtualHost.Authorization.ExtensionServiceRef.Name) > 0 { - validCond.AddError(contour_api_v1.ConditionTypeAuthError, "AuthNotPermitted", + validCond.AddError(contour_v1.ConditionTypeAuthError, "AuthNotPermitted", "Spec.VirtualHost.Authorization.ExtensionServiceRef can only be defined for root HTTPProxies that terminate TLS") return } if len(proxy.Spec.VirtualHost.IPAllowFilterPolicy) > 0 && len(proxy.Spec.VirtualHost.IPDenyFilterPolicy) > 0 { - validCond.AddError(contour_api_v1.ConditionTypeIPFilterError, "IncompatibleIPAddressFilters", + validCond.AddError(contour_v1.ConditionTypeIPFilterError, "IncompatibleIPAddressFilters", "Spec.VirtualHost.IPAllowFilterPolicy and Spec.VirtualHost.IPDepnyFilterPolicy cannot both be defined.") return } @@ -210,23 +211,23 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { var tlsEnabled bool if tls := proxy.Spec.VirtualHost.TLS; tls != nil { if tls.Passthrough && tls.EnableFallbackCertificate { - validCond.AddError(contour_api_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", + validCond.AddError(contour_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.VirtualHost.TLS: both Passthrough and enableFallbackCertificate were specified") } if !isBlank(tls.SecretName) && tls.Passthrough { - validCond.AddError(contour_api_v1.ConditionTypeTLSError, "TLSConfigNotValid", + validCond.AddError(contour_v1.ConditionTypeTLSError, "TLSConfigNotValid", "Spec.VirtualHost.TLS: both Passthrough and SecretName were specified") return } if isBlank(tls.SecretName) && !tls.Passthrough { - validCond.AddError(contour_api_v1.ConditionTypeTLSError, "TLSConfigNotValid", + validCond.AddError(contour_v1.ConditionTypeTLSError, "TLSConfigNotValid", "Spec.VirtualHost.TLS: neither Passthrough nor SecretName were specified") return } if tls.Passthrough && tls.ClientValidation != nil { - validCond.AddError(contour_api_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", + validCond.AddError(contour_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.VirtualHost.TLS passthrough cannot be combined with tls.clientValidation") return } @@ -239,10 +240,10 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { sec, err := p.source.LookupTLSSecret(secretName, proxy.Namespace) if err != nil { if _, ok := err.(DelegationNotPermittedError); ok { - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "DelegationNotPermitted", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "DelegationNotPermitted", "Spec.VirtualHost.TLS Secret %q certificate delegation not permitted", tls.SecretName) } else { - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "SecretNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "SecretNotValid", "Spec.VirtualHost.TLS Secret %q is invalid: %s", tls.SecretName, err) } return @@ -250,7 +251,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { listener, err := p.dag.GetSingleListener("https") if err != nil { - validCond.AddError(contour_api_v1.ConditionTypeListenerError, "ErrorIdentifyingListener", err.Error()) + validCond.AddError(contour_v1.ConditionTypeListenerError, "ErrorIdentifyingListener", err.Error()) return } @@ -260,7 +261,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { // default to a maximum TLS version of 1.3 if it's not specified maxTLSVer := annotation.TLSVersion(tls.MaximumProtocolVersion, "1.3") if maxTLSVer < minTLSVer { - validCond.AddError(contour_api_v1.ConditionTypeTLSError, "TLSConfigNotValid", + validCond.AddError(contour_v1.ConditionTypeTLSError, "TLSConfigNotValid", "Spec.Virtualhost.TLS the minimum protocol version is greater than the maximum protocol version") return } @@ -272,7 +273,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { // Check if FallbackCertificate && ClientValidation are both enabled in the same vhost if tls.EnableFallbackCertificate && tls.ClientValidation != nil { - validCond.AddError(contour_api_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", + validCond.AddError(contour_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.Virtualhost.TLS fallback & client validation are incompatible") return } @@ -283,7 +284,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { // same routes installed on multiple managers with // inconsistent authorization settings. if tls.EnableFallbackCertificate && proxy.Spec.VirtualHost.AuthorizationConfigured() { - validCond.AddError(contour_api_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", + validCond.AddError(contour_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.Virtualhost.TLS fallback & client authorization are incompatible") return } @@ -291,7 +292,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { // If FallbackCertificate is enabled, but no cert passed, set error if tls.EnableFallbackCertificate { if p.FallbackCertificate == nil { - validCond.AddError(contour_api_v1.ConditionTypeTLSError, "FallbackNotPresent", + validCond.AddError(contour_v1.ConditionTypeTLSError, "FallbackNotPresent", "Spec.Virtualhost.TLS enabled fallback but the fallback Certificate Secret is not configured in Contour configuration file") return } @@ -299,10 +300,10 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { sec, err = p.source.LookupTLSSecret(*p.FallbackCertificate, proxy.Namespace) if err != nil { if _, ok := err.(DelegationNotPermittedError); ok { - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "FallbackNotDelegated", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "FallbackNotDelegated", "Spec.VirtualHost.TLS Secret %q is not configured for certificate delegation", p.FallbackCertificate) } else { - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "FallbackNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "FallbackNotValid", "Spec.Virtualhost.TLS Secret %q fallback certificate is invalid: %s", p.FallbackCertificate, err) } return @@ -331,11 +332,11 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { cacert, err := p.source.LookupCASecret(secretName, proxy.Namespace) if err != nil { if _, ok := err.(DelegationNotPermittedError); ok { - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "DelegationNotPermitted", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "DelegationNotPermitted", "Spec.VirtualHost.TLS CA Secret %q is invalid: %s", tls.ClientValidation.CACertificate, err) } else { // PeerValidationContext is requested, but cert is missing or not configured. - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "ClientValidationInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "ClientValidationInvalid", "Spec.VirtualHost.TLS client validation is invalid: invalid CA Secret %q: %s", secretName, err) } return @@ -344,7 +345,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { cacert, } } else if !tls.ClientValidation.SkipClientCertValidation { - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "ClientValidationInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "ClientValidationInvalid", "Spec.VirtualHost.TLS client validation is invalid: CA Secret must be specified") } if tls.ClientValidation.CertificateRevocationList != "" { @@ -352,11 +353,11 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { crl, err := p.source.LookupCRLSecret(secretName, proxy.Namespace) if err != nil { if _, ok := err.(DelegationNotPermittedError); ok { - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "DelegationNotPermitted", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "DelegationNotPermitted", "Spec.VirtualHost.TLS CRL Secret %q is invalid: %s", tls.ClientValidation.CertificateRevocationList, err) } else { // CRL is missing or not configured. - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "ClientValidationInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "ClientValidationInvalid", "Spec.VirtualHost.TLS client validation is invalid: invalid CRL Secret %q: %s", secretName, err) } return @@ -374,7 +375,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { providerNames := sets.NewString() for _, jwtProvider := range proxy.Spec.VirtualHost.JWTProviders { if providerNames.Has(jwtProvider.Name) { - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "DuplicateProviderName", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "DuplicateProviderName", "Spec.VirtualHost.JWTProviders is invalid: duplicate name %s", jwtProvider.Name) return } @@ -382,7 +383,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { if jwtProvider.Default { if len(defaultJWTProvider) > 0 { - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "MultipleDefaultProvidersSpecified", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "MultipleDefaultProvidersSpecified", "Spec.VirtualHost.JWTProviders is invalid: at most one provider can be set as the default") return } @@ -391,13 +392,13 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { jwksURL, err := url.Parse(jwtProvider.RemoteJWKS.URI) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "RemoteJWKSURIInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSURIInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.URI is invalid: %s", err) return } if jwksURL.Scheme != "http" && jwksURL.Scheme != "https" { - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "RemoteJWKSSchemeInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSSchemeInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.URI has invalid scheme %q, must be http or https", jwksURL.Scheme) return } @@ -406,7 +407,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { if jwtProvider.RemoteJWKS.UpstreamValidation != nil { if jwksURL.Scheme == "http" { - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "RemoteJWKSUpstreamValidationInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSUpstreamValidationInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.UpstreamValidation must not be specified when URI scheme is http.") return } @@ -415,10 +416,10 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { uv, err = p.source.LookupUpstreamValidation(jwtProvider.RemoteJWKS.UpstreamValidation, caCertNamespacedName, proxy.Namespace) if err != nil { if _, ok := err.(DelegationNotPermittedError); ok { - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "RemoteJWKSCACertificateNotDelegated", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSCACertificateNotDelegated", "Spec.VirtualHost.JWTProviders.RemoteJWKS.UpstreamValidation.CACertificate Secret %q is not configured for certificate delegation", caCertNamespacedName) } else { - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "RemoteJWKSUpstreamValidationInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSUpstreamValidationInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.UpstreamValidation is invalid: %s", err) } return @@ -429,7 +430,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { if len(jwtProvider.RemoteJWKS.Timeout) > 0 { res, err := time.ParseDuration(jwtProvider.RemoteJWKS.Timeout) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "RemoteJWKSTimeoutInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSTimeoutInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.Timeout is invalid: %s", err) return } @@ -441,7 +442,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { if len(jwtProvider.RemoteJWKS.CacheDuration) > 0 { res, err := time.ParseDuration(jwtProvider.RemoteJWKS.CacheDuration) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "RemoteJWKSCacheDurationInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSCacheDurationInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.CacheDuration is invalid: %s", err) return } @@ -459,7 +460,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { // This theoretically shouldn't be possible as jwksURL.Port() will // only return a value if it's numeric, but we need to convert to // int anyway so handle the error. - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "RemoteJWKSPortInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSPortInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.URI has an invalid port: %s", err) return } @@ -479,7 +480,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { case "": dnsLookupFamily = string(p.DNSLookupFamily) default: - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "RemoteJWKSDNSLookupFamilyInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSDNSLookupFamilyInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.DNSLookupFamily has an invalid value %q, must be auto, all, v4 or v6", jwtProvider.RemoteJWKS.DNSLookupFamily) return } @@ -509,7 +510,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { if proxy.Spec.TCPProxy != nil { if !tlsEnabled { - validCond.AddError(contour_api_v1.ConditionTypeTCPProxyError, "TLSMustBeConfigured", + validCond.AddError(contour_v1.ConditionTypeTCPProxyError, "TLSMustBeConfigured", "Spec.TCPProxy requires that either Spec.TLS.Passthrough or Spec.TLS.SecretName be set") return } @@ -522,7 +523,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { listener, err := p.dag.GetSingleListener("http") if err != nil { - validCond.AddError(contour_api_v1.ConditionTypeListenerError, "ErrorIdentifyingListener", err.Error()) + validCond.AddError(contour_v1.ConditionTypeListenerError, "ErrorIdentifyingListener", err.Error()) return } @@ -530,7 +531,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { cp, err := toCORSPolicy(proxy.Spec.VirtualHost.CORSPolicy) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeCORSError, "PolicyDidNotParse", + validCond.AddErrorf(contour_v1.ConditionTypeCORSError, "PolicyDidNotParse", "Spec.VirtualHost.CORSPolicy: %s", err) return } @@ -548,7 +549,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { insecure.IPFilterAllow, insecure.IPFilterRules, err = toIPFilterRules(proxy.Spec.VirtualHost.IPAllowFilterPolicy, proxy.Spec.VirtualHost.IPDenyFilterPolicy, validCond) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeIPFilterError, "IPFilterPolicyNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeIPFilterError, "IPFilterPolicyNotValid", "Spec.VirtualHost.IPAllowFilterPolicy or Spec.VirtualHost.IPDenyFilterPolicy is invalid: %s", err) return } @@ -560,7 +561,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { if tlsEnabled && proxy.Spec.TCPProxy == nil { listener, err := p.dag.GetSingleListener("https") if err != nil { - validCond.AddError(contour_api_v1.ConditionTypeListenerError, "ErrorIdentifyingListener", err.Error()) + validCond.AddError(contour_v1.ConditionTypeListenerError, "ErrorIdentifyingListener", err.Error()) return } @@ -574,7 +575,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { secure.IPFilterAllow, secure.IPFilterRules, err = toIPFilterRules(proxy.Spec.VirtualHost.IPAllowFilterPolicy, proxy.Spec.VirtualHost.IPDenyFilterPolicy, validCond) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeIPFilterError, "IPFilterPolicyNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeIPFilterError, "IPFilterPolicyNotValid", "Spec.VirtualHost.IPAllowFilterPolicy or Spec.VirtualHost.IPDenyFilterPolicy is invalid: %s", err) return } @@ -590,7 +591,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { continue } - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "JWTProviderNotDefined", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "JWTProviderNotDefined", "Route references an undefined JWT provider %q", route.JWTProvider) return } @@ -607,7 +608,7 @@ func (p *HTTPProxyProcessor) computeHTTPProxy(proxy *contour_api_v1.HTTPProxy) { } if !found { - validCond.AddErrorf(contour_api_v1.ConditionTypeJWTVerificationError, "JWTProviderNotDefined", + validCond.AddErrorf(contour_v1.ConditionTypeJWTVerificationError, "JWTProviderNotDefined", "Route references an undefined JWT provider %q", route.JWTProvider) return } @@ -627,7 +628,7 @@ func addRoutes(vhost vhost, routes []*Route) { } } -func (p *HTTPProxyProcessor) addStatusBadGatewayRoute(routes []*Route, conds []contour_api_v1.MatchCondition, proxy *contour_api_v1.HTTPProxy) []*Route { +func (p *HTTPProxyProcessor) addStatusBadGatewayRoute(routes []*Route, conds []contour_v1.MatchCondition, proxy *contour_v1.HTTPProxy) []*Route { if len(conds) > 0 { route := &Route{ PathMatchCondition: mergePathMatchConditions(conds), @@ -648,11 +649,11 @@ func (p *HTTPProxyProcessor) addStatusBadGatewayRoute(routes []*Route, conds []c } func (p *HTTPProxyProcessor) computeRoutes( - validCond *contour_api_v1.DetailedCondition, - rootProxy *contour_api_v1.HTTPProxy, - proxy *contour_api_v1.HTTPProxy, - conditions []contour_api_v1.MatchCondition, - visited []*contour_api_v1.HTTPProxy, + validCond *contour_v1.DetailedCondition, + rootProxy *contour_v1.HTTPProxy, + proxy *contour_v1.HTTPProxy, + conditions []contour_v1.MatchCondition, + visited []*contour_v1.HTTPProxy, enforceTLS bool, defaultJWTProvider string, ) []*Route { @@ -664,7 +665,7 @@ func (p *HTTPProxyProcessor) computeRoutes( } if v.Name == proxy.Name && v.Namespace == proxy.Namespace { path = append(path, fmt.Sprintf("%s/%s", proxy.Namespace, proxy.Name)) - validCond.AddErrorf(contour_api_v1.ConditionTypeIncludeError, "IncludeCreatesCycle", + validCond.AddErrorf(contour_v1.ConditionTypeIncludeError, "IncludeCreatesCycle", "include creates an include cycle: %s", strings.Join(path, " -> ")) return nil } @@ -682,39 +683,39 @@ func (p *HTTPProxyProcessor) computeRoutes( } if err := includeMatchConditionsValid(include.Conditions); err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", "include: %s", err) continue } if err := pathMatchConditionsValid(include.Conditions); err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", "include: %s", err) continue } if err := headerMatchConditionsValid(include.Conditions); err != nil { - validCond.AddError(contour_api_v1.ConditionTypeRouteError, "HeaderMatchConditionsNotValid", + validCond.AddError(contour_v1.ConditionTypeRouteError, "HeaderMatchConditionsNotValid", err.Error()) continue } if err := queryParameterMatchConditionsValid(include.Conditions); err != nil { - validCond.AddError(contour_api_v1.ConditionTypeRouteError, "QueryParameterMatchConditionsNotValid", + validCond.AddError(contour_v1.ConditionTypeRouteError, "QueryParameterMatchConditionsNotValid", err.Error()) continue } // Check to see if we have any duplicate include conditions. if includeMatchConditionsIdentical(include.Conditions, seenConds) { - validCond.AddError(contour_api_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", + validCond.AddError(contour_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include") continue } includedProxy, ok := p.source.httpproxies[types.NamespacedName{Name: include.Name, Namespace: namespace}] if !ok { - validCond.AddErrorf(contour_api_v1.ConditionTypeIncludeError, "IncludeNotFound", + validCond.AddErrorf(contour_v1.ConditionTypeIncludeError, "IncludeNotFound", "include %s/%s not found", namespace, include.Name) // Set 502 response when include was not found but include condition was valid. @@ -723,7 +724,7 @@ func (p *HTTPProxyProcessor) computeRoutes( } if includedProxy.Spec.VirtualHost != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeIncludeError, "RootIncludesRoot", + validCond.AddErrorf(contour_v1.ConditionTypeIncludeError, "RootIncludesRoot", "root httpproxy cannot include another root httpproxy (%s/%s)", includedProxy.Namespace, includedProxy.Name) // Set 502 response if include references another root routes = p.addStatusBadGatewayRoute(routes, include.Conditions, proxy) @@ -745,12 +746,12 @@ func (p *HTTPProxyProcessor) computeRoutes( for _, route := range proxy.Spec.Routes { if err := routeActionCountValid(route); err != nil { - validCond.AddError(contour_api_v1.ConditionTypeRouteError, "RouteActionCountNotValid", err.Error()) + validCond.AddError(contour_v1.ConditionTypeRouteError, "RouteActionCountNotValid", err.Error()) return nil } if err := pathMatchConditionsValid(route.Conditions); err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeRouteError, "PathMatchConditionsNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeRouteError, "PathMatchConditionsNotValid", "route: %s", err) return nil } @@ -760,49 +761,49 @@ func (p *HTTPProxyProcessor) computeRoutes( // Look for invalid header conditions on this route if err := headerMatchConditionsValid(routeConditions); err != nil { - validCond.AddError(contour_api_v1.ConditionTypeRouteError, "HeaderMatchConditionsNotValid", + validCond.AddError(contour_v1.ConditionTypeRouteError, "HeaderMatchConditionsNotValid", err.Error()) return nil } // Look for invalid query parameter conditions on this route if err := queryParameterMatchConditionsValid(routeConditions); err != nil { - validCond.AddError(contour_api_v1.ConditionTypeRouteError, "QueryParameterMatchConditionsNotValid", + validCond.AddError(contour_v1.ConditionTypeRouteError, "QueryParameterMatchConditionsNotValid", err.Error()) return nil } reqHP, err := headersPolicyRoute(route.RequestHeadersPolicy, true /* allow Host */, dynamicHeaders) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeRouteError, "RequestHeadersPolicyInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeRouteError, "RequestHeadersPolicyInvalid", "%s on request headers", err) return nil } respHP, err := headersPolicyRoute(route.ResponseHeadersPolicy, false /* disallow Host */, dynamicHeaders) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeRouteError, "ResponseHeaderPolicyInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeRouteError, "ResponseHeaderPolicyInvalid", "%s on response headers", err) return nil } cookieRP, err := cookieRewritePolicies(route.CookieRewritePolicies) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", "%s on route cookie rewrite rules", err) return nil } rtp, ctp, err := timeoutPolicy(route.TimeoutPolicy, p.ConnectTimeout) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeRouteError, "TimeoutPolicyNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeRouteError, "TimeoutPolicyNotValid", "route.timeoutPolicy failed to parse: %s", err) return nil } rlp, err := rateLimitPolicy(route.RateLimitPolicy) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeRouteError, "RateLimitPolicyNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeRouteError, "RateLimitPolicyNotValid", "route.rateLimitPolicy is invalid: %s", err) return nil } @@ -813,7 +814,7 @@ func (p *HTTPProxyProcessor) computeRoutes( redirectPolicy, err := redirectRoutePolicy(route.RequestRedirectPolicy) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeRouteError, "RequestRedirectPolicy", + validCond.AddErrorf(contour_v1.ConditionTypeRouteError, "RequestRedirectPolicy", "route.requestRedirectPolicy is invalid: %s", err) return nil } @@ -876,13 +877,13 @@ func (p *HTTPProxyProcessor) computeRoutes( if len(route.GetPrefixReplacements()) > 0 { if !r.HasPathPrefix() { - validCond.AddError(contour_api_v1.ConditionTypePrefixReplaceError, "MustHavePrefix", + validCond.AddError(contour_v1.ConditionTypePrefixReplaceError, "MustHavePrefix", "cannot specify prefix replacements without a prefix condition") return nil } if reason, err := prefixReplacementsAreValid(route.GetPrefixReplacements()); err != nil { - validCond.AddError(contour_api_v1.ConditionTypePrefixReplaceError, reason, err.Error()) + validCond.AddError(contour_v1.ConditionTypePrefixReplaceError, reason, err.Error()) return nil } @@ -917,13 +918,13 @@ func (p *HTTPProxyProcessor) computeRoutes( healthPolicy, err := httpHealthCheckPolicy(route.HealthCheckPolicy) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeRouteError, "HealthCheckPolicyInvalid", err.Error()) + validCond.AddErrorf(contour_v1.ConditionTypeRouteError, "HealthCheckPolicyInvalid", err.Error()) return nil } for _, service := range route.Services { if service.Port < 1 || service.Port > 65535 { - validCond.AddErrorf(contour_api_v1.ConditionTypeServiceError, "ServicePortInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeServiceError, "ServicePortInvalid", "service %q: port must be in the range 1-65535", service.Name) return nil } @@ -938,7 +939,7 @@ func (p *HTTPProxyProcessor) computeRoutes( m := types.NamespacedName{Name: service.Name, Namespace: proxy.Namespace} s, err := p.dag.EnsureService(m, service.Port, healthPort, p.source, p.EnableExternalNameService) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", + validCond.AddErrorf(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", "Spec.Routes unresolved service reference: %s", err) continue } @@ -947,14 +948,23 @@ func (p *HTTPProxyProcessor) computeRoutes( // Determine the protocol to use to speak to this Cluster. protocol, err := getProtocol(service, s) if err != nil { - validCond.AddError(contour_api_v1.ConditionTypeServiceError, "UnsupportedProtocol", err.Error()) + validCond.AddError(contour_v1.ConditionTypeServiceError, "UnsupportedProtocol", err.Error()) return nil } var uv *PeerValidationContext if (protocol == "tls" || protocol == "h2") && service.UpstreamValidation != nil { - uv = p.peerValidationContext(validCond, proxy, service) - if uv == nil { + caCertNamespacedName := k8s.NamespacedNameFrom(service.UpstreamValidation.CACertificate, k8s.DefaultNamespace(proxy.Namespace)) + // we can only validate TLS connections to services that talk TLS + uv, err = p.source.LookupUpstreamValidation(service.UpstreamValidation, caCertNamespacedName, proxy.Namespace) + if err != nil { + if _, ok := err.(DelegationNotPermittedError); ok { + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "CACertificateNotDelegated", + "service.UpstreamValidation.CACertificate Secret %q is not configured for certificate delegation", caCertNamespacedName) + } else { + validCond.AddErrorf(contour_v1.ConditionTypeServiceError, "TLSUpstreamValidation", + "Service [%s:%d] TLS upstream validation policy error: %s", service.Name, service.Port, err) + } return nil } } @@ -964,20 +974,20 @@ func (p *HTTPProxyProcessor) computeRoutes( reqHP, err := headersPolicyService(p.RequestHeadersPolicy, service.RequestHeadersPolicy, true, dynamicHeaders) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeServiceError, "RequestHeadersPolicyInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeServiceError, "RequestHeadersPolicyInvalid", "%s on request headers", err) return nil } respHP, err := headersPolicyService(p.ResponseHeadersPolicy, service.ResponseHeadersPolicy, false, dynamicHeaders) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeServiceError, "ResponseHeadersPolicyInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeServiceError, "ResponseHeadersPolicyInvalid", "%s on response headers", err) return nil } cookieRP, err := cookieRewritePolicies(service.CookieRewritePolicies) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", "%s on service cookie rewrite rules", err) return nil } @@ -987,7 +997,7 @@ func (p *HTTPProxyProcessor) computeRoutes( // Since the client certificate is configured by admin, explicit delegation is not required. clientCertSecret, err = p.source.LookupTLSSecretInsecure(*p.ClientCertificate) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "SecretNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "SecretNotValid", "tls.envoy-client-certificate Secret %q is invalid: %s", p.ClientCertificate, err) return nil } @@ -997,14 +1007,14 @@ func (p *HTTPProxyProcessor) computeRoutes( if service.SlowStartPolicy != nil { // Currently Envoy implements slow start only for RoundRobin and WeightedLeastRequest LB strategies. if lbPolicy != "" && lbPolicy != LoadBalancerPolicyRoundRobin && lbPolicy != LoadBalancerPolicyWeightedLeastRequest { - validCond.AddErrorf(contour_api_v1.ConditionTypeServiceError, "SlowStartInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeServiceError, "SlowStartInvalid", "slow start is only supported with RoundRobin or WeightedLeastRequest load balancer strategy") return nil } slowStart, err = slowStartConfig(service.SlowStartPolicy) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeServiceError, "SlowStartInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeServiceError, "SlowStartInvalid", "%s on slow start", err) return nil } @@ -1030,7 +1040,7 @@ func (p *HTTPProxyProcessor) computeRoutes( UpstreamTLS: p.UpstreamTLS, } if service.Mirror && len(r.MirrorPolicies) > 0 { - validCond.AddError(contour_api_v1.ConditionTypeServiceError, "OnlyOneMirror", + validCond.AddError(contour_v1.ConditionTypeServiceError, "OnlyOneMirror", "only one service per route may be nominated as mirror") return nil } @@ -1069,7 +1079,7 @@ func (p *HTTPProxyProcessor) computeRoutes( jwt := route.JWTVerificationPolicy switch { case jwt != nil && len(route.JWTVerificationPolicy.Require) > 0 && route.JWTVerificationPolicy.Disabled: - validCond.AddError(contour_api_v1.ConditionTypeJWTVerificationError, "InvalidJWTVerificationPolicy", + validCond.AddError(contour_v1.ConditionTypeJWTVerificationError, "InvalidJWTVerificationPolicy", "route's JWT verification policy cannot specify both require and disabled") return nil case jwt != nil && len(route.JWTVerificationPolicy.Require) > 0: @@ -1095,11 +1105,11 @@ func (p *HTTPProxyProcessor) computeRoutes( // toIPFilterRules converts ip filter settings from the api into the // dag representation -func toIPFilterRules(allowPolicy, denyPolicy []contour_api_v1.IPFilterPolicy, validCond *contour_api_v1.DetailedCondition) (allow bool, filters []IPFilterRule, err error) { - var ipPolicies []contour_api_v1.IPFilterPolicy +func toIPFilterRules(allowPolicy, denyPolicy []contour_v1.IPFilterPolicy, validCond *contour_v1.DetailedCondition) (allow bool, filters []IPFilterRule, err error) { + var ipPolicies []contour_v1.IPFilterPolicy switch { case len(allowPolicy) > 0 && len(denyPolicy) > 0: - validCond.AddError(contour_api_v1.ConditionTypeIPFilterError, "IncompatibleIPAddressFilters", + validCond.AddError(contour_v1.ConditionTypeIPFilterError, "IncompatibleIPAddressFilters", "cannot specify both `ipAllowPolicy` and `ipDenyPolicy`") err = fmt.Errorf("invalid ip filter") return @@ -1127,12 +1137,12 @@ func toIPFilterRules(allowPolicy, denyPolicy []contour_api_v1.IPFilterPolicy, va var cidr *net.IPNet _, cidr, err = net.ParseCIDR(unparsedCIDR) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeIPFilterError, "InvalidCIDR", + validCond.AddErrorf(contour_v1.ConditionTypeIPFilterError, "InvalidCIDR", "%s failed to parse: %s", p.CIDR, err) continue } filters = append(filters, IPFilterRule{ - Remote: p.Source == contour_api_v1.IPFilterSourceRemote, + Remote: p.Source == contour_v1.IPFilterSourceRemote, CIDR: *cidr, }) } @@ -1147,7 +1157,7 @@ func toIPFilterRules(allowPolicy, denyPolicy []contour_api_v1.IPFilterPolicy, va // following the chain of spec.tcpproxy.include references. It returns true if processing // was successful, otherwise false if an error was encountered. The details of the error // will be recorded on the status of the relevant HTTPProxy object, -func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1.DetailedCondition, httpproxy *contour_api_v1.HTTPProxy, visited []*contour_api_v1.HTTPProxy, host string) bool { +func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_v1.DetailedCondition, httpproxy *contour_v1.HTTPProxy, visited []*contour_v1.HTTPProxy, host string) bool { tcpproxy := httpproxy.Spec.TCPProxy if tcpproxy == nil { // nothing to do @@ -1164,7 +1174,7 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. } if len(tcpproxy.Services) > 0 && tcpProxyInclude != nil { - validCond.AddError(contour_api_v1.ConditionTypeTCPProxyError, "NoServicesAndInclude", + validCond.AddError(contour_v1.ConditionTypeTCPProxyError, "NoServicesAndInclude", "cannot specify services and include in the same httpproxy") return false } @@ -1172,7 +1182,7 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. lbPolicy := loadBalancerPolicy(tcpproxy.LoadBalancerPolicy) switch lbPolicy { case LoadBalancerPolicyCookie, LoadBalancerPolicyRequestHash: - validCond.AddWarningf(contour_api_v1.ConditionTypeTCPProxyError, "IgnoredField", + validCond.AddWarningf(contour_v1.ConditionTypeTCPProxyError, "IgnoredField", "ignoring field %q; %s load balancer policy is not supported for TCPProxies", "Spec.TCPProxy.LoadBalancerPolicy", lbPolicy) // Reset load balancer policy to ensure the default. @@ -1193,7 +1203,7 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. m := types.NamespacedName{Name: service.Name, Namespace: httpproxy.Namespace} s, err := p.dag.EnsureService(m, service.Port, healthPort, p.source, p.EnableExternalNameService) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeTCPProxyError, "ServiceUnresolvedReference", + validCond.AddErrorf(contour_v1.ConditionTypeTCPProxyError, "ServiceUnresolvedReference", "Spec.TCPProxy unresolved service reference: %s", err) return false } @@ -1201,7 +1211,7 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. // Determine the protocol to use to speak to this Cluster. protocol, err := getProtocol(service, s) if err != nil { - validCond.AddError(contour_api_v1.ConditionTypeServiceError, "UnsupportedProtocol", err.Error()) + validCond.AddError(contour_v1.ConditionTypeServiceError, "UnsupportedProtocol", err.Error()) return false } @@ -1218,7 +1228,7 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. // Since the client certificate is configured by admin, explicit delegation is not required. clientCertSecret, err = p.source.LookupTLSSecretInsecure(*p.ClientCertificate) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "SecretNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "SecretNotValid", "tls.envoy-client-certificate Secret %q is invalid: %s", p.ClientCertificate, err) return false } @@ -1240,7 +1250,7 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. listener, err := p.dag.GetSingleListener("https") if err != nil { - validCond.AddError(contour_api_v1.ConditionTypeListenerError, "ErrorIdentifyingListener", err.Error()) + validCond.AddError(contour_v1.ConditionTypeListenerError, "ErrorIdentifyingListener", err.Error()) return false } @@ -1252,7 +1262,7 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. if tcpProxyInclude == nil { // We don't allow an empty TCPProxy object. - validCond.AddError(contour_api_v1.ConditionTypeTCPProxyError, "NothingDefined", + validCond.AddError(contour_v1.ConditionTypeTCPProxyError, "NothingDefined", "either services or inclusion must be specified") return false } @@ -1266,14 +1276,14 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. m := types.NamespacedName{Name: tcpProxyInclude.Name, Namespace: namespace} dest, ok := p.source.httpproxies[m] if !ok { - validCond.AddErrorf(contour_api_v1.ConditionTypeTCPProxyIncludeError, "IncludeNotFound", + validCond.AddErrorf(contour_v1.ConditionTypeTCPProxyIncludeError, "IncludeNotFound", "include %s/%s not found", m.Namespace, m.Name) return false } if dest.Spec.VirtualHost != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeTCPProxyIncludeError, "RootIncludesRoot", + validCond.AddErrorf(contour_v1.ConditionTypeTCPProxyIncludeError, "RootIncludesRoot", "root httpproxy cannot include another root httpproxy (%s/%s)", dest.Namespace, dest.Name) return false } @@ -1289,7 +1299,7 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. for _, hp := range visited { if dest.Name == hp.Name && dest.Namespace == hp.Namespace { path = append(path, fmt.Sprintf("%s/%s", dest.Namespace, dest.Name)) - validCond.AddErrorf(contour_api_v1.ConditionTypeTCPProxyIncludeError, "IncludeCreatesCycle", + validCond.AddErrorf(contour_v1.ConditionTypeTCPProxyIncludeError, "IncludeCreatesCycle", "include creates a cycle: %s", strings.Join(path, " -> ")) return false } @@ -1303,13 +1313,13 @@ func (p *HTTPProxyProcessor) processHTTPProxyTCPProxy(validCond *contour_api_v1. return ok } -// validHTTPProxies returns a slice of *contour_api_v1.HTTPProxy objects. +// validHTTPProxies returns a slice of *contour_v1.HTTPProxy objects. // invalid HTTPProxy objects are excluded from the slice and their status // updated accordingly. -func (p *HTTPProxyProcessor) validHTTPProxies() []*contour_api_v1.HTTPProxy { +func (p *HTTPProxyProcessor) validHTTPProxies() []*contour_v1.HTTPProxy { // ensure that a given fqdn is only referenced in a single HTTPProxy resource - var valid []*contour_api_v1.HTTPProxy - fqdnHTTPProxies := make(map[string][]*contour_api_v1.HTTPProxy) + var valid []*contour_v1.HTTPProxy + fqdnHTTPProxies := make(map[string][]*contour_v1.HTTPProxy) for _, proxy := range p.source.httpproxies { if proxy.Spec.VirtualHost == nil { valid = append(valid, proxy) @@ -1334,7 +1344,7 @@ func (p *HTTPProxyProcessor) validHTTPProxies() []*contour_api_v1.HTTPProxy { for _, proxy := range proxies { pa, commit := p.dag.StatusCache.ProxyAccessor(proxy) pa.Vhost = fqdn - pa.ConditionFor(status.ValidCondition).AddError(contour_api_v1.ConditionTypeVirtualHostError, + pa.ConditionFor(status.ValidCondition).AddError(contour_v1.ConditionTypeVirtualHostError, "DuplicateVhost", msg) commit() @@ -1357,7 +1367,7 @@ func (p *HTTPProxyProcessor) rootAllowed(namespace string) bool { return false } -func (p *HTTPProxyProcessor) computeVirtualHostAuthorization(auth *contour_api_v1.AuthorizationServer, validCond *contour_api_v1.DetailedCondition, httpproxy *contour_api_v1.HTTPProxy) *ExternalAuthorization { +func (p *HTTPProxyProcessor) computeVirtualHostAuthorization(auth *contour_v1.AuthorizationServer, validCond *contour_v1.DetailedCondition, httpproxy *contour_v1.HTTPProxy) *ExternalAuthorization { ok, ext := validateExternalAuthExtensionService(defaultExtensionRef(auth.ExtensionServiceRef), validCond, httpproxy, @@ -1392,9 +1402,9 @@ func (p *HTTPProxyProcessor) computeVirtualHostAuthorization(auth *contour_api_v return globalExternalAuthorization } -func validateExternalAuthExtensionService(ref contour_api_v1.ExtensionServiceReference, validCond *contour_api_v1.DetailedCondition, httpproxy *contour_api_v1.HTTPProxy, getExtensionCluster func(name string) *ExtensionCluster) (bool, *ExtensionCluster) { - if ref.APIVersion != contour_api_v1alpha1.GroupVersion.String() { - validCond.AddErrorf(contour_api_v1.ConditionTypeAuthError, "AuthBadResourceVersion", +func validateExternalAuthExtensionService(ref contour_v1.ExtensionServiceReference, validCond *contour_v1.DetailedCondition, httpproxy *contour_v1.HTTPProxy, getExtensionCluster func(name string) *ExtensionCluster) (bool, *ExtensionCluster) { + if ref.APIVersion != contour_v1alpha1.GroupVersion.String() { + validCond.AddErrorf(contour_v1.ConditionTypeAuthError, "AuthBadResourceVersion", "Spec.Virtualhost.Authorization.extensionRef specifies an unsupported resource version %q", ref.APIVersion) return false, nil } @@ -1407,7 +1417,7 @@ func validateExternalAuthExtensionService(ref contour_api_v1.ExtensionServiceRef ext := getExtensionCluster(ExtensionClusterName(extensionName)) if ext == nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeAuthError, "ExtensionServiceNotFound", + validCond.AddErrorf(contour_v1.ConditionTypeAuthError, "ExtensionServiceNotFound", "Spec.Virtualhost.Authorization.ServiceRef extension service %q not found", extensionName) return false, ext } @@ -1415,10 +1425,10 @@ func validateExternalAuthExtensionService(ref contour_api_v1.ExtensionServiceRef return true, ext } -func determineExternalAuthTimeout(responseTimeout string, validCond *contour_api_v1.DetailedCondition, ext *ExtensionCluster) (bool, *timeout.Setting) { +func determineExternalAuthTimeout(responseTimeout string, validCond *contour_v1.DetailedCondition, ext *ExtensionCluster) (bool, *timeout.Setting) { tout, err := timeout.Parse(responseTimeout) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeAuthError, "AuthResponseTimeoutInvalid", + validCond.AddErrorf(contour_v1.ConditionTypeAuthError, "AuthResponseTimeoutInvalid", "Spec.Virtualhost.Authorization.ResponseTimeout is invalid: %s", err) return false, nil } @@ -1430,7 +1440,7 @@ func determineExternalAuthTimeout(responseTimeout string, validCond *contour_api return true, &tout } -func (p *HTTPProxyProcessor) computeSecureVirtualHostAuthorization(validCond *contour_api_v1.DetailedCondition, httpproxy *contour_api_v1.HTTPProxy, svhost *SecureVirtualHost) bool { +func (p *HTTPProxyProcessor) computeSecureVirtualHostAuthorization(validCond *contour_v1.DetailedCondition, httpproxy *contour_v1.HTTPProxy, svhost *SecureVirtualHost) bool { if httpproxy.Spec.VirtualHost.AuthorizationConfigured() && !httpproxy.Spec.VirtualHost.DisableAuthorization() { authorization := p.computeVirtualHostAuthorization(httpproxy.Spec.VirtualHost.Authorization, validCond, httpproxy) if authorization == nil { @@ -1450,10 +1460,10 @@ func (p *HTTPProxyProcessor) computeSecureVirtualHostAuthorization(validCond *co return true } -func computeVirtualHostRateLimitPolicy(proxy *contour_api_v1.HTTPProxy, rls *contour_api_v1alpha1.RateLimitServiceConfig, validCond *contour_api_v1.DetailedCondition) (*RateLimitPolicy, bool) { +func computeVirtualHostRateLimitPolicy(proxy *contour_v1.HTTPProxy, rls *contour_v1alpha1.RateLimitServiceConfig, validCond *contour_v1.DetailedCondition) (*RateLimitPolicy, bool) { rlp, err := rateLimitPolicy(proxy.Spec.VirtualHost.RateLimitPolicy) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeVirtualHostError, "RateLimitPolicyNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeVirtualHostError, "RateLimitPolicyNotValid", "Spec.VirtualHost.RateLimitPolicy is invalid: %s", err) return nil, false } @@ -1476,7 +1486,7 @@ func computeVirtualHostRateLimitPolicy(proxy *contour_api_v1.HTTPProxy, rls *con } rlp.Global, err = globalRateLimitPolicy(rls.DefaultGlobalRateLimitPolicy) if err != nil { - validCond.AddErrorf(contour_api_v1.ConditionTypeVirtualHostError, "RateLimitPolicyNotValid", + validCond.AddErrorf(contour_v1.ConditionTypeVirtualHostError, "RateLimitPolicyNotValid", "Default Global RateLimit Policy is invalid: %s", err) return nil, false } @@ -1497,16 +1507,16 @@ func (p *HTTPProxyProcessor) GlobalAuthorizationContext() map[string]string { return nil } -func (p *HTTPProxyProcessor) peerValidationContext(validCond *contour_api_v1.DetailedCondition, httpproxy *contour_api_v1.HTTPProxy, service contour_api_v1.Service) *PeerValidationContext { +func (p *HTTPProxyProcessor) peerValidationContext(validCond *contour_v1.DetailedCondition, httpproxy *contour_v1.HTTPProxy, service contour_v1.Service) *PeerValidationContext { caCertNamespacedName := k8s.NamespacedNameFrom(service.UpstreamValidation.CACertificate, k8s.DefaultNamespace(httpproxy.Namespace)) // we can only validate TLS connections to services that talk TLS uv, err := p.source.LookupUpstreamValidation(service.UpstreamValidation, caCertNamespacedName, httpproxy.Namespace) if err != nil { if _, ok := err.(DelegationNotPermittedError); ok { - validCond.AddErrorf(contour_api_v1.ConditionTypeTLSError, "CACertificateNotDelegated", + validCond.AddErrorf(contour_v1.ConditionTypeTLSError, "CACertificateNotDelegated", "service.UpstreamValidation.CACertificate Secret %q is not configured for certificate delegation", caCertNamespacedName) } else { - validCond.AddErrorf(contour_api_v1.ConditionTypeServiceError, "TLSUpstreamValidation", + validCond.AddErrorf(contour_v1.ConditionTypeServiceError, "TLSUpstreamValidation", "Service [%s:%d] TLS upstream validation policy error: %s", service.Name, service.Port, err) } return nil @@ -1613,7 +1623,7 @@ func expandPrefixMatches(routes []*Route) []*Route { return expandedRoutes } -func getProtocol(service contour_api_v1.Service, s *Service) (string, error) { +func getProtocol(service contour_v1.Service, s *Service) (string, error) { // Determine the protocol to use to speak to this Cluster. var protocol string if service.Protocol != nil { @@ -1651,7 +1661,7 @@ func determineSNI(routeRequestHeaders, clusterRequestHeaders *HeadersPolicy, ser return service.ExternalName } -func toCORSPolicy(policy *contour_api_v1.CORSPolicy) (*CORSPolicy, error) { +func toCORSPolicy(policy *contour_v1.CORSPolicy) (*CORSPolicy, error) { if policy == nil { return nil, nil } @@ -1724,7 +1734,7 @@ func toCORSPolicy(policy *contour_api_v1.CORSPolicy) (*CORSPolicy, error) { }, nil } -func toStringSlice(hvs []contour_api_v1.CORSHeaderValue) []string { +func toStringSlice(hvs []contour_v1.CORSHeaderValue) []string { s := make([]string, len(hvs)) for i, v := range hvs { s[i] = string(v) @@ -1738,7 +1748,7 @@ type matchConditionAggregate struct { queryParamConds []QueryParamMatchCondition } -func includeMatchConditionsIdentical(includeConds []contour_api_v1.MatchCondition, seenConds map[string][]matchConditionAggregate) bool { +func includeMatchConditionsIdentical(includeConds []contour_v1.MatchCondition, seenConds map[string][]matchConditionAggregate) bool { pathPrefix := "" switch pathPrefixRef := mergePathMatchConditions(includeConds).(type) { @@ -1883,7 +1893,7 @@ func directResponse(statusCode uint32, body string) *DirectResponse { } // routeActionCountValid only one of route.services, route.requestRedirectPolicy, or route.directResponsePolicy can be specified -func routeActionCountValid(route contour_api_v1.Route) error { +func routeActionCountValid(route contour_v1.Route) error { var routeActionCount int if len(route.Services) > 0 { routeActionCount++ @@ -1904,7 +1914,7 @@ func routeActionCountValid(route contour_api_v1.Route) error { } // redirectRoutePolicy builds a *dag.Redirect for the supplied redirect policy. -func redirectRoutePolicy(redirect *contour_api_v1.HTTPRequestRedirectPolicy) (*Redirect, error) { +func redirectRoutePolicy(redirect *contour_v1.HTTPRequestRedirectPolicy) (*Redirect, error) { if redirect == nil { return nil, nil } @@ -1956,7 +1966,7 @@ func redirectRoutePolicy(redirect *contour_api_v1.HTTPRequestRedirectPolicy) (*R }, nil } -func directResponsePolicy(direct *contour_api_v1.HTTPDirectResponsePolicy) *DirectResponse { +func directResponsePolicy(direct *contour_v1.HTTPDirectResponsePolicy) *DirectResponse { if direct == nil { return nil } @@ -1964,7 +1974,7 @@ func directResponsePolicy(direct *contour_api_v1.HTTPDirectResponsePolicy) *Dire return directResponse(uint32(direct.StatusCode), direct.Body) } -func internalRedirectPolicy(internal *contour_api_v1.HTTPInternalRedirectPolicy) *InternalRedirectPolicy { +func internalRedirectPolicy(internal *contour_v1.HTTPInternalRedirectPolicy) *InternalRedirectPolicy { if internal == nil { return nil } @@ -1991,7 +2001,7 @@ func internalRedirectPolicy(internal *contour_api_v1.HTTPInternalRedirectPolicy) return policy } -func slowStartConfig(slowStart *contour_api_v1.SlowStartPolicy) (*SlowStartConfig, error) { +func slowStartConfig(slowStart *contour_v1.SlowStartPolicy) (*SlowStartConfig, error) { window, err := time.ParseDuration(slowStart.Window) if err != nil { return nil, fmt.Errorf("error parsing window: %s", err) @@ -2012,7 +2022,7 @@ func slowStartConfig(slowStart *contour_api_v1.SlowStartPolicy) (*SlowStartConfi }, nil } -func rateLimitPerRoute(in *contour_api_v1.RateLimitPolicy) *RateLimitPerRoute { +func rateLimitPerRoute(in *contour_v1.RateLimitPolicy) *RateLimitPerRoute { // Ignore the virtual host global rate limit policy if disabled is true if in != nil && in.Global != nil && in.Global.Disabled { return &RateLimitPerRoute{ diff --git a/internal/dag/httpproxy_processor_test.go b/internal/dag/httpproxy_processor_test.go index a9e7cf66783..a3a4c6c6d37 100644 --- a/internal/dag/httpproxy_processor_test.go +++ b/internal/dag/httpproxy_processor_test.go @@ -18,13 +18,14 @@ import ( "testing" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/internal/timeout" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/internal/timeout" ) func TestDetermineSNI(t *testing.T) { @@ -142,7 +143,7 @@ func TestEnforceRoute(t *testing.T) { func TestToCORSPolicy(t *testing.T) { tests := map[string]struct { - cp *contour_api_v1.CORSPolicy + cp *contour_v1.CORSPolicy want *CORSPolicy wantErr bool }{ @@ -151,12 +152,12 @@ func TestToCORSPolicy(t *testing.T) { want: nil, }, "all fields present and valid": { - cp: &contour_api_v1.CORSPolicy{ + cp: &contour_v1.CORSPolicy{ AllowCredentials: true, - AllowHeaders: []contour_api_v1.CORSHeaderValue{"X-Some-Header-A", "X-Some-Header-B"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET", "PUT"}, + AllowHeaders: []contour_v1.CORSHeaderValue{"X-Some-Header-A", "X-Some-Header-B"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET", "PUT"}, AllowOrigin: []string{"*"}, - ExposeHeaders: []contour_api_v1.CORSHeaderValue{"X-Expose-A", "X-Expose-B"}, + ExposeHeaders: []contour_v1.CORSHeaderValue{"X-Expose-A", "X-Expose-B"}, MaxAge: "5h", }, want: &CORSPolicy{ @@ -169,8 +170,8 @@ func TestToCORSPolicy(t *testing.T) { }, }, "allow origin wildcard": { - cp: &contour_api_v1.CORSPolicy{ - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + cp: &contour_v1.CORSPolicy{ + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowOrigin: []string{"*"}, }, want: &CORSPolicy{ @@ -181,8 +182,8 @@ func TestToCORSPolicy(t *testing.T) { }, }, "allow origin specific valid": { - cp: &contour_api_v1.CORSPolicy{ - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + cp: &contour_v1.CORSPolicy{ + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowOrigin: []string{"http://foo-1.bar.com", "https://foo-2.com:443"}, }, want: &CORSPolicy{ @@ -196,8 +197,8 @@ func TestToCORSPolicy(t *testing.T) { }, }, "allow origin invalid specific but valid regex": { - cp: &contour_api_v1.CORSPolicy{ - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + cp: &contour_v1.CORSPolicy{ + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowOrigin: []string{ "no-scheme.bar.com", "http://bar.com/foo", @@ -218,8 +219,8 @@ func TestToCORSPolicy(t *testing.T) { }, }, "allow origin regex valid": { - cp: &contour_api_v1.CORSPolicy{ - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + cp: &contour_v1.CORSPolicy{ + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowOrigin: []string{`.*\.foo\.com`, `https://example\.bar-[0-9]+\.org`}, }, want: &CORSPolicy{ @@ -233,52 +234,52 @@ func TestToCORSPolicy(t *testing.T) { }, }, "allow origin regex invalid": { - cp: &contour_api_v1.CORSPolicy{ - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + cp: &contour_v1.CORSPolicy{ + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowOrigin: []string{"**"}, }, wantErr: true, }, "nil allow origin": { - cp: &contour_api_v1.CORSPolicy{ - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + cp: &contour_v1.CORSPolicy{ + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowOrigin: nil, }, wantErr: true, }, "nil allow methods": { - cp: &contour_api_v1.CORSPolicy{ + cp: &contour_v1.CORSPolicy{ AllowMethods: nil, AllowOrigin: []string{"*"}, }, wantErr: true, }, "empty allow origin": { - cp: &contour_api_v1.CORSPolicy{ - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + cp: &contour_v1.CORSPolicy{ + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowOrigin: []string{}, }, wantErr: true, }, "empty allow methods": { - cp: &contour_api_v1.CORSPolicy{ - AllowMethods: []contour_api_v1.CORSHeaderValue{}, + cp: &contour_v1.CORSPolicy{ + AllowMethods: []contour_v1.CORSHeaderValue{}, AllowOrigin: []string{"*"}, }, wantErr: true, }, "invalid max age": { - cp: &contour_api_v1.CORSPolicy{ + cp: &contour_v1.CORSPolicy{ MaxAge: "xxm", - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowOrigin: []string{"*"}, }, wantErr: true, }, "negative max age": { - cp: &contour_api_v1.CORSPolicy{ + cp: &contour_v1.CORSPolicy{ MaxAge: "-5s", - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowOrigin: []string{"*"}, }, wantErr: true, @@ -298,12 +299,12 @@ func TestToCORSPolicy(t *testing.T) { func TestSlowStart(t *testing.T) { tests := map[string]struct { - input *contour_api_v1.SlowStartPolicy + input *contour_v1.SlowStartPolicy want *SlowStartConfig wantErr bool }{ "window only": { - input: &contour_api_v1.SlowStartPolicy{ + input: &contour_v1.SlowStartPolicy{ Window: "10s", }, want: &SlowStartConfig{ @@ -313,7 +314,7 @@ func TestSlowStart(t *testing.T) { }, }, "with all fields": { - input: &contour_api_v1.SlowStartPolicy{ + input: &contour_v1.SlowStartPolicy{ Window: "10s", Aggression: "1.1", MinimumWeightPercent: 5, @@ -325,13 +326,13 @@ func TestSlowStart(t *testing.T) { }, }, "invalid window, missing unit": { - input: &contour_api_v1.SlowStartPolicy{ + input: &contour_v1.SlowStartPolicy{ Window: "10", }, wantErr: true, }, "invalid aggression, not float": { - input: &contour_api_v1.SlowStartPolicy{ + input: &contour_v1.SlowStartPolicy{ Window: "10s", Aggression: "not-a-float", }, @@ -352,17 +353,17 @@ func TestSlowStart(t *testing.T) { func TestIncludeMatchConditionsIdentical(t *testing.T) { tests := map[string]struct { - includeConds []contour_api_v1.MatchCondition + includeConds []contour_v1.MatchCondition seenConds map[string][]matchConditionAggregate duplicate bool }{ "empty conditions, no seen": { - includeConds: []contour_api_v1.MatchCondition{}, + includeConds: []contour_v1.MatchCondition{}, seenConds: make(map[string][]matchConditionAggregate), duplicate: false, }, "empty conditions, seen some": { - includeConds: []contour_api_v1.MatchCondition{}, + includeConds: []contour_v1.MatchCondition{}, seenConds: map[string][]matchConditionAggregate{ "/": { { @@ -380,14 +381,14 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "prefix /, no seen": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/"}, }, seenConds: make(map[string][]matchConditionAggregate), duplicate: false, }, "prefix /, seen prefix / only should not be duplicate": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/"}, }, seenConds: map[string][]matchConditionAggregate{ @@ -401,7 +402,7 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "prefix /, seen headers only": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/"}, }, seenConds: map[string][]matchConditionAggregate{ @@ -415,7 +416,7 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "prefix /, seen query only": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/"}, }, seenConds: map[string][]matchConditionAggregate{ @@ -429,7 +430,7 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "prefix /, seen some": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/"}, }, seenConds: map[string][]matchConditionAggregate{ @@ -447,14 +448,14 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "prefix nonroot, no seen": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/api"}, }, seenConds: make(map[string][]matchConditionAggregate), duplicate: false, }, "prefix nonroot, seen": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/api"}, }, seenConds: map[string][]matchConditionAggregate{ @@ -468,7 +469,7 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: true, }, "prefix nonroot, seen duplicate and others": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/api"}, }, seenConds: map[string][]matchConditionAggregate{ @@ -488,7 +489,7 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: true, }, "prefix nonroot, seen others": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/api"}, }, seenConds: map[string][]matchConditionAggregate{ @@ -508,7 +509,7 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "prefix nonroot, seen headers only": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/api"}, }, seenConds: map[string][]matchConditionAggregate{ @@ -522,7 +523,7 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "prefix nonroot, seen query only": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/api"}, }, seenConds: map[string][]matchConditionAggregate{ @@ -536,7 +537,7 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "prefix nonroot, seen some": { - includeConds: []contour_api_v1.MatchCondition{ + includeConds: []contour_v1.MatchCondition{ {Prefix: "/api"}, }, seenConds: map[string][]matchConditionAggregate{ @@ -560,9 +561,9 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "headers only, seen headers only non-duplicate": { - includeConds: []contour_api_v1.MatchCondition{ - {Header: &contour_api_v1.HeaderMatchCondition{Name: "x-foo", NotPresent: true}}, - {Header: &contour_api_v1.HeaderMatchCondition{Name: "x-bar", Exact: "bar"}}, + includeConds: []contour_v1.MatchCondition{ + {Header: &contour_v1.HeaderMatchCondition{Name: "x-foo", NotPresent: true}}, + {Header: &contour_v1.HeaderMatchCondition{Name: "x-bar", Exact: "bar"}}, }, seenConds: map[string][]matchConditionAggregate{ // Same header conditions but different prefix. @@ -588,8 +589,8 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "headers only, seen headers only duplicate": { - includeConds: []contour_api_v1.MatchCondition{ - {Header: &contour_api_v1.HeaderMatchCondition{Name: "x-foo", Present: true}}, + includeConds: []contour_v1.MatchCondition{ + {Header: &contour_v1.HeaderMatchCondition{Name: "x-foo", Present: true}}, }, seenConds: map[string][]matchConditionAggregate{ "/": { @@ -602,9 +603,9 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: true, }, "query only, seen query only non-duplicate": { - includeConds: []contour_api_v1.MatchCondition{ - {QueryParameter: &contour_api_v1.QueryParameterMatchCondition{Name: "param-1", Present: true}}, - {QueryParameter: &contour_api_v1.QueryParameterMatchCondition{Name: "param-2", Exact: "bar"}}, + includeConds: []contour_v1.MatchCondition{ + {QueryParameter: &contour_v1.QueryParameterMatchCondition{Name: "param-1", Present: true}}, + {QueryParameter: &contour_v1.QueryParameterMatchCondition{Name: "param-2", Exact: "bar"}}, }, seenConds: map[string][]matchConditionAggregate{ "/": { @@ -630,8 +631,8 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: false, }, "query only, seen query only duplicate": { - includeConds: []contour_api_v1.MatchCondition{ - {QueryParameter: &contour_api_v1.QueryParameterMatchCondition{Name: "param-1", Prefix: "foo"}}, + includeConds: []contour_v1.MatchCondition{ + {QueryParameter: &contour_v1.QueryParameterMatchCondition{Name: "param-1", Prefix: "foo"}}, }, seenConds: map[string][]matchConditionAggregate{ "/": { @@ -646,10 +647,10 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: true, }, "combination of header and query, duplicate": { - includeConds: []contour_api_v1.MatchCondition{ - {QueryParameter: &contour_api_v1.QueryParameterMatchCondition{Name: "param-2", Prefix: "foo"}}, - {Header: &contour_api_v1.HeaderMatchCondition{Name: "x-foo", Present: true}}, - {QueryParameter: &contour_api_v1.QueryParameterMatchCondition{Name: "param-1", Prefix: "foo"}}, + includeConds: []contour_v1.MatchCondition{ + {QueryParameter: &contour_v1.QueryParameterMatchCondition{Name: "param-2", Prefix: "foo"}}, + {Header: &contour_v1.HeaderMatchCondition{Name: "x-foo", Present: true}}, + {QueryParameter: &contour_v1.QueryParameterMatchCondition{Name: "param-1", Prefix: "foo"}}, }, seenConds: map[string][]matchConditionAggregate{ "/": { @@ -665,9 +666,9 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { duplicate: true, }, "combination of header and query, non-duplicate": { - includeConds: []contour_api_v1.MatchCondition{ - {Header: &contour_api_v1.HeaderMatchCondition{Name: "x-foo", Present: true}}, - {QueryParameter: &contour_api_v1.QueryParameterMatchCondition{Name: "param-1", Prefix: "foo"}}, + includeConds: []contour_v1.MatchCondition{ + {Header: &contour_v1.HeaderMatchCondition{Name: "x-foo", Present: true}}, + {QueryParameter: &contour_v1.QueryParameterMatchCondition{Name: "param-1", Prefix: "foo"}}, }, seenConds: map[string][]matchConditionAggregate{ // Header and query params are the same, but different prefix. @@ -702,36 +703,36 @@ func TestIncludeMatchConditionsIdentical(t *testing.T) { func TestValidateExternalAuthExtensionService(t *testing.T) { tests := map[string]struct { - ref contour_api_v1.ExtensionServiceReference - wantValidCond *contour_api_v1.DetailedCondition - httpproxy *contour_api_v1.HTTPProxy + ref contour_v1.ExtensionServiceReference + wantValidCond *contour_v1.DetailedCondition + httpproxy *contour_v1.HTTPProxy getExtensionCluster func(name string) *ExtensionCluster want *ExtensionCluster wantBool bool }{ "Unsupported API version": { - ref: contour_api_v1.ExtensionServiceReference{ + ref: contour_v1.ExtensionServiceReference{ APIVersion: "wrong version", Namespace: "ns", Name: "test", }, - wantValidCond: &contour_api_v1.DetailedCondition{ - Condition: v1.Condition{ - Status: contour_api_v1.ConditionTrue, + wantValidCond: &contour_v1.DetailedCondition{ + Condition: meta_v1.Condition{ + Status: contour_v1.ConditionTrue, Reason: "ErrorPresent", Message: "At least one error present, see Errors for details", }, - Errors: []contour_api_v1.SubCondition{ + Errors: []contour_v1.SubCondition{ { Type: "AuthError", Reason: "AuthBadResourceVersion", Message: "Spec.Virtualhost.Authorization.extensionRef specifies an unsupported resource version \"wrong version\"", - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, }, }, }, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, }, @@ -744,28 +745,28 @@ func TestValidateExternalAuthExtensionService(t *testing.T) { wantBool: false, }, "ExtensionService does not exist": { - ref: contour_api_v1.ExtensionServiceReference{ + ref: contour_v1.ExtensionServiceReference{ APIVersion: "projectcontour.io/v1alpha1", Namespace: "ns", Name: "test", }, - wantValidCond: &contour_api_v1.DetailedCondition{ - Condition: v1.Condition{ - Status: contour_api_v1.ConditionTrue, + wantValidCond: &contour_v1.DetailedCondition{ + Condition: meta_v1.Condition{ + Status: contour_v1.ConditionTrue, Reason: "ErrorPresent", Message: "At least one error present, see Errors for details", }, - Errors: []contour_api_v1.SubCondition{ + Errors: []contour_v1.SubCondition{ { Type: "AuthError", Reason: "ExtensionServiceNotFound", Message: "Spec.Virtualhost.Authorization.ServiceRef extension service \"ns/test\" not found", - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, }, }, }, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, }, @@ -776,14 +777,14 @@ func TestValidateExternalAuthExtensionService(t *testing.T) { wantBool: false, }, "Validation successful": { - ref: contour_api_v1.ExtensionServiceReference{ + ref: contour_v1.ExtensionServiceReference{ APIVersion: "projectcontour.io/v1alpha1", Namespace: "ns", Name: "test", }, - wantValidCond: &contour_api_v1.DetailedCondition{}, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + wantValidCond: &contour_v1.DetailedCondition{}, + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, }, @@ -801,7 +802,7 @@ func TestValidateExternalAuthExtensionService(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - validCond := &contour_api_v1.DetailedCondition{} + validCond := &contour_v1.DetailedCondition{} gotBool, got := validateExternalAuthExtensionService(tc.ref, validCond, tc.httpproxy, tc.getExtensionCluster) require.Equal(t, tc.want, got) require.Equal(t, tc.wantBool, gotBool) @@ -813,32 +814,32 @@ func TestValidateExternalAuthExtensionService(t *testing.T) { func TestDetermineExternalAuthTimeout(t *testing.T) { tests := map[string]struct { responseTimeout string - wantValidCond *contour_api_v1.DetailedCondition + wantValidCond *contour_v1.DetailedCondition ext *ExtensionCluster want *timeout.Setting wantBool bool }{ "invalid timeout": { responseTimeout: "foo", - wantValidCond: &contour_api_v1.DetailedCondition{ - Condition: v1.Condition{ - Status: contour_api_v1.ConditionTrue, + wantValidCond: &contour_v1.DetailedCondition{ + Condition: meta_v1.Condition{ + Status: contour_v1.ConditionTrue, Reason: "ErrorPresent", Message: "At least one error present, see Errors for details", }, - Errors: []contour_api_v1.SubCondition{ + Errors: []contour_v1.SubCondition{ { Type: "AuthError", Reason: "AuthResponseTimeoutInvalid", Message: "Spec.Virtualhost.Authorization.ResponseTimeout is invalid: unable to parse timeout string \"foo\": time: invalid duration \"foo\"", - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, }, }, }, }, "default timeout": { responseTimeout: "", - wantValidCond: &contour_api_v1.DetailedCondition{}, + wantValidCond: &contour_v1.DetailedCondition{}, ext: &ExtensionCluster{ Name: "test", RouteTimeoutPolicy: RouteTimeoutPolicy{ @@ -850,7 +851,7 @@ func TestDetermineExternalAuthTimeout(t *testing.T) { }, "success": { responseTimeout: "20s", - wantValidCond: &contour_api_v1.DetailedCondition{}, + wantValidCond: &contour_v1.DetailedCondition{}, ext: &ExtensionCluster{ Name: "test", RouteTimeoutPolicy: RouteTimeoutPolicy{ @@ -864,7 +865,7 @@ func TestDetermineExternalAuthTimeout(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - validCond := &contour_api_v1.DetailedCondition{} + validCond := &contour_v1.DetailedCondition{} gotBool, got := determineExternalAuthTimeout(tc.responseTimeout, validCond, tc.ext) require.Equal(t, tc.want, got) require.Equal(t, tc.wantBool, gotBool) @@ -875,29 +876,29 @@ func TestDetermineExternalAuthTimeout(t *testing.T) { func TestToIPFilterRule(t *testing.T) { tests := map[string]struct { - allowPolicy []contour_api_v1.IPFilterPolicy - denyPolicy []contour_api_v1.IPFilterPolicy + allowPolicy []contour_v1.IPFilterPolicy + denyPolicy []contour_v1.IPFilterPolicy want []IPFilterRule wantAllow bool wantErr bool - wantConditionErrs []contour_api_v1.SubCondition + wantConditionErrs []contour_v1.SubCondition }{ "no ip policy": { allowPolicy: nil, - denyPolicy: []contour_api_v1.IPFilterPolicy{}, + denyPolicy: []contour_v1.IPFilterPolicy{}, want: nil, }, "both allow and deny rules not supported": { - allowPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourceRemote, + allowPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourceRemote, CIDR: "1.1.1.1/24", }}, - denyPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourcePeer, + denyPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourcePeer, CIDR: "2.2.2.2/24", }}, wantErr: true, - wantConditionErrs: []contour_api_v1.SubCondition{{ + wantConditionErrs: []contour_v1.SubCondition{{ Type: "IPFilterError", Status: "True", Reason: "IncompatibleIPAddressFilters", @@ -905,15 +906,15 @@ func TestToIPFilterRule(t *testing.T) { }}, }, "reports invalid cidr ranges": { - allowPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourceRemote, + allowPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourceRemote, CIDR: "!@#$!@#$", }, { - Source: contour_api_v1.IPFilterSourcePeer, + Source: contour_v1.IPFilterSourcePeer, CIDR: "2.2.2.2/512", }}, wantErr: true, - wantConditionErrs: []contour_api_v1.SubCondition{ + wantConditionErrs: []contour_v1.SubCondition{ { Type: "IPFilterError", Status: "True", @@ -929,11 +930,11 @@ func TestToIPFilterRule(t *testing.T) { }, }, "parses multiple allow rules": { - allowPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourceRemote, + allowPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourceRemote, CIDR: "1.1.1.1", }, { - Source: contour_api_v1.IPFilterSourcePeer, + Source: contour_v1.IPFilterSourcePeer, CIDR: "2001:db8::68/24", }}, wantAllow: true, @@ -952,11 +953,11 @@ func TestToIPFilterRule(t *testing.T) { }}, }, "parses multiple deny rules": { - denyPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourceRemote, + denyPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourceRemote, CIDR: "1.1.1.1/24", }, { - Source: contour_api_v1.IPFilterSourcePeer, + Source: contour_v1.IPFilterSourcePeer, CIDR: "2001:db8::68", }}, wantAllow: false, @@ -978,7 +979,7 @@ func TestToIPFilterRule(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - cond := contour_api_v1.DetailedCondition{} + cond := contour_v1.DetailedCondition{} gotAllow, got, gotErr := toIPFilterRules(tc.allowPolicy, tc.denyPolicy, &cond) if tc.wantErr { require.Error(t, gotErr) @@ -992,49 +993,49 @@ func TestToIPFilterRule(t *testing.T) { func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { tests := map[string]struct { - rateLimitServiceConfig *contour_api_v1alpha1.RateLimitServiceConfig - wantValidCond *contour_api_v1.DetailedCondition - httpproxy *contour_api_v1.HTTPProxy + rateLimitServiceConfig *contour_v1alpha1.RateLimitServiceConfig + wantValidCond *contour_v1.DetailedCondition + httpproxy *contour_v1.HTTPProxy want *RateLimitPolicy isValidCond bool - wantConditionErrs []contour_api_v1.SubCondition + wantConditionErrs []contour_v1.SubCondition }{ "no rate limit policy is set anywhere": { - rateLimitServiceConfig: &contour_api_v1alpha1.RateLimitServiceConfig{ + rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", FailOpen: ref.To(true), }, - wantValidCond: &contour_api_v1.DetailedCondition{}, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + wantValidCond: &contour_v1.DetailedCondition{}, + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{}, + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{}, }, }, want: nil, isValidCond: true, }, "default global rate limit Policy is not set": { - rateLimitServiceConfig: &contour_api_v1alpha1.RateLimitServiceConfig{ + rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", FailOpen: ref.To(true), }, - wantValidCond: &contour_api_v1.DetailedCondition{}, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + wantValidCond: &contour_v1.DetailedCondition{}, + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "foo", Value: "bar", }, @@ -1066,15 +1067,15 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { isValidCond: true, }, "default global rate limit policy is set but HTTPProxy is opted out": { - rateLimitServiceConfig: &contour_api_v1alpha1.RateLimitServiceConfig{ + rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", FailOpen: ref.To(true), - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "A general policy key", Value: "A general policy value", }, @@ -1084,15 +1085,15 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { }, }, }, - wantValidCond: &contour_api_v1.DetailedCondition{}, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + wantValidCond: &contour_v1.DetailedCondition{}, + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: true, }, }, @@ -1103,15 +1104,15 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { isValidCond: true, }, "default global rate limit policy is set but HTTPProxy defines its own global RateLimit policy": { - rateLimitServiceConfig: &contour_api_v1alpha1.RateLimitServiceConfig{ + rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", FailOpen: ref.To(true), - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "A general policy key", Value: "A general policy value", }, @@ -1121,20 +1122,20 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { }, }, }, - wantValidCond: &contour_api_v1.DetailedCondition{}, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + wantValidCond: &contour_v1.DetailedCondition{}, + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "foo", Value: "bar", }, @@ -1166,15 +1167,15 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { isValidCond: true, }, "default rate limit policy is set": { - rateLimitServiceConfig: &contour_api_v1alpha1.RateLimitServiceConfig{ + rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", FailOpen: ref.To(true), - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "A general policy key", Value: "A general policy value", }, @@ -1184,13 +1185,13 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { }, }, }, - wantValidCond: &contour_api_v1.DetailedCondition{}, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + wantValidCond: &contour_v1.DetailedCondition{}, + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{}, + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{}, }, }, want: &RateLimitPolicy{ @@ -1212,15 +1213,15 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { isValidCond: true, }, "default rate limit policy is set and HTTPProxy's local rate limit should not change": { - rateLimitServiceConfig: &contour_api_v1alpha1.RateLimitServiceConfig{ + rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", FailOpen: ref.To(true), - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "A general policy key", Value: "A general policy value", }, @@ -1230,15 +1231,15 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { }, }, }, - wantValidCond: &contour_api_v1.DetailedCondition{}, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + wantValidCond: &contour_v1.DetailedCondition{}, + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 10, Unit: "second", }, @@ -1270,34 +1271,34 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { isValidCond: true, }, "default rate limit policy is set but it is invalid": { - rateLimitServiceConfig: &contour_api_v1alpha1.RateLimitServiceConfig{ + rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", FailOpen: ref.To(true), - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ {}, }, }, }, }, }, - wantValidCond: &contour_api_v1.DetailedCondition{ - Condition: v1.Condition{ - Status: contour_api_v1.ConditionTrue, + wantValidCond: &contour_v1.DetailedCondition{ + Condition: meta_v1.Condition{ + Status: contour_v1.ConditionTrue, Reason: "ErrorPresent", Message: "At least one error present, see Errors for details", }, }, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 10, Unit: "second", }, @@ -1307,7 +1308,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { }, want: nil, isValidCond: false, - wantConditionErrs: []contour_api_v1.SubCondition{ + wantConditionErrs: []contour_v1.SubCondition{ { Type: "VirtualHostError", Status: "True", @@ -1317,15 +1318,15 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { }, }, "global rate limit policy on HTTPProxy is invalid": { - rateLimitServiceConfig: &contour_api_v1alpha1.RateLimitServiceConfig{ + rateLimitServiceConfig: &contour_v1alpha1.RateLimitServiceConfig{ Domain: "test-domain", FailOpen: ref.To(true), - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "A general policy key", Value: "A general policy value", }, @@ -1335,24 +1336,24 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { }, }, }, - wantValidCond: &contour_api_v1.DetailedCondition{ - Condition: v1.Condition{ - Status: contour_api_v1.ConditionTrue, + wantValidCond: &contour_v1.DetailedCondition{ + Condition: meta_v1.Condition{ + Status: contour_v1.ConditionTrue, Reason: "ErrorPresent", Message: "At least one error present, see Errors for details", }, }, - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ {}, }, }, @@ -1364,7 +1365,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { }, want: nil, isValidCond: false, - wantConditionErrs: []contour_api_v1.SubCondition{ + wantConditionErrs: []contour_v1.SubCondition{ { Type: "VirtualHostError", Status: "True", @@ -1377,7 +1378,7 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - validCond := &contour_api_v1.DetailedCondition{} + validCond := &contour_v1.DetailedCondition{} got, isValid := computeVirtualHostRateLimitPolicy(tc.httpproxy, tc.rateLimitServiceConfig, validCond) require.Equal(t, tc.isValidCond, isValid) require.Equal(t, tc.want, got) @@ -1388,27 +1389,27 @@ func TestValidateVirtualHostRateLimitPolicy(t *testing.T) { func TestRateLimitPerRoute(t *testing.T) { tests := map[string]struct { - httpproxy *contour_api_v1.HTTPProxy + httpproxy *contour_v1.HTTPProxy want *RateLimitPerRoute }{ "route doesn't disable the global rate limit functionality": { - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.projectcontour.io", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "foo", Port: 80, }, }, - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/bar", }, @@ -1420,29 +1421,29 @@ func TestRateLimitPerRoute(t *testing.T) { want: nil, }, "route disables the global rate limit functionality": { - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.projectcontour.io", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "foo", Port: 80, }, }, - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/bar", }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: true, }, }, @@ -1455,29 +1456,29 @@ func TestRateLimitPerRoute(t *testing.T) { }, }, "route doesn't disable the global rate limit functionality explicitly": { - httpproxy: &contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + httpproxy: &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "ns", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.projectcontour.io", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "foo", Port: 80, }, }, - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/bar", }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: false, }, }, @@ -1501,7 +1502,7 @@ func TestRateLimitPerRoute(t *testing.T) { func TestDetermineUpstreamTLS(t *testing.T) { tests := map[string]struct { - envoyTLS *contour_api_v1alpha1.EnvoyTLS + envoyTLS *contour_v1alpha1.EnvoyTLS want *UpstreamTLS }{ "nothing set": { @@ -1509,7 +1510,7 @@ func TestDetermineUpstreamTLS(t *testing.T) { want: nil, }, "only set tls min max": { - envoyTLS: &contour_api_v1alpha1.EnvoyTLS{ + envoyTLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: "1.1", MaximumProtocolVersion: "1.2", }, diff --git a/internal/dag/ingress_processor.go b/internal/dag/ingress_processor.go index efee9e4ef83..e207c1f56a7 100644 --- a/internal/dag/ingress_processor.go +++ b/internal/dag/ingress_processor.go @@ -18,15 +18,15 @@ import ( "strings" "time" + "github.com/sirupsen/logrus" + networking_v1 "k8s.io/api/networking/v1" + "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/annotation" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/ref" - "github.com/sirupsen/logrus" - networking_v1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/types" ) // IngressProcessor translates Ingresses into DAG @@ -68,7 +68,7 @@ type IngressProcessor struct { SetSourceMetadataOnRoutes bool // GlobalCircuitBreakerDefaults defines global circuit breaker defaults. - GlobalCircuitBreakerDefaults *contour_api_v1alpha1.GlobalCircuitBreakerDefaults + GlobalCircuitBreakerDefaults *contour_v1alpha1.GlobalCircuitBreakerDefaults // UpstreamTLS defines the TLS settings like min/max version // and cipher suites for upstream connections. diff --git a/internal/dag/policy.go b/internal/dag/policy.go index a03d4f2fea9..27d7e9273fc 100644 --- a/internal/dag/policy.go +++ b/internal/dag/policy.go @@ -21,20 +21,20 @@ import ( "strings" "time" + "github.com/sirupsen/logrus" networking_v1 "k8s.io/api/networking/v1" + utilerrors "k8s.io/apimachinery/pkg/util/errors" + "k8s.io/apimachinery/pkg/util/sets" + "k8s.io/apimachinery/pkg/util/validation" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/annotation" "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" - "github.com/sirupsen/logrus" - utilerrors "k8s.io/apimachinery/pkg/util/errors" - "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apimachinery/pkg/util/validation" ) const ( @@ -64,7 +64,7 @@ var hostRewriteHeaderRegex = regexp.MustCompile(`%REQ\(([A-Za-z0-9-]+)\)%`) // retryOn transforms a slice of retry on values to a comma-separated string. // CRD validation ensures that all retry on values are valid. -func retryOn(ron []contour_api_v1.RetryOn) string { +func retryOn(ron []contour_v1.RetryOn) string { if len(ron) == 0 { return "5xx" } @@ -76,7 +76,7 @@ func retryOn(ron []contour_api_v1.RetryOn) string { return strings.Join(ss, ",") } -func retryPolicy(rp *contour_api_v1.RetryPolicy) *RetryPolicy { +func retryPolicy(rp *contour_v1.RetryPolicy) *RetryPolicy { if rp == nil { return nil } @@ -110,7 +110,7 @@ func retryPolicy(rp *contour_api_v1.RetryPolicy) *RetryPolicy { } } -func headersPolicyService(defaultPolicy *HeadersPolicy, policy *contour_api_v1.HeadersPolicy, allowHostRewrite bool, dynamicHeaders map[string]string) (*HeadersPolicy, error) { +func headersPolicyService(defaultPolicy *HeadersPolicy, policy *contour_v1.HeadersPolicy, allowHostRewrite bool, dynamicHeaders map[string]string) (*HeadersPolicy, error) { if defaultPolicy == nil { return headersPolicyRoute(policy, allowHostRewrite, dynamicHeaders) } @@ -167,7 +167,7 @@ func headersPolicyService(defaultPolicy *HeadersPolicy, policy *contour_api_v1.H return userPolicy, nil } -func headersPolicyRoute(policy *contour_api_v1.HeadersPolicy, allowHostRewrite bool, dynamicHeaders map[string]string) (*HeadersPolicy, error) { +func headersPolicyRoute(policy *contour_v1.HeadersPolicy, allowHostRewrite bool, dynamicHeaders map[string]string) (*HeadersPolicy, error) { if policy == nil { return nil, nil } @@ -345,7 +345,7 @@ func escapeHeaderValue(value string, dynamicHeaders map[string]string) string { return escapedValue } -func cookieRewritePolicies(policies []contour_api_v1.CookieRewritePolicy) ([]CookieRewritePolicy, error) { +func cookieRewritePolicies(policies []contour_v1.CookieRewritePolicy) ([]CookieRewritePolicy, error) { validPolicies := make([]CookieRewritePolicy, 0, len(policies)) cookieNames := map[string]struct{}{} for _, p := range policies { @@ -437,7 +437,7 @@ func ingressTimeoutPolicy(ingress *networking_v1.Ingress, log logrus.FieldLogger } // if the request timeout annotation is present on this ingress // construct and use the HTTPProxy timeout policy logic. - tp, _, err := timeoutPolicy(&contour_api_v1.TimeoutPolicy{ + tp, _, err := timeoutPolicy(&contour_v1.TimeoutPolicy{ Response: response, }, 0) if err != nil { @@ -448,7 +448,7 @@ func ingressTimeoutPolicy(ingress *networking_v1.Ingress, log logrus.FieldLogger return tp } -func timeoutPolicy(tp *contour_api_v1.TimeoutPolicy, connectTimeout time.Duration) (RouteTimeoutPolicy, ClusterTimeoutPolicy, error) { +func timeoutPolicy(tp *contour_v1.TimeoutPolicy, connectTimeout time.Duration) (RouteTimeoutPolicy, ClusterTimeoutPolicy, error) { if tp == nil { return RouteTimeoutPolicy{ ResponseTimeout: timeout.DefaultSetting(), @@ -484,7 +484,7 @@ func timeoutPolicy(tp *contour_api_v1.TimeoutPolicy, connectTimeout time.Duratio }, nil } -func httpHealthCheckPolicy(hc *contour_api_v1.HTTPHealthCheckPolicy) (*HTTPHealthCheckPolicy, error) { +func httpHealthCheckPolicy(hc *contour_v1.HTTPHealthCheckPolicy) (*HTTPHealthCheckPolicy, error) { if hc == nil { return nil, nil } @@ -520,7 +520,7 @@ func httpHealthCheckPolicy(hc *contour_api_v1.HTTPHealthCheckPolicy) (*HTTPHealt }, nil } -func tcpHealthCheckPolicy(hc *contour_api_v1.TCPHealthCheckPolicy) *TCPHealthCheckPolicy { +func tcpHealthCheckPolicy(hc *contour_v1.TCPHealthCheckPolicy) *TCPHealthCheckPolicy { if hc == nil { return nil } @@ -534,7 +534,7 @@ func tcpHealthCheckPolicy(hc *contour_api_v1.TCPHealthCheckPolicy) *TCPHealthChe // loadBalancerPolicy returns the load balancer strategy or // blank if no valid strategy is supplied. -func loadBalancerPolicy(lbp *contour_api_v1.LoadBalancerPolicy) string { +func loadBalancerPolicy(lbp *contour_v1.LoadBalancerPolicy) string { if lbp == nil { return "" } @@ -546,7 +546,7 @@ func loadBalancerPolicy(lbp *contour_api_v1.LoadBalancerPolicy) string { } } -func prefixReplacementsAreValid(replacements []contour_api_v1.ReplacePrefix) (string, error) { +func prefixReplacementsAreValid(replacements []contour_v1.ReplacePrefix) (string, error) { prefixes := map[string]bool{} for _, r := range replacements { @@ -565,7 +565,7 @@ func prefixReplacementsAreValid(replacements []contour_api_v1.ReplacePrefix) (st return "", nil } -func rateLimitPolicy(in *contour_api_v1.RateLimitPolicy) (*RateLimitPolicy, error) { +func rateLimitPolicy(in *contour_v1.RateLimitPolicy) (*RateLimitPolicy, error) { if in == nil || (in.Local == nil && (in.Global == nil || len(in.Global.Descriptors) == 0)) { return nil, nil } @@ -587,7 +587,7 @@ func rateLimitPolicy(in *contour_api_v1.RateLimitPolicy) (*RateLimitPolicy, erro return rp, nil } -func localRateLimitPolicy(in *contour_api_v1.LocalRateLimitPolicy) (*LocalRateLimitPolicy, error) { +func localRateLimitPolicy(in *contour_v1.LocalRateLimitPolicy) (*LocalRateLimitPolicy, error) { if in == nil { return nil, nil } @@ -634,7 +634,7 @@ func localRateLimitPolicy(in *contour_api_v1.LocalRateLimitPolicy) (*LocalRateLi return res, nil } -func globalRateLimitPolicy(in *contour_api_v1.GlobalRateLimitPolicy) (*GlobalRateLimitPolicy, error) { +func globalRateLimitPolicy(in *contour_v1.GlobalRateLimitPolicy) (*GlobalRateLimitPolicy, error) { if in == nil || in.Disabled { return nil, nil } @@ -704,7 +704,7 @@ func globalRateLimitPolicy(in *contour_api_v1.GlobalRateLimitPolicy) (*GlobalRat // Validates and returns list of hash policies along with lb actual strategy to // be used. Will return default strategy and empty list of hash policies if // validation fails. -func loadBalancerRequestHashPolicies(lbp *contour_api_v1.LoadBalancerPolicy, validCond *contour_api_v1.DetailedCondition) ([]RequestHashPolicy, string) { +func loadBalancerRequestHashPolicies(lbp *contour_v1.LoadBalancerPolicy, validCond *contour_v1.DetailedCondition) ([]RequestHashPolicy, string) { if lbp == nil { return nil, "" } @@ -743,14 +743,14 @@ func loadBalancerRequestHashPolicies(lbp *contour_api_v1.LoadBalancerPolicy, val attrCounter++ } if attrCounter != 1 { - validCond.AddWarningf(contour_api_v1.ConditionTypeSpecError, "IgnoredField", + validCond.AddWarningf(contour_v1.ConditionTypeSpecError, "IgnoredField", "ignoring invalid request hash policy, must set exactly one of hashSourceIP or headerHashOptions or queryParameterHashOptions") continue } if hashPolicy.HashSourceIP { if hashSourceIPSet { - validCond.AddWarningf(contour_api_v1.ConditionTypeSpecError, "IgnoredField", + validCond.AddWarningf(contour_v1.ConditionTypeSpecError, "IgnoredField", "ignoring invalid request hash policy, hashSourceIP specified multiple times") continue } @@ -761,7 +761,7 @@ func loadBalancerRequestHashPolicies(lbp *contour_api_v1.LoadBalancerPolicy, val if hashPolicy.HeaderHashOptions != nil { headerName := http.CanonicalHeaderKey(hashPolicy.HeaderHashOptions.HeaderName) if msgs := validation.IsHTTPHeaderName(headerName); len(msgs) != 0 { - validCond.AddWarningf(contour_api_v1.ConditionTypeSpecError, "IgnoredField", + validCond.AddWarningf(contour_v1.ConditionTypeSpecError, "IgnoredField", "ignoring invalid header hash policy options with invalid header name %q: %v", headerName, msgs) continue } @@ -781,7 +781,7 @@ func loadBalancerRequestHashPolicies(lbp *contour_api_v1.LoadBalancerPolicy, val // but there is no actual standard for that. queryParameter := strings.ToLower(hashPolicy.QueryParameterHashOptions.ParameterName) if queryParameter == "" { - validCond.AddWarningf(contour_api_v1.ConditionTypeSpecError, "IgnoredField", + validCond.AddWarningf(contour_v1.ConditionTypeSpecError, "IgnoredField", "ignoring invalid query parameter hash policy options with an invalid empty query parameter name") continue } @@ -799,7 +799,7 @@ func loadBalancerRequestHashPolicies(lbp *contour_api_v1.LoadBalancerPolicy, val rhps = append(rhps, rhp) } if len(rhps) == 0 { - validCond.AddWarningf(contour_api_v1.ConditionTypeSpecError, "IgnoredField", + validCond.AddWarningf(contour_v1.ConditionTypeSpecError, "IgnoredField", "ignoring invalid request hash policy options, setting load balancer strategy to default %s", LoadBalancerPolicyRoundRobin) rhps = nil actualStrategy = LoadBalancerPolicyRoundRobin @@ -810,7 +810,7 @@ func loadBalancerRequestHashPolicies(lbp *contour_api_v1.LoadBalancerPolicy, val } } -func serviceCircuitBreakerPolicy(s *Service, cb *contour_api_v1alpha1.GlobalCircuitBreakerDefaults) *Service { +func serviceCircuitBreakerPolicy(s *Service, cb *contour_v1alpha1.GlobalCircuitBreakerDefaults) *Service { if s == nil { return nil } diff --git a/internal/dag/policy_test.go b/internal/dag/policy_test.go index 667a716efb2..62301bbb1d6 100644 --- a/internal/dag/policy_test.go +++ b/internal/dag/policy_test.go @@ -20,14 +20,15 @@ import ( "testing" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/timeout" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/timeout" ) func TestRetryPolicyIngress(t *testing.T) { @@ -41,7 +42,7 @@ func TestRetryPolicyIngress(t *testing.T) { }, "retry-on": { i: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/retry-on": "5xx", }, @@ -54,7 +55,7 @@ func TestRetryPolicyIngress(t *testing.T) { }, "explicitly disabled retries": { i: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/retry-on": "5xx", "projectcontour.io/num-retries": "-1", @@ -68,7 +69,7 @@ func TestRetryPolicyIngress(t *testing.T) { }, "num-retries": { i: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/retry-on": "5xx", "projectcontour.io/num-retries": "7", @@ -82,7 +83,7 @@ func TestRetryPolicyIngress(t *testing.T) { }, "no retry count, per try timeout": { i: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/retry-on": "5xx", "projectcontour.io/per-try-timeout": "10s", @@ -97,7 +98,7 @@ func TestRetryPolicyIngress(t *testing.T) { }, "explicit 0s timeout": { i: &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "projectcontour.io/retry-on": "5xx", "projectcontour.io/per-try-timeout": "0s", @@ -122,7 +123,7 @@ func TestRetryPolicyIngress(t *testing.T) { func TestRetryPolicy(t *testing.T) { tests := map[string]struct { - rp *contour_api_v1.RetryPolicy + rp *contour_v1.RetryPolicy want *RetryPolicy }{ "nil retry policy": { @@ -130,14 +131,14 @@ func TestRetryPolicy(t *testing.T) { want: nil, }, "empty policy": { - rp: &contour_api_v1.RetryPolicy{}, + rp: &contour_v1.RetryPolicy{}, want: &RetryPolicy{ RetryOn: "5xx", NumRetries: 1, }, }, "explicitly zero retries": { - rp: &contour_api_v1.RetryPolicy{ + rp: &contour_v1.RetryPolicy{ NumRetries: 0, // zero value for NumRetries }, want: &RetryPolicy{ @@ -146,7 +147,7 @@ func TestRetryPolicy(t *testing.T) { }, }, "no retry count, per try timeout": { - rp: &contour_api_v1.RetryPolicy{ + rp: &contour_v1.RetryPolicy{ PerTryTimeout: "10s", }, want: &RetryPolicy{ @@ -156,7 +157,7 @@ func TestRetryPolicy(t *testing.T) { }, }, "explicit 0s timeout": { - rp: &contour_api_v1.RetryPolicy{ + rp: &contour_v1.RetryPolicy{ PerTryTimeout: "0s", }, want: &RetryPolicy{ @@ -166,8 +167,8 @@ func TestRetryPolicy(t *testing.T) { }, }, "retry on": { - rp: &contour_api_v1.RetryPolicy{ - RetryOn: []contour_api_v1.RetryOn{"gateway-error", "connect-failure"}, + rp: &contour_v1.RetryPolicy{ + RetryOn: []contour_v1.RetryOn{"gateway-error", "connect-failure"}, }, want: &RetryPolicy{ RetryOn: "gateway-error,connect-failure", @@ -175,7 +176,7 @@ func TestRetryPolicy(t *testing.T) { }, }, "retriable status codes": { - rp: &contour_api_v1.RetryPolicy{ + rp: &contour_v1.RetryPolicy{ RetriableStatusCodes: []uint32{502, 503, 504}, }, want: &RetryPolicy{ @@ -196,7 +197,7 @@ func TestRetryPolicy(t *testing.T) { func TestTimeoutPolicy(t *testing.T) { tests := map[string]struct { - tp *contour_api_v1.TimeoutPolicy + tp *contour_v1.TimeoutPolicy clusterConnectTimeout time.Duration wantRouteTimeoutPolicy RouteTimeoutPolicy wantClusterTimeoutPolicy ClusterTimeoutPolicy @@ -207,11 +208,11 @@ func TestTimeoutPolicy(t *testing.T) { wantRouteTimeoutPolicy: RouteTimeoutPolicy{}, }, "empty timeout policy": { - tp: &contour_api_v1.TimeoutPolicy{}, + tp: &contour_v1.TimeoutPolicy{}, wantRouteTimeoutPolicy: RouteTimeoutPolicy{}, }, "valid response timeout": { - tp: &contour_api_v1.TimeoutPolicy{ + tp: &contour_v1.TimeoutPolicy{ Response: "1m30s", }, wantRouteTimeoutPolicy: RouteTimeoutPolicy{ @@ -219,13 +220,13 @@ func TestTimeoutPolicy(t *testing.T) { }, }, "invalid response timeout": { - tp: &contour_api_v1.TimeoutPolicy{ + tp: &contour_v1.TimeoutPolicy{ Response: "90", // 90 what? }, wantErr: true, }, "infinite response timeout": { - tp: &contour_api_v1.TimeoutPolicy{ + tp: &contour_v1.TimeoutPolicy{ Response: "infinite", }, wantRouteTimeoutPolicy: RouteTimeoutPolicy{ @@ -233,7 +234,7 @@ func TestTimeoutPolicy(t *testing.T) { }, }, "idle stream timeout": { - tp: &contour_api_v1.TimeoutPolicy{ + tp: &contour_v1.TimeoutPolicy{ Idle: "900s", }, wantRouteTimeoutPolicy: RouteTimeoutPolicy{ @@ -241,7 +242,7 @@ func TestTimeoutPolicy(t *testing.T) { }, }, "idle connection timeout": { - tp: &contour_api_v1.TimeoutPolicy{ + tp: &contour_v1.TimeoutPolicy{ IdleConnection: "900s", }, wantClusterTimeoutPolicy: ClusterTimeoutPolicy{ @@ -250,7 +251,7 @@ func TestTimeoutPolicy(t *testing.T) { }, }, "infinite idle connection timeout": { - tp: &contour_api_v1.TimeoutPolicy{ + tp: &contour_v1.TimeoutPolicy{ IdleConnection: "infinite", }, wantClusterTimeoutPolicy: ClusterTimeoutPolicy{ @@ -259,7 +260,7 @@ func TestTimeoutPolicy(t *testing.T) { }, }, "invalid idle connection timeout": { - tp: &contour_api_v1.TimeoutPolicy{ + tp: &contour_v1.TimeoutPolicy{ IdleConnection: "invalid value", }, wantErr: true, @@ -288,7 +289,7 @@ func TestTimeoutPolicy(t *testing.T) { func TestLoadBalancerPolicy(t *testing.T) { tests := map[string]struct { - lbp *contour_api_v1.LoadBalancerPolicy + lbp *contour_v1.LoadBalancerPolicy want string }{ "nil": { @@ -296,35 +297,35 @@ func TestLoadBalancerPolicy(t *testing.T) { want: "", }, "empty": { - lbp: &contour_api_v1.LoadBalancerPolicy{}, + lbp: &contour_v1.LoadBalancerPolicy{}, want: "", }, "WeightedLeastRequest": { - lbp: &contour_api_v1.LoadBalancerPolicy{ + lbp: &contour_v1.LoadBalancerPolicy{ Strategy: "WeightedLeastRequest", }, want: "WeightedLeastRequest", }, "Random": { - lbp: &contour_api_v1.LoadBalancerPolicy{ + lbp: &contour_v1.LoadBalancerPolicy{ Strategy: "Random", }, want: "Random", }, "Cookie": { - lbp: &contour_api_v1.LoadBalancerPolicy{ + lbp: &contour_v1.LoadBalancerPolicy{ Strategy: "Cookie", }, want: "Cookie", }, "RequestHash": { - lbp: &contour_api_v1.LoadBalancerPolicy{ + lbp: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", }, want: "RequestHash", }, "unknown": { - lbp: &contour_api_v1.LoadBalancerPolicy{ + lbp: &contour_v1.LoadBalancerPolicy{ Strategy: "please", }, want: "", @@ -341,14 +342,14 @@ func TestLoadBalancerPolicy(t *testing.T) { func TestHeadersPolicy(t *testing.T) { tests := map[string]struct { - hp *contour_api_v1.HeadersPolicy + hp *contour_v1.HeadersPolicy dhp HeadersPolicy want HeadersPolicy wantErr bool }{ "no percentage unchanged": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-App-Weight", Value: "100", }}, @@ -361,8 +362,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "simple percentage escape": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-App-Weight", Value: "100%", }}, @@ -375,8 +376,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "known good Envoy dynamic header unescaped": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Envoy-Hostname", Value: "%HOSTNAME%", }}, @@ -389,8 +390,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "unknown Envoy dynamic header is escaped": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Envoy-Unknown", Value: "%UNKNOWN%", }}, @@ -403,8 +404,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "valid Envoy REQ header unescaped": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Request-Host", Value: "%REQ(Host)%", }}, @@ -417,8 +418,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "valid Envoy REQ header unescaped truncated": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Request-Host", Value: "%REQ(Host):9%", }}, @@ -431,8 +432,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "valid Envoy REQ http/2 pseudo-header unescaped": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Request-Path", Value: "%REQ(:PATH)%", }}, @@ -445,8 +446,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "valid Envoy REQ header if not present": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Request-Foo-Fallback", Value: "%REQ(X-Foo?X-Bar)%", }}, @@ -459,8 +460,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "valid Envoy REQ header if not present truncated": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Request-Foo-Fallback", Value: "%REQ(X-Foo?X-Bar):10%", }}, @@ -473,8 +474,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "Envoy REQ header if not present invalid truncation": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Request-Foo-Fallback", Value: "%REQ(X-Foo?X-Bar):baz%", }}, @@ -487,8 +488,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "valid Envoy REQ header if not present http/2 pseudo-header": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Request-Path-Fallback", Value: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%", }}, @@ -501,8 +502,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "invalid Envoy REQ header is escaped": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Request-Host", Value: "%REQ(inv@lid-header)%", }}, @@ -515,8 +516,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "header value with dynamic and non-dynamic content and multiple dynamic fields": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Host-Protocol", Value: "%HOSTNAME% - %PROTOCOL%", }}, @@ -529,8 +530,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "dynamic service headers": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "l5d-dst-override", Value: "%CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT%", }}, @@ -542,8 +543,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "default header value with different object header value combined": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-Host-Protocol", Value: "%HOSTNAME% - %PROTOCOL%", }}, @@ -561,8 +562,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "default header value with same object header value not replaced": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "X-App-Weight", Value: "100", }}, @@ -579,7 +580,7 @@ func TestHeadersPolicy(t *testing.T) { }, }, "same header removed in default and object": { - hp: &contour_api_v1.HeadersPolicy{ + hp: &contour_v1.HeadersPolicy{ Remove: []string{"X-Sensitive-Header"}, }, dhp: HeadersPolicy{ @@ -601,8 +602,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "Host header rewrite by user header policy": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "foo", }}, @@ -618,8 +619,8 @@ func TestHeadersPolicy(t *testing.T) { }, }, "Host header rewrite by default header policy": { - hp: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + hp: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "K-Foo", Value: "foo", }}, @@ -659,7 +660,7 @@ func TestHeadersPolicy(t *testing.T) { func TestRateLimitPolicy(t *testing.T) { tests := map[string]struct { - in *contour_api_v1.RateLimitPolicy + in *contour_v1.RateLimitPolicy want *RateLimitPolicy wantErr string }{ @@ -668,12 +669,12 @@ func TestRateLimitPolicy(t *testing.T) { want: nil, }, "nil local rate limit policy": { - in: &contour_api_v1.RateLimitPolicy{}, + in: &contour_v1.RateLimitPolicy{}, want: nil, }, "local - no burst": { - in: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + in: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 3, Unit: "second", }, @@ -687,8 +688,8 @@ func TestRateLimitPolicy(t *testing.T) { }, }, "local - burst": { - in: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + in: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 3, Unit: "second", Burst: 4, @@ -703,8 +704,8 @@ func TestRateLimitPolicy(t *testing.T) { }, }, "local - custom response status code": { - in: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + in: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 10, Unit: "minute", ResponseStatusCode: 431, @@ -720,11 +721,11 @@ func TestRateLimitPolicy(t *testing.T) { }, }, "local - custom response headers to add": { - in: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + in: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 10, Unit: "hour", - ResponseHeadersToAdd: []contour_api_v1.HeaderValue{ + ResponseHeadersToAdd: []contour_v1.HeaderValue{ { Name: "header-1", Value: "header-value-1", @@ -749,11 +750,11 @@ func TestRateLimitPolicy(t *testing.T) { }, }, "local - duplicate response header": { - in: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + in: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 10, Unit: "hour", - ResponseHeadersToAdd: []contour_api_v1.HeaderValue{ + ResponseHeadersToAdd: []contour_v1.HeaderValue{ { Name: "duplicate-header", Value: "header-value-1", @@ -768,11 +769,11 @@ func TestRateLimitPolicy(t *testing.T) { wantErr: "duplicate header addition: \"Duplicate-Header\"", }, "local - invalid response header name": { - in: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + in: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 10, Unit: "hour", - ResponseHeadersToAdd: []contour_api_v1.HeaderValue{ + ResponseHeadersToAdd: []contour_v1.HeaderValue{ { Name: "invalid-header!", Value: "header-value-1", @@ -783,8 +784,8 @@ func TestRateLimitPolicy(t *testing.T) { wantErr: `invalid header name "Invalid-Header!": [a valid HTTP header must consist of alphanumeric characters or '-' (e.g. 'X-Header-Name', regex used for validation is '[-A-Za-z0-9]+')]`, }, "local - invalid unit": { - in: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + in: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 10, Unit: "invalid-unit", }, @@ -792,8 +793,8 @@ func TestRateLimitPolicy(t *testing.T) { wantErr: "invalid unit \"invalid-unit\" in local rate limit policy", }, "local - invalid requests": { - in: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + in: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 0, Unit: "second", }, @@ -801,22 +802,22 @@ func TestRateLimitPolicy(t *testing.T) { wantErr: "invalid requests value 0 in local rate limit policy", }, "global - multiple descriptors": { - in: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + in: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "generic-key-key", Value: "generic-key-value", }, }, { - RemoteAddress: &contour_api_v1.RemoteAddressDescriptor{}, + RemoteAddress: &contour_v1.RemoteAddressDescriptor{}, }, { - RequestHeader: &contour_api_v1.RequestHeaderDescriptor{ + RequestHeader: &contour_v1.RequestHeaderDescriptor{ HeaderName: "X-Header", DescriptorKey: "request-header-key", }, @@ -824,12 +825,12 @@ func TestRateLimitPolicy(t *testing.T) { }, }, { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RemoteAddress: &contour_api_v1.RemoteAddressDescriptor{}, + RemoteAddress: &contour_v1.RemoteAddressDescriptor{}, }, { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "generic-key-key-2", Value: "generic-key-value-2", }, @@ -879,14 +880,14 @@ func TestRateLimitPolicy(t *testing.T) { }, }, "global - multiple descriptor entries set": { - in: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + in: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{}, - RemoteAddress: &contour_api_v1.RemoteAddressDescriptor{}, + GenericKey: &contour_v1.GenericKeyDescriptor{}, + RemoteAddress: &contour_v1.RemoteAddressDescriptor{}, }, }, }, @@ -896,11 +897,11 @@ func TestRateLimitPolicy(t *testing.T) { wantErr: "rate limit descriptor entry must have exactly one field set", }, "global - no descriptor entries set": { - in: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + in: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ {}, }, }, @@ -910,14 +911,14 @@ func TestRateLimitPolicy(t *testing.T) { wantErr: "rate limit descriptor entry must have exactly one field set", }, "global - header value match": { - in: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + in: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RequestHeaderValueMatch: &contour_api_v1.RequestHeaderValueMatchDescriptor{ - Headers: []contour_api_v1.HeaderMatchCondition{ + RequestHeaderValueMatch: &contour_v1.RequestHeaderValueMatchDescriptor{ + Headers: []contour_v1.HeaderMatchCondition{ { Name: "X-Header", NotPresent: true, @@ -957,17 +958,17 @@ func TestRateLimitPolicy(t *testing.T) { }, }, "global and local": { - in: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + in: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 20, Unit: "second", }, - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RemoteAddress: &contour_api_v1.RemoteAddressDescriptor{}, + RemoteAddress: &contour_v1.RemoteAddressDescriptor{}, }, }, }, @@ -1011,7 +1012,7 @@ func TestRateLimitPolicy(t *testing.T) { func TestValidateHeaderAlteration(t *testing.T) { tests := []struct { name string - in *contour_api_v1.HeadersPolicy + in *contour_v1.HeadersPolicy dyn map[string]string dhp *HeadersPolicy want *HeadersPolicy @@ -1020,8 +1021,8 @@ func TestValidateHeaderAlteration(t *testing.T) { name: "empty is fine", }, { name: "set two, remove one", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "K-Foo", Value: "bar", }, { @@ -1043,8 +1044,8 @@ func TestValidateHeaderAlteration(t *testing.T) { }, }, { name: "duplicate set", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "K-Foo", Value: "bar", }, { @@ -1059,7 +1060,7 @@ func TestValidateHeaderAlteration(t *testing.T) { wantErr: errors.New(`duplicate header addition: "K-Foo"`), }, { name: "duplicate remove", - in: &contour_api_v1.HeadersPolicy{ + in: &contour_v1.HeadersPolicy{ Remove: []string{"K-Foo", "k-foo"}, }, dyn: map[string]string{ @@ -1069,8 +1070,8 @@ func TestValidateHeaderAlteration(t *testing.T) { wantErr: errors.New(`duplicate header removal: "K-Foo"`), }, { name: "invalid set header", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: " K-Foo", Value: "bar", }}, @@ -1082,8 +1083,8 @@ func TestValidateHeaderAlteration(t *testing.T) { wantErr: errors.New(`invalid set header " K-Foo": [a valid HTTP header must consist of alphanumeric characters or '-' (e.g. 'X-Header-Name', regex used for validation is '[-A-Za-z0-9]+')]`), }, { name: "invalid set default header", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{}, + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{}, }, dyn: map[string]string{ "CONTOUR_NAMESPACE": "myns", @@ -1096,7 +1097,7 @@ func TestValidateHeaderAlteration(t *testing.T) { wantErr: errors.New(`invalid set header " K-Foo": [a valid HTTP header must consist of alphanumeric characters or '-' (e.g. 'X-Header-Name', regex used for validation is '[-A-Za-z0-9]+')]`), }, { name: "invalid remove header", - in: &contour_api_v1.HeadersPolicy{ + in: &contour_v1.HeadersPolicy{ Remove: []string{" K-Foo"}, }, dyn: map[string]string{ @@ -1106,7 +1107,7 @@ func TestValidateHeaderAlteration(t *testing.T) { wantErr: errors.New(`invalid remove header " K-Foo": [a valid HTTP header must consist of alphanumeric characters or '-' (e.g. 'X-Header-Name', regex used for validation is '[-A-Za-z0-9]+')]`), }, { name: "invalid remove default header", - in: &contour_api_v1.HeadersPolicy{ + in: &contour_v1.HeadersPolicy{ Remove: []string{" K-Foo"}, }, dyn: map[string]string{ @@ -1118,8 +1119,8 @@ func TestValidateHeaderAlteration(t *testing.T) { wantErr: errors.New(`invalid remove header " K-Foo": [a valid HTTP header must consist of alphanumeric characters or '-' (e.g. 'X-Header-Name', regex used for validation is '[-A-Za-z0-9]+')]`), }, { name: "invalid set header: rewrite Host header not supported", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "bar", }}, @@ -1131,8 +1132,8 @@ func TestValidateHeaderAlteration(t *testing.T) { wantErr: errors.New(`rewriting "Host" header is not supported`), }, { name: "invalid set default header: rewrite Host header not supported", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "K-Foo", Value: "ook?", }}, @@ -1148,8 +1149,8 @@ func TestValidateHeaderAlteration(t *testing.T) { wantErr: errors.New(`rewriting "Host" header is not supported`), }, { name: "percents are escaped", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "K-Foo", Value: "100%", }, { @@ -1173,8 +1174,8 @@ func TestValidateHeaderAlteration(t *testing.T) { }, }, { name: "dynamic service headers", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "l5d-dst-override", Value: "%CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT%", }}, @@ -1192,8 +1193,8 @@ func TestValidateHeaderAlteration(t *testing.T) { }, }, { name: "dynamic service headers without service name and port", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "l5d-dst-override", Value: "%CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT%", }}, @@ -1209,8 +1210,8 @@ func TestValidateHeaderAlteration(t *testing.T) { }, }, { name: "default headers are combined with given headers and escaped", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "K-Foo", Value: "100%", }}, @@ -1233,8 +1234,8 @@ func TestValidateHeaderAlteration(t *testing.T) { }, }, { name: "default headers do not replace given headers", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "K-Foo", Value: "100%", }}, @@ -1254,8 +1255,8 @@ func TestValidateHeaderAlteration(t *testing.T) { }, }, { name: "Host header rewrite via dynamic header", - in: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + in: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "%REQ(foo)%", }}, @@ -1275,7 +1276,7 @@ func TestValidateHeaderAlteration(t *testing.T) { func TestServiceCircuitBreakerPolicy(t *testing.T) { tests := map[string]struct { in *Service - globalDefault *contour_api_v1alpha1.GlobalCircuitBreakerDefaults + globalDefault *contour_v1alpha1.GlobalCircuitBreakerDefaults want *Service }{ "service is nil and globalDefault is nil": { @@ -1285,7 +1286,7 @@ func TestServiceCircuitBreakerPolicy(t *testing.T) { }, "service is nil and globalDefault is not nil": { in: nil, - globalDefault: &contour_api_v1alpha1.GlobalCircuitBreakerDefaults{}, + globalDefault: &contour_v1alpha1.GlobalCircuitBreakerDefaults{}, want: nil, }, "service is not nil and globalDefault is nil": { @@ -1305,7 +1306,7 @@ func TestServiceCircuitBreakerPolicy(t *testing.T) { }, "service is not set but global is": { in: &Service{}, - globalDefault: &contour_api_v1alpha1.GlobalCircuitBreakerDefaults{ + globalDefault: &contour_v1alpha1.GlobalCircuitBreakerDefaults{ MaxConnections: 42, MaxPendingRequests: 73, MaxRequests: 89, @@ -1320,7 +1321,7 @@ func TestServiceCircuitBreakerPolicy(t *testing.T) { }, "service is not set but global is partial": { in: &Service{}, - globalDefault: &contour_api_v1alpha1.GlobalCircuitBreakerDefaults{ + globalDefault: &contour_v1alpha1.GlobalCircuitBreakerDefaults{ MaxConnections: 42, MaxPendingRequests: 73, MaxRequests: 89, @@ -1365,7 +1366,7 @@ func TestExtractHeaderValue(t *testing.T) { func TestHeadersPolicyRoute(t *testing.T) { tests := []struct { name string - policy *contour_api_v1.HeadersPolicy + policy *contour_v1.HeadersPolicy allowRewrite bool dynHeaders map[string]string expected *HeadersPolicy @@ -1378,23 +1379,23 @@ func TestHeadersPolicyRoute(t *testing.T) { }, { name: "duplicate set headers", - policy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{Name: "X-Header", Value: "Test"}, {Name: "X-Header", Value: "Test2"}}, + policy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{Name: "X-Header", Value: "Test"}, {Name: "X-Header", Value: "Test2"}}, }, expectedErr: fmt.Errorf("duplicate header addition: %q", "X-Header"), }, { name: "host rewrite not allowed", - policy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{Name: "Host", Value: "Test"}}, + policy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{Name: "Host", Value: "Test"}}, }, allowRewrite: false, expectedErr: fmt.Errorf("rewriting %q header is not supported", "Host"), }, { name: "host rewrite allowed", - policy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{Name: "Host", Value: "Test"}}, + policy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{Name: "Host", Value: "Test"}}, }, allowRewrite: true, expected: &HeadersPolicy{ @@ -1404,8 +1405,8 @@ func TestHeadersPolicyRoute(t *testing.T) { }, { name: "host rewrite allowed, by header", - policy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{Name: "Host", Value: "%REQ(Test)%"}}, + policy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{Name: "Host", Value: "%REQ(Test)%"}}, }, allowRewrite: true, expected: &HeadersPolicy{ @@ -1416,8 +1417,8 @@ func TestHeadersPolicyRoute(t *testing.T) { }, { name: "host rewrite allowed, by header. invalid", - policy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{Name: "Host", Value: "%REQ (Test"}}, + policy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{Name: "Host", Value: "%REQ (Test"}}, }, allowRewrite: true, expected: &HeadersPolicy{ @@ -1428,22 +1429,22 @@ func TestHeadersPolicyRoute(t *testing.T) { }, { name: "invalid header name", - policy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{Name: " Invalid-Header ", Value: "Test"}}, + policy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{Name: " Invalid-Header ", Value: "Test"}}, }, expectedErr: fmt.Errorf(`invalid set header " Invalid-Header ": [a valid HTTP header must consist of alphanumeric characters or '-' (e.g. 'X-Header-Name', regex used for validation is '[-A-Za-z0-9]+')]`), }, { name: "duplicate remove headers", - policy: &contour_api_v1.HeadersPolicy{ + policy: &contour_v1.HeadersPolicy{ Remove: []string{"X-Header", "X-Header"}, }, expectedErr: fmt.Errorf("duplicate header removal: %q", "X-Header"), }, { name: "valid set and remove headers", - policy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{Name: "X-Header", Value: "Test"}}, + policy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{Name: "X-Header", Value: "Test"}}, Remove: []string{"Y-Header"}, }, expected: &HeadersPolicy{ diff --git a/internal/dag/secret.go b/internal/dag/secret.go index 51659842d3c..880671573a5 100644 --- a/internal/dag/secret.go +++ b/internal/dag/secret.go @@ -21,7 +21,7 @@ import ( "fmt" "strings" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" ) const ( @@ -35,12 +35,12 @@ const ( // validTLSSecret returns an error if the Secret is not of type TLS or Opaque or // if it doesn't contain valid certificate and private key material in // the tls.crt and tls.key keys. -func validTLSSecret(secret *v1.Secret) error { - if secret.Type != v1.SecretTypeTLS && secret.Type != v1.SecretTypeOpaque { - return fmt.Errorf("secret type is not %q or %q", v1.SecretTypeTLS, v1.SecretTypeOpaque) +func validTLSSecret(secret *core_v1.Secret) error { + if secret.Type != core_v1.SecretTypeTLS && secret.Type != core_v1.SecretTypeOpaque { + return fmt.Errorf("secret type is not %q or %q", core_v1.SecretTypeTLS, core_v1.SecretTypeOpaque) } - data, ok := secret.Data[v1.TLSCertKey] + data, ok := secret.Data[core_v1.TLSCertKey] if !ok { return errors.New("missing TLS certificate") } @@ -49,7 +49,7 @@ func validTLSSecret(secret *v1.Secret) error { return fmt.Errorf("invalid TLS certificate: %v", err) } - data, ok = secret.Data[v1.TLSPrivateKeyKey] + data, ok = secret.Data[core_v1.TLSPrivateKeyKey] if !ok { return errors.New("missing TLS private key") } @@ -63,9 +63,9 @@ func validTLSSecret(secret *v1.Secret) error { // validCASecret returns an error if the Secret is not of type TLS or Opaque or // if it doesn't contain a valid CA bundle in the ca.crt key. -func validCASecret(secret *v1.Secret) error { - if secret.Type != v1.SecretTypeTLS && secret.Type != v1.SecretTypeOpaque { - return fmt.Errorf("secret type is not %q or %q", v1.SecretTypeTLS, v1.SecretTypeOpaque) +func validCASecret(secret *core_v1.Secret) error { + if secret.Type != core_v1.SecretTypeTLS && secret.Type != core_v1.SecretTypeOpaque { + return fmt.Errorf("secret type is not %q or %q", core_v1.SecretTypeTLS, core_v1.SecretTypeOpaque) } if len(secret.Data[CACertificateKey]) == 0 { @@ -81,9 +81,9 @@ func validCASecret(secret *v1.Secret) error { // validCRLSecret returns an error if the Secret is not of type TLS or Opaque or // if it doesn't contain a valid CRL in the crl.pem key. -func validCRLSecret(secret *v1.Secret) error { - if secret.Type != v1.SecretTypeTLS && secret.Type != v1.SecretTypeOpaque { - return fmt.Errorf("secret type is not %q or %q", v1.SecretTypeTLS, v1.SecretTypeOpaque) +func validCRLSecret(secret *core_v1.Secret) error { + if secret.Type != core_v1.SecretTypeTLS && secret.Type != core_v1.SecretTypeOpaque { + return fmt.Errorf("secret type is not %q or %q", core_v1.SecretTypeTLS, core_v1.SecretTypeOpaque) } if len(secret.Data[CRLKey]) == 0 { diff --git a/internal/dag/secret_test.go b/internal/dag/secret_test.go index 9b38c65ebe4..d3e629cb104 100644 --- a/internal/dag/secret_test.go +++ b/internal/dag/secret_test.go @@ -18,19 +18,20 @@ import ( "fmt" "testing" - "github.com/projectcontour/contour/internal/fixture" "github.com/stretchr/testify/assert" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" + + "github.com/projectcontour/contour/internal/fixture" ) func TestValidSecrets(t *testing.T) { type test struct { - secret *v1.Secret + secret *core_v1.Secret tlsSecretError error caSecretError error crlSecretError error } - makeTest := func(s *v1.Secret, tlsErr, caErr, crlErr error) *test { + makeTest := func(s *core_v1.Secret, tlsErr, caErr, crlErr error) *test { return &test{secret: s, tlsSecretError: tlsErr, caSecretError: caErr, crlSecretError: crlErr} } @@ -44,8 +45,8 @@ func TestValidSecrets(t *testing.T) { tests := map[string]*test{ "TLS Secret, single certificate": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), }), nil, errEmptyCAKey, errEmptyCRLKey), @@ -55,93 +56,93 @@ func TestValidSecrets(t *testing.T) { "TLS Secret, certificate plus CA in bundle": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(pemBundle(fixture.CERTIFICATE, fixture.CA_CERT)), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), + core_v1.TLSCertKey: []byte(pemBundle(fixture.CERTIFICATE, fixture.CA_CERT)), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), }), nil, errEmptyCAKey, errEmptyCRLKey), "TLS Secret, certificate plus CA with no CN in bundle": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(pemBundle(fixture.CERTIFICATE, fixture.CA_CERT_NO_CN)), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), + core_v1.TLSCertKey: []byte(pemBundle(fixture.CERTIFICATE, fixture.CA_CERT_NO_CN)), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), }), nil, errEmptyCAKey, errEmptyCRLKey), "TLS Secret, single certificate plus CA in ca.crt key": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), - CACertificateKey: []byte(fixture.CA_CERT), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), + CACertificateKey: []byte(fixture.CA_CERT), }), nil, nil, errEmptyCRLKey), "TLS Secret, single certificate plus CA with no CN in ca.crt key": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), - CACertificateKey: []byte(fixture.CA_CERT_NO_CN), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), + CACertificateKey: []byte(fixture.CA_CERT_NO_CN), }), nil, nil, errEmptyCRLKey), "TLS Secret, missing CN": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.MISSING_CN_CERT), - v1.TLSPrivateKeyKey: []byte(fixture.MISSING_CN_KEY), + core_v1.TLSCertKey: []byte(fixture.MISSING_CN_CERT), + core_v1.TLSPrivateKeyKey: []byte(fixture.MISSING_CN_KEY), }), errors.New(`invalid TLS certificate: certificate has no common name or subject alt name`), errEmptyCAKey, errEmptyCRLKey), "TLS Secret, CA cert": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CA_CERT), - v1.TLSPrivateKeyKey: []byte(fixture.CA_KEY), + core_v1.TLSCertKey: []byte(fixture.CA_CERT), + core_v1.TLSPrivateKeyKey: []byte(fixture.CA_KEY), }), nil, errEmptyCAKey, errEmptyCRLKey), "TLS Secret, CA cert, missing CN": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CA_CERT_NO_CN), - v1.TLSPrivateKeyKey: []byte(fixture.CA_KEY_NO_CN), + core_v1.TLSCertKey: []byte(fixture.CA_CERT_NO_CN), + core_v1.TLSPrivateKeyKey: []byte(fixture.CA_KEY_NO_CN), }), errors.New("invalid TLS certificate: certificate has no common name or subject alt name"), errEmptyCAKey, errEmptyCRLKey), "EC cert with SubjectAltName only": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.EC_CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.EC_PRIVATE_KEY), + core_v1.TLSCertKey: []byte(fixture.EC_CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.EC_PRIVATE_KEY), }), nil, errEmptyCAKey, errEmptyCRLKey), "TLS Secret, certificate, missing key": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), }), errors.New(`missing TLS private key`), errEmptyCAKey, errEmptyCRLKey), "TLS Secret, certificate, multiple keys, RSA and EC": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY + "\n" + fixture.EC_PRIVATE_KEY + "\n" + fixture.PKCS8_PRIVATE_KEY), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY + "\n" + fixture.EC_PRIVATE_KEY + "\n" + fixture.PKCS8_PRIVATE_KEY), }), errors.New(`invalid TLS private key: multiple private keys`), errEmptyCAKey, errEmptyCRLKey), "TLS Secret, certificate, multiple keys, PKCS1 and PKCS8": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY + "\n" + fixture.PKCS8_PRIVATE_KEY), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY + "\n" + fixture.PKCS8_PRIVATE_KEY), }), errors.New("invalid TLS private key: multiple private keys"), errEmptyCAKey, errEmptyCRLKey), "TLS Secret, certificate, invalid key": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte("-----BEGIN RSA PRIVATE KEY-----\ninvalid\n-----END RSA PRIVATE KEY-----"), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte("-----BEGIN RSA PRIVATE KEY-----\ninvalid\n-----END RSA PRIVATE KEY-----"), }), errors.New("invalid TLS private key: failed to parse PEM block"), errEmptyCAKey, errEmptyCRLKey), "TLS Secret, certificate, only EC parameters": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.EC_PARAMETERS), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.EC_PARAMETERS), }), errors.New("invalid TLS private key: failed to locate private key"), errEmptyCAKey, errEmptyCRLKey), @@ -150,16 +151,16 @@ func TestValidSecrets(t *testing.T) { // "TLS Secret, wildcard cert with different SANs": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.WILDCARD_CERT), - v1.TLSPrivateKeyKey: []byte(fixture.WILDCARD_KEY), + core_v1.TLSCertKey: []byte(fixture.WILDCARD_CERT), + core_v1.TLSPrivateKeyKey: []byte(fixture.WILDCARD_KEY), }), nil, errEmptyCAKey, errEmptyCRLKey), "TLS Secret, wildcard cert with different SANs plus CA cert": makeTest( makeTLSSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.WILDCARD_CERT), - v1.TLSPrivateKeyKey: []byte(fixture.WILDCARD_KEY), - CACertificateKey: []byte(fixture.CA_CERT), + core_v1.TLSCertKey: []byte(fixture.WILDCARD_CERT), + core_v1.TLSPrivateKeyKey: []byte(fixture.WILDCARD_KEY), + CACertificateKey: []byte(fixture.CA_CERT), }), nil, nil, errEmptyCRLKey), @@ -202,9 +203,9 @@ func TestValidSecrets(t *testing.T) { "Opaque Secret, with TLS Cert and Key": makeTest( makeOpaqueSecret(map[string][]byte{ - v1.TLSCertKey: []byte(fixture.WILDCARD_CERT), - v1.TLSPrivateKeyKey: []byte(fixture.WILDCARD_KEY), - CACertificateKey: []byte(fixture.CA_CERT), + core_v1.TLSCertKey: []byte(fixture.WILDCARD_CERT), + core_v1.TLSPrivateKeyKey: []byte(fixture.WILDCARD_KEY), + CACertificateKey: []byte(fixture.CA_CERT), }), nil, nil, errEmptyCRLKey), @@ -221,13 +222,13 @@ func TestValidSecrets(t *testing.T) { errTLSCertMissing, errEmptyCAKey, errEmptyCRLKey), "kubernetes.io/dockercfg Secret, with TLS cert, CA cert and CRL": { - secret: &v1.Secret{ - Type: v1.SecretTypeDockercfg, + secret: &core_v1.Secret{ + Type: core_v1.SecretTypeDockercfg, Data: map[string][]byte{ - v1.TLSCertKey: []byte(fixture.CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), - CACertificateKey: []byte(fixture.CA_CERT), - CRLKey: []byte(fixture.CRL), + core_v1.TLSCertKey: []byte(fixture.CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(fixture.RSA_PRIVATE_KEY), + CACertificateKey: []byte(fixture.CA_CERT), + CRLKey: []byte(fixture.CRL), }, }, tlsSecretError: errInvalidSecretType, @@ -247,8 +248,8 @@ func TestValidSecrets(t *testing.T) { func secretdata(cert, key string) map[string][]byte { return map[string][]byte{ - v1.TLSCertKey: []byte(cert), - v1.TLSPrivateKeyKey: []byte(key), + core_v1.TLSCertKey: []byte(cert), + core_v1.TLSPrivateKeyKey: []byte(key), } } @@ -287,10 +288,10 @@ func pemBundle(cert ...string) string { return data } -func makeTLSSecret(data map[string][]byte) *v1.Secret { - return &v1.Secret{Type: v1.SecretTypeTLS, Data: data} +func makeTLSSecret(data map[string][]byte) *core_v1.Secret { + return &core_v1.Secret{Type: core_v1.SecretTypeTLS, Data: data} } -func makeOpaqueSecret(data map[string][]byte) *v1.Secret { - return &v1.Secret{Type: v1.SecretTypeOpaque, Data: data} +func makeOpaqueSecret(data map[string][]byte) *core_v1.Secret { + return &core_v1.Secret{Type: core_v1.SecretTypeOpaque, Data: data} } diff --git a/internal/dag/status.go b/internal/dag/status.go index 5098dc9c0db..68125647825 100644 --- a/internal/dag/status.go +++ b/internal/dag/status.go @@ -16,15 +16,16 @@ package dag import ( "fmt" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/status" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/status" ) // Status contains the status for an HTTPProxy (valid / invalid / orphan, etc) type Status struct { - Object metav1.Object + Object meta_v1.Object Status string Description string Vhost string @@ -36,7 +37,7 @@ type StatusWriter struct { type ObjectStatusWriter struct { sw *StatusWriter - obj metav1.Object + obj meta_v1.Object values map[string]string } @@ -47,7 +48,7 @@ type ObjectStatusWriter struct { // but keep the commit function for itself. The commit function should be either called // via a defer, or directly if statuses are being set in a loop (as defers will not fire // until the end of the function). -func (sw *StatusWriter) WithObject(obj metav1.Object) (_ *ObjectStatusWriter, commit func()) { +func (sw *StatusWriter) WithObject(obj meta_v1.Object) (_ *ObjectStatusWriter, commit func()) { osw := &ObjectStatusWriter{ sw: sw, obj: obj, @@ -90,7 +91,7 @@ func (osw *ObjectStatusWriter) SetInvalid(format string, args ...any) { func (osw *ObjectStatusWriter) SetValid() { switch osw.obj.(type) { - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: osw.WithValue("description", "valid HTTPProxy").WithValue("status", string(status.ProxyStatusValid)) default: // not a supported type @@ -101,7 +102,7 @@ func (osw *ObjectStatusWriter) SetValid() { // ObjectStatusWriter's values, including its status if set. This is convenient if // the object shares a relationship with its parent. The caller should arrange for // the commit function to be called to write the final status of the object. -func (osw *ObjectStatusWriter) WithObject(obj metav1.Object) (_ *ObjectStatusWriter, commit func()) { +func (osw *ObjectStatusWriter) WithObject(obj meta_v1.Object) (_ *ObjectStatusWriter, commit func()) { m := make(map[string]string) for k, v := range osw.values { m[k] = v diff --git a/internal/dag/status_test.go b/internal/dag/status_test.go index 29561c6a2dc..fb64351ec8e 100644 --- a/internal/dag/status_test.go +++ b/internal/dag/status_test.go @@ -17,32 +17,32 @@ import ( "fmt" "testing" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/internal/status" - "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/assert" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/ptr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/internal/status" ) func TestDAGStatus(t *testing.T) { type testcase struct { objs []any fallbackCertificate *types.NamespacedName - want map[types.NamespacedName]contour_api_v1.DetailedCondition + want map[types.NamespacedName]contour_v1.DetailedCondition } run := func(t *testing.T, desc string, tc testcase) { @@ -73,7 +73,7 @@ func TestDAGStatus(t *testing.T) { dag := builder.Build() t.Logf("%#v\n", dag.StatusCache) - got := make(map[types.NamespacedName]contour_api_v1.DetailedCondition) + got := make(map[types.NamespacedName]contour_v1.DetailedCondition) for _, pu := range dag.StatusCache.GetProxyUpdates() { got[pu.Fullname] = *pu.Conditions[status.ValidCondition] } @@ -83,19 +83,19 @@ func TestDAGStatus(t *testing.T) { } // proxyNoFQDN is invalid because it does not specify and FQDN - proxyNoFQDN := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyNoFQDN := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "parent", Generation: 23, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "foo", Port: 8080, }}, @@ -106,28 +106,28 @@ func TestDAGStatus(t *testing.T) { // Tests using common fixtures run(t, "root proxy does not specify FQDN", testcase{ objs: []any{proxyNoFQDN}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyNoFQDN.Name, Namespace: proxyNoFQDN.Namespace}: fixture.NewValidCondition().WithGeneration(proxyNoFQDN.Generation). - WithError(contour_api_v1.ConditionTypeVirtualHostError, "FQDNNotSpecified", "Spec.VirtualHost.Fqdn must be specified"), + WithError(contour_v1.ConditionTypeVirtualHostError, "FQDNNotSpecified", "Spec.VirtualHost.Fqdn must be specified"), }, }) // Simple Valid HTTPProxy - proxyValidHomeService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidHomeService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", Generation: 24, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -137,7 +137,7 @@ func TestDAGStatus(t *testing.T) { run(t, "valid proxy", testcase{ objs: []any{proxyValidHomeService, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyValidHomeService.Name, Namespace: proxyValidHomeService.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyValidHomeService.Generation). Valid(), @@ -145,57 +145,57 @@ func TestDAGStatus(t *testing.T) { }) // Multiple Includes, one invalid - proxyMultiIncludeOneInvalid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyMultiIncludeOneInvalid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "parent", Generation: 45, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "validChild", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }, { Name: "invalidChild", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/bar", }}, }}, }, } - proxyIncludeValidChild := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyIncludeValidChild := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "parentvalidchild", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "validChild", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }}, }, } - proxyChildValidFoo2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyChildValidFoo2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "validChild", Generation: 1, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "foo2", Port: 8080, }}, @@ -203,14 +203,14 @@ func TestDAGStatus(t *testing.T) { }, } - proxyChildInvalidBadPort := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyChildInvalidBadPort := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "invalidChild", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "foo3", Port: 12345678, }}, @@ -220,13 +220,13 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy has multiple includes, one is invalid", testcase{ objs: []any{proxyMultiIncludeOneInvalid, proxyChildValidFoo2, proxyChildInvalidBadPort, fixture.ServiceRootsFoo2, fixture.ServiceRootsFoo3InvalidPort}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyChildValidFoo2.Name, Namespace: proxyChildValidFoo2.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyChildValidFoo2.Generation). Valid(), {Name: proxyChildInvalidBadPort.Name, Namespace: proxyChildInvalidBadPort.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyChildInvalidBadPort.Generation). - WithError(contour_api_v1.ConditionTypeServiceError, "ServicePortInvalid", `service "foo3": port must be in the range 1-65535`), + WithError(contour_v1.ConditionTypeServiceError, "ServicePortInvalid", `service "foo3": port must be in the range 1-65535`), {Name: proxyMultiIncludeOneInvalid.Name, Namespace: proxyMultiIncludeOneInvalid.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyMultiIncludeOneInvalid.Generation). Valid(), @@ -235,10 +235,10 @@ func TestDAGStatus(t *testing.T) { run(t, "multi-parent child is not orphaned when one of the parents is invalid", testcase{ objs: []any{proxyNoFQDN, proxyChildValidFoo2, proxyIncludeValidChild, fixture.ServiceRootsKuard, fixture.ServiceRootsFoo2}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyNoFQDN.Name, Namespace: proxyNoFQDN.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyNoFQDN.Generation). - WithError(contour_api_v1.ConditionTypeVirtualHostError, "FQDNNotSpecified", "Spec.VirtualHost.Fqdn must be specified"), + WithError(contour_v1.ConditionTypeVirtualHostError, "FQDNNotSpecified", "Spec.VirtualHost.Fqdn must be specified"), {Name: proxyChildValidFoo2.Name, Namespace: proxyChildValidFoo2.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyChildValidFoo2.Generation). Valid(), @@ -249,24 +249,24 @@ func TestDAGStatus(t *testing.T) { }) // Exact match condition in include match conditions, invalid - proxyExactIncludeInvalid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyExactIncludeInvalid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "invalid-parent", Generation: 1, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "exact-invalid.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "child1", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Exact: "/foo", }}, }, { Name: "child2", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/bar", }}, }}, @@ -274,42 +274,42 @@ func TestDAGStatus(t *testing.T) { } // Exact match condition in include match conditions, invalid - proxyExactMatchValid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyExactMatchValid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "valid-parent", Generation: 1, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "exact-valid.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "child1", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }, { Name: "child2", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/bar", }}, }}, }, } - proxyExactIncludeChild1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyExactIncludeChild1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "child1", Generation: 1, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Exact: "/exact", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "foo1", Port: 8080, }}, @@ -317,15 +317,15 @@ func TestDAGStatus(t *testing.T) { }, } - proxyExactIncludeChild2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyExactIncludeChild2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "child2", Generation: 1, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "foo2", Port: 8080, }}, @@ -335,7 +335,7 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy has exact match condition in include match conditions, should be invalid", testcase{ objs: []any{proxyExactIncludeInvalid, proxyExactMatchValid, proxyExactIncludeChild1, proxyExactIncludeChild2, fixture.ServiceRootsFoo1, fixture.ServiceRootsFoo2}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyExactIncludeChild1.Name, Namespace: proxyExactIncludeChild1.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyExactIncludeChild1.Generation). Valid(), @@ -344,7 +344,7 @@ func TestDAGStatus(t *testing.T) { Valid(), {Name: proxyExactIncludeInvalid.Name, Namespace: proxyExactIncludeInvalid.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyExactIncludeInvalid.Generation). - WithError(contour_api_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", `include: exact conditions are not allowed in includes block`), + WithError(contour_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", `include: exact conditions are not allowed in includes block`), {Name: proxyExactMatchValid.Name, Namespace: proxyExactMatchValid.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyExactMatchValid.Generation). Valid(), @@ -352,7 +352,7 @@ func TestDAGStatus(t *testing.T) { }) ingressSharedService := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: fixture.ServiceRootsNginx.Namespace, }, @@ -368,20 +368,20 @@ func TestDAGStatus(t *testing.T) { }, } - proxyTCPSharedService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTCPSharedService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "nginx", Namespace: fixture.ServiceRootsNginx.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsNginx.Name, Port: 80, }}, @@ -394,27 +394,27 @@ func TestDAGStatus(t *testing.T) { objs: []any{ fixture.SecretRootsCert, fixture.ServiceRootsNginx, ingressSharedService, proxyTCPSharedService, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyTCPSharedService.Name, Namespace: proxyTCPSharedService.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyTCPSharedService.Generation). Valid(), }, }) - proxyDelegatedTCPTLS := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyDelegatedTCPTLS := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "app-with-tls-delegation", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "app-with-tls-delegation.127.0.0.1.nip.io", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretProjectContourCert.Namespace + "/" + fixture.SecretProjectContourCert.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: "sample-app", Port: 80, }}, @@ -428,27 +428,27 @@ func TestDAGStatus(t *testing.T) { fixture.SecretProjectContourCert, proxyDelegatedTCPTLS, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyDelegatedTCPTLS.Name, Namespace: proxyDelegatedTCPTLS.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyDelegatedTCPTLS.Generation). - WithError(contour_api_v1.ConditionTypeTLSError, "DelegationNotPermitted", `Spec.VirtualHost.TLS Secret "projectcontour/default-ssl-cert" certificate delegation not permitted`), + WithError(contour_v1.ConditionTypeTLSError, "DelegationNotPermitted", `Spec.VirtualHost.TLS Secret "projectcontour/default-ssl-cert" certificate delegation not permitted`), }, }) - proxyDelegatedTLS := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyDelegatedTLS := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "app-with-tls-delegation", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "app-with-tls-delegation.127.0.0.1.nip.io", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretProjectContourCert.Namespace + "/" + fixture.SecretProjectContourCert.Name, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "sample-app", Port: 80, }}, @@ -462,46 +462,46 @@ func TestDAGStatus(t *testing.T) { fixture.SecretProjectContourCert, proxyDelegatedTLS, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyDelegatedTLS.Name, Namespace: proxyDelegatedTLS.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyDelegatedTCPTLS.Generation). - WithError(contour_api_v1.ConditionTypeTLSError, "DelegationNotPermitted", `Spec.VirtualHost.TLS Secret "projectcontour/default-ssl-cert" certificate delegation not permitted`), + WithError(contour_v1.ConditionTypeTLSError, "DelegationNotPermitted", `Spec.VirtualHost.TLS Secret "projectcontour/default-ssl-cert" certificate delegation not permitted`), }, }) - serviceTLSPassthrough := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + serviceTLSPassthrough := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-passthrough", Namespace: "roots", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("https", "TCP", 443, 443), makeServicePort("http", "TCP", 80, 80)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("https", "TCP", 443, 443), makeServicePort("http", "TCP", 80, 80)}, }, } - proxyPassthroughProxyNonSecure := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyPassthroughProxyNonSecure := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard-tcp", Namespace: serviceTLSPassthrough.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: serviceTLSPassthrough.Name, Port: 80, // proxy non secure traffic to port 80 }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: serviceTLSPassthrough.Name, Port: 443, // ssl passthrough to secure port }}, @@ -515,53 +515,53 @@ func TestDAGStatus(t *testing.T) { serviceTLSPassthrough, proxyPassthroughProxyNonSecure, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyPassthroughProxyNonSecure.Name, Namespace: proxyPassthroughProxyNonSecure.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyPassthroughProxyNonSecure.Generation). Valid(), }, }) - proxyMultipleIncludersSite1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyMultipleIncludersSite1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "site1", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "site1.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "www", Namespace: fixture.ServiceRootsKuard.Namespace, }}, }, } - proxyMultipleIncludersSite2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyMultipleIncludersSite2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "site2", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "site2.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "www", Namespace: fixture.ServiceRootsKuard.Namespace, }}, }, } - proxyMultiIncludeChild := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyMultiIncludeChild := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -573,7 +573,7 @@ func TestDAGStatus(t *testing.T) { objs: []any{ fixture.ServiceRootsKuard, proxyMultipleIncludersSite1, proxyMultipleIncludersSite2, proxyMultiIncludeChild, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyMultipleIncludersSite1.Name, Namespace: proxyMultipleIncludersSite1.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyMultipleIncludersSite1.Generation). Valid(), @@ -587,20 +587,20 @@ func TestDAGStatus(t *testing.T) { }) // proxyInvalidNegativePortHomeService is invalid because it contains a service with negative port - proxyInvalidNegativePortHomeService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidNegativePortHomeService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: -80, }}, @@ -610,28 +610,28 @@ func TestDAGStatus(t *testing.T) { run(t, "invalid port in service", testcase{ objs: []any{proxyInvalidNegativePortHomeService}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidNegativePortHomeService.Name, Namespace: proxyInvalidNegativePortHomeService.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidNegativePortHomeService.Generation). - WithError(contour_api_v1.ConditionTypeServiceError, "ServicePortInvalid", `service "home": port must be in the range 1-65535`), + WithError(contour_v1.ConditionTypeServiceError, "ServicePortInvalid", `service "home": port must be in the range 1-65535`), }, }) // proxyInvalidOutsideRootNamespace is invalid because it lives outside the roots namespace - proxyInvalidOutsideRootNamespace := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidOutsideRootNamespace := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "finance", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foobar", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -641,32 +641,32 @@ func TestDAGStatus(t *testing.T) { run(t, "root proxy outside of roots namespace", testcase{ objs: []any{proxyInvalidOutsideRootNamespace}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidOutsideRootNamespace.Name, Namespace: proxyInvalidOutsideRootNamespace.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidNegativePortHomeService.Generation). - WithError(contour_api_v1.ConditionTypeRootNamespaceError, "RootProxyNotAllowedInNamespace", "root HTTPProxy cannot be defined in this namespace"), + WithError(contour_v1.ConditionTypeRootNamespaceError, "RootProxyNotAllowedInNamespace", "root HTTPProxy cannot be defined in this namespace"), }, }) // proxyInvalidIncludeCycle is invalid because it delegates to itself, producing a cycle - proxyInvalidIncludeCycle := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidIncludeCycle := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "self", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "self", Namespace: "roots", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -676,43 +676,43 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy self-edge produces a cycle", testcase{ objs: []any{proxyInvalidIncludeCycle, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidIncludeCycle.Name, Namespace: proxyInvalidIncludeCycle.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidIncludeCycle.Generation). - WithError(contour_api_v1.ConditionTypeIncludeError, "RootIncludesRoot", fmt.Sprintf("root httpproxy cannot include another root httpproxy (%s/%s)", proxyInvalidIncludeCycle.Namespace, proxyInvalidIncludeCycle.Name)), + WithError(contour_v1.ConditionTypeIncludeError, "RootIncludesRoot", fmt.Sprintf("root httpproxy cannot include another root httpproxy (%s/%s)", proxyInvalidIncludeCycle.Namespace, proxyInvalidIncludeCycle.Name)), }, }) // proxyIncludesProxyWithIncludeCycle delegates to proxy8, which is invalid because proxy8 delegates back to proxy8 - proxyIncludesProxyWithIncludeCycle := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyIncludesProxyWithIncludeCycle := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "parent", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "child", Namespace: "roots", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }}, }, } - proxyIncludedChildInvalidIncludeCycle := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyIncludedChildInvalidIncludeCycle := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "child", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - Includes: []contour_api_v1.Include{{ + Spec: contour_v1.HTTPProxySpec{ + Includes: []contour_v1.Include{{ Name: "child", Namespace: "roots", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }}, @@ -721,32 +721,32 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy child delegates to itself, producing a cycle", testcase{ objs: []any{proxyIncludesProxyWithIncludeCycle, proxyIncludedChildInvalidIncludeCycle}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyIncludesProxyWithIncludeCycle.Name, Namespace: proxyIncludesProxyWithIncludeCycle.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyIncludesProxyWithIncludeCycle.Generation).Valid(), {Name: proxyIncludedChildInvalidIncludeCycle.Name, Namespace: proxyIncludedChildInvalidIncludeCycle.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyIncludedChildInvalidIncludeCycle.Generation). - WithError(contour_api_v1.ConditionTypeIncludeError, "IncludeCreatesCycle", "include creates an include cycle: roots/parent -> roots/child -> roots/child"), + WithError(contour_v1.ConditionTypeIncludeError, "IncludeCreatesCycle", "include creates an include cycle: roots/parent -> roots/child -> roots/child"), }, }) run(t, "proxy orphaned route", testcase{ objs: []any{proxyIncludedChildInvalidIncludeCycle}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyIncludedChildInvalidIncludeCycle.Name, Namespace: proxyIncludedChildInvalidIncludeCycle.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyIncludedChildInvalidIncludeCycle.Generation). Orphaned(), }, }) - proxyIncludedChildValid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyIncludedChildValid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "validChild", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "foo2", Port: 8080, }}, @@ -755,17 +755,17 @@ func TestDAGStatus(t *testing.T) { } // proxyNotRootIncludeRootProxy delegates to proxyWildCardFQDN but it is invalid because it is missing fqdn - proxyNotRootIncludeRootProxy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyNotRootIncludeRootProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "invalidParent", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{}, - Includes: []contour_api_v1.Include{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{}, + Includes: []contour_v1.Include{{ Name: "validChild", Namespace: "roots", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }}, @@ -774,10 +774,10 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy invalid parent orphans child", testcase{ objs: []any{proxyNotRootIncludeRootProxy, proxyIncludedChildValid}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyNotRootIncludeRootProxy.Name, Namespace: proxyNotRootIncludeRootProxy.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyNotRootIncludeRootProxy.Generation). - WithError(contour_api_v1.ConditionTypeVirtualHostError, "FQDNNotSpecified", "Spec.VirtualHost.Fqdn must be specified"), + WithError(contour_v1.ConditionTypeVirtualHostError, "FQDNNotSpecified", "Spec.VirtualHost.Fqdn must be specified"), {Name: proxyIncludedChildValid.Name, Namespace: proxyIncludedChildValid.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyIncludedChildValid.Generation). Orphaned(), @@ -785,20 +785,20 @@ func TestDAGStatus(t *testing.T) { }) // singleNameFQDN is valid - singleNameFQDN := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + singleNameFQDN := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -808,7 +808,7 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy valid single FQDN", testcase{ objs: []any{singleNameFQDN, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: singleNameFQDN.Name, Namespace: singleNameFQDN.Namespace}: fixture.NewValidCondition(). WithGeneration(singleNameFQDN.Generation). Valid(), @@ -816,20 +816,20 @@ func TestDAGStatus(t *testing.T) { }) // proxyInvalidServiceInvalid is invalid because it references an invalid service - proxyInvalidServiceInvalid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidServiceInvalid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "invalidir", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "invalid", Port: 8080, }}, @@ -839,28 +839,28 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy missing service is invalid", testcase{ objs: []any{proxyInvalidServiceInvalid}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidServiceInvalid.Name, Namespace: proxyInvalidServiceInvalid.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidServiceInvalid.Generation). - WithError(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "roots/invalid" not found`), + WithError(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "roots/invalid" not found`), }, }) // proxyInvalidServicePortInvalid is invalid because it references an invalid port on a service - proxyInvalidServicePortInvalid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidServicePortInvalid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "invalidir", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 9999, }}, @@ -870,27 +870,27 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with service missing port is invalid", testcase{ objs: []any{proxyInvalidServicePortInvalid, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidServicePortInvalid.Name, Namespace: proxyInvalidServicePortInvalid.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidServiceInvalid.Generation). - WithError(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: port "9999" on service "roots/home" not matched`), + WithError(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: port "9999" on service "roots/home" not matched`), }, }) - proxyValidExampleCom := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidExampleCom := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "example-com", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -898,17 +898,17 @@ func TestDAGStatus(t *testing.T) { }, } - proxyValidReuseExampleCom := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidReuseExampleCom := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "other-example", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -916,17 +916,17 @@ func TestDAGStatus(t *testing.T) { }, } - proxyValidReuseCaseExampleCom := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidReuseCaseExampleCom := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "case-example", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "EXAMPLE.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -936,64 +936,64 @@ func TestDAGStatus(t *testing.T) { run(t, "conflicting proxies due to fqdn reuse", testcase{ objs: []any{proxyValidExampleCom, proxyValidReuseExampleCom}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyValidExampleCom.Name, Namespace: proxyValidExampleCom.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyValidExampleCom.Generation). - WithError(contour_api_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "example.com" is used in multiple HTTPProxies: roots/example-com, roots/other-example`), + WithError(contour_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "example.com" is used in multiple HTTPProxies: roots/example-com, roots/other-example`), {Name: proxyValidReuseExampleCom.Name, Namespace: proxyValidReuseExampleCom.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyValidReuseExampleCom.Generation). - WithError(contour_api_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "example.com" is used in multiple HTTPProxies: roots/example-com, roots/other-example`), + WithError(contour_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "example.com" is used in multiple HTTPProxies: roots/example-com, roots/other-example`), }, }) run(t, "conflicting proxies due to fqdn reuse with uppercase/lowercase", testcase{ objs: []any{proxyValidExampleCom, proxyValidReuseCaseExampleCom}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyValidExampleCom.Name, Namespace: proxyValidExampleCom.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyValidExampleCom.Generation). - WithError(contour_api_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "example.com" is used in multiple HTTPProxies: roots/case-example, roots/example-com`), + WithError(contour_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "example.com" is used in multiple HTTPProxies: roots/case-example, roots/example-com`), {Name: proxyValidReuseCaseExampleCom.Name, Namespace: proxyValidReuseCaseExampleCom.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyValidReuseCaseExampleCom.Generation). - WithError(contour_api_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "example.com" is used in multiple HTTPProxies: roots/case-example, roots/example-com`), + WithError(contour_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "example.com" is used in multiple HTTPProxies: roots/case-example, roots/example-com`), }, }) - proxyRootIncludesRoot := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRootIncludesRoot := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-blog", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "blog.containersteve.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "blog-containersteve-com", }, }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blog", Namespace: "marketing", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, }}, }, } - proxyRootIncludedByRoot := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRootIncludedByRoot := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blog", Namespace: fixture.ServiceMarketingGreen.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "blog.containersteve.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "blog-containersteve-com", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceMarketingGreen.Name, Port: 80, }}, @@ -1003,46 +1003,46 @@ func TestDAGStatus(t *testing.T) { run(t, "root proxy including another root", testcase{ objs: []any{proxyRootIncludesRoot, proxyRootIncludedByRoot}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyRootIncludesRoot.Name, Namespace: proxyRootIncludesRoot.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyRootIncludesRoot.Generation). - WithError(contour_api_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "blog.containersteve.com" is used in multiple HTTPProxies: marketing/blog, roots/root-blog`), + WithError(contour_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "blog.containersteve.com" is used in multiple HTTPProxies: marketing/blog, roots/root-blog`), {Name: proxyRootIncludedByRoot.Name, Namespace: proxyRootIncludedByRoot.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyRootIncludedByRoot.Generation). - WithError(contour_api_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "blog.containersteve.com" is used in multiple HTTPProxies: marketing/blog, roots/root-blog`), + WithError(contour_v1.ConditionTypeVirtualHostError, "DuplicateVhost", `fqdn "blog.containersteve.com" is used in multiple HTTPProxies: marketing/blog, roots/root-blog`), }, }) - proxyIncludesRootDifferentFQDN := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyIncludesRootDifferentFQDN := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-blog", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "blog.containersteve.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blog", Namespace: "marketing", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, }}, }, } - proxyRootIncludedByRootDiffFQDN := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRootIncludedByRootDiffFQDN := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blog", Namespace: fixture.ServiceMarketingGreen.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.containersteve.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceMarketingGreen.Name, Port: 80, }}, @@ -1052,24 +1052,24 @@ func TestDAGStatus(t *testing.T) { run(t, "root proxy including another root w/ different hostname", testcase{ objs: []any{proxyIncludesRootDifferentFQDN, proxyRootIncludedByRootDiffFQDN, fixture.ServiceMarketingGreen}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyIncludesRootDifferentFQDN.Name, Namespace: proxyIncludesRootDifferentFQDN.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyIncludesRootDifferentFQDN.Generation). - WithError(contour_api_v1.ConditionTypeIncludeError, "RootIncludesRoot", fmt.Sprintf("root httpproxy cannot include another root httpproxy (%s/%s)", proxyRootIncludedByRootDiffFQDN.Namespace, proxyRootIncludedByRootDiffFQDN.Name)), + WithError(contour_v1.ConditionTypeIncludeError, "RootIncludesRoot", fmt.Sprintf("root httpproxy cannot include another root httpproxy (%s/%s)", proxyRootIncludedByRootDiffFQDN.Namespace, proxyRootIncludedByRootDiffFQDN.Name)), {Name: proxyRootIncludedByRootDiffFQDN.Name, Namespace: proxyRootIncludedByRootDiffFQDN.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyRootIncludedByRootDiffFQDN.Generation). Valid(), }, }) - proxyValidIncludeBlogMarketing := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidIncludeBlogMarketing := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blog", Namespace: fixture.ServiceMarketingGreen.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceMarketingGreen.Name, Port: 80, }}, @@ -1077,19 +1077,19 @@ func TestDAGStatus(t *testing.T) { }, } - proxyRootValidIncludesBlogMarketing := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRootValidIncludesBlogMarketing := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-blog", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: proxyValidIncludeBlogMarketing.Name, Namespace: proxyValidIncludeBlogMarketing.Namespace, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, }}, @@ -1098,7 +1098,7 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy includes another", testcase{ objs: []any{proxyValidIncludeBlogMarketing, proxyRootValidIncludesBlogMarketing, fixture.ServiceRootsKuard, fixture.ServiceMarketingGreen}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyValidIncludeBlogMarketing.Name, Namespace: proxyValidIncludeBlogMarketing.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyValidIncludeBlogMarketing.Generation). Valid(), @@ -1108,17 +1108,17 @@ func TestDAGStatus(t *testing.T) { }, }) - proxyValidWithMirror := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidWithMirror := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }, { @@ -1135,24 +1135,24 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with mirror", testcase{ objs: []any{proxyValidWithMirror, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyValidWithMirror.Name, Namespace: proxyValidWithMirror.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyValidWithMirror.Generation). Valid(), }, }) - proxyInvalidTwoMirrors := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidTwoMirrors := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }, { @@ -1170,37 +1170,37 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with two mirrors", testcase{ objs: []any{proxyInvalidTwoMirrors, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidTwoMirrors.Name, Namespace: proxyInvalidTwoMirrors.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidTwoMirrors.Generation). - WithError(contour_api_v1.ConditionTypeServiceError, "OnlyOneMirror", "only one service per route may be nominated as mirror"), + WithError(contour_v1.ConditionTypeServiceError, "OnlyOneMirror", "only one service per route may be nominated as mirror"), }, }) - proxyInvalidDuplicateMatchConditionHeaders := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidDuplicateMatchConditionHeaders := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "1234", }, }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -1210,37 +1210,37 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate route condition headers", testcase{ objs: []any{proxyInvalidDuplicateMatchConditionHeaders, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidDuplicateMatchConditionHeaders.Name, Namespace: proxyInvalidDuplicateMatchConditionHeaders.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidDuplicateMatchConditionHeaders.Generation). - WithError(contour_api_v1.ConditionTypeRouteError, "HeaderMatchConditionsNotValid", "cannot specify duplicate header 'exact match' conditions in the same route"), + WithError(contour_v1.ConditionTypeRouteError, "HeaderMatchConditionsNotValid", "cannot specify duplicate header 'exact match' conditions in the same route"), }, }) - proxyInvalidDuplicateMatchConditionQueryParameters := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidDuplicateMatchConditionQueryParameters := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "abc", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "1234", }, }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -1250,21 +1250,21 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate route condition query parameters", testcase{ objs: []any{proxyInvalidDuplicateMatchConditionQueryParameters, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidDuplicateMatchConditionQueryParameters.Name, Namespace: proxyInvalidDuplicateMatchConditionQueryParameters.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidDuplicateMatchConditionQueryParameters.Generation). - WithError(contour_api_v1.ConditionTypeRouteError, "QueryParameterMatchConditionsNotValid", "cannot specify duplicate query parameter 'exact match' conditions in the same route"), + WithError(contour_v1.ConditionTypeRouteError, "QueryParameterMatchConditionsNotValid", "cannot specify duplicate query parameter 'exact match' conditions in the same route"), }, }) - proxyValidDelegatedRoots := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidDelegatedRoots := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "delegated", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -1272,34 +1272,34 @@ func TestDAGStatus(t *testing.T) { }, } - proxyInvalidDuplicateIncludeCondtionHeaders := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidDuplicateIncludeCondtionHeaders := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "delegated", Namespace: "roots", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "1234", }, }}, }}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -1309,12 +1309,12 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate include condition headers", testcase{ objs: []any{proxyInvalidDuplicateIncludeCondtionHeaders, proxyValidDelegatedRoots, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: proxyInvalidDuplicateIncludeCondtionHeaders.Name, Namespace: proxyInvalidDuplicateIncludeCondtionHeaders.Namespace, }: fixture.NewValidCondition(). - WithGeneration(proxyInvalidDuplicateIncludeCondtionHeaders.Generation).WithError(contour_api_v1.ConditionTypeRouteError, "HeaderMatchConditionsNotValid", "cannot specify duplicate header 'exact match' conditions in the same route"), + WithGeneration(proxyInvalidDuplicateIncludeCondtionHeaders.Generation).WithError(contour_v1.ConditionTypeRouteError, "HeaderMatchConditionsNotValid", "cannot specify duplicate header 'exact match' conditions in the same route"), { Name: proxyValidDelegatedRoots.Name, Namespace: proxyValidDelegatedRoots.Namespace, @@ -1323,30 +1323,30 @@ func TestDAGStatus(t *testing.T) { }, }) - proxyInvalidRouteConditionHeaders := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidRouteConditionHeaders := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", NotExact: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", NotExact: "1234", }, }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -1356,30 +1356,30 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate valid route condition headers", testcase{ objs: []any{proxyInvalidRouteConditionHeaders, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidRouteConditionHeaders.Name, Namespace: proxyInvalidRouteConditionHeaders.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidRouteConditionHeaders.Generation).Valid(), }, }) - proxyInvalidMultiplePrefixes := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidMultiplePrefixes := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/api", }, { Prefix: "/v1", }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -1389,26 +1389,26 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with two prefix conditions on route", testcase{ objs: []any{proxyInvalidMultiplePrefixes, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidMultiplePrefixes.Name, Namespace: proxyInvalidMultiplePrefixes.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidMultiplePrefixes.Generation). - WithError(contour_api_v1.ConditionTypeRouteError, "PathMatchConditionsNotValid", "route: more than one prefix, exact or regex is not allowed in a condition block"), + WithError(contour_v1.ConditionTypeRouteError, "PathMatchConditionsNotValid", "route: more than one prefix, exact or regex is not allowed in a condition block"), }, }) - proxyInvalidTwoPrefixesWithInclude := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidTwoPrefixesWithInclude := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "child", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/api", }, { @@ -1416,8 +1416,8 @@ func TestDAGStatus(t *testing.T) { }, }, }}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -1425,14 +1425,14 @@ func TestDAGStatus(t *testing.T) { }, } - proxyValidChildTeamA := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidChildTeamA := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "child", Namespace: "teama", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -1442,32 +1442,32 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with two prefix conditions orphans include", testcase{ objs: []any{proxyInvalidTwoPrefixesWithInclude, proxyValidChildTeamA, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidTwoPrefixesWithInclude.Name, Namespace: proxyInvalidTwoPrefixesWithInclude.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidTwoPrefixesWithInclude.Generation). - WithError(contour_api_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", "include: more than one prefix, exact or regex is not allowed in a condition block"), + WithError(contour_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", "include: more than one prefix, exact or regex is not allowed in a condition block"), {Name: proxyValidChildTeamA.Name, Namespace: proxyValidChildTeamA.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyValidChildTeamA.Generation). Orphaned(), }, }) - proxyInvalidPrefixNoSlash := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidPrefixNoSlash := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "api", }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -1477,33 +1477,33 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with prefix conditions on route that does not start with slash", testcase{ objs: []any{proxyInvalidPrefixNoSlash, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidPrefixNoSlash.Name, Namespace: proxyInvalidPrefixNoSlash.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyInvalidPrefixNoSlash.Generation). - WithError(contour_api_v1.ConditionTypeRouteError, "PathMatchConditionsNotValid", "route: prefix conditions must start with /, api was supplied"), + WithError(contour_v1.ConditionTypeRouteError, "PathMatchConditionsNotValid", "route: prefix conditions must start with /, api was supplied"), }, }) - proxyInvalidIncludePrefixNoSlash := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidIncludePrefixNoSlash := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "www", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "child", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "api", }, }, }}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -1513,32 +1513,32 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with include prefix that does not start with slash", testcase{ objs: []any{proxyInvalidIncludePrefixNoSlash, proxyValidChildTeamA, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidIncludePrefixNoSlash.Name, Namespace: proxyInvalidIncludePrefixNoSlash.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", "include: prefix conditions must start with /, api was supplied"), + WithError(contour_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", "include: prefix conditions must start with /, api was supplied"), {Name: proxyValidChildTeamA.Name, Namespace: proxyValidChildTeamA.Namespace}: fixture.NewValidCondition(). Orphaned(), }, }) - proxyInvalidTCPProxyIncludeAndService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidTCPProxyIncludeAndService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "passthrough.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Include: &contour_api_v1.TCPProxyInclude{ + TCPProxy: &contour_v1.TCPProxy{ + Include: &contour_v1.TCPProxyInclude{ Name: "foo", Namespace: "roots", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -1548,50 +1548,50 @@ func TestDAGStatus(t *testing.T) { run(t, "tcpproxy cannot specify services and include", testcase{ objs: []any{proxyInvalidTCPProxyIncludeAndService, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidTCPProxyIncludeAndService.Name, Namespace: proxyInvalidTCPProxyIncludeAndService.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTCPProxyError, "NoServicesAndInclude", "cannot specify services and include in the same httpproxy"), + WithError(contour_v1.ConditionTypeTCPProxyError, "NoServicesAndInclude", "cannot specify services and include in the same httpproxy"), }, }) - proxyTCPNoServiceOrInclusion := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTCPNoServiceOrInclusion := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "passthrough.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{}, + TCPProxy: &contour_v1.TCPProxy{}, }, } run(t, "tcpproxy empty", testcase{ objs: []any{proxyTCPNoServiceOrInclusion, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyTCPNoServiceOrInclusion.Name, Namespace: proxyTCPNoServiceOrInclusion.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTCPProxyError, "NothingDefined", "either services or inclusion must be specified"), + WithError(contour_v1.ConditionTypeTCPProxyError, "NothingDefined", "either services or inclusion must be specified"), }, }) - proxyTCPIncludesFoo := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTCPIncludesFoo := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "passthrough.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Include: &contour_api_v1.TCPProxyInclude{ + TCPProxy: &contour_v1.TCPProxy{ + Include: &contour_v1.TCPProxyInclude{ Name: "foo", Namespace: fixture.ServiceRootsKuard.Namespace, }, @@ -1601,26 +1601,26 @@ func TestDAGStatus(t *testing.T) { run(t, "tcpproxy w/ missing include", testcase{ objs: []any{proxyTCPIncludesFoo, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyTCPIncludesFoo.Name, Namespace: proxyTCPIncludesFoo.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTCPProxyIncludeError, "IncludeNotFound", "include roots/foo not found"), + WithError(contour_v1.ConditionTypeTCPProxyIncludeError, "IncludeNotFound", "include roots/foo not found"), }, }) - proxyValidTCPRoot := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidTCPRoot := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -1630,21 +1630,21 @@ func TestDAGStatus(t *testing.T) { run(t, "tcpproxy includes another root", testcase{ objs: []any{proxyTCPIncludesFoo, proxyValidTCPRoot, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyTCPIncludesFoo.Name, Namespace: proxyTCPIncludesFoo.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTCPProxyIncludeError, "RootIncludesRoot", fmt.Sprintf("root httpproxy cannot include another root httpproxy (%s/%s)", proxyValidTCPRoot.Namespace, proxyValidTCPRoot.Name)), + WithError(contour_v1.ConditionTypeTCPProxyIncludeError, "RootIncludesRoot", fmt.Sprintf("root httpproxy cannot include another root httpproxy (%s/%s)", proxyValidTCPRoot.Namespace, proxyValidTCPRoot.Name)), {Name: proxyValidTCPRoot.Name, Namespace: proxyValidTCPRoot.Namespace}: fixture.NewValidCondition().Valid(), }, }) - proxyTCPValidChildFoo := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTCPValidChildFoo := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -1654,39 +1654,39 @@ func TestDAGStatus(t *testing.T) { run(t, "tcpproxy includes valid child", testcase{ objs: []any{proxyTCPIncludesFoo, proxyTCPValidChildFoo, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyTCPIncludesFoo.Name, Namespace: proxyTCPIncludesFoo.Namespace}: fixture.NewValidCondition().Valid(), {Name: proxyTCPValidChildFoo.Name, Namespace: proxyTCPValidChildFoo.Namespace}: fixture.NewValidCondition().Valid(), }, }) - proxyInvalidConflictingIncludeConditionsSimple := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidConflictingIncludeConditionsSimple := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -1694,17 +1694,17 @@ func TestDAGStatus(t *testing.T) { }, } - proxyValidBlogTeamA := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidBlogTeamA := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "teama", Name: "blogteama", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceTeamAKuard.Name, Port: 8080, }}, @@ -1712,17 +1712,17 @@ func TestDAGStatus(t *testing.T) { }, } - proxyValidBlogTeamB := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidBlogTeamB := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "teamb", Name: "blogteamb", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: fixture.ServiceTeamBKuard.Name, Port: 8080, }}, @@ -1732,7 +1732,7 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate path conditions on an include", testcase{ objs: []any{proxyInvalidConflictingIncludeConditionsSimple, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceRootsHome, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace}: fixture.NewValidCondition(). Valid(), // Valid since there is a valid include preceding an invalid one. {Name: proxyValidBlogTeamB.Name, Namespace: proxyValidBlogTeamB.Namespace}: fixture.NewValidCondition(). @@ -1741,20 +1741,20 @@ func TestDAGStatus(t *testing.T) { Name: proxyInvalidConflictingIncludeConditionsSimple.Name, Namespace: proxyInvalidConflictingIncludeConditionsSimple.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), + WithError(contour_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), }, }) - proxyIncludeConditionsEmpty := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyIncludeConditionsEmpty := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", }, { @@ -1766,7 +1766,7 @@ func TestDAGStatus(t *testing.T) { run(t, "empty include conditions", testcase{ objs: []any{proxyIncludeConditionsEmpty, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace}: fixture.NewValidCondition(). Valid(), {Name: proxyValidBlogTeamB.Name, Namespace: proxyValidBlogTeamB.Namespace}: fixture.NewValidCondition(). @@ -1779,19 +1779,19 @@ func TestDAGStatus(t *testing.T) { }, }) - proxyIncludeConditionsPrefixRoot := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyIncludeConditionsPrefixRoot := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, }, { @@ -1800,7 +1800,7 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, }}, @@ -1809,7 +1809,7 @@ func TestDAGStatus(t *testing.T) { run(t, "multiple prefix / include conditions", testcase{ objs: []any{proxyIncludeConditionsPrefixRoot, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace}: fixture.NewValidCondition(). Valid(), {Name: proxyValidBlogTeamB.Name, Namespace: proxyValidBlogTeamB.Namespace}: fixture.NewValidCondition(). @@ -1822,39 +1822,39 @@ func TestDAGStatus(t *testing.T) { }, }) - proxyInvalidConflictingIncludeConditions := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidConflictingIncludeConditions := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/somethingelse", }}, }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -1864,7 +1864,7 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate path conditions on an include not consecutive", testcase{ objs: []any{proxyInvalidConflictingIncludeConditions, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceRootsHome, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace}: fixture.NewValidCondition(). Valid(), // Valid since there is a valid include preceding an invalid one. {Name: proxyValidBlogTeamB.Name, Namespace: proxyValidBlogTeamB.Namespace}: fixture.NewValidCondition(). @@ -1873,24 +1873,24 @@ func TestDAGStatus(t *testing.T) { Name: proxyInvalidConflictingIncludeConditions.Name, Namespace: proxyInvalidConflictingIncludeConditions.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), + WithError(contour_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), }, }) - proxyInvalidConflictHeaderConditions := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidConflictHeaderConditions := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -1898,8 +1898,8 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-other-header", Contains: "abc", }, @@ -1907,18 +1907,18 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -1928,7 +1928,7 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate header conditions on an include", testcase{ objs: []any{proxyInvalidConflictHeaderConditions, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceRootsHome, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace, @@ -1943,29 +1943,29 @@ func TestDAGStatus(t *testing.T) { Name: proxyInvalidConflictHeaderConditions.Name, Namespace: proxyInvalidConflictHeaderConditions.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), + WithError(contour_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), }, }) - proxyInvalidDuplicateMultiHeaderConditions := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidDuplicateMultiHeaderConditions := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-another-header", Contains: "abc", }, @@ -1973,29 +1973,29 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-another-header", Contains: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -2005,7 +2005,7 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate header conditions on an include mismatched order", testcase{ objs: []any{proxyInvalidDuplicateMultiHeaderConditions, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceRootsHome, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace, @@ -2020,32 +2020,32 @@ func TestDAGStatus(t *testing.T) { Name: proxyInvalidDuplicateMultiHeaderConditions.Name, Namespace: proxyInvalidDuplicateMultiHeaderConditions.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), + WithError(contour_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), }, }) - proxyInvalidDuplicateIncludeSamePathDiffHeaders := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidDuplicateIncludeSamePathDiffHeaders := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", // First valid header matches on path /foo. - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-another-header", Contains: "abc", }, @@ -2054,10 +2054,10 @@ func TestDAGStatus(t *testing.T) { Name: "blogteamb", Namespace: "teamb", // Second valid header matches on path /foo. - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header-other", Contains: "abc", }, @@ -2066,20 +2066,20 @@ func TestDAGStatus(t *testing.T) { Name: "blogteama", Namespace: "teama", // This match on /foo with same headers as previous should be invalid. - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header-other", Contains: "abc", }, }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -2089,7 +2089,7 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate header conditions on an include with same path", testcase{ objs: []any{proxyInvalidDuplicateIncludeSamePathDiffHeaders, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceRootsHome, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace, @@ -2104,25 +2104,25 @@ func TestDAGStatus(t *testing.T) { Name: proxyInvalidDuplicateMultiHeaderConditions.Name, Namespace: proxyInvalidDuplicateMultiHeaderConditions.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), + WithError(contour_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), }, }) - proxyInvalidDuplicateHeaderAndPathConditions := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidDuplicateHeaderAndPathConditions := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -2130,19 +2130,19 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -2152,7 +2152,7 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate header+path conditions on an include", testcase{ objs: []any{proxyInvalidDuplicateHeaderAndPathConditions, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceRootsHome, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace, @@ -2167,40 +2167,40 @@ func TestDAGStatus(t *testing.T) { Name: proxyInvalidDuplicateHeaderAndPathConditions.Name, Namespace: proxyInvalidDuplicateHeaderAndPathConditions.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), + WithError(contour_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), }, }) - proxyInvalidConflictQueryConditions := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidConflictQueryConditions := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-1", Prefix: "foo", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-2", Exact: "bar", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-3", Exact: "bar", IgnoreCase: true, }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-1", Prefix: "foooo", }, @@ -2208,13 +2208,13 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-1", Prefix: "foo", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-2", Exact: "bar", }, @@ -2222,23 +2222,23 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-2", Exact: "bar", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-1", Prefix: "foo", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-1", Prefix: "foooo", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-3", Exact: "bar", IgnoreCase: true, @@ -2250,12 +2250,12 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate query param conditions on an include", testcase{ objs: []any{proxyInvalidConflictQueryConditions, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceRootsHome, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: proxyInvalidConflictQueryConditions.Name, Namespace: proxyInvalidConflictQueryConditions.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), + WithError(contour_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), { Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace, @@ -2269,25 +2269,25 @@ func TestDAGStatus(t *testing.T) { }, }) - proxyInvalidConflictQueryHeaderConditions := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidConflictQueryHeaderConditions := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "foo", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "bar", }, @@ -2295,13 +2295,13 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "bar", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "foo", }, @@ -2309,13 +2309,13 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param-other", Prefix: "bar", }, }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header-other", Contains: "foo", }, @@ -2326,12 +2326,12 @@ func TestDAGStatus(t *testing.T) { run(t, "duplicate query param+header conditions on an include", testcase{ objs: []any{proxyInvalidConflictQueryHeaderConditions, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceRootsHome, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: proxyInvalidConflictQueryHeaderConditions.Name, Namespace: proxyInvalidConflictQueryHeaderConditions.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), + WithError(contour_v1.ConditionTypeIncludeError, "DuplicateMatchConditions", "duplicate conditions defined on an include"), { Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace, @@ -2345,20 +2345,20 @@ func TestDAGStatus(t *testing.T) { }, }) - proxyValidQueryHeaderConditions := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyValidQueryHeaderConditions := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "foo", }, @@ -2366,8 +2366,8 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "bar", }, @@ -2375,13 +2375,13 @@ func TestDAGStatus(t *testing.T) { }, { Name: "blogteamb", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ - Header: &contour_api_v1.HeaderMatchCondition{ + Conditions: []contour_v1.MatchCondition{{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "foo", }, }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "bar", }, @@ -2392,7 +2392,7 @@ func TestDAGStatus(t *testing.T) { run(t, "query param+header conditions on an include should not be duplicate", testcase{ objs: []any{proxyValidQueryHeaderConditions, proxyValidBlogTeamA, proxyValidBlogTeamB, fixture.ServiceRootsHome, fixture.ServiceTeamAKuard, fixture.ServiceTeamBKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: proxyValidBlogTeamA.Name, Namespace: proxyValidBlogTeamA.Namespace, @@ -2411,16 +2411,16 @@ func TestDAGStatus(t *testing.T) { }, }) - proxyInvalidMissingInclude := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidMissingInclude := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "child", }}, }, @@ -2428,26 +2428,26 @@ func TestDAGStatus(t *testing.T) { run(t, "httpproxy w/ missing include", testcase{ objs: []any{proxyInvalidMissingInclude, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidMissingInclude.Name, Namespace: proxyInvalidMissingInclude.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeIncludeError, "IncludeNotFound", "include roots/child not found"), + WithError(contour_v1.ConditionTypeIncludeError, "IncludeNotFound", "include roots/child not found"), }, }) - proxyTCPInvalidMissingService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTCPInvalidMissingService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "missing-tcp-proxy-service", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: "not-found", Port: 8080, }}, @@ -2457,26 +2457,26 @@ func TestDAGStatus(t *testing.T) { run(t, "httpproxy w/ tcpproxy w/ missing service", testcase{ objs: []any{proxyTCPInvalidMissingService}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyTCPInvalidMissingService.Name, Namespace: proxyTCPInvalidMissingService.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTCPProxyError, "ServiceUnresolvedReference", `Spec.TCPProxy unresolved service reference: service "roots/not-found" not found`), + WithError(contour_v1.ConditionTypeTCPProxyError, "ServiceUnresolvedReference", `Spec.TCPProxy unresolved service reference: service "roots/not-found" not found`), }, }) - proxyTCPInvalidPortNotMatched := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTCPInvalidPortNotMatched := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tcp-proxy-service-missing-port", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 9999, }}, @@ -2486,23 +2486,23 @@ func TestDAGStatus(t *testing.T) { run(t, "httpproxy w/ tcpproxy w/ service missing port", testcase{ objs: []any{proxyTCPInvalidPortNotMatched, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyTCPInvalidPortNotMatched.Name, Namespace: proxyTCPInvalidPortNotMatched.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTCPProxyError, "ServiceUnresolvedReference", `Spec.TCPProxy unresolved service reference: port "9999" on service "roots/kuard" not matched`), + WithError(contour_v1.ConditionTypeTCPProxyError, "ServiceUnresolvedReference", `Spec.TCPProxy unresolved service reference: port "9999" on service "roots/kuard" not matched`), }, }) - proxyTCPInvalidMissingTLS := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTCPInvalidMissingTLS := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "missing-tls", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -2512,31 +2512,31 @@ func TestDAGStatus(t *testing.T) { run(t, "httpproxy w/ tcpproxy missing tls", testcase{ objs: []any{proxyTCPInvalidMissingTLS}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyTCPInvalidMissingTLS.Name, Namespace: proxyTCPInvalidMissingTLS.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTCPProxyError, "TLSMustBeConfigured", "Spec.TCPProxy requires that either Spec.TLS.Passthrough or Spec.TLS.SecretName be set"), + WithError(contour_v1.ConditionTypeTCPProxyError, "TLSMustBeConfigured", "Spec.TCPProxy requires that either Spec.TLS.Passthrough or Spec.TLS.SecretName be set"), }, }) - proxyInvalidMissingServiceWithTCPProxy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidMissingServiceWithTCPProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "missing-route-service", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ {Name: "missing", Port: 9000}, }, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -2546,31 +2546,31 @@ func TestDAGStatus(t *testing.T) { run(t, "httpproxy w/ tcpproxy missing service", testcase{ objs: []any{fixture.SecretRootsCert, fixture.ServiceRootsKuard, proxyInvalidMissingServiceWithTCPProxy}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidMissingServiceWithTCPProxy.Name, Namespace: proxyInvalidMissingServiceWithTCPProxy.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "roots/missing" not found`), + WithError(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: service "roots/missing" not found`), }, }) - proxyRoutePortNotMatchedWithTCP := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRoutePortNotMatchedWithTCP := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "missing-route-service-port", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ {Name: fixture.ServiceRootsKuard.Name, Port: 9999}, }, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -2580,26 +2580,26 @@ func TestDAGStatus(t *testing.T) { run(t, "tcpproxy route unmatched service port", testcase{ objs: []any{fixture.SecretRootsCert, fixture.ServiceRootsKuard, proxyRoutePortNotMatchedWithTCP}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyRoutePortNotMatchedWithTCP.Name, Namespace: proxyRoutePortNotMatchedWithTCP.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: port "9999" on service "roots/kuard" not matched`), + WithError(contour_v1.ConditionTypeServiceError, "ServiceUnresolvedReference", `Spec.Routes unresolved service reference: port "9999" on service "roots/kuard" not matched`), }, }) - proxyTCPValidIncludeChild := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTCPValidIncludeChild := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "validtcpproxy", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Include: &contour_api_v1.TCPProxyInclude{ + TCPProxy: &contour_v1.TCPProxy{ + Include: &contour_v1.TCPProxyInclude{ Name: "child", Namespace: fixture.ServiceRootsKuard.Namespace, }, @@ -2607,20 +2607,20 @@ func TestDAGStatus(t *testing.T) { }, } - proxyTCPValidIncludesChild := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTCPValidIncludesChild := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "validtcpproxy", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - IncludesDeprecated: &contour_api_v1.TCPProxyInclude{ + TCPProxy: &contour_v1.TCPProxy{ + IncludesDeprecated: &contour_v1.TCPProxyInclude{ Name: "child", Namespace: fixture.ServiceRootsKuard.Namespace, }, @@ -2628,14 +2628,14 @@ func TestDAGStatus(t *testing.T) { }, } - proxyTCPValidChild := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyTCPValidChild := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "child", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: fixture.ServiceRootsKuard.Name, Port: 8080, }}, @@ -2645,7 +2645,7 @@ func TestDAGStatus(t *testing.T) { run(t, "valid HTTPProxy.TCPProxy - plural", testcase{ objs: []any{proxyTCPValidIncludesChild, proxyTCPValidChild, fixture.ServiceRootsKuard, fixture.SecretRootsCert}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: proxyTCPValidIncludesChild.Name, Namespace: proxyTCPValidIncludesChild.Namespace, @@ -2659,7 +2659,7 @@ func TestDAGStatus(t *testing.T) { run(t, "valid HTTPProxy.TCPProxy", testcase{ objs: []any{proxyTCPValidIncludeChild, proxyTCPValidChild, fixture.ServiceRootsKuard, fixture.SecretRootsCert}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: proxyTCPValidIncludeChild.Name, Namespace: proxyTCPValidIncludeChild.Namespace, @@ -2672,17 +2672,17 @@ func TestDAGStatus(t *testing.T) { }) // issue 2309 - proxyInvalidNoServices := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyInvalidNoServices := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "missing-service", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "missing-service.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, Services: nil, // missing @@ -2692,30 +2692,30 @@ func TestDAGStatus(t *testing.T) { run(t, "No routeAction specified is invalid", testcase{ objs: []any{proxyInvalidNoServices, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyInvalidNoServices.Name, Namespace: proxyInvalidNoServices.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeRouteError, "RouteActionCountNotValid", "must set exactly one of route.services or route.requestRedirectPolicy or route.directResponsePolicy"), + WithError(contour_v1.ConditionTypeRouteError, "RouteActionCountNotValid", "must set exactly one of route.services or route.requestRedirectPolicy or route.directResponsePolicy"), }, }) - fallbackCertificate := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + fallbackCertificate := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "ssl-cert", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -2723,13 +2723,13 @@ func TestDAGStatus(t *testing.T) { }, } - fallbackCertDelegation := &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + fallbackCertDelegation := &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "non-existing", Name: "fallback-cert-delegation", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{ { SecretName: "non-existing", TargetNamespaces: []string{"roots"}, @@ -2744,12 +2744,12 @@ func TestDAGStatus(t *testing.T) { Namespace: "non-existing", }, objs: []any{fallbackCertificate, fallbackCertDelegation, fixture.SecretRootsFallback, fixture.SecretRootsCert, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: fallbackCertificate.Name, Namespace: fallbackCertificate.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "FallbackNotValid", `Spec.Virtualhost.TLS Secret "non-existing/non-existing" fallback certificate is invalid: Secret not found`), + WithError(contour_v1.ConditionTypeTLSError, "FallbackNotValid", `Spec.Virtualhost.TLS Secret "non-existing/non-existing" fallback certificate is invalid: Secret not found`), }, }) @@ -2759,44 +2759,44 @@ func TestDAGStatus(t *testing.T) { Namespace: "not-delegated", }, objs: []any{fallbackCertificate, fixture.SecretRootsFallback, fixture.SecretRootsCert, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: fallbackCertificate.Name, Namespace: fallbackCertificate.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "FallbackNotDelegated", `Spec.VirtualHost.TLS Secret "not-delegated/not-delegated" is not configured for certificate delegation`), + WithError(contour_v1.ConditionTypeTLSError, "FallbackNotDelegated", `Spec.VirtualHost.TLS Secret "not-delegated/not-delegated" is not configured for certificate delegation`), }, }) run(t, "fallback certificate requested but cert not configured in contour", testcase{ objs: []any{fallbackCertificate, fixture.SecretRootsFallback, fixture.SecretRootsCert, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: fallbackCertificate.Name, Namespace: fallbackCertificate.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "FallbackNotPresent", "Spec.Virtualhost.TLS enabled fallback but the fallback Certificate Secret is not configured in Contour configuration file"), + WithError(contour_v1.ConditionTypeTLSError, "FallbackNotPresent", "Spec.Virtualhost.TLS enabled fallback but the fallback Certificate Secret is not configured in Contour configuration file"), }, }) - fallbackCertificateWithClientValidationNoCA := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + fallbackCertificateWithClientValidationNoCA := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "ssl-cert", - ClientValidation: &contour_api_v1.DownstreamValidation{}, + ClientValidation: &contour_v1.DownstreamValidation{}, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -2806,36 +2806,36 @@ func TestDAGStatus(t *testing.T) { run(t, "clientValidation missing CA", testcase{ objs: []any{fallbackCertificateWithClientValidationNoCA, fixture.SecretRootsFallback, fixture.SecretRootsCert, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: fallbackCertificateWithClientValidationNoCA.Name, Namespace: fallbackCertificateWithClientValidationNoCA.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "ClientValidationInvalid", "Spec.VirtualHost.TLS client validation is invalid: CA Secret must be specified"), + WithError(contour_v1.ConditionTypeTLSError, "ClientValidationInvalid", "Spec.VirtualHost.TLS client validation is invalid: CA Secret must be specified"), }, }) - fallbackCertificateWithClientValidation := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + fallbackCertificateWithClientValidation := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "ssl-cert", EnableFallbackCertificate: true, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "something", }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -2845,56 +2845,56 @@ func TestDAGStatus(t *testing.T) { run(t, "fallback certificate requested and clientValidation also configured", testcase{ objs: []any{fallbackCertificateWithClientValidation, fixture.SecretRootsFallback, fixture.SecretRootsCert, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: fallbackCertificateWithClientValidation.Name, Namespace: fallbackCertificateWithClientValidation.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.Virtualhost.TLS fallback & client validation are incompatible"), + WithError(contour_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.Virtualhost.TLS fallback & client validation are incompatible"), }, }) - tlsPassthroughAndValidation := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + tlsPassthroughAndValidation := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "aCAcert", }, }, }, - TCPProxy: &contour_api_v1.TCPProxy{}, + TCPProxy: &contour_v1.TCPProxy{}, }, } run(t, "passthrough and client auth are incompatible tlsPassthroughAndValidation", testcase{ objs: []any{fixture.SecretRootsCert, tlsPassthroughAndValidation}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: tlsPassthroughAndValidation.Name, Namespace: tlsPassthroughAndValidation.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.VirtualHost.TLS passthrough cannot be combined with tls.clientValidation"), + WithError(contour_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.VirtualHost.TLS passthrough cannot be combined with tls.clientValidation"), }, }) - tlsPassthroughAndSecretName := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + tlsPassthroughAndSecretName := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, SecretName: fixture.SecretRootsCert.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{}, + TCPProxy: &contour_v1.TCPProxy{}, }, } @@ -2903,26 +2903,26 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, tlsPassthroughAndSecretName, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: "invalid", Namespace: fixture.ServiceRootsKuard.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "TLSConfigNotValid", "Spec.VirtualHost.TLS: both Passthrough and SecretName were specified"), + WithError(contour_v1.ConditionTypeTLSError, "TLSConfigNotValid", "Spec.VirtualHost.TLS: both Passthrough and SecretName were specified"), }, }) - tlsNoPassthroughOrSecretName := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + tlsNoPassthroughOrSecretName := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: false, SecretName: "", }, }, - TCPProxy: &contour_api_v1.TCPProxy{}, + TCPProxy: &contour_v1.TCPProxy{}, }, } @@ -2931,19 +2931,19 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, tlsNoPassthroughOrSecretName, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: "invalid", Namespace: fixture.ServiceRootsKuard.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "TLSConfigNotValid", "Spec.VirtualHost.TLS: neither Passthrough nor SecretName were specified"), + WithError(contour_v1.ConditionTypeTLSError, "TLSConfigNotValid", "Spec.VirtualHost.TLS: neither Passthrough nor SecretName were specified"), }, }) - emptyProxy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + emptyProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "empty", Namespace: "roots", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, }, @@ -2951,28 +2951,28 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with no routes, includes, or tcpproxy is invalid", testcase{ objs: []any{emptyProxy}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: emptyProxy.Name, Namespace: emptyProxy.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeSpecError, "NothingDefined", "HTTPProxy.Spec must have at least one Route, Include, or a TCPProxy"), + WithError(contour_v1.ConditionTypeSpecError, "NothingDefined", "HTTPProxy.Spec must have at least one Route, Include, or a TCPProxy"), }, }) - invalidResponseHeadersPolicyService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + invalidResponseHeadersPolicyService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalidRHPService", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ { Name: fixture.ServiceRootsKuard.Name, Port: 8080, - ResponseHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "external.com", }}, @@ -2985,30 +2985,30 @@ func TestDAGStatus(t *testing.T) { run(t, "responseHeadersPolicy, Host header invalid on Service", testcase{ objs: []any{invalidResponseHeadersPolicyService, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: invalidResponseHeadersPolicyService.Name, Namespace: invalidResponseHeadersPolicyService.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeServiceError, "ResponseHeadersPolicyInvalid", `rewriting "Host" header is not supported on response headers`), + WithError(contour_v1.ConditionTypeServiceError, "ResponseHeadersPolicyInvalid", `rewriting "Host" header is not supported on response headers`), }, }) - invalidResponseHeadersPolicyRoute := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + invalidResponseHeadersPolicyRoute := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalidRHPRoute", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ { Name: fixture.ServiceRootsKuard.Name, Port: 8080, }, }, - ResponseHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "external.com", }}, @@ -3019,29 +3019,29 @@ func TestDAGStatus(t *testing.T) { run(t, "responseHeadersPolicy, Host header invalid on Route", testcase{ objs: []any{invalidResponseHeadersPolicyRoute, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: invalidResponseHeadersPolicyRoute.Name, Namespace: invalidResponseHeadersPolicyRoute.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeRouteError, "ResponseHeaderPolicyInvalid", `rewriting "Host" header is not supported on response headers`), + WithError(contour_v1.ConditionTypeRouteError, "ResponseHeaderPolicyInvalid", `rewriting "Host" header is not supported on response headers`), }, }) - duplicateCookieRewritePolicyRoute := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + duplicateCookieRewritePolicyRoute := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalidCRPRoute", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ { Name: fixture.ServiceRootsKuard.Name, Port: 8080, }, }, - CookieRewritePolicies: []contour_api_v1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "a-cookie", Secure: ref.To(true), @@ -3057,27 +3057,27 @@ func TestDAGStatus(t *testing.T) { run(t, "cookieRewritePolicies, duplicate cookie names on route", testcase{ objs: []any{duplicateCookieRewritePolicyRoute, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: duplicateCookieRewritePolicyRoute.Name, Namespace: duplicateCookieRewritePolicyRoute.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", `duplicate cookie rewrite rule for cookie "a-cookie" on route cookie rewrite rules`), + WithError(contour_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", `duplicate cookie rewrite rule for cookie "a-cookie" on route cookie rewrite rules`), }, }) - duplicateCookieRewritePolicyService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + duplicateCookieRewritePolicyService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalidCRPService", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ { Name: fixture.ServiceRootsKuard.Name, Port: 8080, - CookieRewritePolicies: []contour_api_v1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "a-cookie", Secure: ref.To(true), @@ -3095,28 +3095,28 @@ func TestDAGStatus(t *testing.T) { run(t, "cookieRewritePolicies, duplicate cookie names on service", testcase{ objs: []any{duplicateCookieRewritePolicyService, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: duplicateCookieRewritePolicyService.Name, Namespace: duplicateCookieRewritePolicyService.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", `duplicate cookie rewrite rule for cookie "a-cookie" on service cookie rewrite rules`), + WithError(contour_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", `duplicate cookie rewrite rule for cookie "a-cookie" on service cookie rewrite rules`), }, }) - emptyCookieRewritePolicyRoute := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + emptyCookieRewritePolicyRoute := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalidCRPRoute", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - CookieRewritePolicies: []contour_api_v1.CookieRewritePolicy{ + Routes: []contour_v1.Route{{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "a-cookie", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: fixture.ServiceRootsKuard.Name, Port: 8080, @@ -3128,27 +3128,27 @@ func TestDAGStatus(t *testing.T) { run(t, "cookieRewritePolicies, empty cookie rewrite on route", testcase{ objs: []any{emptyCookieRewritePolicyRoute, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: emptyCookieRewritePolicyRoute.Name, Namespace: emptyCookieRewritePolicyRoute.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", `no attributes rewritten for cookie "a-cookie" on route cookie rewrite rules`), + WithError(contour_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", `no attributes rewritten for cookie "a-cookie" on route cookie rewrite rules`), }, }) - emptyCookieRewritePolicyService := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + emptyCookieRewritePolicyService := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalidCRPService", Namespace: fixture.ServiceRootsKuard.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ { Name: fixture.ServiceRootsKuard.Name, Port: 8080, - CookieRewritePolicies: []contour_api_v1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "a-cookie", }, @@ -3161,81 +3161,81 @@ func TestDAGStatus(t *testing.T) { run(t, "cookieRewritePolicies, empty cookie rewrite on service", testcase{ objs: []any{emptyCookieRewritePolicyService, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: emptyCookieRewritePolicyService.Name, Namespace: emptyCookieRewritePolicyService.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", `no attributes rewritten for cookie "a-cookie" on service cookie rewrite rules`), + WithError(contour_v1.ConditionTypeRouteError, "CookieRewritePoliciesInvalid", `no attributes rewritten for cookie "a-cookie" on service cookie rewrite rules`), }, }) proxyAuthFallback := fixture.NewProxy("roots/fallback-incompat"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "invalid.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "ssl-cert", EnableFallbackCertificate: true, }, - Authorization: &contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + Authorization: &contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, }}, }) run(t, "fallback and client auth is invalid", testcase{ objs: []any{fixture.SecretRootsCert, proxyAuthFallback}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: proxyAuthFallback.Name, Namespace: proxyAuthFallback.Namespace}: fixture.NewValidCondition().WithGeneration(proxyAuthFallback.Generation). - WithError(contour_api_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.Virtualhost.TLS fallback & client authorization are incompatible"), + WithError(contour_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.Virtualhost.TLS fallback & client authorization are incompatible"), }, }) proxyAuthHTTP := fixture.NewProxy("roots/http"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "invalid.com", - Authorization: &contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + Authorization: &contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, }}, }) run(t, "plain HTTP vhost and client auth is invalid", testcase{ objs: []any{fixture.SecretRootsCert, proxyAuthHTTP}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(proxyAuthHTTP): fixture.NewValidCondition().WithGeneration(proxyAuthHTTP.Generation). - WithError(contour_api_v1.ConditionTypeAuthError, "AuthNotPermitted", "Spec.VirtualHost.Authorization.ExtensionServiceRef can only be defined for root HTTPProxies that terminate TLS"), + WithError(contour_v1.ConditionTypeAuthError, "AuthNotPermitted", "Spec.VirtualHost.Authorization.ExtensionServiceRef can only be defined for root HTTPProxies that terminate TLS"), }, }) - invalidResponseTimeout := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + invalidResponseTimeout := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: fixture.ServiceRootsKuard.Namespace, Name: "invalid-timeouts", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: fixture.ServiceRootsKuard.Name, }, }, - TimeoutPolicy: &contour_api_v1.TimeoutPolicy{ + TimeoutPolicy: &contour_v1.TimeoutPolicy{ Response: "invalid-val", }, }, @@ -3245,32 +3245,32 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with invalid response timeout value is invalid", testcase{ objs: []any{invalidResponseTimeout, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: invalidResponseTimeout.Name, Namespace: invalidResponseTimeout.Namespace, - }: fixture.NewValidCondition().WithError(contour_api_v1.ConditionTypeRouteError, "TimeoutPolicyNotValid", + }: fixture.NewValidCondition().WithError(contour_v1.ConditionTypeRouteError, "TimeoutPolicyNotValid", `route.timeoutPolicy failed to parse: error parsing response timeout: unable to parse timeout string "invalid-val": time: invalid duration "invalid-val"`), }, }) - invalidIdleTimeout := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + invalidIdleTimeout := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: fixture.ServiceRootsKuard.Namespace, Name: "invalid-timeouts", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: fixture.ServiceRootsKuard.Name, }, }, - TimeoutPolicy: &contour_api_v1.TimeoutPolicy{ + TimeoutPolicy: &contour_v1.TimeoutPolicy{ Idle: "invalid-val", }, }, @@ -3280,35 +3280,35 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with invalid idle timeout value is invalid", testcase{ objs: []any{invalidIdleTimeout, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: invalidIdleTimeout.Name, Namespace: invalidIdleTimeout.Namespace, - }: fixture.NewValidCondition().WithError(contour_api_v1.ConditionTypeRouteError, "TimeoutPolicyNotValid", + }: fixture.NewValidCondition().WithError(contour_v1.ConditionTypeRouteError, "TimeoutPolicyNotValid", `route.timeoutPolicy failed to parse: error parsing idle timeout: unable to parse timeout string "invalid-val": time: invalid duration "invalid-val"`), }, }) // issue 3197: Fallback and passthrough HTTPProxy directive should emit a config error - tlsPassthroughAndFallback := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + tlsPassthroughAndFallback := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", Generation: 24, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - TLS: &contour_api_v1.TLS{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + TLS: &contour_v1.TLS{ Passthrough: true, EnableFallbackCertificate: true, }, Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3318,33 +3318,33 @@ func TestDAGStatus(t *testing.T) { run(t, "TLS with passthrough and fallback cert enabled is invalid", testcase{ objs: []any{tlsPassthroughAndFallback, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: tlsPassthroughAndFallback.Name, Namespace: tlsPassthroughAndFallback.Namespace}: fixture.NewValidCondition(). WithGeneration(tlsPassthroughAndFallback.Generation).WithError( - contour_api_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", + contour_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", `Spec.VirtualHost.TLS: both Passthrough and enableFallbackCertificate were specified`, ), }, }) - tlsPassthrough := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + tlsPassthrough := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", Generation: 24, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - TLS: &contour_api_v1.TLS{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + TLS: &contour_v1.TLS{ Passthrough: true, EnableFallbackCertificate: false, }, Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3354,31 +3354,31 @@ func TestDAGStatus(t *testing.T) { run(t, "valid TLS passthrough", testcase{ objs: []any{tlsPassthrough, fixture.ServiceRootsHome}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: tlsPassthrough.Name, Namespace: tlsPassthrough.Namespace}: fixture.NewValidCondition(). WithGeneration(tlsPassthrough.Generation). Valid(), }, }) - multipleRouteAction := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + multipleRouteAction := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "multipleRouteAction", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, - DirectResponsePolicy: &contour_api_v1.HTTPDirectResponsePolicy{ + DirectResponsePolicy: &contour_v1.HTTPDirectResponsePolicy{ StatusCode: 200, Body: "success", }, @@ -3387,29 +3387,29 @@ func TestDAGStatus(t *testing.T) { } run(t, "Selecting more than one routeAction is invalid", testcase{ objs: []any{multipleRouteAction}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: multipleRouteAction.Name, Namespace: multipleRouteAction.Namespace}: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeRouteError, "RouteActionCountNotValid", + WithError(contour_v1.ConditionTypeRouteError, "RouteActionCountNotValid", "must set exactly one of route.services or route.requestRedirectPolicy or route.directResponsePolicy"), }, }) - invalidAllowOrigin := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + invalidAllowOrigin := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: fixture.ServiceRootsKuard.Namespace, Name: "invalid-alloworigin", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"example-2.com", "**"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: fixture.ServiceRootsKuard.Name, Port: 8080, @@ -3422,32 +3422,32 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy with invalid allow origin is invalid", testcase{ objs: []any{invalidAllowOrigin, fixture.ServiceRootsKuard}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: invalidAllowOrigin.Name, Namespace: invalidAllowOrigin.Namespace, - }: fixture.NewValidCondition().WithError(contour_api_v1.ConditionTypeCORSError, "PolicyDidNotParse", + }: fixture.NewValidCondition().WithError(contour_v1.ConditionTypeCORSError, "PolicyDidNotParse", `Spec.VirtualHost.CORSPolicy: invalid allowed origin "**": allowed origin is invalid exact match and invalid regex match`), }, }) - jwtVerificationValidProxy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationValidProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-valid-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Issuer: "jwt.example.com", Audiences: []string{"foo", "bar"}, - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "10s", CacheDuration: "1h", @@ -3455,13 +3455,13 @@ func TestDAGStatus(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, - Conditions: []contour_api_v1.MatchCondition{{ + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3476,43 +3476,43 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationValidProxy): fixture.NewValidCondition().Valid(), }, }) - jwtVerificationDuplicateProviders := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationDuplicateProviders := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-duplicate-provider-names", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", }, }, { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3527,50 +3527,50 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationDuplicateProviders): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "DuplicateProviderName", "Spec.VirtualHost.JWTProviders is invalid: duplicate name provider-1", ), }, }) - jwtVerificationMultipleDefaults := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationMultipleDefaults := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-multiple-defaults", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Default: true, - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", }, }, { Name: "provider-2", Default: true, - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3585,42 +3585,42 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationMultipleDefaults): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "MultipleDefaultProvidersSpecified", "Spec.VirtualHost.JWTProviders is invalid: at most one provider can be set as the default", ), }, }) - jwtVerificationInvalidRemoteJWKSURI := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationInvalidRemoteJWKSURI := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-invalid-remote-jwks-uri", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: ":/invalid-uri", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3635,42 +3635,42 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationInvalidRemoteJWKSURI): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSURIInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.URI is invalid: parse \":/invalid-uri\": missing protocol scheme", ), }, }) - jwtVerificationInvalidRemoteJWKSScheme := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationInvalidRemoteJWKSScheme := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-invalid-remote-jwks-scheme", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "ftp://jwt.example.com/jwks.json", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3685,43 +3685,43 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationInvalidRemoteJWKSScheme): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSSchemeInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.URI has invalid scheme \"ftp\", must be http or https", ), }, }) - jwtVerificationInvalidRemoteJWKSTimeout := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationInvalidRemoteJWKSTimeout := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-invalid-remote-jwks-timeout", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "http://jwt.example.com/jwks.json", Timeout: "invalid-timeout-string", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3736,43 +3736,43 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationInvalidRemoteJWKSTimeout): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSTimeoutInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.Timeout is invalid: time: invalid duration \"invalid-timeout-string\"", ), }, }) - jwtVerificationInvalidRemoteJWKSCacheDuration := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationInvalidRemoteJWKSCacheDuration := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-invalid-remote-jwks-cache-duration", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "http://jwt.example.com/jwks.json", CacheDuration: "invalid-duration-string", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3787,43 +3787,43 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationInvalidRemoteJWKSCacheDuration): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSCacheDurationInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.CacheDuration is invalid: time: invalid duration \"invalid-duration-string\"", ), }, }) - jwtVerificationInvalidRemoteJWKSDNSLookupFamily := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationInvalidRemoteJWKSDNSLookupFamily := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-invalid-remote-jwks-dns-lookup-family", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "http://jwt.example.com/jwks.json", DNSLookupFamily: "v7", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3838,38 +3838,38 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationInvalidRemoteJWKSDNSLookupFamily): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSDNSLookupFamilyInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.DNSLookupFamily has an invalid value \"v7\", must be auto, all, v4 or v6", ), }, }) - jwtVerificationNoProvidersRouteHasRef := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationNoProvidersRouteHasRef := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-no-providers-route-has-ref", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, }, }, }, @@ -3881,43 +3881,43 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationNoProvidersRouteHasRef): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "JWTProviderNotDefined", "Route references an undefined JWT provider \"provider-1\"", ), }, }) - jwtVerificationRouteReferencesNonexistentProvider := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationRouteReferencesNonexistentProvider := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-route-references-nonexistent-provider", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "http://jwt.example.com/jwks.json", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "nonexistent-provider"}, - Conditions: []contour_api_v1.MatchCondition{{ + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "nonexistent-provider"}, + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3932,40 +3932,40 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationRouteReferencesNonexistentProvider): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "JWTProviderNotDefined", "Route references an undefined JWT provider \"nonexistent-provider\"", ), }, }) - jwtVerificationInvalidTLSNotConfigured := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationInvalidTLSNotConfigured := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-invalid-tls-not-configured", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, - Conditions: []contour_api_v1.MatchCondition{{ + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -3979,43 +3979,43 @@ func TestDAGStatus(t *testing.T) { jwtVerificationInvalidTLSNotConfigured, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationInvalidTLSNotConfigured): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "JWTVerificationNotPermitted", "Spec.VirtualHost.JWTProviders can only be defined for root HTTPProxies that terminate TLS", ), }, }) - jwtVerificationInvalidTLSPassthroughConfigured := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationInvalidTLSPassthroughConfigured := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-invalid-tls-passthrough-configured", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, - Conditions: []contour_api_v1.MatchCondition{{ + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4029,43 +4029,43 @@ func TestDAGStatus(t *testing.T) { jwtVerificationInvalidTLSPassthroughConfigured, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationInvalidTLSPassthroughConfigured): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "JWTVerificationNotPermitted", "Spec.VirtualHost.JWTProviders can only be defined for root HTTPProxies that terminate TLS", ), }, }) - jwtVerificationInvalidTLSFallbackConfigured := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationInvalidTLSFallbackConfigured := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-invalid-tls-fallback-configured", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ EnableFallbackCertificate: true, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, - Conditions: []contour_api_v1.MatchCondition{{ + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4079,46 +4079,46 @@ func TestDAGStatus(t *testing.T) { jwtVerificationInvalidTLSFallbackConfigured, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationInvalidTLSFallbackConfigured): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "JWTVerificationNotPermitted", "Spec.VirtualHost.JWTProviders can only be defined for root HTTPProxies that terminate TLS", ), }, }) - jwtVerificationInvalidRequireAndDisabledSpecified := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationInvalidRequireAndDisabledSpecified := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-invalid-require-and-disabled-specified", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", }, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{ + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{ Require: "provider-1", Disabled: true, }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4133,33 +4133,33 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationInvalidRequireAndDisabledSpecified): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "InvalidJWTVerificationPolicy", "route's JWT verification policy cannot specify both require and disabled", ), }, }) - jwtVerificationUpstreamValidationForHTTPJWKS := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationUpstreamValidationForHTTPJWKS := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-upstream-validation-for-http-jwks", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "http://jwt.example.com/jwks.json", - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "foo", SubjectName: "jwt.example.com", }, @@ -4167,15 +4167,15 @@ func TestDAGStatus(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{ + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{ Require: "provider-1", }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4190,33 +4190,33 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationUpstreamValidationForHTTPJWKS): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSUpstreamValidationInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.UpstreamValidation must not be specified when URI scheme is http.", ), }, }) - jwtVerificationUpstreamValidationCACertDoesNotExist := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationUpstreamValidationCACertDoesNotExist := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-upstream-validation-cacert-does-not-exist", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "nonexistent", SubjectName: "jwt.example.com", }, @@ -4224,15 +4224,15 @@ func TestDAGStatus(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{ + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{ Require: "provider-1", }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4247,41 +4247,41 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationUpstreamValidationCACertDoesNotExist): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSUpstreamValidationInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.UpstreamValidation is invalid: invalid CA Secret \"roots/nonexistent\": Secret not found", ), }, }) - jwksInvalidCACert := &v1.Secret{ + jwksInvalidCACert := &core_v1.Secret{ ObjectMeta: fixture.ObjectMeta("roots/cacert"), - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ "wrong-key": []byte(fixture.CERTIFICATE), }, } - jwtVerificationUpstreamValidationCACertInvalid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationUpstreamValidationCACertInvalid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-upstream-validation-cacert-invalid", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "cacert", SubjectName: "jwt.example.com", }, @@ -4289,15 +4289,15 @@ func TestDAGStatus(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{ + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{ Require: "provider-1", }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4313,40 +4313,40 @@ func TestDAGStatus(t *testing.T) { fixture.ServiceRootsHome, jwksInvalidCACert, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationUpstreamValidationCACertInvalid): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSUpstreamValidationInvalid", "Spec.VirtualHost.JWTProviders.RemoteJWKS.UpstreamValidation is invalid: invalid CA Secret \"roots/cacert\": empty \"ca.crt\" key", ), }, }) - jwksCACertDifferentNamespace := &v1.Secret{ + jwksCACertDifferentNamespace := &core_v1.Secret{ ObjectMeta: fixture.ObjectMeta("default/cacert"), Data: map[string][]byte{ "ca.crt": []byte(fixture.CERTIFICATE), }, } - jwtVerificationUpstreamValidationCACertNotDelegated := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + jwtVerificationUpstreamValidationCACertNotDelegated := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "jwt-verification-upstream-validation-cacert-not-delegated", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: fixture.SecretRootsCert.Name, }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "default/cacert", SubjectName: "jwt.example.com", }, @@ -4354,15 +4354,15 @@ func TestDAGStatus(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{ + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{ Require: "provider-1", }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4378,41 +4378,41 @@ func TestDAGStatus(t *testing.T) { fixture.ServiceRootsHome, jwksCACertDifferentNamespace, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(jwtVerificationUpstreamValidationCACertNotDelegated): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeJWTVerificationError, + contour_v1.ConditionTypeJWTVerificationError, "RemoteJWKSCACertificateNotDelegated", "Spec.VirtualHost.JWTProviders.RemoteJWKS.UpstreamValidation.CACertificate Secret \"default/cacert\" is not configured for certificate delegation", ), }, }) - ipFilterVirtualHostValidProxy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ipFilterVirtualHostValidProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "ip-filter-valid-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - IPAllowFilterPolicy: []contour_api_v1.IPFilterPolicy{ + IPAllowFilterPolicy: []contour_v1.IPFilterPolicy{ { - Source: contour_api_v1.IPFilterSourcePeer, + Source: contour_v1.IPFilterSourcePeer, CIDR: "10.8.8.8/0", }, { - Source: contour_api_v1.IPFilterSourceRemote, + Source: contour_v1.IPFilterSourceRemote, CIDR: "10.8.8.8/0", }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4426,34 +4426,34 @@ func TestDAGStatus(t *testing.T) { ipFilterVirtualHostValidProxy, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(ipFilterVirtualHostValidProxy): fixture.NewValidCondition().Valid(), }, }) - ipFilterVirtualHostAllowAndDenyInvalidProxy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ipFilterVirtualHostAllowAndDenyInvalidProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "ip-filter-invalid-allow-and-deny-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - IPAllowFilterPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourcePeer, + IPAllowFilterPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourcePeer, CIDR: "10.8.8.8/0", }}, - IPDenyFilterPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourceRemote, + IPDenyFilterPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourceRemote, CIDR: "10.8.8.8/0", }}, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4467,35 +4467,35 @@ func TestDAGStatus(t *testing.T) { ipFilterVirtualHostAllowAndDenyInvalidProxy, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(ipFilterVirtualHostAllowAndDenyInvalidProxy): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeIPFilterError, + contour_v1.ConditionTypeIPFilterError, "IncompatibleIPAddressFilters", "Spec.VirtualHost.IPAllowFilterPolicy and Spec.VirtualHost.IPDepnyFilterPolicy cannot both be defined.", ), }, }) - ipFilterVirtualHostFilterRulesInvalidProxy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ipFilterVirtualHostFilterRulesInvalidProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "ip-filter-invalid-filter-rules-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - IPAllowFilterPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourcePeer, + IPAllowFilterPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourcePeer, CIDR: "abcd", }}, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4509,24 +4509,24 @@ func TestDAGStatus(t *testing.T) { ipFilterVirtualHostFilterRulesInvalidProxy, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(ipFilterVirtualHostFilterRulesInvalidProxy): { - Condition: contour_api_v1.Condition{ - Type: contour_api_v1.ValidConditionType, - Status: contour_api_v1.ConditionFalse, + Condition: contour_v1.Condition{ + Type: contour_v1.ValidConditionType, + Status: contour_v1.ConditionFalse, Reason: "ErrorPresent", Message: "At least one error present, see Errors for details", }, - Errors: []contour_api_v1.SubCondition{ + Errors: []contour_v1.SubCondition{ { - Type: contour_api_v1.ConditionTypeIPFilterError, - Status: contour_api_v1.ConditionTrue, + Type: contour_v1.ConditionTypeIPFilterError, + Status: contour_v1.ConditionTrue, Reason: "InvalidCIDR", Message: "abcd failed to parse: invalid CIDR address: abcd/32", }, { - Type: contour_api_v1.ConditionTypeIPFilterError, - Status: contour_api_v1.ConditionTrue, + Type: contour_v1.ConditionTypeIPFilterError, + Status: contour_v1.ConditionTrue, Reason: "IPFilterPolicyNotValid", Message: "Spec.VirtualHost.IPAllowFilterPolicy or Spec.VirtualHost.IPDenyFilterPolicy is invalid: invalid CIDR address: abcd/32", }, @@ -4536,20 +4536,20 @@ func TestDAGStatus(t *testing.T) { }) // proxyWithInvalidSlowStartWindow is invalid because it has invalid window size syntax. - proxyWithInvalidSlowStartWindow := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWithInvalidSlowStartWindow := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "slow-start-invalid-window", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, - SlowStartPolicy: &contour_api_v1.SlowStartPolicy{ + SlowStartPolicy: &contour_v1.SlowStartPolicy{ Window: "invalid", }, }}, @@ -4558,20 +4558,20 @@ func TestDAGStatus(t *testing.T) { } // proxyWithInvalidSlowStartAggression is invalid because it has invalid aggression syntax. - proxyWithInvalidSlowStartAggression := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWithInvalidSlowStartAggression := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "slow-start-invalid-aggression", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, - SlowStartPolicy: &contour_api_v1.SlowStartPolicy{ + SlowStartPolicy: &contour_v1.SlowStartPolicy{ Window: "5s", Aggression: "invalid", }, @@ -4581,23 +4581,23 @@ func TestDAGStatus(t *testing.T) { } // proxyWithInvalidSlowStartLBStrategy is invalid because route has LB strategy that does not support slow start. - proxyWithInvalidSlowStartLBStrategy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWithInvalidSlowStartLBStrategy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "slow-start-invalid-lb-strategy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + Routes: []contour_v1.Route{{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: LoadBalancerPolicyCookie, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, - SlowStartPolicy: &contour_api_v1.SlowStartPolicy{ + SlowStartPolicy: &contour_v1.SlowStartPolicy{ Window: "5s", }, }}, @@ -4610,10 +4610,10 @@ func TestDAGStatus(t *testing.T) { proxyWithInvalidSlowStartWindow, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(proxyWithInvalidSlowStartWindow): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeServiceError, + contour_v1.ConditionTypeServiceError, "SlowStartInvalid", "error parsing window: time: invalid duration \"invalid\" on slow start", ), @@ -4625,10 +4625,10 @@ func TestDAGStatus(t *testing.T) { proxyWithInvalidSlowStartAggression, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(proxyWithInvalidSlowStartAggression): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeServiceError, + contour_v1.ConditionTypeServiceError, "SlowStartInvalid", "error parsing aggression: \"invalid\" is not a decimal number on slow start", ), @@ -4640,10 +4640,10 @@ func TestDAGStatus(t *testing.T) { proxyWithInvalidSlowStartLBStrategy, fixture.ServiceRootsHome, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(proxyWithInvalidSlowStartLBStrategy): fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeServiceError, + contour_v1.ConditionTypeServiceError, "SlowStartInvalid", "slow start is only supported with RoundRobin or WeightedLeastRequest load balancer strategy", ), @@ -4651,24 +4651,24 @@ func TestDAGStatus(t *testing.T) { }) // Invalid, Regex is in include match condition block - proxyRegexIncludeInvalid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRegexIncludeInvalid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "regex include invalid", Generation: 1, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "regex-invalid.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "subproxy1", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Regex: "/.*/foo", }}, }, { Name: "subproxy2", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/bar", }}, }}, @@ -4676,42 +4676,42 @@ func TestDAGStatus(t *testing.T) { } // Valid regex proxy with regex in the sub proxy. - proxyRegexIncludeValid := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRegexIncludeValid := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "regex include valid", Generation: 1, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "regex-valid.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "subproxy1", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, }, { Name: "subproxy2", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/bar", }}, }}, }, } - Subproxy1Regex := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + Subproxy1Regex := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "subproxy1", Generation: 1, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Regex: "/.*baz", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "foo1", Port: 8080, }}, @@ -4719,15 +4719,15 @@ func TestDAGStatus(t *testing.T) { }, } - Subproxy2Regex := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + Subproxy2Regex := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "subproxy2", Generation: 1, }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "foo2", Port: 8080, }}, @@ -4737,7 +4737,7 @@ func TestDAGStatus(t *testing.T) { run(t, "proxy has regex in the includes block, should be invalid", testcase{ objs: []any{proxyRegexIncludeInvalid, proxyRegexIncludeValid, Subproxy1Regex, Subproxy2Regex, fixture.ServiceRootsFoo1, fixture.ServiceRootsFoo2}, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: Subproxy1Regex.Name, Namespace: Subproxy1Regex.Namespace}: fixture.NewValidCondition(). WithGeneration(Subproxy1Regex.Generation). Valid(), @@ -4746,7 +4746,7 @@ func TestDAGStatus(t *testing.T) { Valid(), {Name: proxyRegexIncludeInvalid.Name, Namespace: proxyRegexIncludeInvalid.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyRegexIncludeInvalid.Generation). - WithError(contour_api_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", `include: regex conditions are not allowed in includes block`), + WithError(contour_v1.ConditionTypeIncludeError, "PathMatchConditionsNotValid", `include: regex conditions are not allowed in includes block`), {Name: proxyRegexIncludeValid.Name, Namespace: proxyRegexIncludeValid.Namespace}: fixture.NewValidCondition(). WithGeneration(proxyRegexIncludeValid.Generation). Valid(), @@ -4756,7 +4756,7 @@ func TestDAGStatus(t *testing.T) { run(t, "HTTPProxy cannot attach to a Gateway with >1 HTTP Listener", testcase{ objs: []any{ &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -4786,32 +4786,32 @@ func TestDAGStatus(t *testing.T) { }, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "roots", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "kuard-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.projectcontour.io", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "kuard", Port: 8080, @@ -4822,10 +4822,10 @@ func TestDAGStatus(t *testing.T) { }, }, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Namespace: "roots", Name: "kuard-proxy"}: fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeListenerError, + contour_v1.ConditionTypeListenerError, "ErrorIdentifyingListener", "more than one HTTP listener configured", ), @@ -4835,7 +4835,7 @@ func TestDAGStatus(t *testing.T) { run(t, "HTTPProxy cannot attach to a Gateway with no HTTP Listener", testcase{ objs: []any{ &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, @@ -4858,32 +4858,32 @@ func TestDAGStatus(t *testing.T) { }, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "roots", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "kuard-proxy", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.projectcontour.io", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "kuard", Port: 8080, @@ -4894,36 +4894,36 @@ func TestDAGStatus(t *testing.T) { }, }, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Namespace: "roots", Name: "kuard-proxy"}: fixture.NewValidCondition(). WithError( - contour_api_v1.ConditionTypeListenerError, + contour_v1.ConditionTypeListenerError, "ErrorIdentifyingListener", "no HTTP listener configured", ), }, }) - clientValidationWithDelegatedCA := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + clientValidationWithDelegatedCA := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "ssl-cert", - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "delegated/delegated", }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -4936,12 +4936,12 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, clientValidationWithDelegatedCA, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: fallbackCertificate.Name, Namespace: fallbackCertificate.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "DelegationNotPermitted", `Spec.VirtualHost.TLS CA Secret "delegated/delegated" is invalid: Certificate delegation not permitted`), + WithError(contour_v1.ConditionTypeTLSError, "DelegationNotPermitted", `Spec.VirtualHost.TLS CA Secret "delegated/delegated" is invalid: Certificate delegation not permitted`), }, }) @@ -4949,13 +4949,13 @@ func TestDAGStatus(t *testing.T) { objs: []any{ fixture.SecretRootsCert, clientValidationWithDelegatedCA, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "delegated", Name: "ca-cert-delegation", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{ { SecretName: "delegated", TargetNamespaces: []string{"roots"}, @@ -4964,36 +4964,36 @@ func TestDAGStatus(t *testing.T) { }, }, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: fallbackCertificate.Name, Namespace: fallbackCertificate.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "ClientValidationInvalid", `Spec.VirtualHost.TLS client validation is invalid: invalid CA Secret "delegated/delegated": Secret not found`), + WithError(contour_v1.ConditionTypeTLSError, "ClientValidationInvalid", `Spec.VirtualHost.TLS client validation is invalid: invalid CA Secret "delegated/delegated": Secret not found`), }, }) - clientValidationWithDelegatedCRL := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + clientValidationWithDelegatedCRL := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "ssl-cert", - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "ca-cert", CertificateRevocationList: "delegated/delegated", }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -5001,12 +5001,12 @@ func TestDAGStatus(t *testing.T) { }, } - caCertSecret := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + caCertSecret := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "ca-cert", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ "ca.crt": []byte(fixture.CERTIFICATE), }, @@ -5018,12 +5018,12 @@ func TestDAGStatus(t *testing.T) { caCertSecret, clientValidationWithDelegatedCRL, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: fallbackCertificate.Name, Namespace: fallbackCertificate.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "DelegationNotPermitted", `Spec.VirtualHost.TLS CRL Secret "delegated/delegated" is invalid: Certificate delegation not permitted`), + WithError(contour_v1.ConditionTypeTLSError, "DelegationNotPermitted", `Spec.VirtualHost.TLS CRL Secret "delegated/delegated" is invalid: Certificate delegation not permitted`), }, }) @@ -5032,13 +5032,13 @@ func TestDAGStatus(t *testing.T) { fixture.SecretRootsCert, caCertSecret, clientValidationWithDelegatedCRL, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "delegated", Name: "crl-cert-delegation", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{ { SecretName: "delegated", TargetNamespaces: []string{"roots"}, @@ -5047,36 +5047,36 @@ func TestDAGStatus(t *testing.T) { }, }, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ { Name: fallbackCertificate.Name, Namespace: fallbackCertificate.Namespace, }: fixture.NewValidCondition(). - WithError(contour_api_v1.ConditionTypeTLSError, "ClientValidationInvalid", `Spec.VirtualHost.TLS client validation is invalid: invalid CRL Secret "delegated/delegated": Secret not found`), + WithError(contour_v1.ConditionTypeTLSError, "ClientValidationInvalid", `Spec.VirtualHost.TLS client validation is invalid: invalid CRL Secret "delegated/delegated": Secret not found`), }, }) - clientValidationWithDelegatedCAandCRL := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + clientValidationWithDelegatedCAandCRL := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "ssl-cert", - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "delegated/delegated", CertificateRevocationList: "delegated/delegated", }, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -5084,12 +5084,12 @@ func TestDAGStatus(t *testing.T) { }, } - caCertCRLSecret := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + caCertCRLSecret := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "delegated", Name: "delegated", }, - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ CACertificateKey: []byte(fixture.CERTIFICATE), CRLKey: []byte(fixture.CRL), @@ -5102,13 +5102,13 @@ func TestDAGStatus(t *testing.T) { fixture.ServiceRootsHome, clientValidationWithDelegatedCAandCRL, caCertCRLSecret, - &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "delegated", Name: "ca-crl-cert-delegation", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{ { SecretName: "delegated", TargetNamespaces: []string{"roots"}, @@ -5117,31 +5117,31 @@ func TestDAGStatus(t *testing.T) { }, }, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ k8s.NamespacedNameOf(clientValidationWithDelegatedCAandCRL): fixture.NewValidCondition().Valid(), }, }) - tlsProtocolVersion := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + tlsProtocolVersion := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "roots", Name: "example", Generation: 24, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ - TLS: &contour_api_v1.TLS{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ + TLS: &contour_v1.TLS{ MinimumProtocolVersion: "1.3", MaximumProtocolVersion: "1.2", SecretName: fixture.SecretRootsCert.Name, }, Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "home", Port: 8080, }}, @@ -5156,11 +5156,11 @@ func TestDAGStatus(t *testing.T) { fixture.ServiceRootsHome, fixture.SecretRootsCert, }, - want: map[types.NamespacedName]contour_api_v1.DetailedCondition{ + want: map[types.NamespacedName]contour_v1.DetailedCondition{ {Name: tlsProtocolVersion.Name, Namespace: tlsProtocolVersion.Namespace}: fixture.NewValidCondition(). WithGeneration(tlsProtocolVersion.Generation). WithError( - contour_api_v1.ConditionTypeTLSError, "TLSConfigNotValid", + contour_v1.ConditionTypeTLSError, "TLSConfigNotValid", `Spec.Virtualhost.TLS the minimum protocol version is greater than the maximum protocol version`, ), }, @@ -5205,11 +5205,11 @@ func validGatewayStatusUpdate(listenerName string, listenerProtocol gatewayapi_v return []*status.GatewayStatusUpdate{ { FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayReasonProgrammed), Message: status.MessageValidGateway, }, @@ -5243,18 +5243,18 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RootNamespaces: []string{"roots", "marketing"}, FieldLogger: fixture.NewTestLogger(t), gatewayclass: &gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "test-gc", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -5276,7 +5276,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { // Set a default gateway if not defined by a test if tc.gateway == nil { builder.Source.gateway = &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -5304,7 +5304,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { gotGatewayUpdates := dag.StatusCache.GetGatewayUpdates() ops := []cmp.Option{ - cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime"), + cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "GatewayRef"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "Generation"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "TransitionTime"), @@ -5312,7 +5312,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "ExistingConditions"), cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "Generation"), cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "TransitionTime"), - cmpopts.SortSlices(func(i, j metav1.Condition) bool { + cmpopts.SortSlices(func(i, j meta_v1.Condition) bool { return i.Message < j.Message }), cmpopts.SortSlices(func(i, j *status.RouteStatusUpdate) bool { @@ -5341,53 +5341,53 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }) } - kuardService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - kuardService2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard2", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - kuardService3 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService3 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard3", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - kuardService4 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService4 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard4", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080, protoK8sH2C)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080, protoK8sH2C)}, }, } - kuardService5 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService5 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard5", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{ makeServicePort("wss", "TCP", 8444, 8444, "kubernetes.io/wss"), }, }, @@ -5397,7 +5397,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5420,7 +5420,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), }, @@ -5434,7 +5434,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5468,7 +5468,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{{ ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), }, @@ -5481,7 +5481,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5499,7 +5499,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic-2", Namespace: "default", }, @@ -5523,7 +5523,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), }, @@ -5535,7 +5535,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), }, @@ -5550,7 +5550,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5578,12 +5578,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeAcceptedHTTPRouteCondition(), routeResolvedRefsCondition(), { Type: string(status.ConditionValidMatches), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(status.ReasonInvalidPathMatch), Message: "Match.Path.Value must start with '/'.", }, @@ -5597,7 +5597,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5625,12 +5625,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), { Type: string(status.ConditionValidMatches), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(status.ReasonInvalidPathMatch), Message: "Match.Path.Value must start with '/'.", }, @@ -5645,7 +5645,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5668,12 +5668,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), { Type: string(status.ConditionValidMatches), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(status.ReasonInvalidPathMatch), Message: "Match.Path.Value is invalid for RegularExpression match type.", }, @@ -5688,7 +5688,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5716,12 +5716,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), { Type: string(status.ConditionValidMatches), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(status.ReasonInvalidPathMatch), Message: "Match.Path.Value must not contain consecutive '/' characters.", }, @@ -5736,7 +5736,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5764,12 +5764,12 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), { Type: string(status.ConditionValidMatches), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(status.ReasonInvalidPathMatch), Message: "Match.Path.Value must not contain consecutive '/' characters.", }, @@ -5784,7 +5784,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5812,7 +5812,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.PathMatch: Only Prefix match type, Exact match type and RegularExpression match type are supported."), }, @@ -5826,7 +5826,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5861,7 +5861,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.Matches.Headers: Only Exact match type and RegularExpression match type are supported"), }, @@ -5875,7 +5875,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5910,7 +5910,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.Matches.Headers: Invalid value for RegularExpression match type is specified"), }, @@ -5924,7 +5924,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -5959,11 +5959,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.RouteReasonAccepted), Message: "Accepted HTTPRoute", }, @@ -5978,7 +5978,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -6013,7 +6013,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.Matches.QueryParams: Invalid value for RegularExpression match type is specified"), }, @@ -6027,7 +6027,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -6062,7 +6062,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.Matches.QueryParams: Only Exact and RegularExpression match types are supported"), }, @@ -6076,7 +6076,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -6108,7 +6108,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "Spec.Rules.BackendRef.Name must be specified"), routeAcceptedHTTPRouteCondition(), }, @@ -6122,7 +6122,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "spec.rules.backendRef.serviceName invalid on two matches", testcase{ objs: []any{ &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -6158,7 +6158,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(gatewayapi_v1.RouteReasonBackendNotFound, "service \"invalid-one\" is invalid: service \"default/invalid-one\" not found, service \"invalid-two\" is invalid: service \"default/invalid-two\" not found"), routeAcceptedHTTPRouteCondition(), }, @@ -6173,7 +6173,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -6205,7 +6205,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "Spec.Rules.BackendRef.Port must be specified"), routeAcceptedHTTPRouteCondition(), }, @@ -6220,7 +6220,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -6242,7 +6242,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified."), routeAcceptedHTTPRouteCondition(), }, @@ -6256,7 +6256,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -6290,7 +6290,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( gatewayapi_v1.RouteConditionReason(gatewayapi_v1.ListenerReasonRefNotPermitted), "Spec.Rules.BackendRef.Namespace must match the route's namespace or be covered by a ReferenceGrant"), @@ -6306,7 +6306,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { // BEGIN TLS CertificateRef + ReferenceGrant tests run(t, "Gateway references TLS cert in different namespace, with valid ReferenceGrant", testcase{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -6331,16 +6331,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, objs: []any{ - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "tls-cert-namespace", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-policy", Namespace: "tls-cert-namespace", }, @@ -6361,7 +6361,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Gateway references TLS cert in different namespace, with no ReferenceGrant", testcase{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -6386,22 +6386,22 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, objs: []any{ - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "tls-cert-namespace", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -6419,17 +6419,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonRefNotPermitted), Message: "Spec.VirtualHost.TLS.CertificateRefs \"secret\" namespace must match the Gateway's namespace or be covered by a ReferenceGrant", }, @@ -6441,7 +6441,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Gateway references TLS cert in different namespace, with valid ReferenceGrant (secret-specific)", testcase{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -6466,16 +6466,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, objs: []any{ - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "tls-cert-namespace", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-policy", Namespace: "tls-cert-namespace", }, @@ -6497,7 +6497,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Gateway references TLS cert in different namespace, with invalid ReferenceGrant (policy in wrong namespace)", testcase{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -6522,16 +6522,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, objs: []any{ - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "tls-cert-namespace", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-policy", Namespace: "wrong-namespace", }, @@ -6549,11 +6549,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -6571,17 +6571,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonRefNotPermitted), Message: "Spec.VirtualHost.TLS.CertificateRefs \"secret\" namespace must match the Gateway's namespace or be covered by a ReferenceGrant", }, @@ -6593,7 +6593,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Gateway references TLS cert in different namespace, with invalid ReferenceGrant (wrong From namespace)", testcase{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -6618,16 +6618,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, objs: []any{ - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "tls-cert-namespace", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-policy", Namespace: "tls-cert-namespace", }, @@ -6645,11 +6645,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -6667,17 +6667,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonRefNotPermitted), Message: "Spec.VirtualHost.TLS.CertificateRefs \"secret\" namespace must match the Gateway's namespace or be covered by a ReferenceGrant", }, @@ -6689,7 +6689,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Gateway references TLS cert in different namespace, with invalid ReferenceGrant (wrong From kind)", testcase{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -6714,16 +6714,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, objs: []any{ - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "tls-cert-namespace", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-policy", Namespace: "tls-cert-namespace", }, @@ -6741,11 +6741,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -6763,17 +6763,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonRefNotPermitted), Message: "Spec.VirtualHost.TLS.CertificateRefs \"secret\" namespace must match the Gateway's namespace or be covered by a ReferenceGrant", }, @@ -6785,7 +6785,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Gateway references TLS cert in different namespace, with invalid ReferenceGrant (wrong To kind)", testcase{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -6810,16 +6810,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, objs: []any{ - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "tls-cert-namespace", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-policy", Namespace: "tls-cert-namespace", }, @@ -6837,11 +6837,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -6859,17 +6859,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonRefNotPermitted), Message: "Spec.VirtualHost.TLS.CertificateRefs \"secret\" namespace must match the Gateway's namespace or be covered by a ReferenceGrant", }, @@ -6881,7 +6881,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Gateway references TLS cert in different namespace, with invalid ReferenceGrant (wrong secret name)", testcase{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -6906,16 +6906,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, objs: []any{ - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "tls-cert-namespace", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), }, &gatewayapi_v1beta1.ReferenceGrant{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert-reference-policy", Namespace: "tls-cert-namespace", }, @@ -6934,11 +6934,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -6956,17 +6956,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonRefNotPermitted), Message: "Spec.VirtualHost.TLS.CertificateRefs \"secret\" namespace must match the Gateway's namespace or be covered by a ReferenceGrant", }, @@ -6982,7 +6982,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7004,13 +7004,13 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( status.ReasonDegraded, "invalid hostname \"*.*.projectcontour.io\": [a wildcard DNS-1123 subdomain must start with '*.', followed by a valid DNS subdomain, which must consist of lower case alphanumeric characters, '-' or '.' and end with an alphanumeric character (e.g. '*.example.com', regex used for validation is '\\*\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]"), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingListenerHostname), Message: "No intersecting hostnames were found between the listener and the route.", }, @@ -7025,7 +7025,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7047,13 +7047,13 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( status.ReasonDegraded, "invalid hostname \"#projectcontour.io\": [a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]"), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingListenerHostname), Message: "No intersecting hostnames were found between the listener and the route.", }, @@ -7068,7 +7068,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7090,11 +7090,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "invalid hostname \"1.2.3.4\": must be a DNS name, not an IP address"), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingListenerHostname), Message: "No intersecting hostnames were found between the listener and the route.", }, @@ -7109,7 +7109,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7126,7 +7126,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -7162,7 +7162,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), }, @@ -7172,11 +7172,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{ { FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayReasonProgrammed), Message: status.MessageValidGateway, }, @@ -7221,7 +7221,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7238,7 +7238,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -7274,11 +7274,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingListenerHostname), Message: "No intersecting hostnames were found between the listener and the route.", }, @@ -7289,11 +7289,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{ { FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayReasonProgrammed), Message: status.MessageValidGateway, }, @@ -7338,7 +7338,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7355,7 +7355,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -7380,11 +7380,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "nonexistent", 0), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingParent), Message: "No listeners match this parent ref", }, @@ -7395,11 +7395,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{ { FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayReasonProgrammed), Message: status.MessageValidGateway, }, @@ -7429,7 +7429,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7446,7 +7446,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -7471,11 +7471,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "", 443), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingParent), Message: "No listeners match this parent ref", }, @@ -7486,11 +7486,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{ { FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayReasonProgrammed), Message: status.MessageValidGateway, }, @@ -7520,7 +7520,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7536,7 +7536,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic-2", Namespace: "default", }, @@ -7552,7 +7552,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic-3", Namespace: "default", }, @@ -7569,7 +7569,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -7595,11 +7595,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "nonexistent", 80), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingParent), Message: "No listeners match this parent ref", }, @@ -7612,11 +7612,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 443), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingParent), Message: "No listeners match this parent ref", }, @@ -7629,7 +7629,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 80), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), }, @@ -7640,11 +7640,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{ { FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayReasonProgrammed), Message: status.MessageValidGateway, }, @@ -7674,7 +7674,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7691,7 +7691,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -7717,16 +7717,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 81), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.RouteConditionResolvedRefs), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonBackendNotFound), Message: "service \"invalid\" is invalid: service \"default/invalid\" not found", }, { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingParent), Message: "No listeners match this parent ref", }, @@ -7744,7 +7744,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { kuardService2, kuardService3, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7780,7 +7780,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), }, @@ -7795,7 +7795,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { kuardService, kuardService2, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7828,7 +7828,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "Spec.Rules.Filters.RequestMirror.BackendRef.Name must be specified"), routeAcceptedHTTPRouteCondition(), }, @@ -7844,7 +7844,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { kuardService, kuardService2, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7877,7 +7877,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "Spec.Rules.Filters.RequestMirror.BackendRef.Port must be specified"), routeAcceptedHTTPRouteCondition(), }, @@ -7893,7 +7893,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { kuardService, kuardService2, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7941,7 +7941,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( gatewayapi_v1.RouteReasonBackendNotFound, "service \"invalid-one\" is invalid: service \"default/invalid-one\" not found, service \"invalid-two\" is invalid: service \"default/invalid-two\" not found"), @@ -7959,7 +7959,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { kuardService, kuardService2, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -7994,7 +7994,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( gatewayapi_v1.RouteConditionReason(gatewayapi_v1.ListenerReasonRefNotPermitted), "Spec.Rules.Filters.RequestMirror.BackendRef.Namespace must match the route's namespace or be covered by a ReferenceGrant"), @@ -8011,7 +8011,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -8043,7 +8043,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.BackendRef.Filters: Only RequestHeaderModifier and ResponseHeaderModifier type is supported."), routeResolvedRefsCondition(), }, @@ -8058,7 +8058,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -8089,7 +8089,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.Filters.URLRewrite.Path.Type: invalid type \"custom\": only ReplacePrefixMatch and ReplaceFullPath are supported."), }, @@ -8104,7 +8104,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -8136,7 +8136,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "duplicate header addition: \"Custom\" on request headers"), routeAcceptedHTTPRouteCondition(), }, @@ -8151,7 +8151,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -8188,7 +8188,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( status.ReasonDegraded, "invalid set header \"!invalid-Header\": [a valid HTTP header must consist of alphanumeric characters or '-' (e.g. 'X-Header-Name', regex used for validation is '[-A-Za-z0-9]+')] on request headers"), @@ -8205,7 +8205,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -8237,7 +8237,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "duplicate header addition: \"Custom\" on response headers"), routeAcceptedHTTPRouteCondition(), }, @@ -8252,7 +8252,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -8289,7 +8289,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( status.ReasonDegraded, "invalid set header \"!invalid-Header\": [a valid HTTP header must consist of alphanumeric characters or '-' (e.g. 'X-Header-Name', regex used for validation is '[-A-Za-z0-9]+')] on response headers"), @@ -8306,7 +8306,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -8332,7 +8332,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.Filters: invalid type \"custom-filter\": only RequestHeaderModifier, ResponseHeaderModifier, RequestRedirect, RequestMirror and URLRewrite are supported."), }, @@ -8346,7 +8346,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "gateway.spec.addresses results in invalid gateway", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8368,11 +8368,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonAddressNotAssigned), Message: "None of the addresses in Spec.Addresses have been assigned to the Gateway", }, @@ -8399,7 +8399,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "invalid allowedroutes API group results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8424,11 +8424,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -8437,17 +8437,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { "http": { Name: "http", SupportedKinds: nil, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalidRouteKinds), Message: "Group \"invalid-group\" is not supported, group must be \"gateway.networking.k8s.io\"", }, @@ -8460,7 +8460,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "invalid allowedroutes API kind results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8482,11 +8482,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -8495,17 +8495,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { "http": { Name: "http", SupportedKinds: nil, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalidRouteKinds), Message: "Kind \"FooRoute\" is not supported, kind must be \"HTTPRoute\", \"TLSRoute\", \"GRPCRoute\" or \"TCPRoute\"", }, @@ -8518,7 +8518,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "allowedroute of TLSRoute on a non-TLS listener results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8540,11 +8540,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -8553,17 +8553,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { "http": { Name: "http", SupportedKinds: nil, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalidRouteKinds), Message: "TLSRoutes are incompatible with listener protocol \"HTTP\"", }, @@ -8576,7 +8576,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "TLS certificate ref to a non-secret on an HTTPS listener results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8604,11 +8604,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -8626,17 +8626,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalidCertificateRef), Message: "Spec.VirtualHost.TLS.CertificateRefs \"foo\" must contain a reference to a core.Secret", }, @@ -8649,7 +8649,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "nonexistent TLS certificate ref on an HTTPS listener results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8673,11 +8673,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -8695,17 +8695,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalidCertificateRef), Message: "Spec.VirtualHost.TLS.CertificateRefs \"nonexistent-secret\" referent is invalid: Secret not found", }, @@ -8718,7 +8718,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "invalid listener protocol results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8737,11 +8737,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -8750,16 +8750,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { "http": { Name: "http", SupportedKinds: nil, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, { Type: string(gatewayapi_v1.ListenerConditionAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonUnsupportedProtocol), Message: "Listener protocol \"invalid\" is unsupported, must be one of HTTP, HTTPS, TLS, TCP or projectcontour.io/https", }, @@ -8773,7 +8773,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTPS listener without TLS defined results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8792,11 +8792,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -8814,10 +8814,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Listener.TLS is required when protocol is \"HTTPS\".", }, @@ -8832,7 +8832,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "TLS listener without TLS defined results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8851,11 +8851,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -8873,10 +8873,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "TCPRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Listener.TLS is required when protocol is \"TLS\".", }, @@ -8891,7 +8891,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "TLS Passthrough listener with a TLS certificate ref defined results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8916,11 +8916,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -8938,10 +8938,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "TCPRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Listener.TLS.CertificateRefs cannot be defined when Listener.TLS.Mode is \"Passthrough\".", }, @@ -8956,7 +8956,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "TLS listener with TLS.Mode=Terminate without a certificate ref results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -8978,11 +8978,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -9000,10 +9000,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "TCPRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalid), Message: "Listener.TLS.CertificateRefs must contain exactly one entry", }, @@ -9018,7 +9018,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTPS listener with TLS.Mode=Passthrough results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -9040,11 +9040,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -9062,10 +9062,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Listener.TLS.Mode must be \"Terminate\" when protocol is \"HTTPS\".", }, @@ -9080,7 +9080,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Listener with FromNamespaces=Selector, no selector specified", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -9102,11 +9102,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -9124,10 +9124,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Listener.AllowedRoutes.Namespaces.Selector is required when Listener.AllowedRoutes.Namespaces.From is set to \"Selector\".", }, @@ -9142,7 +9142,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Listener with FromNamespaces=Selector, invalid selector (can't specify values with Exists operator)", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -9155,10 +9155,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{ - MatchExpressions: []metav1.LabelSelectorRequirement{{ + Selector: &meta_v1.LabelSelector{ + MatchExpressions: []meta_v1.LabelSelectorRequirement{{ Key: "something", - Operator: metav1.LabelSelectorOpExists, + Operator: meta_v1.LabelSelectorOpExists, Values: []string{"error"}, }}, }, @@ -9170,11 +9170,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -9192,10 +9192,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Error parsing Listener.AllowedRoutes.Namespaces.Selector: values: Invalid value: []string{\"error\"}: values set must be empty for exists and does not exist.", }, @@ -9210,7 +9210,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Listener with FromNamespaces=Selector, invalid selector (must specify MatchLabels and/or MatchExpressions)", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -9223,7 +9223,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), - Selector: &metav1.LabelSelector{}, + Selector: &meta_v1.LabelSelector{}, }, }, }, @@ -9232,11 +9232,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -9254,10 +9254,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Kind: "GRPCRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Listener.AllowedRoutes.Namespaces.Selector must specify at least one MatchLabel or MatchExpression.", }, @@ -9273,7 +9273,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService4, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9298,7 +9298,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedHTTPRouteCondition(), }, @@ -9312,7 +9312,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService5, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9337,7 +9337,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(gatewayapi_v1.RouteReasonUnsupportedProtocol, "AppProtocol: \"kubernetes.io/wss\" is unsupported"), routeAcceptedHTTPRouteCondition(), }, @@ -9351,7 +9351,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9368,7 +9368,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, }, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -9393,10 +9393,10 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 80), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1beta1.RouteReasonNotAllowedByListeners), Message: "No listeners included by this parent ref allowed this attachment.", }, @@ -9408,11 +9408,11 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{ { FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -9421,16 +9421,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { "listener-1": { Name: gatewayapi_v1beta1.SectionName("listener-1"), AttachedRoutes: int32(0), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalidRouteKinds), Message: "Kind \"FooRoute\" is not supported, kind must be \"HTTPRoute\", \"TLSRoute\", \"GRPCRoute\" or \"TCPRoute\"", }, { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalid), Message: "Invalid listener, see other listener conditions for details", }, @@ -9446,7 +9446,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9476,7 +9476,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.Timeouts.BackendRequest is not supported, use HTTPRoute.Spec.Rules.Timeouts.Request instead"), }, @@ -9491,7 +9491,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9519,7 +9519,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.Timeouts.BackendRequest is not supported, use HTTPRoute.Spec.Rules.Timeouts.Request instead"), }, @@ -9533,7 +9533,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9558,7 +9558,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedFalse(gatewayapi_v1.RouteReasonUnsupportedValue, "invalid HTTPRoute.Spec.Rules.Timeouts.Request: unable to parse timeout string \"invalid\": time: invalid duration \"invalid\""), }, @@ -9587,18 +9587,18 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { FieldLogger: fixture.NewTestLogger(t), gateway: tc.gateway, gatewayclass: &gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "test-gc", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -9627,7 +9627,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { gotGatewayUpdates := dag.StatusCache.GetGatewayUpdates() ops := []cmp.Option{ - cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime"), + cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "GatewayRef"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "Generation"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "TransitionTime"), @@ -9635,7 +9635,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "ExistingConditions"), cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "Generation"), cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "TransitionTime"), - cmpopts.SortSlices(func(i, j metav1.Condition) bool { + cmpopts.SortSlices(func(i, j meta_v1.Condition) bool { return i.Message < j.Message }), } @@ -9662,7 +9662,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { } gw := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -9683,13 +9683,13 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, } - kuardService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } @@ -9698,7 +9698,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9727,11 +9727,11 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "Spec.Rules.BackendRef.Name must be specified"), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.RouteReasonAccepted), Message: "Accepted TLSRoute", }, @@ -9746,7 +9746,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { gateway: gw, objs: []any{ &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9769,13 +9769,13 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( gatewayapi_v1.RouteReasonBackendNotFound, "service \"invalid-one\" is invalid: service \"default/invalid-one\" not found, service \"invalid-two\" is invalid: service \"default/invalid-two\" not found"), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.RouteReasonAccepted), Message: "Accepted TLSRoute", }, @@ -9791,7 +9791,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9820,11 +9820,11 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "Spec.Rules.BackendRef.Port must be specified"), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.RouteReasonAccepted), Message: "Accepted TLSRoute", }, @@ -9840,7 +9840,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9862,11 +9862,11 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified."), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.RouteReasonAccepted), Message: "Accepted TLSRoute", }, @@ -9882,7 +9882,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9904,13 +9904,13 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( status.ReasonDegraded, "invalid hostname \"*.*.projectcontour.io\": [a wildcard DNS-1123 subdomain must start with '*.', followed by a valid DNS subdomain, which must consist of lower case alphanumeric characters, '-' or '.' and end with an alphanumeric character (e.g. '*.example.com', regex used for validation is '\\*\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]"), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingListenerHostname), Message: "No intersecting hostnames were found between the listener and the route.", }, @@ -9926,7 +9926,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9948,13 +9948,13 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( status.ReasonDegraded, "invalid hostname \"#projectcontour.io\": [a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]"), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingListenerHostname), Message: "No intersecting hostnames were found between the listener and the route.", }, @@ -9970,7 +9970,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -9992,11 +9992,11 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "invalid hostname \"1.2.3.4\": must be a DNS name, not an IP address"), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingListenerHostname), Message: "No intersecting hostnames were found between the listener and the route.", }, @@ -10012,7 +10012,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10034,17 +10034,17 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(status.ConditionValidBackendRefs), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(status.ReasonAllBackendRefsHaveZeroWeights), Message: "At least one Spec.Rules.BackendRef must have a non-zero weight.", }, routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.RouteReasonAccepted), Message: "Accepted TLSRoute", }, @@ -10060,7 +10060,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10083,16 +10083,16 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef(gw.Namespace, gw.Name, "tls-passthrough", 444), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.RouteConditionResolvedRefs), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonBackendNotFound), Message: "service \"invalid-one\" is invalid: service \"default/invalid-one\" not found", }, { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingParent), Message: "No listeners match this parent ref", }, @@ -10105,7 +10105,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { run(t, "TLS Listener with invalid TLS mode", testcase{ gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -10128,7 +10128,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10150,11 +10150,11 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef(gw.Namespace, gw.Name, "tls", 443), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingParent), Message: "No listeners match this parent ref", }, @@ -10164,11 +10164,11 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }}, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -10186,10 +10186,10 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { Kind: "TCPRoute", }, }, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: `Listener.TLS.Mode must be "Terminate" or "Passthrough".`, }, @@ -10220,18 +10220,18 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RootNamespaces: []string{"roots", "marketing"}, FieldLogger: fixture.NewTestLogger(t), gatewayclass: &gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "test-gc", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -10253,7 +10253,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { // Set a default gateway if not defined by a test if tc.gateway == nil { builder.Source.gateway = &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -10280,7 +10280,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { gotGatewayUpdates := dag.StatusCache.GetGatewayUpdates() ops := []cmp.Option{ - cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime"), + cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "GatewayRef"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "Generation"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "TransitionTime"), @@ -10288,7 +10288,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "ExistingConditions"), cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "Generation"), cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "TransitionTime"), - cmpopts.SortSlices(func(i, j metav1.Condition) bool { + cmpopts.SortSlices(func(i, j meta_v1.Condition) bool { return i.Message < j.Message }), cmpopts.SortSlices(func(i, j *status.RouteStatusUpdate) bool { @@ -10317,33 +10317,33 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }) } - kuardService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - kuardService2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard2", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - kuardService3 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService3 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard3", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } @@ -10351,7 +10351,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10376,7 +10376,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedGRPCRouteCondition(), }, @@ -10390,7 +10390,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10416,11 +10416,11 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonUnsupportedValue), Message: "GRPCRoute.Spec.Rules.Matches.Method: Only Exact match type is supported.", }, @@ -10435,7 +10435,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10460,11 +10460,11 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(status.ReasonInvalidMethodMatch), Message: "GRPCRoute.Spec.Rules.Matches.Method: Both Service and Method need be configured.", }, @@ -10479,7 +10479,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10504,11 +10504,11 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(status.ReasonInvalidMethodMatch), Message: "GRPCRoute.Spec.Rules.Matches.Method: Both Service and Method need be configured.", }, @@ -10523,7 +10523,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10559,11 +10559,11 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonUnsupportedValue), Message: "GRPCRoute.Spec.Rules.Matches.Headers: Only Exact match type and RegularExpression match type are supported", }, @@ -10578,7 +10578,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10614,11 +10614,11 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonUnsupportedValue), Message: "GRPCRoute.Spec.Rules.Matches.Headers: Invalid value for RegularExpression match type is specified", }, @@ -10633,7 +10633,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10667,7 +10667,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "duplicate header addition: \"Custom\" on request headers"), routeAcceptedGRPCRouteCondition(), }, @@ -10682,7 +10682,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10715,7 +10715,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( status.ReasonDegraded, "invalid add header \"!invalid-Header\": [a valid HTTP header must consist of alphanumeric characters or '-' (e.g. 'X-Header-Name', regex used for validation is '[-A-Za-z0-9]+')] on response headers"), @@ -10734,7 +10734,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { kuardService2, kuardService3, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10772,7 +10772,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), routeAcceptedGRPCRouteCondition(), }, @@ -10787,7 +10787,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { kuardService, kuardService2, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10822,7 +10822,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "Spec.Rules.Filters.RequestMirror.BackendRef.Name must be specified"), routeAcceptedGRPCRouteCondition(), }, @@ -10837,7 +10837,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10865,11 +10865,11 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonUnsupportedValue), Message: "GRPCRoute.Spec.Rules.Filters: invalid type \"custom-filter\": only RequestHeaderModifier, ResponseHeaderModifier and RequestMirror are supported.", }, @@ -10885,7 +10885,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10912,7 +10912,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified."), routeAcceptedGRPCRouteCondition(), }, @@ -10926,7 +10926,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -10954,16 +10954,16 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "http", 900), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.RouteConditionResolvedRefs), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonBackendNotFound), Message: "service \"invalid\" is invalid: service \"default/invalid\" not found", }, { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.RouteReasonNoMatchingParent), Message: "No listeners match this parent ref", }, @@ -10978,7 +10978,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -11020,7 +11020,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "duplicate header addition: \"Custom\" on request headers"), routeAcceptedGRPCRouteCondition(), }, @@ -11035,7 +11035,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -11074,7 +11074,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse( status.ReasonDegraded, "invalid set header \"!invalid-Header\": [a valid HTTP header must consist of alphanumeric characters or '-' (e.g. 'X-Header-Name', regex used for validation is '[-A-Za-z0-9]+')] on response headers"), @@ -11105,18 +11105,18 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { RootNamespaces: []string{"roots", "marketing"}, FieldLogger: fixture.NewTestLogger(t), gatewayclass: &gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "test-gc", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -11138,7 +11138,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { // Set a default gateway if not defined by a test if tc.gateway == nil { builder.Source.gateway = &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -11165,7 +11165,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { gotGatewayUpdates := dag.StatusCache.GetGatewayUpdates() ops := []cmp.Option{ - cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime"), + cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "GatewayRef"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "Generation"), cmpopts.IgnoreFields(status.RouteStatusUpdate{}, "TransitionTime"), @@ -11173,7 +11173,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "ExistingConditions"), cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "Generation"), cmpopts.IgnoreFields(status.GatewayStatusUpdate{}, "TransitionTime"), - cmpopts.SortSlices(func(i, j metav1.Condition) bool { + cmpopts.SortSlices(func(i, j meta_v1.Condition) bool { return i.Message < j.Message }), cmpopts.SortSlices(func(i, j *status.RouteStatusUpdate) bool { @@ -11202,30 +11202,30 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { }) } - kuardService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } - kuardService2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + kuardService2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard2", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("http", "TCP", 8080, 8080)}, }, } run(t, "allowedroute of TCPRoute on a non-TCP listener results in a listener condition", testcase{ objs: []any{}, gateway: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -11247,11 +11247,11 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { }, wantGatewayStatusUpdate: []*status.GatewayStatusUpdate{{ FullName: types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, - Conditions: map[gatewayapi_v1.GatewayConditionType]metav1.Condition{ + Conditions: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionAccepted: gatewayAcceptedCondition(), gatewayapi_v1.GatewayConditionProgrammed: { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayReasonListenersNotValid), Message: "Listeners are not valid", }, @@ -11260,17 +11260,17 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { "http": { Name: "http", SupportedKinds: nil, - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "Invalid", Message: "Invalid listener, see other listener conditions for details", }, listenerAcceptedCondition(), { Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalidRouteKinds), Message: "TCPRoutes are incompatible with listener protocol \"HTTP\"", }, @@ -11285,7 +11285,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { kuardService, kuardService2, &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -11309,11 +11309,11 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), { Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "InvalidRouteRules", Message: "TCPRoute must have only a single rule defined", }, @@ -11327,7 +11327,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -11346,7 +11346,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified."), routeAcceptedTCPRouteCondition(), }, @@ -11359,7 +11359,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -11380,7 +11380,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ resolvedRefsFalse(gatewayapi_v1.RouteReasonBackendNotFound, `service "nonexistent" is invalid: service "default/nonexistent" not found`), routeAcceptedTCPRouteCondition(), }, @@ -11407,18 +11407,18 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { RootNamespaces: []string{"roots", "marketing"}, FieldLogger: fixture.NewTestLogger(t), gatewayclass: &gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ + TypeMeta: meta_v1.TypeMeta{}, + ObjectMeta: meta_v1.ObjectMeta{ Name: "test-gc", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -11440,7 +11440,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { // Set a default gateway if not defined by a test if tc.gateway == nil { builder.Source.gateway = &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -11467,12 +11467,12 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { gotBackendTLSPolicyUpdates := dag.StatusCache.GetBackendTLSPolicyUpdates() ops := []cmp.Option{ - cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime"), + cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime"), cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "GatewayRef"), cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "Generation"), cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "TransitionTime"), cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "Resource"), - cmpopts.SortSlices(func(i, j metav1.Condition) bool { + cmpopts.SortSlices(func(i, j meta_v1.Condition) bool { return i.Message < j.Message }), cmpopts.SortSlices(func(i, j *status.BackendTLSPolicyStatusUpdate) bool { @@ -11497,18 +11497,18 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { }) } - tlsService := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + tlsService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlssvc", Namespace: "projectcontour", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{makeServicePort("https", "TCP", 443, 8443)}, + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{makeServicePort("https", "TCP", 443, 8443)}, }, } - configMapCert1 := &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + configMapCert1 := &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: "projectcontour", }, @@ -11523,7 +11523,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { configMapCert1, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -11549,10 +11549,10 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1alpha2.PolicyReasonAccepted), Message: "Accepted BackendTLSPolicy", }, @@ -11568,7 +11568,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { configMapCert1, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -11598,7 +11598,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { configMapCert1, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -11624,10 +11624,10 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), Message: "BackendTLSPolicy.Spec.TLS.CACertRef.Kind \"Invalid\" is unsupported. Only ConfigMap or Secret Kind is supported.", }, @@ -11642,7 +11642,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { tlsService, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -11668,10 +11668,10 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), Message: "Could not find CACertRef ConfigMap: projectcontour/missing", }, @@ -11686,7 +11686,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { tlsService, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -11712,10 +11712,10 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), Message: "Could not find CACertRef Secret: projectcontour/missing", }, @@ -11731,7 +11731,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { configMapCert1, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -11767,10 +11767,10 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), Message: "BackendTLSPolicy.Spec.TLS.CACertRef.Kind \"Invalid\" is unsupported. Only ConfigMap or Secret Kind is supported., Could not find CACertRef ConfigMap: projectcontour/missing", }, @@ -11786,7 +11786,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { configMapCert1, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -11809,10 +11809,10 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), Message: "BackendTLSPolicy.Spec.TLS.WellKnownCACerts is unsupported.", }, @@ -11828,7 +11828,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { configMapCert1, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -11854,10 +11854,10 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), Message: "BackendTLSPolicy.Spec.TLS.Hostname \"-bad-hostname.example.com\" is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", }, @@ -11873,7 +11873,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { configMapCert1, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -11899,10 +11899,10 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), Message: "BackendTLSPolicy.Spec.TLS.Hostname \"*.example.com\" is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", }, @@ -11918,7 +11918,7 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { configMapCert1, makeHTTPRoute("basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "tlssvc", 443, 1)), &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, @@ -11944,10 +11944,10 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1alpha2.PolicyReasonInvalid), Message: "BackendTLSPolicy.Spec.TLS.Hostname \"127.0.0.1\" is invalid. Hostname must be a valid RFC 1123 fully qualified domain name. Wildcard domains and numeric IP addresses are not allowed", }, @@ -11958,89 +11958,89 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { }) } -func gatewayAcceptedCondition() metav1.Condition { - return metav1.Condition{ +func gatewayAcceptedCondition() meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayReasonAccepted), Message: "Gateway is accepted", } } -func routeResolvedRefsCondition() metav1.Condition { - return metav1.Condition{ +func routeResolvedRefsCondition() meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1.RouteConditionResolvedRefs), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.RouteReasonResolvedRefs), Message: "References resolved", } } -func routeAcceptedHTTPRouteCondition() metav1.Condition { - return metav1.Condition{ +func routeAcceptedHTTPRouteCondition() meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.RouteReasonAccepted), Message: "Accepted HTTPRoute", } } -func routeAcceptedFalse(reason gatewayapi_v1.RouteConditionReason, message string) metav1.Condition { - return metav1.Condition{ +func routeAcceptedFalse(reason gatewayapi_v1.RouteConditionReason, message string) meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: string(reason), Message: message, } } -func routeAcceptedGRPCRouteCondition() metav1.Condition { - return metav1.Condition{ +func routeAcceptedGRPCRouteCondition() meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.RouteReasonAccepted), Message: "Accepted GRPCRoute", } } -func routeAcceptedTCPRouteCondition() metav1.Condition { - return metav1.Condition{ +func routeAcceptedTCPRouteCondition() meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1.RouteConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1.RouteReasonAccepted), Message: "Accepted TCPRoute", } } -func listenerProgrammedCondition() metav1.Condition { - return metav1.Condition{ +func listenerProgrammedCondition() meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonProgrammed), Message: "Valid listener", } } -func listenerAcceptedCondition() metav1.Condition { - return metav1.Condition{ +func listenerAcceptedCondition() meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1.ListenerConditionAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonAccepted), Message: "Listener accepted", } } -func listenerResolvedRefsCondition() metav1.Condition { - return metav1.Condition{ +func listenerResolvedRefsCondition() meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1.ListenerConditionResolvedRefs), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonResolvedRefs), Message: "Listener references resolved", } } -func listenerValidConditions() []metav1.Condition { - return []metav1.Condition{ +func listenerValidConditions() []meta_v1.Condition { + return []meta_v1.Condition{ listenerProgrammedCondition(), listenerAcceptedCondition(), listenerResolvedRefsCondition(), diff --git a/internal/debug/debug_test.go b/internal/debug/debug_test.go index 0a93e01ddef..4398c169523 100644 --- a/internal/debug/debug_test.go +++ b/internal/debug/debug_test.go @@ -18,9 +18,10 @@ package debug_test import ( "testing" - "github.com/projectcontour/contour/internal/debug" "github.com/stretchr/testify/require" "sigs.k8s.io/controller-runtime/pkg/manager" + + "github.com/projectcontour/contour/internal/debug" ) func TestDebugServiceNotRequireLeaderElection(t *testing.T) { diff --git a/internal/debug/dot_test.go b/internal/debug/dot_test.go index a622899c286..e7d961b5ae5 100644 --- a/internal/debug/dot_test.go +++ b/internal/debug/dot_test.go @@ -18,11 +18,12 @@ import ( "regexp" "testing" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/debug/mocks" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/debug/mocks" ) func TestWriteDotEscapesLabels(t *testing.T) { @@ -126,7 +127,7 @@ func newTestService() *dag.Service { Weight: 1, ServiceName: "testService", ServiceNamespace: "projectcontour", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 8080, diff --git a/internal/envoy/bootstrap.go b/internal/envoy/bootstrap.go index 19721071d6b..c268c0fdc4f 100644 --- a/internal/envoy/bootstrap.go +++ b/internal/envoy/bootstrap.go @@ -20,9 +20,10 @@ import ( "net" "os" - "github.com/projectcontour/contour/pkg/config" "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/proto" + + "github.com/projectcontour/contour/pkg/config" ) // SDSResourcesSubdirectory stores the subdirectory name where SDS path resources are stored to. diff --git a/internal/envoy/route.go b/internal/envoy/route.go index ab3c5fe4a13..859502aa49a 100644 --- a/internal/envoy/route.go +++ b/internal/envoy/route.go @@ -14,9 +14,10 @@ package envoy import ( + "google.golang.org/protobuf/types/known/durationpb" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/timeout" - "google.golang.org/protobuf/types/known/durationpb" ) func HostRewriteLiteral(hp *dag.HeadersPolicy) string { diff --git a/internal/envoy/v3/accesslog.go b/internal/envoy/v3/accesslog.go index 7808bf32668..2684d371c0a 100644 --- a/internal/envoy/v3/accesslog.go +++ b/internal/envoy/v3/accesslog.go @@ -14,34 +14,35 @@ package v3 import ( - envoy_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + envoy_config_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" - envoy_metadata_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/metadata/v3" - envoy_req_without_query_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/req_without_query/v3" + envoy_access_logger_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" + envoy_formatter_metadata_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/metadata/v3" + envoy_formatter_req_without_query_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/req_without_query/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/protobuf" "google.golang.org/protobuf/types/known/structpb" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/protobuf" ) // FileAccessLogEnvoy returns a new file based access log filter -func FileAccessLogEnvoy(path, format string, extensions []string, level contour_api_v1alpha1.AccessLogLevel) []*envoy_accesslog_v3.AccessLog { - if level == contour_api_v1alpha1.LogLevelDisabled { +func FileAccessLogEnvoy(path, format string, extensions []string, level contour_v1alpha1.AccessLogLevel) []*envoy_config_accesslog_v3.AccessLog { + if level == contour_v1alpha1.LogLevelDisabled { return nil } - var filter *envoy_accesslog_v3.AccessLogFilter - if level == contour_api_v1alpha1.LogLevelError { + var filter *envoy_config_accesslog_v3.AccessLogFilter + if level == contour_v1alpha1.LogLevelError { filter = filterOnlyErrors(300) // We want to log resp status >= 300 - } else if level == contour_api_v1alpha1.LogLevelCritical { + } else if level == contour_v1alpha1.LogLevelCritical { filter = filterOnlyErrors(500) // We want to log resp status >= 500 } // Nil by default to defer to Envoy's default log format. - var logFormat *envoy_file_v3.FileAccessLog_LogFormat + var logFormat *envoy_access_logger_file_v3.FileAccessLog_LogFormat if format != "" { - logFormat = &envoy_file_v3.FileAccessLog_LogFormat{ + logFormat = &envoy_access_logger_file_v3.FileAccessLog_LogFormat{ LogFormat: &envoy_config_core_v3.SubstitutionFormatString{ Format: &envoy_config_core_v3.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &envoy_config_core_v3.DataSource{ @@ -55,10 +56,10 @@ func FileAccessLogEnvoy(path, format string, extensions []string, level contour_ } } - return []*envoy_accesslog_v3.AccessLog{{ + return []*envoy_config_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ + ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_access_logger_file_v3.FileAccessLog{ Path: path, AccessLogFormat: logFormat, }), @@ -69,15 +70,15 @@ func FileAccessLogEnvoy(path, format string, extensions []string, level contour_ // FileAccessLogJSON returns a new file based access log filter // that will log in JSON format -func FileAccessLogJSON(path string, fields contour_api_v1alpha1.AccessLogJSONFields, extensions []string, level contour_api_v1alpha1.AccessLogLevel) []*envoy_accesslog_v3.AccessLog { - if level == contour_api_v1alpha1.LogLevelDisabled { +func FileAccessLogJSON(path string, fields contour_v1alpha1.AccessLogJSONFields, extensions []string, level contour_v1alpha1.AccessLogLevel) []*envoy_config_accesslog_v3.AccessLog { + if level == contour_v1alpha1.LogLevelDisabled { return nil } - var filter *envoy_accesslog_v3.AccessLogFilter - if level == contour_api_v1alpha1.LogLevelError { + var filter *envoy_config_accesslog_v3.AccessLogFilter + if level == contour_v1alpha1.LogLevelError { filter = filterOnlyErrors(300) // We want to log resp status >= 300 - } else if level == contour_api_v1alpha1.LogLevelCritical { + } else if level == contour_v1alpha1.LogLevelCritical { filter = filterOnlyErrors(500) // We want to log resp status >= 500 } @@ -89,12 +90,12 @@ func FileAccessLogJSON(path string, fields contour_api_v1alpha1.AccessLogJSONFie jsonformat.Fields[k] = sv(v) } - return []*envoy_accesslog_v3.AccessLog{{ + return []*envoy_config_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ + ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_access_logger_file_v3.FileAccessLog{ Path: path, - AccessLogFormat: &envoy_file_v3.FileAccessLog_LogFormat{ + AccessLogFormat: &envoy_access_logger_file_v3.FileAccessLog_LogFormat{ LogFormat: &envoy_config_core_v3.SubstitutionFormatString{ Format: &envoy_config_core_v3.SubstitutionFormatString_JsonFormat{ JsonFormat: jsonformat, @@ -130,12 +131,12 @@ func extensionConfig(extensions []string) []*envoy_config_core_v3.TypedExtension case "envoy.formatter.req_without_query": config = append(config, &envoy_config_core_v3.TypedExtensionConfig{ Name: "envoy.formatter.req_without_query", - TypedConfig: protobuf.MustMarshalAny(&envoy_req_without_query_v3.ReqWithoutQuery{ /* empty */ }), + TypedConfig: protobuf.MustMarshalAny(&envoy_formatter_req_without_query_v3.ReqWithoutQuery{ /* empty */ }), }) case "envoy.formatter.metadata": config = append(config, &envoy_config_core_v3.TypedExtensionConfig{ Name: "envoy.formatter.metadata", - TypedConfig: protobuf.MustMarshalAny(&envoy_metadata_v3.Metadata{}), + TypedConfig: protobuf.MustMarshalAny(&envoy_formatter_metadata_v3.Metadata{}), }) } } @@ -143,16 +144,16 @@ func extensionConfig(extensions []string) []*envoy_config_core_v3.TypedExtension return config } -func filterOnlyErrors(respCodeMin uint32) *envoy_accesslog_v3.AccessLogFilter { - return &envoy_accesslog_v3.AccessLogFilter{ - FilterSpecifier: &envoy_accesslog_v3.AccessLogFilter_OrFilter{ - OrFilter: &envoy_accesslog_v3.OrFilter{ - Filters: []*envoy_accesslog_v3.AccessLogFilter{ +func filterOnlyErrors(respCodeMin uint32) *envoy_config_accesslog_v3.AccessLogFilter { + return &envoy_config_accesslog_v3.AccessLogFilter{ + FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_OrFilter{ + OrFilter: &envoy_config_accesslog_v3.OrFilter{ + Filters: []*envoy_config_accesslog_v3.AccessLogFilter{ { - FilterSpecifier: &envoy_accesslog_v3.AccessLogFilter_StatusCodeFilter{ - StatusCodeFilter: &envoy_accesslog_v3.StatusCodeFilter{ - Comparison: &envoy_accesslog_v3.ComparisonFilter{ - Op: envoy_accesslog_v3.ComparisonFilter_GE, + FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_StatusCodeFilter{ + StatusCodeFilter: &envoy_config_accesslog_v3.StatusCodeFilter{ + Comparison: &envoy_config_accesslog_v3.ComparisonFilter{ + Op: envoy_config_accesslog_v3.ComparisonFilter_GE, Value: &envoy_config_core_v3.RuntimeUInt32{ DefaultValue: respCodeMin, RuntimeKey: "contour.accesslog.filter.status_code", @@ -162,8 +163,8 @@ func filterOnlyErrors(respCodeMin uint32) *envoy_accesslog_v3.AccessLogFilter { }, }, { - FilterSpecifier: &envoy_accesslog_v3.AccessLogFilter_ResponseFlagFilter{ - ResponseFlagFilter: &envoy_accesslog_v3.ResponseFlagFilter{ + FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_ResponseFlagFilter{ + ResponseFlagFilter: &envoy_config_accesslog_v3.ResponseFlagFilter{ // Left empty to match all response flags, they all represent errors. }, }, diff --git a/internal/envoy/v3/accesslog_test.go b/internal/envoy/v3/accesslog_test.go index e8b0b19318b..2a0819b4705 100644 --- a/internal/envoy/v3/accesslog_test.go +++ b/internal/envoy/v3/accesslog_test.go @@ -16,15 +16,16 @@ package v3 import ( "testing" - envoy_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + envoy_config_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" - envoy_req_without_query_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/req_without_query/v3" + envoy_access_logger_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" + envoy_formatter_req_without_query_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/req_without_query/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/protobuf" "github.com/stretchr/testify/assert" "google.golang.org/protobuf/types/known/structpb" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/protobuf" ) func TestFileAccessLog(t *testing.T) { @@ -32,14 +33,14 @@ func TestFileAccessLog(t *testing.T) { path string format string extensions []string - want []*envoy_accesslog_v3.AccessLog + want []*envoy_config_accesslog_v3.AccessLog }{ "stdout": { path: "/dev/stdout", - want: []*envoy_accesslog_v3.AccessLog{{ + want: []*envoy_config_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ + ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_access_logger_file_v3.FileAccessLog{ Path: "/dev/stdout", }), }, @@ -48,12 +49,12 @@ func TestFileAccessLog(t *testing.T) { "custom log format": { path: "/dev/stdout", format: "%START_TIME%\n", - want: []*envoy_accesslog_v3.AccessLog{{ + want: []*envoy_config_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ + ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_access_logger_file_v3.FileAccessLog{ Path: "/dev/stdout", - AccessLogFormat: &envoy_file_v3.FileAccessLog_LogFormat{ + AccessLogFormat: &envoy_access_logger_file_v3.FileAccessLog_LogFormat{ LogFormat: &envoy_config_core_v3.SubstitutionFormatString{ Format: &envoy_config_core_v3.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &envoy_config_core_v3.DataSource{ @@ -72,12 +73,12 @@ func TestFileAccessLog(t *testing.T) { path: "/dev/stdout", format: "[%START_TIME%] \"%REQ_WITHOUT_QUERY(X-ENVOY-ORIGINAL-PATH?:PATH)%\"\n", extensions: []string{"envoy.formatter.req_without_query"}, - want: []*envoy_accesslog_v3.AccessLog{{ + want: []*envoy_config_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ + ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_access_logger_file_v3.FileAccessLog{ Path: "/dev/stdout", - AccessLogFormat: &envoy_file_v3.FileAccessLog_LogFormat{ + AccessLogFormat: &envoy_access_logger_file_v3.FileAccessLog_LogFormat{ LogFormat: &envoy_config_core_v3.SubstitutionFormatString{ Format: &envoy_config_core_v3.SubstitutionFormatString_TextFormatSource{ TextFormatSource: &envoy_config_core_v3.DataSource{ @@ -88,7 +89,7 @@ func TestFileAccessLog(t *testing.T) { }, Formatters: []*envoy_config_core_v3.TypedExtensionConfig{{ Name: "envoy.formatter.req_without_query", - TypedConfig: protobuf.MustMarshalAny(&envoy_req_without_query_v3.ReqWithoutQuery{ /* empty */ }), + TypedConfig: protobuf.MustMarshalAny(&envoy_formatter_req_without_query_v3.ReqWithoutQuery{ /* empty */ }), }}, }, }, @@ -99,7 +100,7 @@ func TestFileAccessLog(t *testing.T) { } for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := FileAccessLogEnvoy(tc.path, tc.format, tc.extensions, contour_api_v1alpha1.LogLevelInfo) + got := FileAccessLogEnvoy(tc.path, tc.format, tc.extensions, contour_v1alpha1.LogLevelInfo) protobuf.ExpectEqual(t, tc.want, got) }) } @@ -108,19 +109,19 @@ func TestFileAccessLog(t *testing.T) { func TestJSONFileAccessLog(t *testing.T) { tests := map[string]struct { path string - headers contour_api_v1alpha1.AccessLogJSONFields - want []*envoy_accesslog_v3.AccessLog + headers contour_v1alpha1.AccessLogJSONFields + want []*envoy_config_accesslog_v3.AccessLog }{ "only timestamp": { path: "/dev/stdout", - headers: contour_api_v1alpha1.AccessLogJSONFields([]string{"@timestamp"}), - want: []*envoy_accesslog_v3.AccessLog{ + headers: contour_v1alpha1.AccessLogJSONFields([]string{"@timestamp"}), + want: []*envoy_config_accesslog_v3.AccessLog{ { Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ + ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_access_logger_file_v3.FileAccessLog{ Path: "/dev/stdout", - AccessLogFormat: &envoy_file_v3.FileAccessLog_LogFormat{ + AccessLogFormat: &envoy_access_logger_file_v3.FileAccessLog_LogFormat{ LogFormat: &envoy_config_core_v3.SubstitutionFormatString{ OmitEmptyValues: true, Format: &envoy_config_core_v3.SubstitutionFormatString_JsonFormat{ @@ -139,20 +140,20 @@ func TestJSONFileAccessLog(t *testing.T) { }, "custom fields should appear": { path: "/dev/stdout", - headers: contour_api_v1alpha1.AccessLogJSONFields([]string{ + headers: contour_v1alpha1.AccessLogJSONFields([]string{ "@timestamp", "method", "custom1=%REQ(X-CUSTOM-HEADER)%", "custom2=%DURATION%.0", "custom3=ST=%START_TIME(%s.%6f)%", }), - want: []*envoy_accesslog_v3.AccessLog{ + want: []*envoy_config_accesslog_v3.AccessLog{ { Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ + ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_access_logger_file_v3.FileAccessLog{ Path: "/dev/stdout", - AccessLogFormat: &envoy_file_v3.FileAccessLog_LogFormat{ + AccessLogFormat: &envoy_access_logger_file_v3.FileAccessLog_LogFormat{ LogFormat: &envoy_config_core_v3.SubstitutionFormatString{ OmitEmptyValues: true, Format: &envoy_config_core_v3.SubstitutionFormatString_JsonFormat{ @@ -176,7 +177,7 @@ func TestJSONFileAccessLog(t *testing.T) { } for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := FileAccessLogJSON(tc.path, tc.headers, nil, contour_api_v1alpha1.LogLevelInfo) + got := FileAccessLogJSON(tc.path, tc.headers, nil, contour_v1alpha1.LogLevelInfo) protobuf.ExpectEqual(t, tc.want, got) }) } @@ -184,37 +185,37 @@ func TestJSONFileAccessLog(t *testing.T) { func TestAccessLogLevel(t *testing.T) { tests := map[string]struct { - level contour_api_v1alpha1.AccessLogLevel + level contour_v1alpha1.AccessLogLevel wantRespStatus uint32 }{ "Error Logs": { - level: contour_api_v1alpha1.LogLevelError, + level: contour_v1alpha1.LogLevelError, wantRespStatus: 300, }, "Server Error Logs": { - level: contour_api_v1alpha1.LogLevelCritical, + level: contour_v1alpha1.LogLevelCritical, wantRespStatus: 500, }, } for name, tc := range tests { t.Run(name, func(t *testing.T) { got := FileAccessLogEnvoy("/dev/stdout", "", nil, tc.level) - want := []*envoy_accesslog_v3.AccessLog{{ + want := []*envoy_config_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ + ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_access_logger_file_v3.FileAccessLog{ Path: "/dev/stdout", }), }, - Filter: &envoy_accesslog_v3.AccessLogFilter{ - FilterSpecifier: &envoy_accesslog_v3.AccessLogFilter_OrFilter{ - OrFilter: &envoy_accesslog_v3.OrFilter{ - Filters: []*envoy_accesslog_v3.AccessLogFilter{ + Filter: &envoy_config_accesslog_v3.AccessLogFilter{ + FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_OrFilter{ + OrFilter: &envoy_config_accesslog_v3.OrFilter{ + Filters: []*envoy_config_accesslog_v3.AccessLogFilter{ { - FilterSpecifier: &envoy_accesslog_v3.AccessLogFilter_StatusCodeFilter{ - StatusCodeFilter: &envoy_accesslog_v3.StatusCodeFilter{ - Comparison: &envoy_accesslog_v3.ComparisonFilter{ - Op: envoy_accesslog_v3.ComparisonFilter_GE, + FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_StatusCodeFilter{ + StatusCodeFilter: &envoy_config_accesslog_v3.StatusCodeFilter{ + Comparison: &envoy_config_accesslog_v3.ComparisonFilter{ + Op: envoy_config_accesslog_v3.ComparisonFilter_GE, Value: &envoy_config_core_v3.RuntimeUInt32{ DefaultValue: tc.wantRespStatus, RuntimeKey: "contour.accesslog.filter.status_code", @@ -224,7 +225,7 @@ func TestAccessLogLevel(t *testing.T) { }, }, { - FilterSpecifier: &envoy_accesslog_v3.AccessLogFilter_ResponseFlagFilter{}, + FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_ResponseFlagFilter{}, }, }, }, @@ -236,15 +237,15 @@ func TestAccessLogLevel(t *testing.T) { } // Log level disabled should return nil. - assert.Nil(t, FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelDisabled)) + assert.Nil(t, FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelDisabled)) - got := FileAccessLogJSON("/dev/stdout", nil, nil, contour_api_v1alpha1.LogLevelError) - want := []*envoy_accesslog_v3.AccessLog{{ + got := FileAccessLogJSON("/dev/stdout", nil, nil, contour_v1alpha1.LogLevelError) + want := []*envoy_config_accesslog_v3.AccessLog{{ Name: wellknown.FileAccessLog, - ConfigType: &envoy_accesslog_v3.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ + ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_access_logger_file_v3.FileAccessLog{ Path: "/dev/stdout", - AccessLogFormat: &envoy_file_v3.FileAccessLog_LogFormat{ + AccessLogFormat: &envoy_access_logger_file_v3.FileAccessLog_LogFormat{ LogFormat: &envoy_config_core_v3.SubstitutionFormatString{ OmitEmptyValues: true, Format: &envoy_config_core_v3.SubstitutionFormatString_JsonFormat{ @@ -256,15 +257,15 @@ func TestAccessLogLevel(t *testing.T) { }, }), }, - Filter: &envoy_accesslog_v3.AccessLogFilter{ - FilterSpecifier: &envoy_accesslog_v3.AccessLogFilter_OrFilter{ - OrFilter: &envoy_accesslog_v3.OrFilter{ - Filters: []*envoy_accesslog_v3.AccessLogFilter{ + Filter: &envoy_config_accesslog_v3.AccessLogFilter{ + FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_OrFilter{ + OrFilter: &envoy_config_accesslog_v3.OrFilter{ + Filters: []*envoy_config_accesslog_v3.AccessLogFilter{ { - FilterSpecifier: &envoy_accesslog_v3.AccessLogFilter_StatusCodeFilter{ - StatusCodeFilter: &envoy_accesslog_v3.StatusCodeFilter{ - Comparison: &envoy_accesslog_v3.ComparisonFilter{ - Op: envoy_accesslog_v3.ComparisonFilter_GE, + FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_StatusCodeFilter{ + StatusCodeFilter: &envoy_config_accesslog_v3.StatusCodeFilter{ + Comparison: &envoy_config_accesslog_v3.ComparisonFilter{ + Op: envoy_config_accesslog_v3.ComparisonFilter_GE, Value: &envoy_config_core_v3.RuntimeUInt32{ DefaultValue: 300, RuntimeKey: "contour.accesslog.filter.status_code", @@ -274,7 +275,7 @@ func TestAccessLogLevel(t *testing.T) { }, }, { - FilterSpecifier: &envoy_accesslog_v3.AccessLogFilter_ResponseFlagFilter{}, + FilterSpecifier: &envoy_config_accesslog_v3.AccessLogFilter_ResponseFlagFilter{}, }, }, }, @@ -284,5 +285,5 @@ func TestAccessLogLevel(t *testing.T) { protobuf.ExpectEqual(t, want, got) // Log level disabled should return nil. - assert.Nil(t, FileAccessLogJSON("/dev/stdout", nil, nil, contour_api_v1alpha1.LogLevelDisabled)) + assert.Nil(t, FileAccessLogJSON("/dev/stdout", nil, nil, contour_v1alpha1.LogLevelDisabled)) } diff --git a/internal/envoy/v3/auth.go b/internal/envoy/v3/auth.go index de8d188c40c..0989c2409c8 100644 --- a/internal/envoy/v3/auth.go +++ b/internal/envoy/v3/auth.go @@ -14,28 +14,29 @@ package v3 import ( - envoy_api_v3_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_v3_tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + "google.golang.org/protobuf/types/known/wrapperspb" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" - "google.golang.org/protobuf/types/known/wrapperspb" ) -// UpstreamTLSContext creates an envoy_v3_tls.UpstreamTlsContext. By default +// UpstreamTLSContext creates an envoy_transport_socket_tls_v3.UpstreamTlsContext. By default // UpstreamTLSContext returns a HTTP/1.1 TLS enabled context. A list of // additional ALPN protocols can be provided. -func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, upstreamTLS *dag.UpstreamTLS, alpnProtocols ...string) *envoy_v3_tls.UpstreamTlsContext { - var clientSecretConfigs []*envoy_v3_tls.SdsSecretConfig +func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni string, clientSecret *dag.Secret, upstreamTLS *dag.UpstreamTLS, alpnProtocols ...string) *envoy_transport_socket_tls_v3.UpstreamTlsContext { + var clientSecretConfigs []*envoy_transport_socket_tls_v3.SdsSecretConfig if clientSecret != nil { - clientSecretConfigs = []*envoy_v3_tls.SdsSecretConfig{{ + clientSecretConfigs = []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: envoy.Secretname(clientSecret), SdsConfig: ConfigSource("contour"), }} } - context := &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ + context := &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ AlpnProtocols: alpnProtocols, TlsCertificateSdsSecretConfigs: clientSecretConfigs, }, @@ -43,7 +44,7 @@ func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni st } if upstreamTLS != nil { - context.CommonTlsContext.TlsParams = &envoy_v3_tls.TlsParameters{ + context.CommonTlsContext.TlsParams = &envoy_transport_socket_tls_v3.TlsParameters{ TlsMinimumProtocolVersion: ParseTLSVersion(upstreamTLS.MinimumProtocolVersion), TlsMaximumProtocolVersion: ParseTLSVersion(upstreamTLS.MaximumProtocolVersion), CipherSuites: upstreamTLS.CipherSuites, @@ -68,20 +69,20 @@ func UpstreamTLSContext(peerValidationContext *dag.PeerValidationContext, sni st } // TODO: update this for SDS (CommonTlsContext_ValidationContextSdsSecretConfig) instead of inlining it. -func validationContext(ca []byte, subjectNames []string, skipVerifyPeerCert bool, crl []byte, onlyVerifyLeafCertCrl bool) *envoy_v3_tls.CommonTlsContext_ValidationContext { - vc := &envoy_v3_tls.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_v3_tls.CertificateValidationContext{ - TrustChainVerification: envoy_v3_tls.CertificateValidationContext_VERIFY_TRUST_CHAIN, +func validationContext(ca []byte, subjectNames []string, skipVerifyPeerCert bool, crl []byte, onlyVerifyLeafCertCrl bool) *envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext { + vc := &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustChainVerification: envoy_transport_socket_tls_v3.CertificateValidationContext_VERIFY_TRUST_CHAIN, }, } if skipVerifyPeerCert { - vc.ValidationContext.TrustChainVerification = envoy_v3_tls.CertificateValidationContext_ACCEPT_UNTRUSTED + vc.ValidationContext.TrustChainVerification = envoy_transport_socket_tls_v3.CertificateValidationContext_ACCEPT_UNTRUSTED } if len(ca) > 0 { - vc.ValidationContext.TrustedCa = &envoy_api_v3_core.DataSource{ - Specifier: &envoy_api_v3_core.DataSource_InlineBytes{ + vc.ValidationContext.TrustedCa = &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: ca, }, } @@ -90,10 +91,10 @@ func validationContext(ca []byte, subjectNames []string, skipVerifyPeerCert bool for _, san := range subjectNames { vc.ValidationContext.MatchTypedSubjectAltNames = append( vc.ValidationContext.MatchTypedSubjectAltNames, - &envoy_v3_tls.SubjectAltNameMatcher{ - SanType: envoy_v3_tls.SubjectAltNameMatcher_DNS, - Matcher: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + &envoy_transport_socket_tls_v3.SubjectAltNameMatcher{ + SanType: envoy_transport_socket_tls_v3.SubjectAltNameMatcher_DNS, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: san, }, }, @@ -102,8 +103,8 @@ func validationContext(ca []byte, subjectNames []string, skipVerifyPeerCert bool } if len(crl) > 0 { - vc.ValidationContext.Crl = &envoy_api_v3_core.DataSource{ - Specifier: &envoy_api_v3_core.DataSource_InlineBytes{ + vc.ValidationContext.Crl = &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: crl, }, } @@ -114,15 +115,15 @@ func validationContext(ca []byte, subjectNames []string, skipVerifyPeerCert bool } // DownstreamTLSContext creates a new DownstreamTlsContext. -func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion, tlsMaxProtoVersion envoy_v3_tls.TlsParameters_TlsProtocol, cipherSuites []string, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_v3_tls.DownstreamTlsContext { - context := &envoy_v3_tls.DownstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ - TlsParams: &envoy_v3_tls.TlsParameters{ +func DownstreamTLSContext(serverSecret *dag.Secret, tlsMinProtoVersion, tlsMaxProtoVersion envoy_transport_socket_tls_v3.TlsParameters_TlsProtocol, cipherSuites []string, peerValidationContext *dag.PeerValidationContext, alpnProtos ...string) *envoy_transport_socket_tls_v3.DownstreamTlsContext { + context := &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + TlsParams: &envoy_transport_socket_tls_v3.TlsParameters{ TlsMinimumProtocolVersion: tlsMinProtoVersion, TlsMaximumProtocolVersion: tlsMaxProtoVersion, CipherSuites: cipherSuites, }, - TlsCertificateSdsSecretConfigs: []*envoy_v3_tls.SdsSecretConfig{{ + TlsCertificateSdsSecretConfigs: []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: envoy.Secretname(serverSecret), SdsConfig: ConfigSource("contour"), }}, diff --git a/internal/envoy/v3/auth_test.go b/internal/envoy/v3/auth_test.go index 1e178b0b827..f81dd888f63 100644 --- a/internal/envoy/v3/auth_test.go +++ b/internal/envoy/v3/auth_test.go @@ -16,23 +16,24 @@ package v3 import ( "testing" - envoy_api_v3_core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_v3_tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/protobuf" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestUpstreamTLSContext(t *testing.T) { secret := &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{dag.CACertificateKey: []byte("ca")}, }, } @@ -42,17 +43,17 @@ func TestUpstreamTLSContext(t *testing.T) { alpnProtocols []string externalName string upstreamTLS *dag.UpstreamTLS - want *envoy_v3_tls.UpstreamTlsContext + want *envoy_transport_socket_tls_v3.UpstreamTlsContext }{ "no alpn, no validation, no upstreamTLS": { - want: &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{}, + want: &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{}, }, }, "h2, no validation": { alpnProtocols: []string{"h2c"}, - want: &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ + want: &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ AlpnProtocols: []string{"h2c"}, }, }, @@ -63,16 +64,16 @@ func TestUpstreamTLSContext(t *testing.T) { secret, }, }, - want: &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{}, + want: &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{}, }, }, "no alpn, missing ca": { validation: &dag.PeerValidationContext{ SubjectNames: []string{"www.example.com"}, }, - want: &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{}, + want: &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{}, }, }, "no alpn, ca and altname": { @@ -82,20 +83,20 @@ func TestUpstreamTLSContext(t *testing.T) { }, SubjectNames: []string{"www.example.com"}, }, - want: &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ - ValidationContextType: &envoy_v3_tls.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_v3_tls.CertificateValidationContext{ - TrustedCa: &envoy_api_v3_core.DataSource{ - Specifier: &envoy_api_v3_core.DataSource_InlineBytes{ + want: &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + ValidationContextType: &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: []byte("ca"), }, }, - MatchTypedSubjectAltNames: []*envoy_v3_tls.SubjectAltNameMatcher{ + MatchTypedSubjectAltNames: []*envoy_transport_socket_tls_v3.SubjectAltNameMatcher{ { - SanType: envoy_v3_tls.SubjectAltNameMatcher_DNS, - Matcher: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + SanType: envoy_transport_socket_tls_v3.SubjectAltNameMatcher_DNS, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "www.example.com", }, }, @@ -108,8 +109,8 @@ func TestUpstreamTLSContext(t *testing.T) { }, "external name sni": { externalName: "projectcontour.local", - want: &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{}, + want: &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{}, Sni: "projectcontour.local", }, }, @@ -118,9 +119,9 @@ func TestUpstreamTLSContext(t *testing.T) { MinimumProtocolVersion: "1.3", MaximumProtocolVersion: "1.3", }, - want: &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ - TlsParams: &envoy_v3_tls.TlsParameters{ + want: &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + TlsParams: &envoy_transport_socket_tls_v3.TlsParameters{ TlsMinimumProtocolVersion: ParseTLSVersion("1.3"), TlsMaximumProtocolVersion: ParseTLSVersion("1.3"), }, @@ -137,28 +138,28 @@ func TestUpstreamTLSContext(t *testing.T) { "bar.com", }, }, - want: &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ - ValidationContextType: &envoy_v3_tls.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_v3_tls.CertificateValidationContext{ - TrustedCa: &envoy_api_v3_core.DataSource{ - Specifier: &envoy_api_v3_core.DataSource_InlineBytes{ + want: &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + ValidationContextType: &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: []byte("ca"), }, }, - MatchTypedSubjectAltNames: []*envoy_v3_tls.SubjectAltNameMatcher{ + MatchTypedSubjectAltNames: []*envoy_transport_socket_tls_v3.SubjectAltNameMatcher{ { - SanType: envoy_v3_tls.SubjectAltNameMatcher_DNS, - Matcher: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + SanType: envoy_transport_socket_tls_v3.SubjectAltNameMatcher_DNS, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "foo.com", }, }, }, { - SanType: envoy_v3_tls.SubjectAltNameMatcher_DNS, - Matcher: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + SanType: envoy_transport_socket_tls_v3.SubjectAltNameMatcher_DNS, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "bar.com", }, }, diff --git a/internal/envoy/v3/bootstrap.go b/internal/envoy/v3/bootstrap.go index 37a102f7490..2552dee7602 100644 --- a/internal/envoy/v3/bootstrap.go +++ b/internal/envoy/v3/bootstrap.go @@ -25,24 +25,25 @@ import ( "time" envoy_config_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" - envoy_bootstrap_v3 "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_config_bootstrap_v3 "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" envoy_config_overload_v3 "github.com/envoyproxy/go-control-plane/envoy/config/overload/v3" - envoy_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" + envoy_access_logger_file_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" envoy_regex_engines_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/regex_engines/v3" envoy_fixed_heap_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/resource_monitors/fixed_heap/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" - "github.com/projectcontour/contour/internal/envoy" - "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/timeout" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" + + "github.com/projectcontour/contour/internal/envoy" + "github.com/projectcontour/contour/internal/protobuf" + "github.com/projectcontour/contour/internal/timeout" ) // WriteBootstrap writes bootstrap configuration to files. @@ -159,14 +160,14 @@ func bootstrap(c *envoy.BootstrapConfig) ([]bootstrapf, error) { return steps, nil } -func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_bootstrap_v3.Bootstrap { - bootstrap := &envoy_bootstrap_v3.Bootstrap{ - LayeredRuntime: &envoy_bootstrap_v3.LayeredRuntime{ - Layers: []*envoy_bootstrap_v3.RuntimeLayer{ +func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_config_bootstrap_v3.Bootstrap { + bootstrap := &envoy_config_bootstrap_v3.Bootstrap{ + LayeredRuntime: &envoy_config_bootstrap_v3.LayeredRuntime{ + Layers: []*envoy_config_bootstrap_v3.RuntimeLayer{ { Name: "dynamic", - LayerSpecifier: &envoy_bootstrap_v3.RuntimeLayer_RtdsLayer_{ - RtdsLayer: &envoy_bootstrap_v3.RuntimeLayer_RtdsLayer{ + LayerSpecifier: &envoy_config_bootstrap_v3.RuntimeLayer_RtdsLayer_{ + RtdsLayer: &envoy_config_bootstrap_v3.RuntimeLayer_RtdsLayer{ Name: DynamicRuntimeLayerName, RtdsConfig: ConfigSource("contour"), }, @@ -179,47 +180,47 @@ func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_bootstrap_v3.Bootstrap { // See https://www.envoyproxy.io/docs/envoy/latest/configuration/operations/runtime#admin-console { Name: "admin", - LayerSpecifier: &envoy_bootstrap_v3.RuntimeLayer_AdminLayer_{ - AdminLayer: &envoy_bootstrap_v3.RuntimeLayer_AdminLayer{}, + LayerSpecifier: &envoy_config_bootstrap_v3.RuntimeLayer_AdminLayer_{ + AdminLayer: &envoy_config_bootstrap_v3.RuntimeLayer_AdminLayer{}, }, }, }, }, - DynamicResources: &envoy_bootstrap_v3.Bootstrap_DynamicResources{ + DynamicResources: &envoy_config_bootstrap_v3.Bootstrap_DynamicResources{ LdsConfig: ConfigSource("contour"), CdsConfig: ConfigSource("contour"), }, - StaticResources: &envoy_bootstrap_v3.Bootstrap_StaticResources{ - Clusters: []*envoy_cluster_v3.Cluster{{ + StaticResources: &envoy_config_bootstrap_v3.Bootstrap_StaticResources{ + Clusters: []*envoy_config_cluster_v3.Cluster{{ DnsLookupFamily: parseDNSLookupFamily(c.DNSLookupFamily), Name: "contour", AltStatName: strings.Join([]string{c.Namespace, "contour", strconv.Itoa(c.GetXdsGRPCPort())}, "_"), ConnectTimeout: durationpb.New(5 * time.Second), - ClusterDiscoveryType: ClusterDiscoveryTypeForAddress(c.GetXdsAddress(), envoy_cluster_v3.Cluster_STRICT_DNS), - LbPolicy: envoy_cluster_v3.Cluster_ROUND_ROBIN, - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + ClusterDiscoveryType: ClusterDiscoveryTypeForAddress(c.GetXdsAddress(), envoy_config_cluster_v3.Cluster_STRICT_DNS), + LbPolicy: envoy_config_cluster_v3.Cluster_ROUND_ROBIN, + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "contour", Endpoints: Endpoints( SocketAddress(c.GetXdsAddress(), c.GetXdsGRPCPort()), ), }, - UpstreamConnectionOptions: &envoy_cluster_v3.UpstreamConnectionOptions{ - TcpKeepalive: &envoy_core_v3.TcpKeepalive{ + UpstreamConnectionOptions: &envoy_config_cluster_v3.UpstreamConnectionOptions{ + TcpKeepalive: &envoy_config_core_v3.TcpKeepalive{ KeepaliveProbes: wrapperspb.UInt32(3), KeepaliveTime: wrapperspb.UInt32(30), KeepaliveInterval: wrapperspb.UInt32(5), }, }, TypedExtensionProtocolOptions: protocolOptions(HTTPVersion2, timeout.DefaultSetting(), nil), - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ - Priority: envoy_core_v3.RoutingPriority_HIGH, + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ + Priority: envoy_config_core_v3.RoutingPriority_HIGH, MaxConnections: wrapperspb.UInt32(100000), MaxPendingRequests: wrapperspb.UInt32(100000), MaxRequests: wrapperspb.UInt32(60000000), MaxRetries: wrapperspb.UInt32(50), }, { - Priority: envoy_core_v3.RoutingPriority_DEFAULT, + Priority: envoy_config_core_v3.RoutingPriority_DEFAULT, MaxConnections: wrapperspb.UInt32(100000), MaxPendingRequests: wrapperspb.UInt32(100000), MaxRequests: wrapperspb.UInt32(60000000), @@ -230,9 +231,9 @@ func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_bootstrap_v3.Bootstrap { Name: "envoy-admin", AltStatName: strings.Join([]string{c.Namespace, "envoy-admin", strconv.Itoa(c.GetAdminPort())}, "_"), ConnectTimeout: durationpb.New(250 * time.Millisecond), - ClusterDiscoveryType: ClusterDiscoveryTypeForAddress(c.GetAdminAddress(), envoy_cluster_v3.Cluster_STATIC), - LbPolicy: envoy_cluster_v3.Cluster_ROUND_ROBIN, - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + ClusterDiscoveryType: ClusterDiscoveryTypeForAddress(c.GetAdminAddress(), envoy_config_cluster_v3.Cluster_STATIC), + LbPolicy: envoy_config_cluster_v3.Cluster_ROUND_ROBIN, + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "envoy-admin", Endpoints: Endpoints( UnixSocketAddress(c.GetAdminAddress()), @@ -240,11 +241,11 @@ func bootstrapConfig(c *envoy.BootstrapConfig) *envoy_bootstrap_v3.Bootstrap { }, }}, }, - DefaultRegexEngine: &envoy_core_v3.TypedExtensionConfig{ + DefaultRegexEngine: &envoy_config_core_v3.TypedExtensionConfig{ Name: "envoy.regex_engines.google_re2", TypedConfig: protobuf.MustMarshalAny(&envoy_regex_engines_v3.GoogleRE2{}), }, - Admin: &envoy_bootstrap_v3.Admin{ + Admin: &envoy_config_bootstrap_v3.Admin{ AccessLog: adminAccessLog(c.GetAdminAccessLogPath()), Address: UnixSocketAddress(c.GetAdminAddress()), }, @@ -301,7 +302,7 @@ func adminAccessLog(logPath string) []*envoy_config_accesslog_v3.AccessLog { { Name: "envoy.access_loggers.file", ConfigType: &envoy_config_accesslog_v3.AccessLog_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_file_v3.FileAccessLog{ + TypedConfig: protobuf.MustMarshalAny(&envoy_access_logger_file_v3.FileAccessLog{ Path: logPath, }), }, @@ -309,37 +310,37 @@ func adminAccessLog(logPath string) []*envoy_config_accesslog_v3.AccessLog { } } -func upstreamFileTLSContext(c *envoy.BootstrapConfig) *envoy_tls_v3.UpstreamTlsContext { - context := &envoy_tls_v3.UpstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ - TlsParams: &envoy_tls_v3.TlsParameters{ - TlsMaximumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_3, +func upstreamFileTLSContext(c *envoy.BootstrapConfig) *envoy_transport_socket_tls_v3.UpstreamTlsContext { + context := &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + TlsParams: &envoy_transport_socket_tls_v3.TlsParameters{ + TlsMaximumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, }, - TlsCertificates: []*envoy_tls_v3.TlsCertificate{{ - CertificateChain: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + TlsCertificates: []*envoy_transport_socket_tls_v3.TlsCertificate{{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: c.GrpcClientCert, }, }, - PrivateKey: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: c.GrpcClientKey, }, }, }}, - ValidationContextType: &envoy_tls_v3.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_tls_v3.CertificateValidationContext{ - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + ValidationContextType: &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: c.GrpcCABundle, }, }, // TODO(youngnick): Does there need to be a flag wired down to here? - MatchTypedSubjectAltNames: []*envoy_tls_v3.SubjectAltNameMatcher{ + MatchTypedSubjectAltNames: []*envoy_transport_socket_tls_v3.SubjectAltNameMatcher{ { - SanType: envoy_tls_v3.SubjectAltNameMatcher_DNS, - Matcher: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + SanType: envoy_transport_socket_tls_v3.SubjectAltNameMatcher_DNS, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "contour", }, }, @@ -352,30 +353,30 @@ func upstreamFileTLSContext(c *envoy.BootstrapConfig) *envoy_tls_v3.UpstreamTlsC return context } -func upstreamSdsTLSContext(certificateSdsFile, validationSdsFile string) *envoy_tls_v3.UpstreamTlsContext { - return &envoy_tls_v3.UpstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ - TlsParams: &envoy_tls_v3.TlsParameters{ - TlsMaximumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_3, +func upstreamSdsTLSContext(certificateSdsFile, validationSdsFile string) *envoy_transport_socket_tls_v3.UpstreamTlsContext { + return &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + TlsParams: &envoy_transport_socket_tls_v3.TlsParameters{ + TlsMaximumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, }, - TlsCertificateSdsSecretConfigs: []*envoy_tls_v3.SdsSecretConfig{{ + TlsCertificateSdsSecretConfigs: []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: "contour_xds_tls_certificate", - SdsConfig: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_PathConfigSource{ - PathConfigSource: &envoy_core_v3.PathConfigSource{ + SdsConfig: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_PathConfigSource{ + PathConfigSource: &envoy_config_core_v3.PathConfigSource{ Path: certificateSdsFile, }, }, }, }}, - ValidationContextType: &envoy_tls_v3.CommonTlsContext_ValidationContextSdsSecretConfig{ - ValidationContextSdsSecretConfig: &envoy_tls_v3.SdsSecretConfig{ + ValidationContextType: &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContextSdsSecretConfig{ + ValidationContextSdsSecretConfig: &envoy_transport_socket_tls_v3.SdsSecretConfig{ Name: "contour_xds_tls_validation_context", - SdsConfig: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_PathConfigSource{ - PathConfigSource: &envoy_core_v3.PathConfigSource{ + SdsConfig: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_PathConfigSource{ + PathConfigSource: &envoy_config_core_v3.PathConfigSource{ Path: validationSdsFile, }, }, @@ -389,17 +390,17 @@ func upstreamSdsTLSContext(certificateSdsFile, validationSdsFile string) *envoy_ // tlsCertificateSdsSecretConfig creates DiscoveryResponse with file based SDS resource // including paths to TLS certificates and key func tlsCertificateSdsSecretConfig(c *envoy.BootstrapConfig) *envoy_service_discovery_v3.DiscoveryResponse { - secret := &envoy_tls_v3.Secret{ + secret := &envoy_transport_socket_tls_v3.Secret{ Name: "contour_xds_tls_certificate", - Type: &envoy_tls_v3.Secret_TlsCertificate{ - TlsCertificate: &envoy_tls_v3.TlsCertificate{ - CertificateChain: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + Type: &envoy_transport_socket_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_transport_socket_tls_v3.TlsCertificate{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: c.GrpcClientCert, }, }, - PrivateKey: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: c.GrpcClientKey, }, }, @@ -415,20 +416,20 @@ func tlsCertificateSdsSecretConfig(c *envoy.BootstrapConfig) *envoy_service_disc // validationContextSdsSecretConfig creates DiscoveryResponse with file based SDS resource // including path to CA certificate bundle func validationContextSdsSecretConfig(c *envoy.BootstrapConfig) *envoy_service_discovery_v3.DiscoveryResponse { - secret := &envoy_tls_v3.Secret{ + secret := &envoy_transport_socket_tls_v3.Secret{ Name: "contour_xds_tls_validation_context", - Type: &envoy_tls_v3.Secret_ValidationContext{ - ValidationContext: &envoy_tls_v3.CertificateValidationContext{ - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + Type: &envoy_transport_socket_tls_v3.Secret_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: c.GrpcCABundle, }, }, - MatchTypedSubjectAltNames: []*envoy_tls_v3.SubjectAltNameMatcher{ + MatchTypedSubjectAltNames: []*envoy_transport_socket_tls_v3.SubjectAltNameMatcher{ { - SanType: envoy_tls_v3.SubjectAltNameMatcher_DNS, - Matcher: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + SanType: envoy_transport_socket_tls_v3.SubjectAltNameMatcher_DNS, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "contour", }, }, diff --git a/internal/envoy/v3/bootstrap_test.go b/internal/envoy/v3/bootstrap_test.go index 92bbb54be16..2012179f900 100644 --- a/internal/envoy/v3/bootstrap_test.go +++ b/internal/envoy/v3/bootstrap_test.go @@ -17,13 +17,14 @@ import ( "path" "testing" - envoy_bootstrap_v3 "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3" + envoy_config_bootstrap_v3 "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3" envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - "github.com/projectcontour/contour/internal/envoy" - "github.com/projectcontour/contour/internal/protobuf" "github.com/stretchr/testify/assert" "google.golang.org/protobuf/encoding/protojson" "google.golang.org/protobuf/proto" + + "github.com/projectcontour/contour/internal/envoy" + "github.com/projectcontour/contour/internal/protobuf" ) func TestBootstrap(t *testing.T) { @@ -2002,7 +2003,7 @@ func TestBootstrap(t *testing.T) { sdsValidationContextPath := path.Join(tc.config.ResourcesDir, envoy.SDSResourcesSubdirectory, envoy.SDSValidationContextFile) if tc.wantedBootstrapConfig != "" { - want := new(envoy_bootstrap_v3.Bootstrap) + want := new(envoy_config_bootstrap_v3.Bootstrap) unmarshal(t, tc.wantedBootstrapConfig, want) protobuf.ExpectEqual(t, want, gotConfigs[tc.config.Path]) delete(gotConfigs, tc.config.Path) diff --git a/internal/envoy/v3/cluster.go b/internal/envoy/v3/cluster.go index 515f353955f..8a388799b06 100644 --- a/internal/envoy/v3/cluster.go +++ b/internal/envoy/v3/cluster.go @@ -18,31 +18,32 @@ import ( "strings" "time" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_extensions_upstream_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" - envoy_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_upstream_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" + envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" + "google.golang.org/protobuf/types/known/anypb" + "google.golang.org/protobuf/types/known/durationpb" + "google.golang.org/protobuf/types/known/wrapperspb" + "k8s.io/apimachinery/pkg/types" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/timeout" "github.com/projectcontour/contour/internal/xds" - "google.golang.org/protobuf/types/known/anypb" - "google.golang.org/protobuf/types/known/durationpb" - "google.golang.org/protobuf/types/known/wrapperspb" - "k8s.io/apimachinery/pkg/types" ) -func clusterDefaults() *envoy_cluster_v3.Cluster { - return &envoy_cluster_v3.Cluster{ +func clusterDefaults() *envoy_config_cluster_v3.Cluster { + return &envoy_config_cluster_v3.Cluster{ ConnectTimeout: durationpb.New(2 * time.Second), CommonLbConfig: ClusterCommonLBConfig(), LbPolicy: lbPolicy(dag.LoadBalancerPolicyRoundRobin), } } -// Cluster creates new envoy_cluster_v3.Cluster from dag.Cluster. -func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster { +// Cluster creates new envoy_config_cluster_v3.Cluster from dag.Cluster. +func Cluster(c *dag.Cluster) *envoy_config_cluster_v3.Cluster { service := c.Upstream cluster := clusterDefaults() @@ -59,14 +60,14 @@ func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster { switch len(service.ExternalName) { case 0: // external name not set, cluster will be discovered via EDS - cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS) + cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS) cluster.EdsClusterConfig = edsconfig("contour", service) default: // external name set, use hard coded DNS name // external name set to LOGICAL_DNS when user selects the ALL loookup family - clusterDiscoveryType := ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS) - if cluster.DnsLookupFamily == envoy_cluster_v3.Cluster_ALL { - clusterDiscoveryType = ClusterDiscoveryType(envoy_cluster_v3.Cluster_LOGICAL_DNS) + clusterDiscoveryType := ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS) + if cluster.DnsLookupFamily == envoy_config_cluster_v3.Cluster_ALL { + clusterDiscoveryType = ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_LOGICAL_DNS) } cluster.ClusterDiscoveryType = clusterDiscoveryType @@ -79,14 +80,14 @@ func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster { } if envoy.AnyPositive(service.MaxConnections, service.MaxPendingRequests, service.MaxRequests, service.MaxRetries, service.PerHostMaxConnections) { - cluster.CircuitBreakers = &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + cluster.CircuitBreakers = &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: protobuf.UInt32OrNil(service.MaxConnections), MaxPendingRequests: protobuf.UInt32OrNil(service.MaxPendingRequests), MaxRequests: protobuf.UInt32OrNil(service.MaxRequests), MaxRetries: protobuf.UInt32OrNil(service.MaxRetries), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: protobuf.UInt32OrNil(service.PerHostMaxConnections), }}, } @@ -126,15 +127,15 @@ func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster { if c.SlowStartConfig != nil { switch cluster.LbPolicy { - case envoy_cluster_v3.Cluster_LEAST_REQUEST: - cluster.LbConfig = &envoy_cluster_v3.Cluster_LeastRequestLbConfig_{ - LeastRequestLbConfig: &envoy_cluster_v3.Cluster_LeastRequestLbConfig{ + case envoy_config_cluster_v3.Cluster_LEAST_REQUEST: + cluster.LbConfig = &envoy_config_cluster_v3.Cluster_LeastRequestLbConfig_{ + LeastRequestLbConfig: &envoy_config_cluster_v3.Cluster_LeastRequestLbConfig{ SlowStartConfig: slowStartConfig(c.SlowStartConfig), }, } - case envoy_cluster_v3.Cluster_ROUND_ROBIN: - cluster.LbConfig = &envoy_cluster_v3.Cluster_RoundRobinLbConfig_{ - RoundRobinLbConfig: &envoy_cluster_v3.Cluster_RoundRobinLbConfig{ + case envoy_config_cluster_v3.Cluster_ROUND_ROBIN: + cluster.LbConfig = &envoy_config_cluster_v3.Cluster_RoundRobinLbConfig_{ + RoundRobinLbConfig: &envoy_config_cluster_v3.Cluster_RoundRobinLbConfig{ SlowStartConfig: slowStartConfig(c.SlowStartConfig), }, } @@ -146,8 +147,8 @@ func Cluster(c *dag.Cluster) *envoy_cluster_v3.Cluster { return cluster } -// ExtensionCluster builds a envoy_cluster_v3.Cluster struct for the given extension service. -func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_cluster_v3.Cluster { +// ExtensionCluster builds a envoy_config_cluster_v3.Cluster struct for the given extension service. +func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_config_cluster_v3.Cluster { cluster := clusterDefaults() // The Envoy cluster name has already been set. @@ -165,8 +166,8 @@ func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_cluster_v3.Cluster { cluster.LbPolicy = lbPolicy(ext.LoadBalancerPolicy) // Cluster will be discovered via EDS. - cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS) - cluster.EdsClusterConfig = &envoy_cluster_v3.Cluster_EdsClusterConfig{ + cluster.ClusterDiscoveryType = ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS) + cluster.EdsClusterConfig = &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: ext.Upstream.ClusterName, } @@ -198,20 +199,20 @@ func ExtensionCluster(ext *dag.ExtensionCluster) *envoy_cluster_v3.Cluster { return cluster } -// DNSNameCluster builds a envoy_cluster_v3.Cluster for the given *dag.DNSNameCluster. -func DNSNameCluster(c *dag.DNSNameCluster) *envoy_cluster_v3.Cluster { +// DNSNameCluster builds a envoy_config_cluster_v3.Cluster for the given *dag.DNSNameCluster. +func DNSNameCluster(c *dag.DNSNameCluster) *envoy_config_cluster_v3.Cluster { cluster := clusterDefaults() cluster.Name = envoy.DNSNameClusterName(c) cluster.DnsLookupFamily = parseDNSLookupFamily(c.DNSLookupFamily) - clusterType := envoy_cluster_v3.Cluster_STRICT_DNS - if cluster.DnsLookupFamily == envoy_cluster_v3.Cluster_ALL { - clusterType = envoy_cluster_v3.Cluster_LOGICAL_DNS + clusterType := envoy_config_cluster_v3.Cluster_STRICT_DNS + if cluster.DnsLookupFamily == envoy_config_cluster_v3.Cluster_ALL { + clusterType = envoy_config_cluster_v3.Cluster_LOGICAL_DNS } cluster.ClusterDiscoveryType = ClusterDiscoveryType(clusterType) - var transportSocket *envoy_core_v3.TransportSocket + var transportSocket *envoy_config_core_v3.TransportSocket if c.Scheme == "https" { transportSocket = UpstreamTLSTransportSocket(UpstreamTLSContext(c.UpstreamValidation, c.Address, nil, c.UpstreamTLS)) } @@ -222,8 +223,8 @@ func DNSNameCluster(c *dag.DNSNameCluster) *envoy_cluster_v3.Cluster { return cluster } -func edsconfig(cluster string, service *dag.Service) *envoy_cluster_v3.Cluster_EdsClusterConfig { - return &envoy_cluster_v3.Cluster_EdsClusterConfig{ +func edsconfig(cluster string, service *dag.Service) *envoy_config_cluster_v3.Cluster_EdsClusterConfig { + return &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource(cluster), ServiceName: xds.ClusterLoadAssignmentName( types.NamespacedName{Name: service.Weighted.ServiceName, Namespace: service.Weighted.ServiceNamespace}, @@ -232,53 +233,53 @@ func edsconfig(cluster string, service *dag.Service) *envoy_cluster_v3.Cluster_E } } -func lbPolicy(strategy string) envoy_cluster_v3.Cluster_LbPolicy { +func lbPolicy(strategy string) envoy_config_cluster_v3.Cluster_LbPolicy { switch strategy { case dag.LoadBalancerPolicyWeightedLeastRequest: - return envoy_cluster_v3.Cluster_LEAST_REQUEST + return envoy_config_cluster_v3.Cluster_LEAST_REQUEST case dag.LoadBalancerPolicyRandom: - return envoy_cluster_v3.Cluster_RANDOM + return envoy_config_cluster_v3.Cluster_RANDOM case dag.LoadBalancerPolicyCookie, dag.LoadBalancerPolicyRequestHash: - return envoy_cluster_v3.Cluster_RING_HASH + return envoy_config_cluster_v3.Cluster_RING_HASH default: - return envoy_cluster_v3.Cluster_ROUND_ROBIN + return envoy_config_cluster_v3.Cluster_ROUND_ROBIN } } -func edshealthcheck(c *dag.Cluster) []*envoy_core_v3.HealthCheck { +func edshealthcheck(c *dag.Cluster) []*envoy_config_core_v3.HealthCheck { if c.HTTPHealthCheckPolicy == nil && c.TCPHealthCheckPolicy == nil { return nil } if c.HTTPHealthCheckPolicy != nil { - return []*envoy_core_v3.HealthCheck{ + return []*envoy_config_core_v3.HealthCheck{ httpHealthCheck(c), } } - return []*envoy_core_v3.HealthCheck{ + return []*envoy_config_core_v3.HealthCheck{ tcpHealthCheck(c), } } -// ClusterCommonLBConfig creates a *envoy_cluster_v3.Cluster_CommonLbConfig with HealthyPanicThreshold disabled. -func ClusterCommonLBConfig() *envoy_cluster_v3.Cluster_CommonLbConfig { - return &envoy_cluster_v3.Cluster_CommonLbConfig{ - HealthyPanicThreshold: &envoy_type.Percent{ // Disable HealthyPanicThreshold +// ClusterCommonLBConfig creates a *envoy_config_cluster_v3.Cluster_CommonLbConfig with HealthyPanicThreshold disabled. +func ClusterCommonLBConfig() *envoy_config_cluster_v3.Cluster_CommonLbConfig { + return &envoy_config_cluster_v3.Cluster_CommonLbConfig{ + HealthyPanicThreshold: &envoy_type_v3.Percent{ // Disable HealthyPanicThreshold Value: 0, }, } } -// ConfigSource returns a *envoy_core_v3.ConfigSource for cluster. -func ConfigSource(cluster string) *envoy_core_v3.ConfigSource { - return &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{ +// ConfigSource returns a *envoy_config_core_v3.ConfigSource for cluster. +func ConfigSource(cluster string) *envoy_config_core_v3.ConfigSource { + return &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{ GrpcService(cluster, "", timeout.DefaultSetting()), }, }, @@ -287,32 +288,32 @@ func ConfigSource(cluster string) *envoy_core_v3.ConfigSource { } // ClusterDiscoveryType returns the type of a ClusterDiscovery as a Cluster_type. -func ClusterDiscoveryType(t envoy_cluster_v3.Cluster_DiscoveryType) *envoy_cluster_v3.Cluster_Type { - return &envoy_cluster_v3.Cluster_Type{Type: t} +func ClusterDiscoveryType(t envoy_config_cluster_v3.Cluster_DiscoveryType) *envoy_config_cluster_v3.Cluster_Type { + return &envoy_config_cluster_v3.Cluster_Type{Type: t} } // ClusterDiscoveryTypeForAddress returns the type of a ClusterDiscovery as a Cluster_type. // If the provided address is an IP, overrides the type to STATIC, otherwise uses the // passed in type. -func ClusterDiscoveryTypeForAddress(address string, t envoy_cluster_v3.Cluster_DiscoveryType) *envoy_cluster_v3.Cluster_Type { +func ClusterDiscoveryTypeForAddress(address string, t envoy_config_cluster_v3.Cluster_DiscoveryType) *envoy_config_cluster_v3.Cluster_Type { clusterType := t if net.ParseIP(address) != nil { - clusterType = envoy_cluster_v3.Cluster_STATIC + clusterType = envoy_config_cluster_v3.Cluster_STATIC } - return &envoy_cluster_v3.Cluster_Type{Type: clusterType} + return &envoy_config_cluster_v3.Cluster_Type{Type: clusterType} } -// parseDNSLookupFamily parses the dnsLookupFamily string into a envoy_cluster_v3.Cluster_DnsLookupFamily -func parseDNSLookupFamily(value string) envoy_cluster_v3.Cluster_DnsLookupFamily { +// parseDNSLookupFamily parses the dnsLookupFamily string into a envoy_config_cluster_v3.Cluster_DnsLookupFamily +func parseDNSLookupFamily(value string) envoy_config_cluster_v3.Cluster_DnsLookupFamily { switch value { case "v4": - return envoy_cluster_v3.Cluster_V4_ONLY + return envoy_config_cluster_v3.Cluster_V4_ONLY case "v6": - return envoy_cluster_v3.Cluster_V6_ONLY + return envoy_config_cluster_v3.Cluster_V6_ONLY case "all": - return envoy_cluster_v3.Cluster_ALL + return envoy_config_cluster_v3.Cluster_ALL } - return envoy_cluster_v3.Cluster_AUTO + return envoy_config_cluster_v3.Cluster_AUTO } func protocolOptions(explicitHTTPVersion HTTPVersionType, idleConnectionTimeout timeout.Setting, maxRequestsPerConnection *uint32) map[string]*anypb.Any { @@ -321,32 +322,32 @@ func protocolOptions(explicitHTTPVersion HTTPVersionType, idleConnectionTimeout return nil } - options := envoy_extensions_upstream_http_v3.HttpProtocolOptions{} + options := envoy_upstream_http_v3.HttpProtocolOptions{} switch explicitHTTPVersion { // Default protocol version in Envoy is HTTP1.1. case HTTPVersion1, HTTPVersionAuto: - options.UpstreamProtocolOptions = &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{}, + options.UpstreamProtocolOptions = &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{}, }, } case HTTPVersion2: - options.UpstreamProtocolOptions = &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, + options.UpstreamProtocolOptions = &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, }, } case HTTPVersion3: - options.UpstreamProtocolOptions = &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http3ProtocolOptions{}, + options.UpstreamProtocolOptions = &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http3ProtocolOptions{}, }, } } if !idleConnectionTimeout.UseDefault() || maxRequestsPerConnection != nil { - commonHTTPProtocolOptions := &envoy_core_v3.HttpProtocolOptions{} + commonHTTPProtocolOptions := &envoy_config_core_v3.HttpProtocolOptions{} if !idleConnectionTimeout.UseDefault() { commonHTTPProtocolOptions.IdleTimeout = durationpb.New(idleConnectionTimeout.Duration()) @@ -365,14 +366,14 @@ func protocolOptions(explicitHTTPVersion HTTPVersionType, idleConnectionTimeout } // slowStartConfig returns the slow start configuration. -func slowStartConfig(slowStartConfig *dag.SlowStartConfig) *envoy_cluster_v3.Cluster_SlowStartConfig { - return &envoy_cluster_v3.Cluster_SlowStartConfig{ +func slowStartConfig(slowStartConfig *dag.SlowStartConfig) *envoy_config_cluster_v3.Cluster_SlowStartConfig { + return &envoy_config_cluster_v3.Cluster_SlowStartConfig{ SlowStartWindow: durationpb.New(slowStartConfig.Window), - Aggression: &envoy_core_v3.RuntimeDouble{ + Aggression: &envoy_config_core_v3.RuntimeDouble{ DefaultValue: slowStartConfig.Aggression, RuntimeKey: "contour.slowstart.aggression", }, - MinWeightPercent: &envoy_type.Percent{ + MinWeightPercent: &envoy_type_v3.Percent{ Value: float64(slowStartConfig.MinWeightPercent), }, } diff --git a/internal/envoy/v3/cluster_test.go b/internal/envoy/v3/cluster_test.go index 76c3192e4df..db421b658cf 100644 --- a/internal/envoy/v3/cluster_test.go +++ b/internal/envoy/v3/cluster_test.go @@ -17,36 +17,37 @@ import ( "testing" "time" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - envoy_extensions_upstream_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" - envoy_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/envoy" - "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/internal/timeout" - "github.com/projectcontour/contour/internal/xds" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_upstream_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" + envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/stretchr/testify/assert" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/envoy" + "github.com/projectcontour/contour/internal/protobuf" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/internal/timeout" + "github.com/projectcontour/contour/internal/xds" ) func TestCluster(t *testing.T) { - s1 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s1 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 443, @@ -55,14 +56,14 @@ func TestCluster(t *testing.T) { }, } - s2 := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + s2 := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ + Spec: core_v1.ServiceSpec{ ExternalName: "foo.io", - Ports: []v1.ServicePort{{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 443, @@ -71,61 +72,61 @@ func TestCluster(t *testing.T) { }, } - svcExternal := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + svcExternal := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ + Spec: core_v1.ServiceSpec{ ExternalName: "projectcontour.local", - Ports: []v1.ServicePort{{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 443, TargetPort: intstr.FromInt(8080), }}, - Type: v1.ServiceTypeExternalName, + Type: core_v1.ServiceTypeExternalName, }, } secret := &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{dag.CACertificateKey: []byte("cacert")}, }, } clientSecret := &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "clientcertsecret", Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{ - v1.TLSCertKey: []byte("cert"), - v1.TLSPrivateKeyKey: []byte("key"), + core_v1.TLSCertKey: []byte("cert"), + core_v1.TLSPrivateKeyKey: []byte("key"), }, }, } tests := map[string]struct { cluster *dag.Cluster - want *envoy_cluster_v3.Cluster + want *envoy_config_cluster_v3.Cluster }{ "simple service": { cluster: &dag.Cluster{ Upstream: service(s1), }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -136,20 +137,20 @@ func TestCluster(t *testing.T) { Upstream: service(s1, "h2c"), Protocol: "h2c", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/f4f94965ec", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, TypedExtensionProtocolOptions: map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": protobuf.MustMarshalAny( - &envoy_extensions_upstream_http_v3.HttpProtocolOptions{ - UpstreamProtocolOptions: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, + &envoy_upstream_http_v3.HttpProtocolOptions{ + UpstreamProtocolOptions: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, }, }, }), @@ -161,11 +162,11 @@ func TestCluster(t *testing.T) { Upstream: service(s1, "h2"), Protocol: "h2", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/bf1c365741", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -174,10 +175,10 @@ func TestCluster(t *testing.T) { ), TypedExtensionProtocolOptions: map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": protobuf.MustMarshalAny( - &envoy_extensions_upstream_http_v3.HttpProtocolOptions{ - UpstreamProtocolOptions: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, + &envoy_upstream_http_v3.HttpProtocolOptions{ + UpstreamProtocolOptions: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, }, }, }), @@ -188,10 +189,10 @@ func TestCluster(t *testing.T) { cluster: &dag.Cluster{ Upstream: service(s2), }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), }, }, @@ -200,12 +201,12 @@ func TestCluster(t *testing.T) { Upstream: service(s2), DNSLookupFamily: "v4", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), - DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY, + DnsLookupFamily: envoy_config_cluster_v3.Cluster_V4_ONLY, }, }, "externalName service - dns-lookup-family v6": { @@ -213,12 +214,12 @@ func TestCluster(t *testing.T) { Upstream: service(s2), DNSLookupFamily: "v6", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), - DnsLookupFamily: envoy_cluster_v3.Cluster_V6_ONLY, + DnsLookupFamily: envoy_config_cluster_v3.Cluster_V6_ONLY, }, }, "externalName service - dns-lookup-family auto": { @@ -226,12 +227,12 @@ func TestCluster(t *testing.T) { Upstream: service(s2), DNSLookupFamily: "auto", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), - DnsLookupFamily: envoy_cluster_v3.Cluster_AUTO, + DnsLookupFamily: envoy_config_cluster_v3.Cluster_AUTO, }, }, "externalName service - dns-lookup-family all": { @@ -239,12 +240,12 @@ func TestCluster(t *testing.T) { Upstream: service(s2), DNSLookupFamily: "all", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_LOGICAL_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_LOGICAL_DNS), LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), - DnsLookupFamily: envoy_cluster_v3.Cluster_ALL, + DnsLookupFamily: envoy_config_cluster_v3.Cluster_ALL, }, }, "externalName service - dns-lookup-family not defined": { @@ -252,12 +253,12 @@ func TestCluster(t *testing.T) { Upstream: service(s2), // DNSLookupFamily: "auto", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: ExternalNameClusterLoadAssignment(service(s2)), - DnsLookupFamily: envoy_cluster_v3.Cluster_AUTO, + DnsLookupFamily: envoy_config_cluster_v3.Cluster_AUTO, }, }, "tls upstream": { @@ -265,11 +266,11 @@ func TestCluster(t *testing.T) { Upstream: service(s1, "tls"), Protocol: "tls", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/4929fca9d4", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -284,10 +285,10 @@ func TestCluster(t *testing.T) { Protocol: "tls", SNI: "projectcontour.local", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/a996a742af", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), LoadAssignment: ExternalNameClusterLoadAssignment(service(svcExternal, "tls")), TransportSocket: UpstreamTLSTransportSocket( UpstreamTLSContext(nil, "projectcontour.local", nil, nil), @@ -305,11 +306,11 @@ func TestCluster(t *testing.T) { SubjectNames: []string{"foo.bar.io"}, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/62d1f9ad02", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -342,11 +343,11 @@ func TestCluster(t *testing.T) { MaximumProtocolVersion: "1.3", }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/62d1f9ad02", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -381,19 +382,19 @@ func TestCluster(t *testing.T) { }, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(9000), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }, }, @@ -410,19 +411,19 @@ func TestCluster(t *testing.T) { }, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxPendingRequests: wrapperspb.UInt32(4096), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }, }, @@ -439,19 +440,19 @@ func TestCluster(t *testing.T) { }, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxRequests: wrapperspb.UInt32(404), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }, }, @@ -468,19 +469,19 @@ func TestCluster(t *testing.T) { }, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxRetries: wrapperspb.UInt32(7), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }, }, @@ -497,17 +498,17 @@ func TestCluster(t *testing.T) { }, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(45), }}, }, @@ -518,15 +519,15 @@ func TestCluster(t *testing.T) { Upstream: service(s1), LoadBalancerPolicy: "Random", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/58d888c08a", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - LbPolicy: envoy_cluster_v3.Cluster_RANDOM, + LbPolicy: envoy_config_cluster_v3.Cluster_RANDOM, }, }, "cluster with cookie policy": { @@ -534,15 +535,15 @@ func TestCluster(t *testing.T) { Upstream: service(s1), LoadBalancerPolicy: "Cookie", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/e4f81994fe", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - LbPolicy: envoy_cluster_v3.Cluster_RING_HASH, + LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, }, }, @@ -550,11 +551,11 @@ func TestCluster(t *testing.T) { cluster: &dag.Cluster{ Upstream: service(s1), }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -570,22 +571,22 @@ func TestCluster(t *testing.T) { HealthyThreshold: 2, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, IgnoreHealthOnHostRemoval: true, - HealthChecks: []*envoy_core_v3.HealthCheck{{ + HealthChecks: []*envoy_config_core_v3.HealthCheck{{ Timeout: durationOrDefault(2, envoy.HCTimeout), Interval: durationOrDefault(10, envoy.HCInterval), UnhealthyThreshold: protobuf.UInt32OrDefault(3, envoy.HCUnhealthyThreshold), HealthyThreshold: protobuf.UInt32OrDefault(2, envoy.HCHealthyThreshold), - HealthChecker: &envoy_core_v3.HealthCheck_TcpHealthCheck_{ - TcpHealthCheck: &envoy_core_v3.HealthCheck_TcpHealthCheck{}, + HealthChecker: &envoy_config_core_v3.HealthCheck_TcpHealthCheck_{ + TcpHealthCheck: &envoy_config_core_v3.HealthCheck_TcpHealthCheck{}, }, }}, }, @@ -596,11 +597,11 @@ func TestCluster(t *testing.T) { Protocol: "tls", ClientCertificate: clientSecret, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/4929fca9d4", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -614,11 +615,11 @@ func TestCluster(t *testing.T) { Upstream: service(s1), TimeoutPolicy: dag.ClusterTimeoutPolicy{ConnectTimeout: 10 * time.Second}, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -630,23 +631,23 @@ func TestCluster(t *testing.T) { Upstream: service(s1), TimeoutPolicy: dag.ClusterTimeoutPolicy{IdleConnectionTimeout: timeout.DurationSetting(10 * time.Second)}, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/357c84df09", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, TypedExtensionProtocolOptions: map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": protobuf.MustMarshalAny( - &envoy_extensions_upstream_http_v3.HttpProtocolOptions{ - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ + &envoy_upstream_http_v3.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{ IdleTimeout: durationpb.New(10 * time.Second), }, - UpstreamProtocolOptions: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{}, + UpstreamProtocolOptions: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{}, }, }, }, @@ -663,23 +664,23 @@ func TestCluster(t *testing.T) { MinWeightPercent: 10, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/2c8f64025b", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - LbConfig: &envoy_cluster_v3.Cluster_RoundRobinLbConfig_{ - RoundRobinLbConfig: &envoy_cluster_v3.Cluster_RoundRobinLbConfig{ - SlowStartConfig: &envoy_cluster_v3.Cluster_SlowStartConfig{ + LbConfig: &envoy_config_cluster_v3.Cluster_RoundRobinLbConfig_{ + RoundRobinLbConfig: &envoy_config_cluster_v3.Cluster_RoundRobinLbConfig{ + SlowStartConfig: &envoy_config_cluster_v3.Cluster_SlowStartConfig{ SlowStartWindow: durationpb.New(10 * time.Second), - Aggression: &envoy_core_v3.RuntimeDouble{ + Aggression: &envoy_config_core_v3.RuntimeDouble{ DefaultValue: 1.0, RuntimeKey: "contour.slowstart.aggression", }, - MinWeightPercent: &envoy_type.Percent{ + MinWeightPercent: &envoy_type_v3.Percent{ Value: 10.0, }, }, @@ -697,24 +698,24 @@ func TestCluster(t *testing.T) { }, LoadBalancerPolicy: dag.LoadBalancerPolicyWeightedLeastRequest, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/0b01a6912a", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, - LbPolicy: envoy_cluster_v3.Cluster_LEAST_REQUEST, - LbConfig: &envoy_cluster_v3.Cluster_LeastRequestLbConfig_{ - LeastRequestLbConfig: &envoy_cluster_v3.Cluster_LeastRequestLbConfig{ - SlowStartConfig: &envoy_cluster_v3.Cluster_SlowStartConfig{ + LbPolicy: envoy_config_cluster_v3.Cluster_LEAST_REQUEST, + LbConfig: &envoy_config_cluster_v3.Cluster_LeastRequestLbConfig_{ + LeastRequestLbConfig: &envoy_config_cluster_v3.Cluster_LeastRequestLbConfig{ + SlowStartConfig: &envoy_config_cluster_v3.Cluster_SlowStartConfig{ SlowStartWindow: durationpb.New(10 * time.Second), - Aggression: &envoy_core_v3.RuntimeDouble{ + Aggression: &envoy_config_core_v3.RuntimeDouble{ DefaultValue: 1.0, RuntimeKey: "contour.slowstart.aggression", }, - MinWeightPercent: &envoy_type.Percent{ + MinWeightPercent: &envoy_type_v3.Percent{ Value: 10.0, }, }, @@ -727,11 +728,11 @@ func TestCluster(t *testing.T) { Upstream: service(s1), PerConnectionBufferLimitBytes: ref.To(uint32(32768)), }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, @@ -743,23 +744,23 @@ func TestCluster(t *testing.T) { Upstream: service(s1), MaxRequestsPerConnection: ref.To(uint32(1)), }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, TypedExtensionProtocolOptions: map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": protobuf.MustMarshalAny( - &envoy_extensions_upstream_http_v3.HttpProtocolOptions{ - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ + &envoy_upstream_http_v3.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{ MaxRequestsPerConnection: wrapperspb.UInt32(1), }, - UpstreamProtocolOptions: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{}, + UpstreamProtocolOptions: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{}, }, }, }, @@ -775,24 +776,24 @@ func TestCluster(t *testing.T) { IdleConnectionTimeout: timeout.DurationSetting(time.Second * 60), }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/47b66db27a", AltStatName: "default_kuard_443", - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: ConfigSource("contour"), ServiceName: "default/kuard/http", }, TypedExtensionProtocolOptions: map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": protobuf.MustMarshalAny( - &envoy_extensions_upstream_http_v3.HttpProtocolOptions{ - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ + &envoy_upstream_http_v3.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{ MaxRequestsPerConnection: wrapperspb.UInt32(1), IdleTimeout: durationpb.New(60 * time.Second), }, - UpstreamProtocolOptions: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{}, + UpstreamProtocolOptions: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{}, }, }, }, @@ -817,7 +818,7 @@ func TestCluster(t *testing.T) { func TestDNSNameCluster(t *testing.T) { tests := map[string]struct { cluster *dag.DNSNameCluster - want *envoy_cluster_v3.Cluster + want *envoy_config_cluster_v3.Cluster }{ "plain HTTP cluster": { cluster: &dag.DNSNameCluster{ @@ -826,18 +827,18 @@ func TestDNSNameCluster(t *testing.T) { Port: 80, DNSLookupFamily: "auto", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "dnsname/http/foo.projectcontour.io", - DnsLookupFamily: envoy_cluster_v3.Cluster_AUTO, - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + DnsLookupFamily: envoy_config_cluster_v3.Cluster_AUTO, + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/http/foo.projectcontour.io", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ Address: SocketAddress("foo.projectcontour.io", 80), }, }, @@ -855,18 +856,18 @@ func TestDNSNameCluster(t *testing.T) { Port: 80, DNSLookupFamily: "v4", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "dnsname/http/foo.projectcontour.io", - DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY, - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + DnsLookupFamily: envoy_config_cluster_v3.Cluster_V4_ONLY, + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/http/foo.projectcontour.io", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ Address: SocketAddress("foo.projectcontour.io", 80), }, }, @@ -884,18 +885,18 @@ func TestDNSNameCluster(t *testing.T) { Port: 80, DNSLookupFamily: "all", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "dnsname/http/foo.projectcontour.io", - DnsLookupFamily: envoy_cluster_v3.Cluster_ALL, - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_LOGICAL_DNS), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + DnsLookupFamily: envoy_config_cluster_v3.Cluster_ALL, + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_LOGICAL_DNS), + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/http/foo.projectcontour.io", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ Address: SocketAddress("foo.projectcontour.io", 80), }, }, @@ -913,18 +914,18 @@ func TestDNSNameCluster(t *testing.T) { Port: 443, DNSLookupFamily: "auto", }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "dnsname/https/foo.projectcontour.io", - DnsLookupFamily: envoy_cluster_v3.Cluster_AUTO, - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + DnsLookupFamily: envoy_config_cluster_v3.Cluster_AUTO, + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/https/foo.projectcontour.io", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ Address: SocketAddress("foo.projectcontour.io", 443), }, }, @@ -945,7 +946,7 @@ func TestDNSNameCluster(t *testing.T) { UpstreamValidation: &dag.PeerValidationContext{ CACertificates: []*dag.Secret{ { - Object: &v1.Secret{ + Object: &core_v1.Secret{ Data: map[string][]byte{ "ca.crt": []byte("ca-cert"), }, @@ -955,18 +956,18 @@ func TestDNSNameCluster(t *testing.T) { SubjectNames: []string{"foo.projectcontour.io"}, }, }, - want: &envoy_cluster_v3.Cluster{ + want: &envoy_config_cluster_v3.Cluster{ Name: "dnsname/https/foo.projectcontour.io", - DnsLookupFamily: envoy_cluster_v3.Cluster_AUTO, - ClusterDiscoveryType: ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + DnsLookupFamily: envoy_config_cluster_v3.Cluster_AUTO, + ClusterDiscoveryType: ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/https/foo.projectcontour.io", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ Address: SocketAddress("foo.projectcontour.io", 443), }, }, @@ -978,7 +979,7 @@ func TestDNSNameCluster(t *testing.T) { TransportSocket: UpstreamTLSTransportSocket(UpstreamTLSContext(&dag.PeerValidationContext{ CACertificates: []*dag.Secret{ { - Object: &v1.Secret{ + Object: &core_v1.Secret{ Data: map[string][]byte{ "ca.crt": []byte("ca-cert"), }, @@ -1031,7 +1032,7 @@ func TestClustername(t *testing.T) { Weight: 1, ServiceName: "backend", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, @@ -1050,7 +1051,7 @@ func TestClustername(t *testing.T) { Weight: 1, ServiceName: "must-be-in-want-of-a-wife", ServiceNamespace: "it-is-a-truth-universally-acknowledged-that-a-single-man-in-possession-of-a-good-fortune", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 9999, @@ -1069,7 +1070,7 @@ func TestClustername(t *testing.T) { Weight: 1, ServiceName: "backend", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, @@ -1095,7 +1096,7 @@ func TestClustername(t *testing.T) { Weight: 1, ServiceName: "backend", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, @@ -1107,8 +1108,8 @@ func TestClustername(t *testing.T) { UpstreamValidation: &dag.PeerValidationContext{ CACertificates: []*dag.Secret{ { - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, @@ -1141,19 +1142,19 @@ func TestClustername(t *testing.T) { } func TestLBPolicy(t *testing.T) { - tests := map[string]envoy_cluster_v3.Cluster_LbPolicy{ - "WeightedLeastRequest": envoy_cluster_v3.Cluster_LEAST_REQUEST, - "Random": envoy_cluster_v3.Cluster_RANDOM, - "RoundRobin": envoy_cluster_v3.Cluster_ROUND_ROBIN, - "": envoy_cluster_v3.Cluster_ROUND_ROBIN, - "unknown": envoy_cluster_v3.Cluster_ROUND_ROBIN, - "Cookie": envoy_cluster_v3.Cluster_RING_HASH, - "RequestHash": envoy_cluster_v3.Cluster_RING_HASH, + tests := map[string]envoy_config_cluster_v3.Cluster_LbPolicy{ + "WeightedLeastRequest": envoy_config_cluster_v3.Cluster_LEAST_REQUEST, + "Random": envoy_config_cluster_v3.Cluster_RANDOM, + "RoundRobin": envoy_config_cluster_v3.Cluster_ROUND_ROBIN, + "": envoy_config_cluster_v3.Cluster_ROUND_ROBIN, + "unknown": envoy_config_cluster_v3.Cluster_ROUND_ROBIN, + "Cookie": envoy_config_cluster_v3.Cluster_RING_HASH, + "RequestHash": envoy_config_cluster_v3.Cluster_RING_HASH, // RingHash and Maglev were removed as options in 0.13. // See #1150 - "RingHash": envoy_cluster_v3.Cluster_ROUND_ROBIN, - "Maglev": envoy_cluster_v3.Cluster_ROUND_ROBIN, + "RingHash": envoy_config_cluster_v3.Cluster_ROUND_ROBIN, + "Maglev": envoy_config_cluster_v3.Cluster_ROUND_ROBIN, } for policy, want := range tests { @@ -1166,15 +1167,15 @@ func TestLBPolicy(t *testing.T) { func TestClusterCommonLBConfig(t *testing.T) { got := ClusterCommonLBConfig() - want := &envoy_cluster_v3.Cluster_CommonLbConfig{ - HealthyPanicThreshold: &envoy_type.Percent{ // Disable HealthyPanicThreshold + want := &envoy_config_cluster_v3.Cluster_CommonLbConfig{ + HealthyPanicThreshold: &envoy_type_v3.Percent{ // Disable HealthyPanicThreshold Value: 0, }, } assert.Equal(t, want, got) } -func service(s *v1.Service, protocols ...string) *dag.Service { +func service(s *core_v1.Service, protocols ...string) *dag.Service { protocol := "" if len(protocols) > 0 { protocol = protocols[0] diff --git a/internal/envoy/v3/endpoint.go b/internal/envoy/v3/endpoint.go index 476997460d4..823a36204bd 100644 --- a/internal/envoy/v3/endpoint.go +++ b/internal/envoy/v3/endpoint.go @@ -14,68 +14,69 @@ package v3 import ( - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/xds" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" "google.golang.org/protobuf/types/known/wrapperspb" "k8s.io/apimachinery/pkg/types" + + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/xds" ) // LBEndpoint creates a new LbEndpoint. -func LBEndpoint(addr *envoy_core_v3.Address) *envoy_endpoint_v3.LbEndpoint { - return &envoy_endpoint_v3.LbEndpoint{ - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ +func LBEndpoint(addr *envoy_config_core_v3.Address) *envoy_config_endpoint_v3.LbEndpoint { + return &envoy_config_endpoint_v3.LbEndpoint{ + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ Address: addr, }, }, } } -// HealthCheckConfig returns an *envoy_endpoint_v3.Endpoint_HealthCheckConfig with a single -func HealthCheckConfig(healthCheckPort int32) *envoy_endpoint_v3.Endpoint_HealthCheckConfig { +// HealthCheckConfig returns an *envoy_config_endpoint_v3.Endpoint_HealthCheckConfig with a single +func HealthCheckConfig(healthCheckPort int32) *envoy_config_endpoint_v3.Endpoint_HealthCheckConfig { if healthCheckPort == 0 { return nil } - return &envoy_endpoint_v3.Endpoint_HealthCheckConfig{ + return &envoy_config_endpoint_v3.Endpoint_HealthCheckConfig{ PortValue: uint32(healthCheckPort), } } // Endpoints returns a slice of LocalityLbEndpoints. // The slice contains one entry, with one LbEndpoint per -// *envoy_core_v3.Address supplied. -func Endpoints(addrs ...*envoy_core_v3.Address) []*envoy_endpoint_v3.LocalityLbEndpoints { - lbendpoints := make([]*envoy_endpoint_v3.LbEndpoint, 0, len(addrs)) +// *envoy_config_core_v3.Address supplied. +func Endpoints(addrs ...*envoy_config_core_v3.Address) []*envoy_config_endpoint_v3.LocalityLbEndpoints { + lbendpoints := make([]*envoy_config_endpoint_v3.LbEndpoint, 0, len(addrs)) for _, addr := range addrs { lbendpoints = append(lbendpoints, LBEndpoint(addr)) } - return []*envoy_endpoint_v3.LocalityLbEndpoints{{ + return []*envoy_config_endpoint_v3.LocalityLbEndpoints{{ LbEndpoints: lbendpoints, }} } -func WeightedEndpoints(weight uint32, addrs ...*envoy_core_v3.Address) []*envoy_endpoint_v3.LocalityLbEndpoints { +func WeightedEndpoints(weight uint32, addrs ...*envoy_config_core_v3.Address) []*envoy_config_endpoint_v3.LocalityLbEndpoints { lbendpoints := Endpoints(addrs...) lbendpoints[0].LoadBalancingWeight = wrapperspb.UInt32(weight) return lbendpoints } -// ClusterLoadAssignment returns a *envoy_endpoint_v3.ClusterLoadAssignment with a single +// ClusterLoadAssignment returns a *envoy_config_endpoint_v3.ClusterLoadAssignment with a single // LocalityLbEndpoints of the supplied addresses. -func ClusterLoadAssignment(name string, addrs ...*envoy_core_v3.Address) *envoy_endpoint_v3.ClusterLoadAssignment { +func ClusterLoadAssignment(name string, addrs ...*envoy_config_core_v3.Address) *envoy_config_endpoint_v3.ClusterLoadAssignment { if len(addrs) == 0 { - return &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: name} + return &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: name} } - return &envoy_endpoint_v3.ClusterLoadAssignment{ + return &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: name, Endpoints: Endpoints(addrs...), } } -// ExternalNameClusterLoadAssignment creates a *envoy_endpoint_v3.ClusterLoadAssignment pointing to service's ExternalName DNS address. -func ExternalNameClusterLoadAssignment(service *dag.Service) *envoy_endpoint_v3.ClusterLoadAssignment { +// ExternalNameClusterLoadAssignment creates a *envoy_config_endpoint_v3.ClusterLoadAssignment pointing to service's ExternalName DNS address. +func ExternalNameClusterLoadAssignment(service *dag.Service) *envoy_config_endpoint_v3.ClusterLoadAssignment { return ClusterLoadAssignment( xds.ClusterLoadAssignmentName( types.NamespacedName{Name: service.Weighted.ServiceName, Namespace: service.Weighted.ServiceNamespace}, diff --git a/internal/envoy/v3/endpoint_test.go b/internal/envoy/v3/endpoint_test.go index 50b7db03e1f..a1de3f2598a 100644 --- a/internal/envoy/v3/endpoint_test.go +++ b/internal/envoy/v3/endpoint_test.go @@ -16,16 +16,17 @@ package v3 import ( "testing" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - "github.com/projectcontour/contour/internal/protobuf" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" "github.com/stretchr/testify/require" + + "github.com/projectcontour/contour/internal/protobuf" ) func TestLBEndpoint(t *testing.T) { got := LBEndpoint(SocketAddress("microsoft.com", 81)) - want := &envoy_endpoint_v3.LbEndpoint{ - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ + want := &envoy_config_endpoint_v3.LbEndpoint{ + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ Address: SocketAddress("microsoft.com", 81), }, }, @@ -35,7 +36,7 @@ func TestLBEndpoint(t *testing.T) { func TestHealthCheckConfig(t *testing.T) { got := HealthCheckConfig(8998) - want := &envoy_endpoint_v3.Endpoint_HealthCheckConfig{ + want := &envoy_config_endpoint_v3.Endpoint_HealthCheckConfig{ PortValue: uint32(8998), } protobuf.ExpectEqual(t, want, got) @@ -48,16 +49,16 @@ func TestEndpoints(t *testing.T) { SocketAddress("github.com", 443), SocketAddress("microsoft.com", 80), ) - want := []*envoy_endpoint_v3.LocalityLbEndpoints{{ - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{{ - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ + want := []*envoy_config_endpoint_v3.LocalityLbEndpoints{{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{{ + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ Address: SocketAddress("github.com", 443), }, }, }, { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ Address: SocketAddress("microsoft.com", 80), }, }, @@ -68,14 +69,14 @@ func TestEndpoints(t *testing.T) { func TestClusterLoadAssignment(t *testing.T) { got := ClusterLoadAssignment("empty") - want := &envoy_endpoint_v3.ClusterLoadAssignment{ + want := &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "empty", } protobuf.RequireEqual(t, want, got) got = ClusterLoadAssignment("one addr", SocketAddress("microsoft.com", 81)) - want = &envoy_endpoint_v3.ClusterLoadAssignment{ + want = &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "one addr", Endpoints: Endpoints(SocketAddress("microsoft.com", 81)), } @@ -86,7 +87,7 @@ func TestClusterLoadAssignment(t *testing.T) { SocketAddress("microsoft.com", 81), SocketAddress("github.com", 443), ) - want = &envoy_endpoint_v3.ClusterLoadAssignment{ + want = &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "two addrs", Endpoints: Endpoints( SocketAddress("microsoft.com", 81), diff --git a/internal/envoy/v3/healthcheck.go b/internal/envoy/v3/healthcheck.go index d2f0f9e305b..c74e9e48eac 100644 --- a/internal/envoy/v3/healthcheck.go +++ b/internal/envoy/v3/healthcheck.go @@ -16,29 +16,30 @@ package v3 import ( "time" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - typev3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" + "google.golang.org/protobuf/types/known/durationpb" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" - "google.golang.org/protobuf/types/known/durationpb" ) -// httpHealthCheck returns a *envoy_core_v3.HealthCheck value for HTTP Routes -func httpHealthCheck(cluster *dag.Cluster) *envoy_core_v3.HealthCheck { +// httpHealthCheck returns a *envoy_config_core_v3.HealthCheck value for HTTP Routes +func httpHealthCheck(cluster *dag.Cluster) *envoy_config_core_v3.HealthCheck { hc := cluster.HTTPHealthCheckPolicy host := envoy.HCHost if hc.Host != "" { host = hc.Host } - return &envoy_core_v3.HealthCheck{ + return &envoy_config_core_v3.HealthCheck{ Timeout: durationOrDefault(hc.Timeout, envoy.HCTimeout), Interval: durationOrDefault(hc.Interval, envoy.HCInterval), UnhealthyThreshold: protobuf.UInt32OrDefault(hc.UnhealthyThreshold, envoy.HCUnhealthyThreshold), HealthyThreshold: protobuf.UInt32OrDefault(hc.HealthyThreshold, envoy.HCHealthyThreshold), - HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ Path: hc.Path, Host: host, CodecClientType: codecClientType(cluster), @@ -48,15 +49,15 @@ func httpHealthCheck(cluster *dag.Cluster) *envoy_core_v3.HealthCheck { } } -func expectedStatuses(statusRanges []dag.HTTPStatusRange) []*typev3.Int64Range { +func expectedStatuses(statusRanges []dag.HTTPStatusRange) []*envoy_type_v3.Int64Range { if len(statusRanges) == 0 { return nil } - var res []*typev3.Int64Range + var res []*envoy_type_v3.Int64Range for _, statusRange := range statusRanges { - res = append(res, &typev3.Int64Range{ + res = append(res, &envoy_type_v3.Int64Range{ Start: statusRange.Start, End: statusRange.End, }) @@ -65,17 +66,17 @@ func expectedStatuses(statusRanges []dag.HTTPStatusRange) []*typev3.Int64Range { return res } -// tcpHealthCheck returns a *envoy_core_v3.HealthCheck value for TCPProxies -func tcpHealthCheck(cluster *dag.Cluster) *envoy_core_v3.HealthCheck { +// tcpHealthCheck returns a *envoy_config_core_v3.HealthCheck value for TCPProxies +func tcpHealthCheck(cluster *dag.Cluster) *envoy_config_core_v3.HealthCheck { hc := cluster.TCPHealthCheckPolicy - return &envoy_core_v3.HealthCheck{ + return &envoy_config_core_v3.HealthCheck{ Timeout: durationOrDefault(hc.Timeout, envoy.HCTimeout), Interval: durationOrDefault(hc.Interval, envoy.HCInterval), UnhealthyThreshold: protobuf.UInt32OrDefault(hc.UnhealthyThreshold, envoy.HCUnhealthyThreshold), HealthyThreshold: protobuf.UInt32OrDefault(hc.HealthyThreshold, envoy.HCHealthyThreshold), - HealthChecker: &envoy_core_v3.HealthCheck_TcpHealthCheck_{ - TcpHealthCheck: &envoy_core_v3.HealthCheck_TcpHealthCheck{}, + HealthChecker: &envoy_config_core_v3.HealthCheck_TcpHealthCheck_{ + TcpHealthCheck: &envoy_config_core_v3.HealthCheck_TcpHealthCheck{}, }, } } @@ -87,9 +88,9 @@ func durationOrDefault(d, def time.Duration) *durationpb.Duration { return durationpb.New(def) } -func codecClientType(cluster *dag.Cluster) typev3.CodecClientType { +func codecClientType(cluster *dag.Cluster) envoy_type_v3.CodecClientType { if cluster.Protocol == "h2" || cluster.Protocol == "h2c" { - return typev3.CodecClientType_HTTP2 + return envoy_type_v3.CodecClientType_HTTP2 } - return typev3.CodecClientType_HTTP1 + return envoy_type_v3.CodecClientType_HTTP1 } diff --git a/internal/envoy/v3/healthcheck_test.go b/internal/envoy/v3/healthcheck_test.go index 7154a2d7f95..d9bfda543c8 100644 --- a/internal/envoy/v3/healthcheck_test.go +++ b/internal/envoy/v3/healthcheck_test.go @@ -17,19 +17,20 @@ import ( "testing" "time" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - typev3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" + "google.golang.org/protobuf/types/known/durationpb" + "google.golang.org/protobuf/types/known/wrapperspb" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" - "google.golang.org/protobuf/types/known/durationpb" - "google.golang.org/protobuf/types/known/wrapperspb" ) func TestHealthCheck(t *testing.T) { tests := map[string]struct { cluster *dag.Cluster - want *envoy_core_v3.HealthCheck + want *envoy_config_core_v3.HealthCheck }{ // this is an odd case because contour.edshealthcheck will not call envoy.HealthCheck // when hc is nil, so if hc is not nil, at least one of the parameters on it must be set. @@ -37,13 +38,13 @@ func TestHealthCheck(t *testing.T) { cluster: &dag.Cluster{ HTTPHealthCheckPolicy: new(dag.HTTPHealthCheckPolicy), }, - want: &envoy_core_v3.HealthCheck{ + want: &envoy_config_core_v3.HealthCheck{ Timeout: durationpb.New(envoy.HCTimeout), Interval: durationpb.New(envoy.HCInterval), UnhealthyThreshold: wrapperspb.UInt32(3), HealthyThreshold: wrapperspb.UInt32(2), - HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ // TODO(dfc) this doesn't seem right Host: "contour-envoy-healthcheck", }, @@ -56,13 +57,13 @@ func TestHealthCheck(t *testing.T) { Path: "/healthy", }, }, - want: &envoy_core_v3.HealthCheck{ + want: &envoy_config_core_v3.HealthCheck{ Timeout: durationpb.New(envoy.HCTimeout), Interval: durationpb.New(envoy.HCInterval), UnhealthyThreshold: wrapperspb.UInt32(3), HealthyThreshold: wrapperspb.UInt32(2), - HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ Path: "/healthy", Host: "contour-envoy-healthcheck", }, @@ -80,13 +81,13 @@ func TestHealthCheck(t *testing.T) { HealthyThreshold: 96, }, }, - want: &envoy_core_v3.HealthCheck{ + want: &envoy_config_core_v3.HealthCheck{ Timeout: durationpb.New(99 * time.Second), Interval: durationpb.New(98 * time.Second), UnhealthyThreshold: wrapperspb.UInt32(97), HealthyThreshold: wrapperspb.UInt32(96), - HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ Path: "/healthy", Host: "foo-bar-host", }, @@ -98,15 +99,15 @@ func TestHealthCheck(t *testing.T) { Protocol: "h2", HTTPHealthCheckPolicy: new(dag.HTTPHealthCheckPolicy), }, - want: &envoy_core_v3.HealthCheck{ + want: &envoy_config_core_v3.HealthCheck{ Timeout: durationpb.New(envoy.HCTimeout), Interval: durationpb.New(envoy.HCInterval), UnhealthyThreshold: wrapperspb.UInt32(3), HealthyThreshold: wrapperspb.UInt32(2), - HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ Host: "contour-envoy-healthcheck", - CodecClientType: typev3.CodecClientType_HTTP2, + CodecClientType: envoy_type_v3.CodecClientType_HTTP2, }, }, }, @@ -116,15 +117,15 @@ func TestHealthCheck(t *testing.T) { Protocol: "h2c", HTTPHealthCheckPolicy: new(dag.HTTPHealthCheckPolicy), }, - want: &envoy_core_v3.HealthCheck{ + want: &envoy_config_core_v3.HealthCheck{ Timeout: durationpb.New(envoy.HCTimeout), Interval: durationpb.New(envoy.HCInterval), UnhealthyThreshold: wrapperspb.UInt32(3), HealthyThreshold: wrapperspb.UInt32(2), - HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ Host: "contour-envoy-healthcheck", - CodecClientType: typev3.CodecClientType_HTTP2, + CodecClientType: envoy_type_v3.CodecClientType_HTTP2, }, }, }, diff --git a/internal/envoy/v3/listener.go b/internal/envoy/v3/listener.go index ddcecd7c75f..5d1f2c233ce 100644 --- a/internal/envoy/v3/listener.go +++ b/internal/envoy/v3/listener.go @@ -20,44 +20,45 @@ import ( "strings" "time" - accesslog "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_gzip_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/compressor/v3" - envoy_compressor_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/compressor/v3" - envoy_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" - envoy_config_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" - envoy_config_filter_http_grpc_stats_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3" - envoy_grpc_web_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_web/v3" - envoy_jwt_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" - envoy_config_filter_http_local_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" - lua "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" - envoy_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" - envoy_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" - envoy_proxy_protocol_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/proxy_protocol/v3" - envoy_tls_inspector_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - tcp "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - envoy_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" + envoy_config_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_compression_gzip_compressor_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/compressor/v3" + envoy_filter_http_compressor_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/compressor/v3" + envoy_filter_http_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" + envoy_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" + envoy_filter_http_grpc_stats_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3" + envoy_filter_http_grpc_web_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_web/v3" + envoy_filter_http_jwt_authn_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" + envoy_filter_http_local_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" + envoy_filter_http_lua_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" + envoy_filter_http_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" + envoy_filter_http_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" + envoy_filter_listener_proxy_protocol_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/proxy_protocol/v3" + envoy_filter_listener_tls_inspector_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_filter_network_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "google.golang.org/protobuf/types/known/durationpb" + "google.golang.org/protobuf/types/known/wrapperspb" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" "github.com/projectcontour/contour/internal/timeout" - "google.golang.org/protobuf/types/known/durationpb" - "google.golang.org/protobuf/types/known/wrapperspb" ) -type HTTPVersionType = http.HttpConnectionManager_CodecType +type HTTPVersionType = envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_CodecType const ( - HTTPVersionAuto HTTPVersionType = http.HttpConnectionManager_AUTO - HTTPVersion1 HTTPVersionType = http.HttpConnectionManager_HTTP1 - HTTPVersion2 HTTPVersionType = http.HttpConnectionManager_HTTP2 - HTTPVersion3 HTTPVersionType = http.HttpConnectionManager_HTTP3 + HTTPVersionAuto HTTPVersionType = envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_AUTO + HTTPVersion1 HTTPVersionType = envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_HTTP1 + HTTPVersion2 HTTPVersionType = envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_HTTP2 + HTTPVersion3 HTTPVersionType = envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_HTTP3 ) // ProtoNamesForVersions returns the slice of ALPN protocol names for the give HTTP versions. @@ -110,28 +111,28 @@ func CodecForVersions(versions ...HTTPVersionType) HTTPVersionType { } // TLSInspector returns a new TLS inspector listener filter. -func TLSInspector() *envoy_listener_v3.ListenerFilter { - return &envoy_listener_v3.ListenerFilter{ +func TLSInspector() *envoy_config_listener_v3.ListenerFilter { + return &envoy_config_listener_v3.ListenerFilter{ Name: wellknown.TlsInspector, - ConfigType: &envoy_listener_v3.ListenerFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tls_inspector_v3.TlsInspector{}), + ConfigType: &envoy_config_listener_v3.ListenerFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_listener_tls_inspector_v3.TlsInspector{}), }, } } // ProxyProtocol returns a new Proxy Protocol listener filter. -func ProxyProtocol() *envoy_listener_v3.ListenerFilter { - return &envoy_listener_v3.ListenerFilter{ +func ProxyProtocol() *envoy_config_listener_v3.ListenerFilter { + return &envoy_config_listener_v3.ListenerFilter{ Name: wellknown.ProxyProtocol, - ConfigType: &envoy_listener_v3.ListenerFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_proxy_protocol_v3.ProxyProtocol{}), + ConfigType: &envoy_config_listener_v3.ListenerFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_listener_proxy_protocol_v3.ProxyProtocol{}), }, } } -// Listener returns a new envoy_listener_v3.Listener for the supplied address, port, and filters. -func Listener(name, address string, port int, perConnectionBufferLimitBytes *uint32, so *SocketOptions, lf []*envoy_listener_v3.ListenerFilter, filters ...*envoy_listener_v3.Filter) *envoy_listener_v3.Listener { - l := &envoy_listener_v3.Listener{ +// Listener returns a new envoy_config_listener_v3.Listener for the supplied address, port, and filters. +func Listener(name, address string, port int, perConnectionBufferLimitBytes *uint32, so *SocketOptions, lf []*envoy_config_listener_v3.ListenerFilter, filters ...*envoy_config_listener_v3.Filter) *envoy_config_listener_v3.Listener { + l := &envoy_config_listener_v3.Listener{ Name: name, Address: SocketAddress(address, port), ListenerFilters: lf, @@ -145,7 +146,7 @@ func Listener(name, address string, port int, perConnectionBufferLimitBytes *uin if len(filters) > 0 { l.FilterChains = append( l.FilterChains, - &envoy_listener_v3.FilterChain{ + &envoy_config_listener_v3.FilterChain{ Filters: filters, }, ) @@ -169,21 +170,21 @@ const ( type httpConnectionManagerBuilder struct { routeConfigName string metricsPrefix string - accessLoggers []*accesslog.AccessLog + accessLoggers []*envoy_config_accesslog_v3.AccessLog requestTimeout timeout.Setting connectionIdleTimeout timeout.Setting streamIdleTimeout timeout.Setting delayedCloseTimeout timeout.Setting maxConnectionDuration timeout.Setting connectionShutdownGracePeriod timeout.Setting - filters []*http.HttpFilter + filters []*envoy_filter_network_http_connection_manager_v3.HttpFilter codec HTTPVersionType // Note the zero value is AUTO, which is the default we want. allowChunkedLength bool mergeSlashes bool - serverHeaderTransformation http.HttpConnectionManager_ServerHeaderTransformation + serverHeaderTransformation envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_ServerHeaderTransformation forwardClientCertificate *dag.ClientCertificateDetails numTrustedHops uint32 - tracingConfig *http.HttpConnectionManager_Tracing + tracingConfig *envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Tracing maxRequestsPerConnection *uint32 http2MaxConcurrentStreams *uint32 enableWebsockets bool @@ -218,7 +219,7 @@ func (b *httpConnectionManagerBuilder) Codec(codecType HTTPVersionType) *httpCon } // AccessLoggers sets the access logging configuration. -func (b *httpConnectionManagerBuilder) AccessLoggers(loggers []*accesslog.AccessLog) *httpConnectionManagerBuilder { +func (b *httpConnectionManagerBuilder) AccessLoggers(loggers []*envoy_config_accesslog_v3.AccessLog) *httpConnectionManagerBuilder { b.accessLoggers = loggers return b } @@ -270,14 +271,14 @@ func (b *httpConnectionManagerBuilder) MergeSlashes(enabled bool) *httpConnectio return b } -func (b *httpConnectionManagerBuilder) ServerHeaderTransformation(value contour_api_v1alpha1.ServerHeaderTransformationType) *httpConnectionManagerBuilder { +func (b *httpConnectionManagerBuilder) ServerHeaderTransformation(value contour_v1alpha1.ServerHeaderTransformationType) *httpConnectionManagerBuilder { switch value { - case contour_api_v1alpha1.OverwriteServerHeader: - b.serverHeaderTransformation = http.HttpConnectionManager_OVERWRITE - case contour_api_v1alpha1.AppendIfAbsentServerHeader: - b.serverHeaderTransformation = http.HttpConnectionManager_APPEND_IF_ABSENT - case contour_api_v1alpha1.PassThroughServerHeader: - b.serverHeaderTransformation = http.HttpConnectionManager_PASS_THROUGH + case contour_v1alpha1.OverwriteServerHeader: + b.serverHeaderTransformation = envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_OVERWRITE + case contour_v1alpha1.AppendIfAbsentServerHeader: + b.serverHeaderTransformation = envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_APPEND_IF_ABSENT + case contour_v1alpha1.PassThroughServerHeader: + b.serverHeaderTransformation = envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_PASS_THROUGH } return b } @@ -308,18 +309,18 @@ func (b *httpConnectionManagerBuilder) DefaultFilters() *httpConnectionManagerBu // The names are not required to match anything and are // identified by the TypeURL of each filter. b.filters = append(b.filters, - &http.HttpFilter{ + &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: CompressorFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_compressor_v3.Compressor{ - CompressorLibrary: &envoy_core_v3.TypedExtensionConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_compressor_v3.Compressor{ + CompressorLibrary: &envoy_config_core_v3.TypedExtensionConfig{ Name: "gzip", TypedConfig: protobuf.MustMarshalAny( - &envoy_gzip_v3.Gzip{}, + &envoy_compression_gzip_compressor_v3.Gzip{}, ), }, - ResponseDirectionConfig: &envoy_compressor_v3.Compressor_ResponseDirectionConfig{ - CommonConfig: &envoy_compressor_v3.Compressor_CommonDirectionConfig{ + ResponseDirectionConfig: &envoy_filter_http_compressor_v3.Compressor_ResponseDirectionConfig{ + CommonConfig: &envoy_filter_http_compressor_v3.Compressor_CommonDirectionConfig{ ContentType: []string{ // Default content-types https://github.com/envoyproxy/envoy/blob/e74999dbdb12aa4d6b7a5d62d51731ea86bf72be/source/extensions/filters/http/compressor/compressor_filter.cc#L35-L38 "text/html", "text/plain", "text/css", "application/javascript", "application/x-javascript", @@ -335,34 +336,34 @@ func (b *httpConnectionManagerBuilder) DefaultFilters() *httpConnectionManagerBu }), }, }, - &http.HttpFilter{ + &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: GRPCWebFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_grpc_web_v3.GrpcWeb{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_grpc_web_v3.GrpcWeb{}), }, }, - &http.HttpFilter{ + &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: GRPCStatsFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny( - &envoy_config_filter_http_grpc_stats_v3.FilterConfig{ + &envoy_filter_http_grpc_stats_v3.FilterConfig{ EmitFilterState: true, EnableUpstreamStats: true, }, ), }, }, - &http.HttpFilter{ + &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: CORSFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_cors_v3.Cors{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_cors_v3.Cors{}), }, }, - &http.HttpFilter{ + &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: LocalRateLimitFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny( - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "http", // since no token bucket is defined here, the filter is disabled // globally but can be enabled on a per-vhost/route basis. @@ -370,28 +371,28 @@ func (b *httpConnectionManagerBuilder) DefaultFilters() *httpConnectionManagerBu ), }, }, - &http.HttpFilter{ + &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: LuaFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&lua.Lua{ - DefaultSourceCode: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineString{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_lua_v3.Lua{ + DefaultSourceCode: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineString{ InlineString: "-- Placeholder for per-Route or per-Cluster overrides.", }, }, }), }, }, - &http.HttpFilter{ + &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: RBACFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_rbac_v3.RBAC{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_rbac_v3.RBAC{}), }, }, - &http.HttpFilter{ + &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: "router", - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, }, ) @@ -405,7 +406,7 @@ func (b *httpConnectionManagerBuilder) DefaultFilters() *httpConnectionManagerBu // are specially treated. There may only be one of these filters, and it must be the last. // AddFilter will ensure that the router filter, if present, is last, and will panic // if a second Router is added when one is already present. -func (b *httpConnectionManagerBuilder) AddFilter(f *http.HttpFilter) *httpConnectionManagerBuilder { +func (b *httpConnectionManagerBuilder) AddFilter(f *envoy_filter_network_http_connection_manager_v3.HttpFilter) *httpConnectionManagerBuilder { if f == nil { return b } @@ -419,7 +420,7 @@ func (b *httpConnectionManagerBuilder) AddFilter(f *http.HttpFilter) *httpConnec lastIndex := len(b.filters) - 1 routerIndex := -1 for i, filter := range b.filters { - if filter.GetTypedConfig().MessageIs(&envoy_router_v3.Router{}) { + if filter.GetTypedConfig().MessageIs(&envoy_filter_http_router_v3.Router{}) { routerIndex = i break } @@ -430,7 +431,7 @@ func (b *httpConnectionManagerBuilder) AddFilter(f *http.HttpFilter) *httpConnec // If this happens, it has to be programmer error, so we panic to tell them // it needs to be fixed. Note that in hitting this case, it doesn't matter we added // the second one earlier, because we're panicking anyway. - if f.GetTypedConfig().MessageIs(&envoy_router_v3.Router{}) && routerIndex != lastIndex { + if f.GetTypedConfig().MessageIs(&envoy_filter_http_router_v3.Router{}) && routerIndex != lastIndex { panic("Can't add more than one router to a filter chain") } if routerIndex != lastIndex { @@ -444,7 +445,7 @@ func (b *httpConnectionManagerBuilder) AddFilter(f *http.HttpFilter) *httpConnec return b } -func (b *httpConnectionManagerBuilder) Tracing(tracing *http.HttpConnectionManager_Tracing) *httpConnectionManagerBuilder { +func (b *httpConnectionManagerBuilder) Tracing(tracing *envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Tracing) *httpConnectionManagerBuilder { if tracing == nil { return b } @@ -465,18 +466,18 @@ func (b *httpConnectionManagerBuilder) Validate() error { // with typeUrl `type.googleapis.com/envoy.extensions.filters.http.router.v3.Router`, // which in this case is the one of type Router. lastIndex := len(b.filters) - 1 - if !b.filters[lastIndex].GetTypedConfig().MessageIs(&envoy_router_v3.Router{}) { + if !b.filters[lastIndex].GetTypedConfig().MessageIs(&envoy_filter_http_router_v3.Router{}) { return errors.New("last filter is not a Router filter") } return nil } -// Get returns a new http.HttpConnectionManager filter, constructed +// Get returns a new envoy_filter_network_http_connection_manager_v3.HttpConnectionManager filter, constructed // from the builder settings. // // See https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto -func (b *httpConnectionManagerBuilder) Get() *envoy_listener_v3.Filter { +func (b *httpConnectionManagerBuilder) Get() *envoy_config_listener_v3.Filter { // For now, failing validation is a programmer error that // the caller can't reasonably recover from. A caller that can // handle this should validate manually. @@ -484,20 +485,20 @@ func (b *httpConnectionManagerBuilder) Get() *envoy_listener_v3.Filter { panic(err.Error()) } - cm := &http.HttpConnectionManager{ + cm := &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ CodecType: b.codec, - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: b.routeConfigName, ConfigSource: ConfigSource("contour"), }, }, Tracing: b.tracingConfig, HttpFilters: b.filters, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{ IdleTimeout: envoy.Timeout(b.connectionIdleTimeout), }, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, @@ -540,8 +541,8 @@ func (b *httpConnectionManagerBuilder) Get() *envoy_listener_v3.Filter { cm.StatPrefix = b.routeConfigName } if b.forwardClientCertificate != nil { - cm.ForwardClientCertDetails = http.HttpConnectionManager_SANITIZE_SET - cm.SetCurrentClientCertDetails = &http.HttpConnectionManager_SetCurrentClientCertDetails{ + cm.ForwardClientCertDetails = envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_SANITIZE_SET + cm.SetCurrentClientCertDetails = &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_SetCurrentClientCertDetails{ Subject: wrapperspb.Bool(b.forwardClientCertificate.Subject), Cert: b.forwardClientCertificate.Cert, Chain: b.forwardClientCertificate.Chain, @@ -556,22 +557,22 @@ func (b *httpConnectionManagerBuilder) Get() *envoy_listener_v3.Filter { } if b.http2MaxConcurrentStreams != nil { - cm.Http2ProtocolOptions = &envoy_core_v3.Http2ProtocolOptions{ + cm.Http2ProtocolOptions = &envoy_config_core_v3.Http2ProtocolOptions{ MaxConcurrentStreams: wrapperspb.UInt32(*b.http2MaxConcurrentStreams), } } if b.enableWebsockets { cm.UpgradeConfigs = append(cm.UpgradeConfigs, - &http.HttpConnectionManager_UpgradeConfig{ + &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_UpgradeConfig{ UpgradeType: "websocket", }, ) } - return &envoy_listener_v3.Filter{ + return &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(cm), }, } @@ -579,7 +580,7 @@ func (b *httpConnectionManagerBuilder) Get() *envoy_listener_v3.Filter { // HTTPConnectionManager creates a new HTTP Connection Manager filter // for the supplied route, access log, and client request timeout. -func HTTPConnectionManager(routename string, accesslogger []*accesslog.AccessLog, requestTimeout time.Duration) *envoy_listener_v3.Filter { +func HTTPConnectionManager(routename string, accesslogger []*envoy_config_accesslog_v3.AccessLog, requestTimeout time.Duration) *envoy_config_listener_v3.Filter { return HTTPConnectionManagerBuilder(). RouteConfigName(routename). MetricsPrefix(routename). @@ -596,12 +597,12 @@ func HTTPConnectionManagerBuilder() *httpConnectionManagerBuilder { } // TCPProxy creates a new TCPProxy filter. -func TCPProxy(statPrefix string, proxy *dag.TCPProxy, accesslogger []*accesslog.AccessLog) *envoy_listener_v3.Filter { +func TCPProxy(statPrefix string, proxy *dag.TCPProxy, accesslogger []*envoy_config_accesslog_v3.AccessLog) *envoy_config_listener_v3.Filter { // Set the idle timeout in seconds for connections through a TCP Proxy type filter. // The value of two and a half hours for reasons documented at // https://github.com/projectcontour/contour/issues/1074 // Set to 9001 because now it's OVER NINE THOUSAND. - tcpProxy := &tcp.TcpProxy{ + tcpProxy := &envoy_filter_network_tcp_proxy_v3.TcpProxy{ StatPrefix: statPrefix, AccessLog: accesslogger, IdleTimeout: durationpb.New(9001 * time.Second), @@ -634,11 +635,11 @@ func TCPProxy(statPrefix string, proxy *dag.TCPProxy, accesslogger []*accesslog. // there's one or more than one cluster to include. switch len(keepClusters) { case 1: - tcpProxy.ClusterSpecifier = &tcp.TcpProxy_Cluster{ + tcpProxy.ClusterSpecifier = &envoy_filter_network_tcp_proxy_v3.TcpProxy_Cluster{ Cluster: envoy.Clustername(keepClusters[0]), } default: - var weightedClusters []*tcp.TcpProxy_WeightedCluster_ClusterWeight + var weightedClusters []*envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight for _, c := range keepClusters { weight := c.Weight // if this cluster has a zero weight then it means @@ -648,33 +649,33 @@ func TCPProxy(statPrefix string, proxy *dag.TCPProxy, accesslogger []*accesslog. weight = 1 } - weightedClusters = append(weightedClusters, &tcp.TcpProxy_WeightedCluster_ClusterWeight{ + weightedClusters = append(weightedClusters, &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{ Name: envoy.Clustername(c), Weight: weight, }) } sort.Stable(sorter.For(weightedClusters)) - tcpProxy.ClusterSpecifier = &tcp.TcpProxy_WeightedClusters{ - WeightedClusters: &tcp.TcpProxy_WeightedCluster{ + tcpProxy.ClusterSpecifier = &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedClusters{ + WeightedClusters: &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster{ Clusters: weightedClusters, }, } } - return &envoy_listener_v3.Filter{ + return &envoy_config_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(tcpProxy), }, } } -// UnixSocketAddress creates a new Unix Socket envoy_core_v3.Address. -func UnixSocketAddress(address string) *envoy_core_v3.Address { - return &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_Pipe{ - Pipe: &envoy_core_v3.Pipe{ +// UnixSocketAddress creates a new Unix Socket envoy_config_core_v3.Address. +func UnixSocketAddress(address string) *envoy_config_core_v3.Address { + return &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_Pipe{ + Pipe: &envoy_config_core_v3.Pipe{ Path: address, Mode: 0o644, }, @@ -682,28 +683,28 @@ func UnixSocketAddress(address string) *envoy_core_v3.Address { } } -// SocketAddress creates a new TCP envoy_core_v3.Address. -func SocketAddress(address string, port int) *envoy_core_v3.Address { +// SocketAddress creates a new TCP envoy_config_core_v3.Address. +func SocketAddress(address string, port int) *envoy_config_core_v3.Address { if address == "::" { - return &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_SocketAddress{ - SocketAddress: &envoy_core_v3.SocketAddress{ - Protocol: envoy_core_v3.SocketAddress_TCP, + return &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_config_core_v3.SocketAddress{ + Protocol: envoy_config_core_v3.SocketAddress_TCP, Address: address, Ipv4Compat: true, - PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortSpecifier: &envoy_config_core_v3.SocketAddress_PortValue{ PortValue: uint32(port), }, }, }, } } - return &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_SocketAddress{ - SocketAddress: &envoy_core_v3.SocketAddress{ - Protocol: envoy_core_v3.SocketAddress_TCP, + return &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_config_core_v3.SocketAddress{ + Protocol: envoy_config_core_v3.SocketAddress_TCP, Address: address, - PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortSpecifier: &envoy_config_core_v3.SocketAddress_PortValue{ PortValue: uint32(port), }, }, @@ -711,32 +712,32 @@ func SocketAddress(address string, port int) *envoy_core_v3.Address { } } -// Filters returns a []*envoy_listener_v3.Filter for the supplied filters. -func Filters(filters ...*envoy_listener_v3.Filter) []*envoy_listener_v3.Filter { +// Filters returns a []*envoy_config_listener_v3.Filter for the supplied filters. +func Filters(filters ...*envoy_config_listener_v3.Filter) []*envoy_config_listener_v3.Filter { if len(filters) == 0 { return nil } return filters } -// FilterChain returns a *envoy_listener_v3.FilterChain for the supplied filters. -func FilterChain(filters ...*envoy_listener_v3.Filter) *envoy_listener_v3.FilterChain { - return &envoy_listener_v3.FilterChain{ +// FilterChain returns a *envoy_config_listener_v3.FilterChain for the supplied filters. +func FilterChain(filters ...*envoy_config_listener_v3.Filter) *envoy_config_listener_v3.FilterChain { + return &envoy_config_listener_v3.FilterChain{ Filters: filters, } } -// FilterChains returns a []*envoy_listener_v3.FilterChain for the supplied filters. -func FilterChains(filters ...*envoy_listener_v3.Filter) []*envoy_listener_v3.FilterChain { +// FilterChains returns a []*envoy_config_listener_v3.FilterChain for the supplied filters. +func FilterChains(filters ...*envoy_config_listener_v3.Filter) []*envoy_config_listener_v3.FilterChain { if len(filters) == 0 { return nil } - return []*envoy_listener_v3.FilterChain{ + return []*envoy_config_listener_v3.FilterChain{ FilterChain(filters...), } } -func FilterMisdirectedRequests(fqdn string) *http.HttpFilter { +func FilterMisdirectedRequests(fqdn string) *envoy_filter_network_http_connection_manager_v3.HttpFilter { var target string // fqdn can be "*" to match all hostnames or a wildcard prefix @@ -773,12 +774,12 @@ function envoy_on_request(request_handle) end ` - return &http.HttpFilter{ + return &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: LuaFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&lua.Lua{ - DefaultSourceCode: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineString{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_lua_v3.Lua{ + DefaultSourceCode: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineString{ InlineString: fmt.Sprintf(code, target), }, }, @@ -789,9 +790,9 @@ end // FilterExternalAuthz returns an `ext_authz` filter configured with the // requested parameters. -func FilterExternalAuthz(externalAuthorization *dag.ExternalAuthorization) *http.HttpFilter { - authConfig := envoy_config_filter_http_ext_authz_v3.ExtAuthz{ - Services: &envoy_config_filter_http_ext_authz_v3.ExtAuthz_GrpcService{ +func FilterExternalAuthz(externalAuthorization *dag.ExternalAuthorization) *envoy_filter_network_http_connection_manager_v3.HttpFilter { + authConfig := envoy_filter_http_ext_authz_v3.ExtAuthz{ + Services: &envoy_filter_http_ext_authz_v3.ExtAuthz_GrpcService{ GrpcService: GrpcService(externalAuthorization.AuthorizationService.Name, externalAuthorization.AuthorizationService.SNI, externalAuthorization.AuthorizationResponseTimeout), }, // Pretty sure we always want this. Why have an @@ -799,27 +800,27 @@ func FilterExternalAuthz(externalAuthorization *dag.ExternalAuthorization) *http // routing decisions? ClearRouteCache: true, FailureModeAllow: externalAuthorization.AuthorizationFailOpen, - StatusOnError: &envoy_type.HttpStatus{ - Code: envoy_type.StatusCode_Forbidden, + StatusOnError: &envoy_type_v3.HttpStatus{ + Code: envoy_type_v3.StatusCode_Forbidden, }, MetadataContextNamespaces: []string{}, IncludePeerCertificate: true, // TODO(jpeach): When we move to the Envoy v4 API, propagate the // `transport_api_version` from ExtensionServiceSpec ProtocolVersion. - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, } if externalAuthorization.AuthorizationServerWithRequestBody != nil { - authConfig.WithRequestBody = &envoy_config_filter_http_ext_authz_v3.BufferSettings{ + authConfig.WithRequestBody = &envoy_filter_http_ext_authz_v3.BufferSettings{ MaxRequestBytes: externalAuthorization.AuthorizationServerWithRequestBody.MaxRequestBytes, AllowPartialMessage: externalAuthorization.AuthorizationServerWithRequestBody.AllowPartialMessage, PackAsBytes: externalAuthorization.AuthorizationServerWithRequestBody.PackAsBytes, } } - return &http.HttpFilter{ + return &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: ExtAuthzFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&authConfig), }, } @@ -827,14 +828,14 @@ func FilterExternalAuthz(externalAuthorization *dag.ExternalAuthorization) *http // FilterJWTAuthN returns a `jwt_authn` filter configured with the // requested parameters. -func FilterJWTAuthN(jwtProviders []dag.JWTProvider) *http.HttpFilter { +func FilterJWTAuthN(jwtProviders []dag.JWTProvider) *envoy_filter_network_http_connection_manager_v3.HttpFilter { if len(jwtProviders) == 0 { return nil } - jwtConfig := envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{}, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{}, + jwtConfig := envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{}, + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{}, } for _, provider := range jwtProviders { @@ -844,14 +845,14 @@ func FilterJWTAuthN(jwtProviders []dag.JWTProvider) *http.HttpFilter { cacheDuration = durationpb.New(*provider.RemoteJWKS.CacheDuration) } - jwtConfig.Providers[provider.Name] = &envoy_jwt_v3.JwtProvider{ + jwtConfig.Providers[provider.Name] = &envoy_filter_http_jwt_authn_v3.JwtProvider{ Issuer: provider.Issuer, Audiences: provider.Audiences, - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: provider.RemoteJWKS.URI, - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: envoy.DNSNameClusterName(&provider.RemoteJWKS.Cluster), }, Timeout: durationpb.New(provider.RemoteJWKS.Timeout), @@ -868,24 +869,24 @@ func FilterJWTAuthN(jwtProviders []dag.JWTProvider) *http.HttpFilter { // to duplicate every route match in the jwt_authn config), and it means // we don't have to implement another sorter to sort JWT rules -- the // sorting already being done to routes covers it. - jwtConfig.RequirementMap[provider.Name] = &envoy_jwt_v3.JwtRequirement{ - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + jwtConfig.RequirementMap[provider.Name] = &envoy_filter_http_jwt_authn_v3.JwtRequirement{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: provider.Name, }, } } - return &http.HttpFilter{ + return &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: JWTAuthnFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&jwtConfig), }, } } -// FilterChainTLS returns a TLS enabled envoy_listener_v3.FilterChain. -func FilterChainTLS(domain string, downstream *envoy_tls_v3.DownstreamTlsContext, filters []*envoy_listener_v3.Filter) *envoy_listener_v3.FilterChain { - fc := &envoy_listener_v3.FilterChain{ +// FilterChainTLS returns a TLS enabled envoy_config_listener_v3.FilterChain. +func FilterChainTLS(domain string, downstream *envoy_transport_socket_tls_v3.DownstreamTlsContext, filters []*envoy_config_listener_v3.Filter) *envoy_config_listener_v3.FilterChain { + fc := &envoy_config_listener_v3.FilterChain{ Filters: filters, } @@ -893,11 +894,11 @@ func FilterChainTLS(domain string, downstream *envoy_tls_v3.DownstreamTlsContext // on that, so change the Match to be on TransportProtocol which would // match any request over TLS to this listener. if domain == "*" { - fc.FilterChainMatch = &envoy_listener_v3.FilterChainMatch{ + fc.FilterChainMatch = &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", } } else { - fc.FilterChainMatch = &envoy_listener_v3.FilterChainMatch{ + fc.FilterChainMatch = &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{domain}, } } @@ -909,12 +910,12 @@ func FilterChainTLS(domain string, downstream *envoy_tls_v3.DownstreamTlsContext return fc } -// FilterChainTLSFallback returns a TLS enabled envoy_listener_v3.FilterChain configured for FallbackCertificate. -func FilterChainTLSFallback(downstream *envoy_tls_v3.DownstreamTlsContext, filters []*envoy_listener_v3.Filter) *envoy_listener_v3.FilterChain { - fc := &envoy_listener_v3.FilterChain{ +// FilterChainTLSFallback returns a TLS enabled envoy_config_listener_v3.FilterChain configured for FallbackCertificate. +func FilterChainTLSFallback(downstream *envoy_transport_socket_tls_v3.DownstreamTlsContext, filters []*envoy_config_listener_v3.Filter) *envoy_config_listener_v3.FilterChain { + fc := &envoy_config_listener_v3.FilterChain{ Name: "fallback-certificate", Filters: filters, - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, } @@ -925,15 +926,15 @@ func FilterChainTLSFallback(downstream *envoy_tls_v3.DownstreamTlsContext, filte return fc } -// GRPCService returns a envoy_core_v3.GrpcService for the given parameters. -func GrpcService(clusterName, sni string, timeout timeout.Setting) *envoy_core_v3.GrpcService { +// GRPCService returns a envoy_config_core_v3.GrpcService for the given parameters. +func GrpcService(clusterName, sni string, timeout timeout.Setting) *envoy_config_core_v3.GrpcService { authority := strings.ReplaceAll(clusterName, "/", ".") if sni != "" { authority = sni } - return &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + return &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: clusterName, Authority: authority, }, @@ -942,12 +943,12 @@ func GrpcService(clusterName, sni string, timeout timeout.Setting) *envoy_core_v } } -// ListenerFilters returns a []*envoy_listener_v3.ListenerFilter for the supplied listener filters. -func ListenerFilters(filters ...*envoy_listener_v3.ListenerFilter) []*envoy_listener_v3.ListenerFilter { +// ListenerFilters returns a []*envoy_config_listener_v3.ListenerFilter for the supplied listener filters. +func ListenerFilters(filters ...*envoy_config_listener_v3.ListenerFilter) []*envoy_config_listener_v3.ListenerFilter { return filters } -func ContainsFallbackFilterChain(filterchains []*envoy_listener_v3.FilterChain) bool { +func ContainsFallbackFilterChain(filterchains []*envoy_config_listener_v3.FilterChain) bool { for _, fc := range filterchains { if fc.Name == "fallback-certificate" { return true diff --git a/internal/envoy/v3/listener_test.go b/internal/envoy/v3/listener_test.go index 82c8cdf72c1..598c4e02e32 100644 --- a/internal/envoy/v3/listener_test.go +++ b/internal/envoy/v3/listener_test.go @@ -17,37 +17,37 @@ import ( "testing" "time" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/envoy" - "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/internal/timeout" - - envoy_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_gzip_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/compressor/v3" - envoy_compressor_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/compressor/v3" - envoy_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" - envoy_config_filter_http_grpc_stats_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3" - envoy_grpc_web_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_web/v3" - envoy_config_filter_http_local_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" - lua "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" - envoy_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" - envoy_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_config_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_compression_gzip_compressor_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/compressor/v3" + envoy_filter_http_compressor_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/compressor/v3" + envoy_filter_http_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" + envoy_filter_http_grpc_stats_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3" + envoy_filter_http_grpc_web_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_web/v3" + envoy_filter_http_local_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" + envoy_filter_http_lua_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" + envoy_filter_http_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" + envoy_filter_http_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_filter_network_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/envoy" + "github.com/projectcontour/contour/internal/protobuf" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/internal/timeout" ) var compressorContentTypes = []string{ @@ -82,22 +82,22 @@ func TestListener(t *testing.T) { name, address string port int perConnectionBufferLimitBytes *uint32 - lf []*envoy_listener_v3.ListenerFilter - f []*envoy_listener_v3.Filter - want *envoy_listener_v3.Listener + lf []*envoy_config_listener_v3.ListenerFilter + f []*envoy_config_listener_v3.Filter + want *envoy_config_listener_v3.Listener }{ "insecure listener": { name: "http", address: "0.0.0.0", port: 9000, - f: []*envoy_listener_v3.Filter{ - HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, v1alpha1.LogLevelInfo), 0), + f: []*envoy_config_listener_v3.Filter{ + HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), }, - want: &envoy_listener_v3.Listener{ + want: &envoy_config_listener_v3.Listener{ Name: "http", Address: SocketAddress("0.0.0.0", 9000), FilterChains: FilterChains( - HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, v1alpha1.LogLevelInfo), 0), + HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), ), SocketOptions: NewSocketOptions().TCPKeepalive().Build(), }, @@ -106,20 +106,20 @@ func TestListener(t *testing.T) { name: "http-proxy", address: "0.0.0.0", port: 9000, - lf: []*envoy_listener_v3.ListenerFilter{ + lf: []*envoy_config_listener_v3.ListenerFilter{ ProxyProtocol(), }, - f: []*envoy_listener_v3.Filter{ - HTTPConnectionManager("http-proxy", FileAccessLogEnvoy("/dev/null", "", nil, v1alpha1.LogLevelInfo), 0), + f: []*envoy_config_listener_v3.Filter{ + HTTPConnectionManager("http-proxy", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), }, - want: &envoy_listener_v3.Listener{ + want: &envoy_config_listener_v3.Listener{ Name: "http-proxy", Address: SocketAddress("0.0.0.0", 9000), ListenerFilters: ListenerFilters( ProxyProtocol(), ), FilterChains: FilterChains( - HTTPConnectionManager("http-proxy", FileAccessLogEnvoy("/dev/null", "", nil, v1alpha1.LogLevelInfo), 0), + HTTPConnectionManager("http-proxy", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), ), SocketOptions: NewSocketOptions().TCPKeepalive().Build(), }, @@ -131,7 +131,7 @@ func TestListener(t *testing.T) { lf: ListenerFilters( TLSInspector(), ), - want: &envoy_listener_v3.Listener{ + want: &envoy_config_listener_v3.Listener{ Name: "https", Address: SocketAddress("0.0.0.0", 9000), ListenerFilters: ListenerFilters( @@ -148,7 +148,7 @@ func TestListener(t *testing.T) { ProxyProtocol(), TLSInspector(), ), - want: &envoy_listener_v3.Listener{ + want: &envoy_config_listener_v3.Listener{ Name: "https-proxy", Address: SocketAddress("0.0.0.0", 9000), ListenerFilters: ListenerFilters( @@ -163,15 +163,15 @@ func TestListener(t *testing.T) { address: "0.0.0.0", port: 9000, perConnectionBufferLimitBytes: ref.To(uint32(32768)), - f: []*envoy_listener_v3.Filter{ - HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, v1alpha1.LogLevelInfo), 0), + f: []*envoy_config_listener_v3.Filter{ + HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), }, - want: &envoy_listener_v3.Listener{ + want: &envoy_config_listener_v3.Listener{ Name: "http", Address: SocketAddress("0.0.0.0", 9000), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), FilterChains: FilterChains( - HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, v1alpha1.LogLevelInfo), 0), + HTTPConnectionManager("http", FileAccessLogEnvoy("/dev/null", "", nil, contour_v1alpha1.LogLevelInfo), 0), ), SocketOptions: NewSocketOptions().TCPKeepalive().Build(), }, @@ -184,7 +184,7 @@ func TestListener(t *testing.T) { lf: ListenerFilters( TLSInspector(), ), - want: &envoy_listener_v3.Listener{ + want: &envoy_config_listener_v3.Listener{ Name: "https", Address: SocketAddress("0.0.0.0", 9000), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), @@ -211,12 +211,12 @@ func TestSocketAddress(t *testing.T) { ) got := SocketAddress(addr, port) - want := &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_SocketAddress{ - SocketAddress: &envoy_core_v3.SocketAddress{ - Protocol: envoy_core_v3.SocketAddress_TCP, + want := &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_config_core_v3.SocketAddress{ + Protocol: envoy_config_core_v3.SocketAddress_TCP, Address: addr, - PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortSpecifier: &envoy_config_core_v3.SocketAddress_PortValue{ PortValue: port, }, }, @@ -225,13 +225,13 @@ func TestSocketAddress(t *testing.T) { require.Equal(t, want, got) got = SocketAddress("::", port) - want = &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_SocketAddress{ - SocketAddress: &envoy_core_v3.SocketAddress{ - Protocol: envoy_core_v3.SocketAddress_TCP, + want = &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_config_core_v3.SocketAddress{ + Protocol: envoy_config_core_v3.SocketAddress_TCP, Address: "::", Ipv4Compat: true, // Set only for ipv6-any "::" - PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortSpecifier: &envoy_config_core_v3.SocketAddress_PortValue{ PortValue: port, }, }, @@ -246,14 +246,14 @@ func TestDownstreamTLSContext(t *testing.T) { crl := []byte("crl-data") serverSecret := &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert", Namespace: "default", }, Data: map[string][]byte{ - v1.TLSCertKey: []byte("cert"), - v1.TLSPrivateKeyKey: []byte("key"), + core_v1.TLSCertKey: []byte("cert"), + core_v1.TLSPrivateKeyKey: []byte("key"), }, }, } @@ -263,23 +263,23 @@ func TestDownstreamTLSContext(t *testing.T) { "ECDHE-ECDSA-AES256-GCM-SHA384", } - tlsParams := &envoy_tls_v3.TlsParameters{ - TlsMinimumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_2, - TlsMaximumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_3, + tlsParams := &envoy_transport_socket_tls_v3.TlsParameters{ + TlsMinimumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, + TlsMaximumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, CipherSuites: cipherSuites, } - tlsCertificateSdsSecretConfigs := []*envoy_tls_v3.SdsSecretConfig{{ + tlsCertificateSdsSecretConfigs := []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: envoy.Secretname(serverSecret), - SdsConfig: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + SdsConfig: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -291,10 +291,10 @@ func TestDownstreamTLSContext(t *testing.T) { }} alpnProtocols := []string{"h2", "http/1.1"} - validationContext := &envoy_tls_v3.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_tls_v3.CertificateValidationContext{ - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + validationContext := &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: ca, }, }, @@ -304,8 +304,8 @@ func TestDownstreamTLSContext(t *testing.T) { peerValidationContext := &dag.PeerValidationContext{ CACertificates: []*dag.Secret{ { - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, @@ -321,8 +321,8 @@ func TestDownstreamTLSContext(t *testing.T) { peerValidationContextWithSubjectName := &dag.PeerValidationContext{ CACertificates: []*dag.Secret{ { - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, @@ -338,16 +338,16 @@ func TestDownstreamTLSContext(t *testing.T) { peerValidationContextSkipClientCertValidation := &dag.PeerValidationContext{ SkipClientCertValidation: true, } - validationContextSkipVerify := &envoy_tls_v3.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_tls_v3.CertificateValidationContext{ - TrustChainVerification: envoy_tls_v3.CertificateValidationContext_ACCEPT_UNTRUSTED, + validationContextSkipVerify := &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustChainVerification: envoy_transport_socket_tls_v3.CertificateValidationContext_ACCEPT_UNTRUSTED, }, } peerValidationContextSkipClientCertValidationWithCA := &dag.PeerValidationContext{ CACertificates: []*dag.Secret{ { - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, @@ -359,11 +359,11 @@ func TestDownstreamTLSContext(t *testing.T) { }, SkipClientCertValidation: true, } - validationContextSkipVerifyWithCA := &envoy_tls_v3.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_tls_v3.CertificateValidationContext{ - TrustChainVerification: envoy_tls_v3.CertificateValidationContext_ACCEPT_UNTRUSTED, - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + validationContextSkipVerifyWithCA := &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustChainVerification: envoy_transport_socket_tls_v3.CertificateValidationContext_ACCEPT_UNTRUSTED, + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: ca, }, }, @@ -372,8 +372,8 @@ func TestDownstreamTLSContext(t *testing.T) { peerValidationContextOptionalClientCertValidationWithCA := &dag.PeerValidationContext{ CACertificates: []*dag.Secret{ { - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, @@ -388,8 +388,8 @@ func TestDownstreamTLSContext(t *testing.T) { peerValidationContextWithCRLCheck := &dag.PeerValidationContext{ CACertificates: []*dag.Secret{ { - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, @@ -400,8 +400,8 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, CRL: &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "crl", Namespace: "default", }, @@ -411,15 +411,15 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, } - validationContextWithCRLCheck := &envoy_tls_v3.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_tls_v3.CertificateValidationContext{ - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + validationContextWithCRLCheck := &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: ca, }, }, - Crl: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + Crl: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: crl, }, }, @@ -429,8 +429,8 @@ func TestDownstreamTLSContext(t *testing.T) { peerValidationContextWithCRLCheckOnlyLeaf := &dag.PeerValidationContext{ CACertificates: []*dag.Secret{ { - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, @@ -441,8 +441,8 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, CRL: &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "crl", Namespace: "default", }, @@ -453,15 +453,15 @@ func TestDownstreamTLSContext(t *testing.T) { }, OnlyVerifyLeafCertCrl: true, } - validationContextWithCRLCheckOnlyLeaf := &envoy_tls_v3.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_tls_v3.CertificateValidationContext{ - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + validationContextWithCRLCheckOnlyLeaf := &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: ca, }, }, - Crl: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + Crl: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: crl, }, }, @@ -470,13 +470,13 @@ func TestDownstreamTLSContext(t *testing.T) { } tests := map[string]struct { - got *envoy_tls_v3.DownstreamTlsContext - want *envoy_tls_v3.DownstreamTlsContext + got *envoy_transport_socket_tls_v3.DownstreamTlsContext + want *envoy_transport_socket_tls_v3.DownstreamTlsContext }{ "TLS context without client authentication": { - DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, cipherSuites, nil, "h2", "http/1.1"), - &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, nil, "h2", "http/1.1"), + &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -484,9 +484,9 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "TLS context with client authentication": { - DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContext, "h2", "http/1.1"), - &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContext, "h2", "http/1.1"), + &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -496,9 +496,9 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "Downstream validation shall not support subjectName validation": { - DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithSubjectName, "h2", "http/1.1"), - &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithSubjectName, "h2", "http/1.1"), + &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -508,9 +508,9 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "skip client cert validation": { - DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextSkipClientCertValidation, "h2", "http/1.1"), - &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextSkipClientCertValidation, "h2", "http/1.1"), + &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -520,9 +520,9 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "skip client cert validation with ca": { - DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextSkipClientCertValidationWithCA, "h2", "http/1.1"), - &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextSkipClientCertValidationWithCA, "h2", "http/1.1"), + &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -532,9 +532,9 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "optional client cert validation with ca": { - DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextOptionalClientCertValidationWithCA, "h2", "http/1.1"), - &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextOptionalClientCertValidationWithCA, "h2", "http/1.1"), + &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -544,9 +544,9 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "Downstream validation with CRL check": { - DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithCRLCheck, "h2", "http/1.1"), - &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithCRLCheck, "h2", "http/1.1"), + &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -556,9 +556,9 @@ func TestDownstreamTLSContext(t *testing.T) { }, }, "Downstream validation with CRL check but only for leaf-certificate": { - DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithCRLCheckOnlyLeaf, "h2", "http/1.1"), - &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ + DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, cipherSuites, peerValidationContextWithCRLCheckOnlyLeaf, "h2", "http/1.1"), + &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ TlsParams: tlsParams, TlsCertificateSdsSecretConfigs: tlsCertificateSdsSecretConfigs, AlpnProtocols: alpnProtocols, @@ -577,19 +577,19 @@ func TestDownstreamTLSContext(t *testing.T) { } func TestHTTPConnectionManager(t *testing.T) { - defaultHTTPFilters := []*http.HttpFilter{ + defaultHTTPFilters := []*envoy_filter_network_http_connection_manager_v3.HttpFilter{ { Name: CompressorFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_compressor_v3.Compressor{ - CompressorLibrary: &envoy_core_v3.TypedExtensionConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_compressor_v3.Compressor{ + CompressorLibrary: &envoy_config_core_v3.TypedExtensionConfig{ Name: "gzip", TypedConfig: protobuf.MustMarshalAny( - &envoy_gzip_v3.Gzip{}, + &envoy_compression_gzip_compressor_v3.Gzip{}, ), }, - ResponseDirectionConfig: &envoy_compressor_v3.Compressor_ResponseDirectionConfig{ - CommonConfig: &envoy_compressor_v3.Compressor_CommonDirectionConfig{ + ResponseDirectionConfig: &envoy_filter_http_compressor_v3.Compressor_ResponseDirectionConfig{ + CommonConfig: &envoy_filter_http_compressor_v3.Compressor_CommonDirectionConfig{ ContentType: compressorContentTypes, }, }, @@ -597,14 +597,14 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, { Name: GRPCWebFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_grpc_web_v3.GrpcWeb{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_grpc_web_v3.GrpcWeb{}), }, }, { Name: GRPCStatsFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny( - &envoy_config_filter_http_grpc_stats_v3.FilterConfig{ + &envoy_filter_http_grpc_stats_v3.FilterConfig{ EmitFilterState: true, EnableUpstreamStats: true, }, @@ -612,24 +612,24 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, { Name: CORSFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_cors_v3.Cors{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_cors_v3.Cors{}), }, }, { Name: LocalRateLimitFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny( - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "http", }, ), }, }, { Name: LuaFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&lua.Lua{ - DefaultSourceCode: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineString{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_lua_v3.Lua{ + DefaultSourceCode: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineString{ InlineString: "-- Placeholder for per-Route or per-Cluster overrides.", }, }, @@ -637,20 +637,20 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, { Name: RBACFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_rbac_v3.RBAC{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_rbac_v3.RBAC{}), }, }, { Name: "router", - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, }, } tests := map[string]struct { routename string - accesslogger []*envoy_accesslog_v3.AccessLog + accesslogger []*envoy_config_accesslog_v3.AccessLog requestTimeout timeout.Setting connectionIdleTimeout timeout.Setting streamIdleTimeout timeout.Setting @@ -659,33 +659,33 @@ func TestHTTPConnectionManager(t *testing.T) { connectionShutdownGracePeriod timeout.Setting allowChunkedLength bool mergeSlashes bool - serverHeaderTranformation v1alpha1.ServerHeaderTransformationType + serverHeaderTranformation contour_v1alpha1.ServerHeaderTransformationType forwardClientCertificate *dag.ClientCertificateDetails xffNumTrustedHops uint32 maxRequestsPerConnection *uint32 http2MaxConcurrentStreams *uint32 - want *envoy_listener_v3.Filter + want *envoy_config_listener_v3.Filter }{ "default": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), - want: &envoy_listener_v3.Filter{ + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -697,13 +697,13 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -714,25 +714,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "request timeout of 10s": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), requestTimeout: timeout.DurationSetting(10 * time.Second), - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -744,13 +744,13 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), RequestTimeout: durationpb.New(10 * time.Second), @@ -762,25 +762,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "connection idle timeout of 90s": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), connectionIdleTimeout: timeout.DurationSetting(90 * time.Second), - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -792,15 +792,15 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{ IdleTimeout: durationpb.New(90 * time.Second), }, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -811,25 +811,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "stream idle timeout of 90s": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), streamIdleTimeout: timeout.DurationSetting(90 * time.Second), - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -841,13 +841,13 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -859,25 +859,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "max connection duration of 90s": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), maxConnectionDuration: timeout.DurationSetting(90 * time.Second), - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -889,15 +889,15 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{ MaxConnectionDuration: durationpb.New(90 * time.Second), }, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -908,25 +908,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "when max connection duration is disabled, it's omitted": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), maxConnectionDuration: timeout.DisabledSetting(), - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -938,13 +938,13 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -955,25 +955,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "delayed close timeout of 90s": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), delayedCloseTimeout: timeout.DurationSetting(90 * time.Second), - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -985,13 +985,13 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -1003,25 +1003,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "drain timeout of 90s": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), connectionShutdownGracePeriod: timeout.DurationSetting(90 * time.Second), - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -1033,13 +1033,13 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -1051,26 +1051,26 @@ func TestHTTPConnectionManager(t *testing.T) { }, "enable allow_chunked_length": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), connectionShutdownGracePeriod: timeout.DurationSetting(90 * time.Second), allowChunkedLength: true, - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -1082,14 +1082,14 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, AllowChunkedLength: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -1101,25 +1101,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "enable merge slashes": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), mergeSlashes: true, - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -1131,13 +1131,13 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -1148,25 +1148,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "server header transform set to pass through": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), - serverHeaderTranformation: v1alpha1.PassThroughServerHeader, - want: &envoy_listener_v3.Filter{ + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), + serverHeaderTranformation: contour_v1alpha1.PassThroughServerHeader, + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -1178,24 +1178,24 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, - ServerHeaderTransformation: http.HttpConnectionManager_PASS_THROUGH, + ServerHeaderTransformation: envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_PASS_THROUGH, }), }, }, }, "enable xfcc": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), forwardClientCertificate: &dag.ClientCertificateDetails{ Subject: true, Cert: true, @@ -1203,31 +1203,31 @@ func TestHTTPConnectionManager(t *testing.T) { DNS: true, URI: true, }, - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - ForwardClientCertDetails: http.HttpConnectionManager_SANITIZE_SET, - SetCurrentClientCertDetails: &http.HttpConnectionManager_SetCurrentClientCertDetails{ + ForwardClientCertDetails: envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_SANITIZE_SET, + SetCurrentClientCertDetails: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_SetCurrentClientCertDetails{ Subject: wrapperspb.Bool(true), Cert: true, Chain: true, Dns: true, Uri: true, }, - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -1239,13 +1239,13 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -1256,35 +1256,35 @@ func TestHTTPConnectionManager(t *testing.T) { }, "enable partial xfcc": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), forwardClientCertificate: &dag.ClientCertificateDetails{ Subject: true, DNS: true, URI: true, }, - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - ForwardClientCertDetails: http.HttpConnectionManager_SANITIZE_SET, - SetCurrentClientCertDetails: &http.HttpConnectionManager_SetCurrentClientCertDetails{ + ForwardClientCertDetails: envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_SANITIZE_SET, + SetCurrentClientCertDetails: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_SetCurrentClientCertDetails{ Subject: wrapperspb.Bool(true), Dns: true, Uri: true, }, - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -1296,13 +1296,13 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -1313,25 +1313,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "enable XffNumTrustedHops": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), xffNumTrustedHops: 1, - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -1343,13 +1343,13 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -1361,25 +1361,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "maxRequestsPerConnection set to 1": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), maxRequestsPerConnection: ref.To(uint32(1)), - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -1391,15 +1391,15 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{ MaxRequestsPerConnection: wrapperspb.UInt32(1), }, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -1410,25 +1410,25 @@ func TestHTTPConnectionManager(t *testing.T) { }, "http2MaxConcurrentStreams set": { routename: "default/kuard", - accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + accesslogger: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), http2MaxConcurrentStreams: ref.To(uint32(50)), - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "default/kuard", - RouteSpecifier: &http.HttpConnectionManager_Rds{ - Rds: &http.Rds{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Rds{ + Rds: &envoy_filter_network_http_connection_manager_v3.Rds{ RouteConfigName: "default/kuard", - ConfigSource: &envoy_core_v3.ConfigSource{ - ResourceApiVersion: envoy_core_v3.ApiVersion_V3, - ConfigSourceSpecifier: &envoy_core_v3.ConfigSource_ApiConfigSource{ - ApiConfigSource: &envoy_core_v3.ApiConfigSource{ - ApiType: envoy_core_v3.ApiConfigSource_GRPC, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - GrpcServices: []*envoy_core_v3.GrpcService{{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + ConfigSource: &envoy_config_core_v3.ConfigSource{ + ResourceApiVersion: envoy_config_core_v3.ApiVersion_V3, + ConfigSourceSpecifier: &envoy_config_core_v3.ConfigSource_ApiConfigSource{ + ApiConfigSource: &envoy_config_core_v3.ApiConfigSource{ + ApiType: envoy_config_core_v3.ApiConfigSource_GRPC, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + GrpcServices: []*envoy_config_core_v3.GrpcService{{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "contour", Authority: "contour", }, @@ -1440,16 +1440,16 @@ func TestHTTPConnectionManager(t *testing.T) { }, }, HttpFilters: defaultHTTPFilters, - HttpProtocolOptions: &envoy_core_v3.Http1ProtocolOptions{ + HttpProtocolOptions: &envoy_config_core_v3.Http1ProtocolOptions{ // Enable support for HTTP/1.0 requests that carry // a Host: header. See #537. AcceptHttp_10: true, }, - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{}, - Http2ProtocolOptions: &envoy_core_v3.Http2ProtocolOptions{ + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{}, + Http2ProtocolOptions: &envoy_config_core_v3.Http2ProtocolOptions{ MaxConcurrentStreams: wrapperspb.UInt32(50), }, - AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo), + AccessLog: FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), UseRemoteAddress: wrapperspb.Bool(true), NormalizePath: wrapperspb.Bool(true), PreserveExternalRequestId: true, @@ -1499,7 +1499,7 @@ func TestTCPProxy(t *testing.T) { Weight: 1, ServiceName: "example", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Protocol: "TCP", Port: 443, TargetPort: intstr.FromInt(8443), @@ -1513,7 +1513,7 @@ func TestTCPProxy(t *testing.T) { Weighted: dag.WeightedService{ ServiceName: "example2", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Protocol: "TCP", Port: 443, TargetPort: intstr.FromInt(8443), @@ -1528,7 +1528,7 @@ func TestTCPProxy(t *testing.T) { Weighted: dag.WeightedService{ ServiceName: "example3", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Protocol: "TCP", Port: 443, TargetPort: intstr.FromInt(8443), @@ -1544,7 +1544,7 @@ func TestTCPProxy(t *testing.T) { Weight: 1, ServiceName: "example4", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Protocol: "TCP", Port: 443, TargetPort: intstr.FromInt(8443), @@ -1555,21 +1555,21 @@ func TestTCPProxy(t *testing.T) { tests := map[string]struct { proxy *dag.TCPProxy - want *envoy_listener_v3.Filter + want *envoy_config_listener_v3.Filter }{ "single cluster": { proxy: &dag.TCPProxy{ Clusters: []*dag.Cluster{c1}, }, - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tcp_proxy_v3.TcpProxy{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_tcp_proxy_v3.TcpProxy{ StatPrefix: statPrefix, - ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_Cluster{ + ClusterSpecifier: &envoy_filter_network_tcp_proxy_v3.TcpProxy_Cluster{ Cluster: envoy.Clustername(c1), }, - AccessLog: FileAccessLogEnvoy(accessLogPath, "", nil, v1alpha1.LogLevelInfo), + AccessLog: FileAccessLogEnvoy(accessLogPath, "", nil, contour_v1alpha1.LogLevelInfo), IdleTimeout: durationpb.New(9001 * time.Second), }), }, @@ -1579,14 +1579,14 @@ func TestTCPProxy(t *testing.T) { proxy: &dag.TCPProxy{ Clusters: []*dag.Cluster{c1, c2, c3}, }, - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tcp_proxy_v3.TcpProxy{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_tcp_proxy_v3.TcpProxy{ StatPrefix: statPrefix, - ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_WeightedClusters{ - WeightedClusters: &envoy_tcp_proxy_v3.TcpProxy_WeightedCluster{ - Clusters: []*envoy_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{ + ClusterSpecifier: &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedClusters{ + WeightedClusters: &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster{ + Clusters: []*envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{ { Name: envoy.Clustername(c2), Weight: 20, @@ -1598,7 +1598,7 @@ func TestTCPProxy(t *testing.T) { }, }, }, - AccessLog: FileAccessLogEnvoy(accessLogPath, "", nil, v1alpha1.LogLevelInfo), + AccessLog: FileAccessLogEnvoy(accessLogPath, "", nil, contour_v1alpha1.LogLevelInfo), IdleTimeout: durationpb.New(9001 * time.Second), }), }, @@ -1608,15 +1608,15 @@ func TestTCPProxy(t *testing.T) { proxy: &dag.TCPProxy{ Clusters: []*dag.Cluster{c1, c2, c4}, }, - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tcp_proxy_v3.TcpProxy{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_tcp_proxy_v3.TcpProxy{ StatPrefix: statPrefix, - ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_Cluster{ + ClusterSpecifier: &envoy_filter_network_tcp_proxy_v3.TcpProxy_Cluster{ Cluster: envoy.Clustername(c2), }, - AccessLog: FileAccessLogEnvoy(accessLogPath, "", nil, v1alpha1.LogLevelInfo), + AccessLog: FileAccessLogEnvoy(accessLogPath, "", nil, contour_v1alpha1.LogLevelInfo), IdleTimeout: durationpb.New(9001 * time.Second), }), }, @@ -1626,14 +1626,14 @@ func TestTCPProxy(t *testing.T) { proxy: &dag.TCPProxy{ Clusters: []*dag.Cluster{c2, c3}, }, - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tcp_proxy_v3.TcpProxy{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_tcp_proxy_v3.TcpProxy{ StatPrefix: statPrefix, - ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_WeightedClusters{ - WeightedClusters: &envoy_tcp_proxy_v3.TcpProxy_WeightedCluster{ - Clusters: []*envoy_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{{ + ClusterSpecifier: &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedClusters{ + WeightedClusters: &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster{ + Clusters: []*envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{{ Name: envoy.Clustername(c2), Weight: 20, }, { @@ -1642,7 +1642,7 @@ func TestTCPProxy(t *testing.T) { }}, }, }, - AccessLog: FileAccessLogEnvoy(accessLogPath, "", nil, v1alpha1.LogLevelInfo), + AccessLog: FileAccessLogEnvoy(accessLogPath, "", nil, contour_v1alpha1.LogLevelInfo), IdleTimeout: durationpb.New(9001 * time.Second), }), }, @@ -1652,14 +1652,14 @@ func TestTCPProxy(t *testing.T) { proxy: &dag.TCPProxy{ Clusters: []*dag.Cluster{c1, c4}, }, - want: &envoy_listener_v3.Filter{ + want: &envoy_config_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tcp_proxy_v3.TcpProxy{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_tcp_proxy_v3.TcpProxy{ StatPrefix: statPrefix, - ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_WeightedClusters{ - WeightedClusters: &envoy_tcp_proxy_v3.TcpProxy_WeightedCluster{ - Clusters: []*envoy_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{{ + ClusterSpecifier: &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedClusters{ + WeightedClusters: &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster{ + Clusters: []*envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{{ Name: envoy.Clustername(c1), Weight: 1, }, { @@ -1668,7 +1668,7 @@ func TestTCPProxy(t *testing.T) { }}, }, }, - AccessLog: FileAccessLogEnvoy(accessLogPath, "", nil, v1alpha1.LogLevelInfo), + AccessLog: FileAccessLogEnvoy(accessLogPath, "", nil, contour_v1alpha1.LogLevelInfo), IdleTimeout: durationpb.New(9001 * time.Second), }), }, @@ -1678,7 +1678,7 @@ func TestTCPProxy(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := TCPProxy(statPrefix, tc.proxy, FileAccessLogEnvoy(accessLogPath, "", nil, v1alpha1.LogLevelInfo)) + got := TCPProxy(statPrefix, tc.proxy, FileAccessLogEnvoy(accessLogPath, "", nil, contour_v1alpha1.LogLevelInfo)) protobuf.ExpectEqual(t, tc.want, got) }) } @@ -1687,22 +1687,22 @@ func TestTCPProxy(t *testing.T) { func TestFilterChainTLS_Match(t *testing.T) { tests := map[string]struct { domain string - downstream *envoy_tls_v3.DownstreamTlsContext - filters []*envoy_listener_v3.Filter - want *envoy_listener_v3.FilterChain + downstream *envoy_transport_socket_tls_v3.DownstreamTlsContext + filters []*envoy_config_listener_v3.Filter + want *envoy_config_listener_v3.FilterChain }{ "SNI": { domain: "projectcontour.io", - want: &envoy_listener_v3.FilterChain{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + want: &envoy_config_listener_v3.FilterChain{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"projectcontour.io"}, }, }, }, "No SNI": { domain: "*", - want: &envoy_listener_v3.FilterChain{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + want: &envoy_config_listener_v3.FilterChain{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, }, @@ -1723,9 +1723,9 @@ func TestBuilderValidation(t *testing.T) { require.Error(t, HTTPConnectionManagerBuilder().Validate(), "ConnectionManager with no filters should not pass validation") - require.Error(t, HTTPConnectionManagerBuilder().AddFilter(&http.HttpFilter{ + require.Error(t, HTTPConnectionManagerBuilder().AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: "foo", - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: &anypb.Any{ TypeUrl: "foo", }, @@ -1737,9 +1737,9 @@ func TestBuilderValidation(t *testing.T) { "ConnectionManager with default filters failed validation") badBuilder := HTTPConnectionManagerBuilder().DefaultFilters() - badBuilder.filters = append(badBuilder.filters, &http.HttpFilter{ + badBuilder.filters = append(badBuilder.filters, &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: "foo", - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: &anypb.Any{ TypeUrl: "foo", }, @@ -1749,78 +1749,78 @@ func TestBuilderValidation(t *testing.T) { } func TestAddFilter(t *testing.T) { - routerFilter := &http.HttpFilter{ + routerFilter := &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: "router", - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, } - grpcWebFilter := &http.HttpFilter{ + grpcWebFilter := &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: GRPCWebFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_grpc_web_v3.GrpcWeb{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_grpc_web_v3.GrpcWeb{}), }, } - corsFilter := &http.HttpFilter{ + corsFilter := &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: CORSFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_cors_v3.Cors{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_cors_v3.Cors{}), }, } - grpcStatsFilter := &http.HttpFilter{ + grpcStatsFilter := &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: GRPCStatsFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny( - &envoy_config_filter_http_grpc_stats_v3.FilterConfig{ + &envoy_filter_http_grpc_stats_v3.FilterConfig{ EmitFilterState: true, EnableUpstreamStats: true, }, ), }, } - luaFilter := &http.HttpFilter{ + luaFilter := &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: LuaFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&lua.Lua{ - DefaultSourceCode: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineString{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_lua_v3.Lua{ + DefaultSourceCode: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineString{ InlineString: "-- Placeholder for per-Route or per-Cluster overrides.", }, }, }), }, } - rbacFilter := &http.HttpFilter{ + rbacFilter := &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: RBACFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_rbac_v3.RBAC{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_rbac_v3.RBAC{}), }, } - localRateLimitFilter := &http.HttpFilter{ + localRateLimitFilter := &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: LocalRateLimitFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny( - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "http", }, ), }, } - compressFilter := &http.HttpFilter{ + compressFilter := &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: CompressorFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_compressor_v3.Compressor{ - CompressorLibrary: &envoy_core_v3.TypedExtensionConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_compressor_v3.Compressor{ + CompressorLibrary: &envoy_config_core_v3.TypedExtensionConfig{ Name: "gzip", TypedConfig: protobuf.MustMarshalAny( - &envoy_gzip_v3.Gzip{}, + &envoy_compression_gzip_compressor_v3.Gzip{}, ), }, - ResponseDirectionConfig: &envoy_compressor_v3.Compressor_ResponseDirectionConfig{ - CommonConfig: &envoy_compressor_v3.Compressor_CommonDirectionConfig{ + ResponseDirectionConfig: &envoy_filter_http_compressor_v3.Compressor_ResponseDirectionConfig{ + CommonConfig: &envoy_filter_http_compressor_v3.Compressor_CommonDirectionConfig{ ContentType: compressorContentTypes, }, }, @@ -1830,8 +1830,8 @@ func TestAddFilter(t *testing.T) { tests := map[string]struct { builder *httpConnectionManagerBuilder - add *http.HttpFilter - want []*http.HttpFilter + add *envoy_filter_network_http_connection_manager_v3.HttpFilter + want []*envoy_filter_network_http_connection_manager_v3.HttpFilter }{ "Nil add to empty builder": { builder: HTTPConnectionManagerBuilder(), @@ -1841,28 +1841,28 @@ func TestAddFilter(t *testing.T) { "Add a single router filter to empty builder": { builder: HTTPConnectionManagerBuilder(), add: routerFilter, - want: []*http.HttpFilter{routerFilter}, + want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{routerFilter}, }, "Add a single non-router filter to empty builder": { builder: HTTPConnectionManagerBuilder(), add: grpcWebFilter, - want: []*http.HttpFilter{grpcWebFilter}, + want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{grpcWebFilter}, }, "Add a single router filter to non-empty builder": { builder: HTTPConnectionManagerBuilder().AddFilter(grpcWebFilter), add: routerFilter, - want: []*http.HttpFilter{grpcWebFilter, routerFilter}, + want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{grpcWebFilter, routerFilter}, }, "Add a filter to a builder with a router": { builder: HTTPConnectionManagerBuilder().AddFilter(routerFilter), add: grpcWebFilter, - want: []*http.HttpFilter{grpcWebFilter, routerFilter}, + want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{grpcWebFilter, routerFilter}, }, "Add to the default filters": { builder: HTTPConnectionManagerBuilder().DefaultFilters(), add: authzFilter(), - want: []*http.HttpFilter{ + want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{ compressFilter, grpcWebFilter, grpcStatsFilter, @@ -1881,7 +1881,7 @@ func TestAddFilter(t *testing.T) { AllowPartialMessage: true, PackAsBytes: true, }), - want: []*http.HttpFilter{ + want: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{ compressFilter, grpcWebFilter, grpcStatsFilter, @@ -1911,7 +1911,7 @@ func TestAddFilter(t *testing.T) { }) } -func authzFilter(extras ...any) *http.HttpFilter { +func authzFilter(extras ...any) *envoy_filter_network_http_connection_manager_v3.HttpFilter { sni := "" if len(extras) > 0 { sni = extras[0].(string) diff --git a/internal/envoy/v3/ratelimit.go b/internal/envoy/v3/ratelimit.go index c926d29c876..7122994e2cb 100644 --- a/internal/envoy/v3/ratelimit.go +++ b/internal/envoy/v3/ratelimit.go @@ -14,22 +14,23 @@ package v3 import ( - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - ratelimit_config_v3 "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_config_filter_http_local_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" - ratelimit_filter_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_local_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" + envoy_filter_http_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/envoy" - "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/timeout" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" "k8s.io/apimachinery/pkg/types" + + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/envoy" + "github.com/projectcontour/contour/internal/protobuf" + "github.com/projectcontour/contour/internal/timeout" ) // LocalRateLimitConfig returns a config for the HTTP local rate @@ -39,7 +40,7 @@ func LocalRateLimitConfig(config *dag.LocalRateLimitPolicy, statPrefix string) * return nil } - c := &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + c := &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: statPrefix, TokenBucket: &envoy_type_v3.TokenBucket{ MaxTokens: config.MaxTokens, @@ -47,13 +48,13 @@ func LocalRateLimitConfig(config *dag.LocalRateLimitPolicy, statPrefix string) * FillInterval: durationpb.New(config.FillInterval), }, ResponseHeadersToAdd: headerValueList(config.ResponseHeadersToAdd, false), - FilterEnabled: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnabled: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - FilterEnforced: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnforced: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -70,35 +71,35 @@ func LocalRateLimitConfig(config *dag.LocalRateLimitPolicy, statPrefix string) * } // GlobalRateLimits converts DAG RateLimitDescriptors to Envoy RateLimits. -func GlobalRateLimits(descriptors []*dag.RateLimitDescriptor) []*envoy_route_v3.RateLimit { - var rateLimits []*envoy_route_v3.RateLimit +func GlobalRateLimits(descriptors []*dag.RateLimitDescriptor) []*envoy_config_route_v3.RateLimit { + var rateLimits []*envoy_config_route_v3.RateLimit for _, descriptor := range descriptors { - var rl envoy_route_v3.RateLimit + var rl envoy_config_route_v3.RateLimit for _, entry := range descriptor.Entries { switch { case entry.GenericKey != nil: - rl.Actions = append(rl.Actions, &envoy_route_v3.RateLimit_Action{ - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{ + rl.Actions = append(rl.Actions, &envoy_config_route_v3.RateLimit_Action{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{ DescriptorKey: entry.GenericKey.Key, DescriptorValue: entry.GenericKey.Value, }, }, }) case entry.HeaderMatch != nil: - rl.Actions = append(rl.Actions, &envoy_route_v3.RateLimit_Action{ - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RequestHeaders_{ - RequestHeaders: &envoy_route_v3.RateLimit_Action_RequestHeaders{ + rl.Actions = append(rl.Actions, &envoy_config_route_v3.RateLimit_Action{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RequestHeaders_{ + RequestHeaders: &envoy_config_route_v3.RateLimit_Action_RequestHeaders{ HeaderName: entry.HeaderMatch.HeaderName, DescriptorKey: entry.HeaderMatch.Key, }, }, }) case entry.HeaderValueMatch != nil: - rl.Actions = append(rl.Actions, &envoy_route_v3.RateLimit_Action{ - ActionSpecifier: &envoy_route_v3.RateLimit_Action_HeaderValueMatch_{ - HeaderValueMatch: &envoy_route_v3.RateLimit_Action_HeaderValueMatch{ + rl.Actions = append(rl.Actions, &envoy_config_route_v3.RateLimit_Action{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_HeaderValueMatch_{ + HeaderValueMatch: &envoy_config_route_v3.RateLimit_Action_HeaderValueMatch{ DescriptorValue: entry.HeaderValueMatch.Value, ExpectMatch: wrapperspb.Bool(entry.HeaderValueMatch.ExpectMatch), Headers: headerMatcher(entry.HeaderValueMatch.Headers), @@ -106,9 +107,9 @@ func GlobalRateLimits(descriptors []*dag.RateLimitDescriptor) []*envoy_route_v3. }, }) case entry.RemoteAddress != nil: - rl.Actions = append(rl.Actions, &envoy_route_v3.RateLimit_Action{ - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RemoteAddress_{ - RemoteAddress: &envoy_route_v3.RateLimit_Action_RemoteAddress{}, + rl.Actions = append(rl.Actions, &envoy_config_route_v3.RateLimit_Action{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RemoteAddress_{ + RemoteAddress: &envoy_config_route_v3.RateLimit_Action_RemoteAddress{}, }, }) } @@ -134,21 +135,21 @@ type GlobalRateLimitConfig struct { // GlobalRateLimitFilter returns a configured HTTP global rate limit filter, // or nil if config is nil. -func GlobalRateLimitFilter(config *GlobalRateLimitConfig) *http.HttpFilter { +func GlobalRateLimitFilter(config *GlobalRateLimitConfig) *envoy_filter_network_http_connection_manager_v3.HttpFilter { if config == nil { return nil } - return &http.HttpFilter{ + return &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: config.Domain, Timeout: envoy.Timeout(config.Timeout), FailureModeDeny: !config.FailOpen, - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ GrpcService: GrpcService(dag.ExtensionClusterName(config.ExtensionService), config.SNI, timeout.DefaultSetting()), - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, EnableXRatelimitHeaders: enableXRateLimitHeaders(config.EnableXRateLimitHeaders), RateLimitedAsResourceExhausted: config.EnableResourceExhaustedCode, @@ -157,18 +158,18 @@ func GlobalRateLimitFilter(config *GlobalRateLimitConfig) *http.HttpFilter { } } -func enableXRateLimitHeaders(enable bool) ratelimit_filter_v3.RateLimit_XRateLimitHeadersRFCVersion { +func enableXRateLimitHeaders(enable bool) envoy_filter_http_ratelimit_v3.RateLimit_XRateLimitHeadersRFCVersion { if enable { - return ratelimit_filter_v3.RateLimit_DRAFT_VERSION_03 + return envoy_filter_http_ratelimit_v3.RateLimit_DRAFT_VERSION_03 } - return ratelimit_filter_v3.RateLimit_OFF + return envoy_filter_http_ratelimit_v3.RateLimit_OFF } // rateLimitPerRoute returns a per-route config to configure vhost rate limits. func rateLimitPerRoute(r *dag.RateLimitPerRoute) *anypb.Any { return protobuf.MustMarshalAny( - &ratelimit_filter_v3.RateLimitPerRoute{ - VhRateLimits: ratelimit_filter_v3.RateLimitPerRoute_VhRateLimitsOptions(r.VhRateLimits), + &envoy_filter_http_ratelimit_v3.RateLimitPerRoute{ + VhRateLimits: envoy_filter_http_ratelimit_v3.RateLimitPerRoute_VhRateLimitsOptions(r.VhRateLimits), }, ) } diff --git a/internal/envoy/v3/ratelimit_test.go b/internal/envoy/v3/ratelimit_test.go index 20eb6ae6df9..c9f376133ed 100644 --- a/internal/envoy/v3/ratelimit_test.go +++ b/internal/envoy/v3/ratelimit_test.go @@ -17,23 +17,24 @@ import ( "testing" "time" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - ratelimit_config_v3 "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_config_filter_http_local_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" - ratelimit_filter_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_local_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" + envoy_filter_http_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/timeout" "github.com/stretchr/testify/assert" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" + + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/protobuf" + "github.com/projectcontour/contour/internal/timeout" ) func TestLocalRateLimitConfig(t *testing.T) { @@ -59,7 +60,7 @@ func TestLocalRateLimitConfig(t *testing.T) { }, statPrefix: "stat-prefix", want: protobuf.MustMarshalAny( - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "stat-prefix", TokenBucket: &envoy_type_v3.TokenBucket{ MaxTokens: 100, @@ -67,17 +68,17 @@ func TestLocalRateLimitConfig(t *testing.T) { FillInterval: durationpb.New(time.Second), }, Status: &envoy_type_v3.HttpStatus{Code: envoy_type_v3.StatusCode_ServiceUnavailable}, - ResponseHeadersToAdd: []*envoy_core_v3.HeaderValueOption{ - {Header: &envoy_core_v3.HeaderValue{Key: "X-Header-1", Value: "foo"}, AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD}, - {Header: &envoy_core_v3.HeaderValue{Key: "X-Header-2", Value: "bar"}, AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD}, + ResponseHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{ + {Header: &envoy_config_core_v3.HeaderValue{Key: "X-Header-1", Value: "foo"}, AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD}, + {Header: &envoy_config_core_v3.HeaderValue{Key: "X-Header-2", Value: "bar"}, AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD}, }, - FilterEnabled: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnabled: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - FilterEnforced: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnforced: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -97,7 +98,7 @@ func TestLocalRateLimitConfig(t *testing.T) { func TestGlobalRateLimits(t *testing.T) { tests := map[string]struct { descriptors []*dag.RateLimitDescriptor - want []*envoy_route_v3.RateLimit + want []*envoy_config_route_v3.RateLimit }{ "nil descriptors": { descriptors: nil, @@ -159,24 +160,24 @@ func TestGlobalRateLimits(t *testing.T) { }, }, }, - want: []*envoy_route_v3.RateLimit{ + want: []*envoy_config_route_v3.RateLimit{ { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RemoteAddress_{ - RemoteAddress: &envoy_route_v3.RateLimit_Action_RemoteAddress{}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RemoteAddress_{ + RemoteAddress: &envoy_config_route_v3.RateLimit_Action_RemoteAddress{}, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{ DescriptorValue: "generic-key-val", }, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{ DescriptorKey: "generic-key-custom-key", DescriptorValue: "generic-key-val", }, @@ -185,23 +186,23 @@ func TestGlobalRateLimits(t *testing.T) { }, }, { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RequestHeaders_{ - RequestHeaders: &envoy_route_v3.RateLimit_Action_RequestHeaders{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RequestHeaders_{ + RequestHeaders: &envoy_config_route_v3.RateLimit_Action_RequestHeaders{ HeaderName: "X-Header-1", DescriptorKey: "foo", }, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RemoteAddress_{ - RemoteAddress: &envoy_route_v3.RateLimit_Action_RemoteAddress{}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RemoteAddress_{ + RemoteAddress: &envoy_config_route_v3.RateLimit_Action_RemoteAddress{}, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{ DescriptorValue: "generic-key-val-2", }, }, @@ -209,16 +210,16 @@ func TestGlobalRateLimits(t *testing.T) { }, }, { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_HeaderValueMatch_{ - HeaderValueMatch: &envoy_route_v3.RateLimit_Action_HeaderValueMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_HeaderValueMatch_{ + HeaderValueMatch: &envoy_config_route_v3.RateLimit_Action_HeaderValueMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{ { Name: "A-Header", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "foo", }, }, @@ -246,7 +247,7 @@ func TestGlobalRateLimits(t *testing.T) { func TestGlobalRateLimitFilter(t *testing.T) { tests := map[string]struct { cfg *GlobalRateLimitConfig - want *http.HttpFilter + want *envoy_filter_network_http_connection_manager_v3.HttpFilter }{ "nil config produces nil filter": { cfg: nil, @@ -259,23 +260,23 @@ func TestGlobalRateLimitFilter(t *testing.T) { Domain: "domain", FailOpen: false, }, - want: &http.HttpFilter{ + want: &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "domain", Timeout: durationpb.New(7 * time.Second), FailureModeDeny: true, - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "extension/projectcontour/ratelimit", Authority: "extension.projectcontour.ratelimit", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, }), }, @@ -288,23 +289,23 @@ func TestGlobalRateLimitFilter(t *testing.T) { Domain: "domain", FailOpen: true, }, - want: &http.HttpFilter{ + want: &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "domain", Timeout: durationpb.New(7 * time.Second), FailureModeDeny: false, - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "extension/projectcontour/ratelimit", Authority: "extension.projectcontour.ratelimit", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, }), }, @@ -318,23 +319,23 @@ func TestGlobalRateLimitFilter(t *testing.T) { Domain: "domain", FailOpen: false, }, - want: &http.HttpFilter{ + want: &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "domain", Timeout: durationpb.New(7 * time.Second), FailureModeDeny: true, - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "extension/projectcontour/ratelimit", Authority: "some-server.com", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, }), }, @@ -348,25 +349,25 @@ func TestGlobalRateLimitFilter(t *testing.T) { FailOpen: true, EnableXRateLimitHeaders: true, }, - want: &http.HttpFilter{ + want: &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "domain", Timeout: durationpb.New(7 * time.Second), FailureModeDeny: false, - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "extension/projectcontour/ratelimit", Authority: "extension.projectcontour.ratelimit", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, - EnableXRatelimitHeaders: ratelimit_filter_v3.RateLimit_DRAFT_VERSION_03, + EnableXRatelimitHeaders: envoy_filter_http_ratelimit_v3.RateLimit_DRAFT_VERSION_03, }), }, }, @@ -379,23 +380,23 @@ func TestGlobalRateLimitFilter(t *testing.T) { FailOpen: true, EnableResourceExhaustedCode: true, }, - want: &http.HttpFilter{ + want: &envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "domain", Timeout: durationpb.New(7 * time.Second), FailureModeDeny: false, - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "extension/projectcontour/ratelimit", Authority: "extension.projectcontour.ratelimit", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, RateLimitedAsResourceExhausted: true, }), @@ -421,21 +422,21 @@ func TestRateLimitPerRoute(t *testing.T) { cfg: &dag.RateLimitPerRoute{ VhRateLimits: dag.VhRateLimitsOverride, }, - want: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimitPerRoute{ + want: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimitPerRoute{ VhRateLimits: 0, }), }, "VhRateLimits in Include mode": { cfg: &dag.RateLimitPerRoute{ VhRateLimits: dag.VhRateLimitsInclude, }, - want: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimitPerRoute{ + want: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimitPerRoute{ VhRateLimits: 1, }), }, "VhRateLimits in Ignore mode": { cfg: &dag.RateLimitPerRoute{ VhRateLimits: dag.VhRateLimitsIgnore, }, - want: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimitPerRoute{ + want: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimitPerRoute{ VhRateLimits: 2, }), }, diff --git a/internal/envoy/v3/regex.go b/internal/envoy/v3/regex.go index c677b0ae902..60835b2d7a2 100644 --- a/internal/envoy/v3/regex.go +++ b/internal/envoy/v3/regex.go @@ -14,13 +14,13 @@ package v3 import ( - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" ) -// SafeRegexMatch returns a matcher.RegexMatcher for the supplied regex. +// SafeRegexMatch returns a envoy_matcher_v3.RegexMatcher for the supplied regex. // SafeRegexMatch does not escape regex meta characters. -func SafeRegexMatch(regex string) *matcher.RegexMatcher { - return &matcher.RegexMatcher{ +func SafeRegexMatch(regex string) *envoy_matcher_v3.RegexMatcher { + return &envoy_matcher_v3.RegexMatcher{ Regex: regex, } } diff --git a/internal/envoy/v3/regex_test.go b/internal/envoy/v3/regex_test.go index 75ba5fed786..84a666feae3 100644 --- a/internal/envoy/v3/regex_test.go +++ b/internal/envoy/v3/regex_test.go @@ -16,28 +16,29 @@ package v3 import ( "testing" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + "github.com/projectcontour/contour/internal/protobuf" ) func TestSafeRegexMatch(t *testing.T) { tests := map[string]struct { regex string - want *matcher.RegexMatcher + want *envoy_matcher_v3.RegexMatcher }{ "blank regex": { regex: "", - want: &matcher.RegexMatcher{}, + want: &envoy_matcher_v3.RegexMatcher{}, }, "simple": { regex: "chrome", - want: &matcher.RegexMatcher{ + want: &envoy_matcher_v3.RegexMatcher{ Regex: "chrome", }, }, "regex meta": { regex: "[a-z]+$", - want: &matcher.RegexMatcher{ + want: &envoy_matcher_v3.RegexMatcher{ Regex: "[a-z]+$", // meta characters are not escaped. }, }, diff --git a/internal/envoy/v3/route.go b/internal/envoy/v3/route.go index 3038edcd5ee..ecc2a4934fa 100644 --- a/internal/envoy/v3/route.go +++ b/internal/envoy/v3/route.go @@ -21,32 +21,32 @@ import ( "strings" "text/template" - envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" - - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_config_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" - envoy_config_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" - envoy_jwt_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" - lua "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" - envoy_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" + envoy_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" + envoy_filter_http_jwt_authn_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" + envoy_filter_http_lua_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" + envoy_filter_http_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" envoy_internal_redirect_previous_routes_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/previous_routes/v3" envoy_internal_redirect_safe_cross_scheme_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/safe_cross_scheme/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/envoy" - "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/sorter" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/wrapperspb" + + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/envoy" + "github.com/projectcontour/contour/internal/protobuf" + "github.com/projectcontour/contour/internal/sorter" ) // VirtualHostAndRoutes converts a DAG virtual host and routes to an Envoy virtual host. -func VirtualHostAndRoutes(vh *dag.VirtualHost, dagRoutes []*dag.Route, secure bool) *envoy_route_v3.VirtualHost { - var envoyRoutes []*envoy_route_v3.Route +func VirtualHostAndRoutes(vh *dag.VirtualHost, dagRoutes []*dag.Route, secure bool) *envoy_config_route_v3.VirtualHost { + var envoyRoutes []*envoy_config_route_v3.Route for _, route := range dagRoutes { envoyRoutes = append(envoyRoutes, buildRoute(route, vh.Name, secure)) } @@ -82,7 +82,7 @@ func VirtualHostAndRoutes(vh *dag.VirtualHost, dagRoutes []*dag.Route, secure bo return evh } -func getRouteMetadata(dagRoute *dag.Route) *envoy_core_v3.Metadata { +func getRouteMetadata(dagRoute *dag.Route) *envoy_config_core_v3.Metadata { metadataFields := map[string]*structpb.Value{} if len(dagRoute.Kind) > 0 { metadataFields["io.projectcontour.kind"] = structpb.NewStringValue(dagRoute.Kind) @@ -98,7 +98,7 @@ func getRouteMetadata(dagRoute *dag.Route) *envoy_core_v3.Metadata { return nil } - return &envoy_core_v3.Metadata{ + return &envoy_config_core_v3.Metadata{ FilterMetadata: map[string]*structpb.Struct{ "envoy.access_loggers.file": { Fields: metadataFields, @@ -108,8 +108,8 @@ func getRouteMetadata(dagRoute *dag.Route) *envoy_core_v3.Metadata { } // buildRoute converts a DAG route to an Envoy route. -func buildRoute(dagRoute *dag.Route, vhostName string, secure bool) *envoy_route_v3.Route { - route := &envoy_route_v3.Route{ +func buildRoute(dagRoute *dag.Route, vhostName string, secure bool) *envoy_config_route_v3.Route { + route := &envoy_config_route_v3.Route{ Match: RouteMatch(dagRoute), Metadata: getRouteMetadata(dagRoute), } @@ -160,8 +160,8 @@ func buildRoute(dagRoute *dag.Route, vhostName string, secure bool) *envoy_route // config referencing a requirement in the main filter // config. if len(dagRoute.JWTProvider) > 0 { - route.TypedPerFilterConfig[JWTAuthnFilterName] = protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: dagRoute.JWTProvider}, + route.TypedPerFilterConfig[JWTAuthnFilterName] = protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: dagRoute.JWTProvider}, }) } @@ -184,8 +184,8 @@ func buildRoute(dagRoute *dag.Route, vhostName string, secure bool) *envoy_route // routeAuthzDisabled returns a per-route config to disable authorization. func routeAuthzDisabled() *anypb.Any { return protobuf.MustMarshalAny( - &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_Disabled{ + &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute_Disabled{ Disabled: true, }, }, @@ -196,9 +196,9 @@ func routeAuthzDisabled() *anypb.Any { // context entries in the check request. func routeAuthzContext(settings map[string]string) *anypb.Any { return protobuf.MustMarshalAny( - &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ - CheckSettings: &envoy_config_filter_http_ext_authz_v3.CheckSettings{ + &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ + CheckSettings: &envoy_filter_http_ext_authz_v3.CheckSettings{ ContextExtensions: settings, }, }, @@ -206,7 +206,7 @@ func routeAuthzContext(settings map[string]string) *anypb.Any { ) } -func ipFilterConfig(allow bool, rules []dag.IPFilterRule) *envoy_rbac_v3.RBACPerRoute { +func ipFilterConfig(allow bool, rules []dag.IPFilterRule) *envoy_filter_http_rbac_v3.RBACPerRoute { action := envoy_config_rbac_v3.RBAC_ALLOW if !allow { action = envoy_config_rbac_v3.RBAC_DENY @@ -218,7 +218,7 @@ func ipFilterConfig(allow bool, rules []dag.IPFilterRule) *envoy_rbac_v3.RBACPer var principal *envoy_config_rbac_v3.Principal prefixLen, _ := f.CIDR.Mask.Size() - cidr := &envoy_core_v3.CidrRange{ + cidr := &envoy_config_core_v3.CidrRange{ AddressPrefix: f.CIDR.IP.String(), PrefixLen: wrapperspb.UInt32(uint32(prefixLen)), } @@ -241,8 +241,8 @@ func ipFilterConfig(allow bool, rules []dag.IPFilterRule) *envoy_rbac_v3.RBACPer principals = append(principals, principal) } - return &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + return &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: action, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -260,8 +260,8 @@ func ipFilterConfig(allow bool, rules []dag.IPFilterRule) *envoy_rbac_v3.RBACPer } } -// RouteMatch creates a *envoy_route_v3.RouteMatch for the supplied *dag.Route. -func RouteMatch(route *dag.Route) *envoy_route_v3.RouteMatch { +// RouteMatch creates a *envoy_config_route_v3.RouteMatch for the supplied *dag.Route. +func RouteMatch(route *dag.Route) *envoy_config_route_v3.RouteMatch { routeMatch := PathRouteMatch(route.PathMatchCondition) routeMatch.Headers = headerMatcher(route.HeaderMatchConditions) @@ -270,13 +270,13 @@ func RouteMatch(route *dag.Route) *envoy_route_v3.RouteMatch { return routeMatch } -// PathRouteMatch creates a *envoy_route_v3.RouteMatch with *only* a PathSpecifier +// PathRouteMatch creates a *envoy_config_route_v3.RouteMatch with *only* a PathSpecifier // populated. -func PathRouteMatch(pathMatchCondition dag.MatchCondition) *envoy_route_v3.RouteMatch { +func PathRouteMatch(pathMatchCondition dag.MatchCondition) *envoy_config_route_v3.RouteMatch { switch c := pathMatchCondition.(type) { case *dag.RegexMatchCondition: - return &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_SafeRegex{ + return &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_SafeRegex{ // Add an anchor since we at the very least have a / as a string literal prefix. // Reduces regex program size so Envoy doesn't reject long prefix matches. SafeRegex: SafeRegexMatch("^" + c.Regex), @@ -285,8 +285,8 @@ func PathRouteMatch(pathMatchCondition dag.MatchCondition) *envoy_route_v3.Route case *dag.PrefixMatchCondition: switch c.PrefixMatchType { case dag.PrefixMatchSegment: - return &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_PathSeparatedPrefix{ + return &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_PathSeparatedPrefix{ // Trim trailing slash as PathSeparatedPrefix expects // no trailing slashes. PathSeparatedPrefix: strings.TrimRight(c.Prefix, "/"), @@ -295,35 +295,35 @@ func PathRouteMatch(pathMatchCondition dag.MatchCondition) *envoy_route_v3.Route case dag.PrefixMatchString: fallthrough default: - return &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ + return &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{ Prefix: c.Prefix, }, } } case *dag.ExactMatchCondition: - return &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Path{ + return &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Path{ Path: c.Path, }, } default: - return &envoy_route_v3.RouteMatch{} + return &envoy_config_route_v3.RouteMatch{} } } -// routeDirectResponse creates a *envoy_route_v3.Route_DirectResponse for the +// routeDirectResponse creates a *envoy_config_route_v3.Route_DirectResponse for the // http status code and body supplied. This allows a direct response to a route request // with an HTTP status code without needing to route to a specific cluster. -func routeDirectResponse(response *dag.DirectResponse) *envoy_route_v3.Route_DirectResponse { - r := &envoy_route_v3.Route_DirectResponse{ - DirectResponse: &envoy_route_v3.DirectResponseAction{ +func routeDirectResponse(response *dag.DirectResponse) *envoy_config_route_v3.Route_DirectResponse { + r := &envoy_config_route_v3.Route_DirectResponse{ + DirectResponse: &envoy_config_route_v3.DirectResponseAction{ Status: response.StatusCode, }, } if response.Body != "" { - r.DirectResponse.Body = &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineString{ + r.DirectResponse.Body = &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineString{ InlineString: response.Body, }, } @@ -331,12 +331,12 @@ func routeDirectResponse(response *dag.DirectResponse) *envoy_route_v3.Route_Dir return r } -// routeRedirect creates a *envoy_route_v3.Route_Redirect for the +// routeRedirect creates a *envoy_config_route_v3.Route_Redirect for the // redirect specified. This allows a redirect to be returned to the // client. -func routeRedirect(redirect *dag.Redirect) *envoy_route_v3.Route_Redirect { - r := &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{}, +func routeRedirect(redirect *dag.Redirect) *envoy_config_route_v3.Route_Redirect { + r := &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{}, } if len(redirect.Hostname) > 0 { @@ -344,7 +344,7 @@ func routeRedirect(redirect *dag.Redirect) *envoy_route_v3.Route_Redirect { } if len(redirect.Scheme) > 0 { - r.Redirect.SchemeRewriteSpecifier = &envoy_route_v3.RedirectAction_SchemeRedirect{ + r.Redirect.SchemeRewriteSpecifier = &envoy_config_route_v3.RedirectAction_SchemeRedirect{ SchemeRedirect: redirect.Scheme, } } @@ -356,16 +356,16 @@ func routeRedirect(redirect *dag.Redirect) *envoy_route_v3.Route_Redirect { if redirect.PathRewritePolicy != nil { switch { case len(redirect.PathRewritePolicy.FullPathRewrite) > 0: - r.Redirect.PathRewriteSpecifier = &envoy_route_v3.RedirectAction_PathRedirect{ + r.Redirect.PathRewriteSpecifier = &envoy_config_route_v3.RedirectAction_PathRedirect{ PathRedirect: redirect.PathRewritePolicy.FullPathRewrite, } case len(redirect.PathRewritePolicy.PrefixRewrite) > 0: - r.Redirect.PathRewriteSpecifier = &envoy_route_v3.RedirectAction_PrefixRewrite{ + r.Redirect.PathRewriteSpecifier = &envoy_config_route_v3.RedirectAction_PrefixRewrite{ PrefixRewrite: redirect.PathRewritePolicy.PrefixRewrite, } case len(redirect.PathRewritePolicy.PrefixRegexRemove) > 0: - r.Redirect.PathRewriteSpecifier = &envoy_route_v3.RedirectAction_RegexRewrite{ - RegexRewrite: &matcher.RegexMatchAndSubstitute{ + r.Redirect.PathRewriteSpecifier = &envoy_config_route_v3.RedirectAction_RegexRewrite{ + RegexRewrite: &envoy_matcher_v3.RegexMatchAndSubstitute{ Pattern: SafeRegexMatch(redirect.PathRewritePolicy.PrefixRegexRemove), Substitution: "/", }, @@ -376,19 +376,19 @@ func routeRedirect(redirect *dag.Redirect) *envoy_route_v3.Route_Redirect { // Envoy's default is a 301 if not otherwise specified. switch redirect.StatusCode { case http.StatusMovedPermanently: - r.Redirect.ResponseCode = envoy_route_v3.RedirectAction_MOVED_PERMANENTLY + r.Redirect.ResponseCode = envoy_config_route_v3.RedirectAction_MOVED_PERMANENTLY case http.StatusFound: - r.Redirect.ResponseCode = envoy_route_v3.RedirectAction_FOUND + r.Redirect.ResponseCode = envoy_config_route_v3.RedirectAction_FOUND } return r } -// routeRoute creates a *envoy_route_v3.Route_Route for the services supplied. +// routeRoute creates a *envoy_config_route_v3.Route_Route for the services supplied. // If len(services) is greater than one, the route's action will be a // weighted cluster. -func routeRoute(r *dag.Route) *envoy_route_v3.Route_Route { - ra := envoy_route_v3.RouteAction{ +func routeRoute(r *dag.Route) *envoy_config_route_v3.Route_Route { + ra := envoy_config_route_v3.RouteAction{ RetryPolicy: retryPolicy(r), Timeout: envoy.Timeout(r.TimeoutPolicy.ResponseTimeout), IdleTimeout: envoy.Timeout(r.TimeoutPolicy.IdleStreamTimeout), @@ -402,12 +402,12 @@ func routeRoute(r *dag.Route) *envoy_route_v3.Route_Route { case len(r.PathRewritePolicy.PrefixRewrite) > 0: ra.PrefixRewrite = r.PathRewritePolicy.PrefixRewrite case len(r.PathRewritePolicy.FullPathRewrite) > 0: - ra.RegexRewrite = &matcher.RegexMatchAndSubstitute{ + ra.RegexRewrite = &envoy_matcher_v3.RegexMatchAndSubstitute{ Pattern: SafeRegexMatch("^/.*$"), // match the entire path Substitution: r.PathRewritePolicy.FullPathRewrite, } case len(r.PathRewritePolicy.PrefixRegexRemove) > 0: - ra.RegexRewrite = &matcher.RegexMatchAndSubstitute{ + ra.RegexRewrite = &envoy_matcher_v3.RegexMatchAndSubstitute{ Pattern: SafeRegexMatch(r.PathRewritePolicy.PrefixRegexRemove), Substitution: "/", } @@ -420,33 +420,33 @@ func routeRoute(r *dag.Route) *envoy_route_v3.Route_Route { // Check for host header policy and set if found if val := envoy.HostRewriteLiteral(r.RequestHeadersPolicy); val != "" { - ra.HostRewriteSpecifier = &envoy_route_v3.RouteAction_HostRewriteLiteral{ + ra.HostRewriteSpecifier = &envoy_config_route_v3.RouteAction_HostRewriteLiteral{ HostRewriteLiteral: val, } } else if val := envoy.HostRewriteHeader(r.RequestHeadersPolicy); val != "" { - ra.HostRewriteSpecifier = &envoy_route_v3.RouteAction_HostRewriteHeader{ + ra.HostRewriteSpecifier = &envoy_config_route_v3.RouteAction_HostRewriteHeader{ HostRewriteHeader: val, } } if r.Websocket { ra.UpgradeConfigs = append(ra.UpgradeConfigs, - &envoy_route_v3.RouteAction_UpgradeConfig{ + &envoy_config_route_v3.RouteAction_UpgradeConfig{ UpgradeType: "websocket", }, ) } if envoy.SingleSimpleCluster(r) { - ra.ClusterSpecifier = &envoy_route_v3.RouteAction_Cluster{ + ra.ClusterSpecifier = &envoy_config_route_v3.RouteAction_Cluster{ Cluster: envoy.Clustername(r.Clusters[0]), } } else { - ra.ClusterSpecifier = &envoy_route_v3.RouteAction_WeightedClusters{ + ra.ClusterSpecifier = &envoy_config_route_v3.RouteAction_WeightedClusters{ WeightedClusters: weightedClusters(r), } } - return &envoy_route_v3.Route_Route{ + return &envoy_config_route_v3.Route_Route{ Route: &ra, } } @@ -454,32 +454,32 @@ func routeRoute(r *dag.Route) *envoy_route_v3.Route_Route { // hashPolicy returns a slice of Envoy hash policies from the passed in Contour // request hash policy configuration. Only one of header or cookie hash policies // should be set on any RequestHashPolicy element. -func hashPolicy(requestHashPolicies []dag.RequestHashPolicy) []*envoy_route_v3.RouteAction_HashPolicy { +func hashPolicy(requestHashPolicies []dag.RequestHashPolicy) []*envoy_config_route_v3.RouteAction_HashPolicy { if len(requestHashPolicies) == 0 { return nil } - hashPolicies := []*envoy_route_v3.RouteAction_HashPolicy{} + hashPolicies := []*envoy_config_route_v3.RouteAction_HashPolicy{} for _, rhp := range requestHashPolicies { - newHP := &envoy_route_v3.RouteAction_HashPolicy{ + newHP := &envoy_config_route_v3.RouteAction_HashPolicy{ Terminal: rhp.Terminal, } if rhp.HeaderHashOptions != nil { - newHP.PolicySpecifier = &envoy_route_v3.RouteAction_HashPolicy_Header_{ - Header: &envoy_route_v3.RouteAction_HashPolicy_Header{ + newHP.PolicySpecifier = &envoy_config_route_v3.RouteAction_HashPolicy_Header_{ + Header: &envoy_config_route_v3.RouteAction_HashPolicy_Header{ HeaderName: rhp.HeaderHashOptions.HeaderName, }, } } if rhp.QueryParameterHashOptions != nil { - newHP.PolicySpecifier = &envoy_route_v3.RouteAction_HashPolicy_QueryParameter_{ - QueryParameter: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter{ + newHP.PolicySpecifier = &envoy_config_route_v3.RouteAction_HashPolicy_QueryParameter_{ + QueryParameter: &envoy_config_route_v3.RouteAction_HashPolicy_QueryParameter{ Name: rhp.QueryParameterHashOptions.ParameterName, }, } } if rhp.CookieHashOptions != nil { - newHP.PolicySpecifier = &envoy_route_v3.RouteAction_HashPolicy_Cookie_{ - Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{ + newHP.PolicySpecifier = &envoy_config_route_v3.RouteAction_HashPolicy_Cookie_{ + Cookie: &envoy_config_route_v3.RouteAction_HashPolicy_Cookie{ Name: rhp.CookieHashOptions.CookieName, Ttl: durationpb.New(rhp.CookieHashOptions.TTL), Path: rhp.CookieHashOptions.Path, @@ -487,8 +487,8 @@ func hashPolicy(requestHashPolicies []dag.RequestHashPolicy) []*envoy_route_v3.R } } if rhp.HashSourceIP { - newHP.PolicySpecifier = &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties_{ - ConnectionProperties: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties{ + newHP.PolicySpecifier = &envoy_config_route_v3.RouteAction_HashPolicy_ConnectionProperties_{ + ConnectionProperties: &envoy_config_route_v3.RouteAction_HashPolicy_ConnectionProperties{ SourceIp: true, }, } @@ -498,16 +498,16 @@ func hashPolicy(requestHashPolicies []dag.RequestHashPolicy) []*envoy_route_v3.R return hashPolicies } -func mirrorPolicy(r *dag.Route) []*envoy_route_v3.RouteAction_RequestMirrorPolicy { +func mirrorPolicy(r *dag.Route) []*envoy_config_route_v3.RouteAction_RequestMirrorPolicy { if len(r.MirrorPolicies) == 0 { return nil } - mirrorPolicies := []*envoy_route_v3.RouteAction_RequestMirrorPolicy{} + mirrorPolicies := []*envoy_config_route_v3.RouteAction_RequestMirrorPolicy{} for _, mp := range r.MirrorPolicies { - mirrorPolicies = append(mirrorPolicies, &envoy_route_v3.RouteAction_RequestMirrorPolicy{ + mirrorPolicies = append(mirrorPolicies, &envoy_config_route_v3.RouteAction_RequestMirrorPolicy{ Cluster: envoy.Clustername(mp.Cluster), - RuntimeFraction: &envoy_core_v3.RuntimeFractionalPercent{ + RuntimeFraction: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: uint32(mp.Weight), Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -518,7 +518,7 @@ func mirrorPolicy(r *dag.Route) []*envoy_route_v3.RouteAction_RequestMirrorPolic return mirrorPolicies } -func retryPolicy(r *dag.Route) *envoy_route_v3.RetryPolicy { +func retryPolicy(r *dag.Route) *envoy_config_route_v3.RetryPolicy { if r.RetryPolicy == nil { return nil } @@ -526,7 +526,7 @@ func retryPolicy(r *dag.Route) *envoy_route_v3.RetryPolicy { return nil } - rp := &envoy_route_v3.RetryPolicy{ + rp := &envoy_config_route_v3.RetryPolicy{ RetryOn: r.RetryPolicy.RetryOn, RetriableStatusCodes: r.RetryPolicy.RetriableStatusCodes, } @@ -538,12 +538,12 @@ func retryPolicy(r *dag.Route) *envoy_route_v3.RetryPolicy { return rp } -func internalRedirectPolicy(p *dag.InternalRedirectPolicy) *envoy_route_v3.InternalRedirectPolicy { +func internalRedirectPolicy(p *dag.InternalRedirectPolicy) *envoy_config_route_v3.InternalRedirectPolicy { if p == nil { return nil } - var predicates []*envoy_core_v3.TypedExtensionConfig + var predicates []*envoy_config_core_v3.TypedExtensionConfig allowCrossSchemeRedirect := false switch p.AllowCrossSchemeRedirect { @@ -551,20 +551,20 @@ func internalRedirectPolicy(p *dag.InternalRedirectPolicy) *envoy_route_v3.Inter allowCrossSchemeRedirect = true case dag.InternalRedirectCrossSchemeSafeOnly: allowCrossSchemeRedirect = true - predicates = append(predicates, &envoy_core_v3.TypedExtensionConfig{ + predicates = append(predicates, &envoy_config_core_v3.TypedExtensionConfig{ Name: "envoy.internal_redirect_predicates.safe_cross_scheme", TypedConfig: protobuf.MustMarshalAny(&envoy_internal_redirect_safe_cross_scheme_v3.SafeCrossSchemeConfig{}), }) } if p.DenyRepeatedRouteRedirect { - predicates = append(predicates, &envoy_core_v3.TypedExtensionConfig{ + predicates = append(predicates, &envoy_config_core_v3.TypedExtensionConfig{ Name: "envoy.internal_redirect_predicates.previous_routes", TypedConfig: protobuf.MustMarshalAny(&envoy_internal_redirect_previous_routes_v3.PreviousRoutesConfig{}), }) } - return &envoy_route_v3.InternalRedirectPolicy{ + return &envoy_config_route_v3.InternalRedirectPolicy{ MaxInternalRedirects: protobuf.UInt32OrNil(p.MaxInternalRedirects), RedirectResponseCodes: p.RedirectResponseCodes, Predicates: predicates, @@ -573,10 +573,10 @@ func internalRedirectPolicy(p *dag.InternalRedirectPolicy) *envoy_route_v3.Inter } // UpgradeHTTPS returns a route Action that redirects the request to HTTPS. -func UpgradeHTTPS() *envoy_route_v3.Route_Redirect { - return &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ +func UpgradeHTTPS() *envoy_config_route_v3.Route_Redirect { + return &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -584,17 +584,17 @@ func UpgradeHTTPS() *envoy_route_v3.Route_Redirect { } // headerValueList creates a list of Envoy HeaderValueOptions from the provided map. -func headerValueList(hvm map[string]string, app bool) []*envoy_core_v3.HeaderValueOption { - var hvs []*envoy_core_v3.HeaderValueOption +func headerValueList(hvm map[string]string, app bool) []*envoy_config_core_v3.HeaderValueOption { + var hvs []*envoy_config_core_v3.HeaderValueOption - appendAction := envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD + appendAction := envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD if app { - appendAction = envoy_core_v3.HeaderValueOption_APPEND_IF_EXISTS_OR_ADD + appendAction = envoy_config_core_v3.HeaderValueOption_APPEND_IF_EXISTS_OR_ADD } for key, value := range hvm { - hvs = append(hvs, &envoy_core_v3.HeaderValueOption{ - Header: &envoy_core_v3.HeaderValue{ + hvs = append(hvs, &envoy_config_core_v3.HeaderValueOption{ + Header: &envoy_config_core_v3.HeaderValue{ Key: key, Value: value, }, @@ -610,13 +610,13 @@ func headerValueList(hvm map[string]string, app bool) []*envoy_core_v3.HeaderVal } // weightedClusters returns a route.WeightedCluster for multiple services. -func weightedClusters(route *dag.Route) *envoy_route_v3.WeightedCluster { - var wc envoy_route_v3.WeightedCluster +func weightedClusters(route *dag.Route) *envoy_config_route_v3.WeightedCluster { + var wc envoy_config_route_v3.WeightedCluster var total uint32 for _, cluster := range route.Clusters { total += cluster.Weight - c := &envoy_route_v3.WeightedCluster_ClusterWeight{ + c := &envoy_config_route_v3.WeightedCluster_ClusterWeight{ Name: envoy.Clustername(cluster), Weight: wrapperspb.UInt32(cluster.Weight), } @@ -625,7 +625,7 @@ func weightedClusters(route *dag.Route) *envoy_route_v3.WeightedCluster { c.RequestHeadersToRemove = cluster.RequestHeadersPolicy.Remove // Check for host header policy and set if found if val := envoy.HostRewriteLiteral(cluster.RequestHeadersPolicy); val != "" { - c.HostRewriteSpecifier = &envoy_route_v3.WeightedCluster_ClusterWeight_HostRewriteLiteral{ + c.HostRewriteSpecifier = &envoy_config_route_v3.WeightedCluster_ClusterWeight_HostRewriteLiteral{ HostRewriteLiteral: val, } } @@ -654,8 +654,8 @@ func weightedClusters(route *dag.Route) *envoy_route_v3.WeightedCluster { } // VirtualHost creates a new route.VirtualHost. -func VirtualHost(hostname string, routes ...*envoy_route_v3.Route) *envoy_route_v3.VirtualHost { - return &envoy_route_v3.VirtualHost{ +func VirtualHost(hostname string, routes ...*envoy_config_route_v3.Route) *envoy_config_route_v3.VirtualHost { + return &envoy_config_route_v3.VirtualHost{ Name: envoy.Hashname(60, hostname), Domains: []string{hostname}, Routes: routes, @@ -663,7 +663,7 @@ func VirtualHost(hostname string, routes ...*envoy_route_v3.Route) *envoy_route_ } // CORSVirtualHost creates a new route.VirtualHost with a CORS policy. -func CORSVirtualHost(hostname string, corspolicy *envoy_cors_v3.CorsPolicy, routes ...*envoy_route_v3.Route) *envoy_route_v3.VirtualHost { +func CORSVirtualHost(hostname string, corspolicy *envoy_filter_http_cors_v3.CorsPolicy, routes ...*envoy_config_route_v3.Route) *envoy_config_route_v3.VirtualHost { vh := VirtualHost(hostname, routes...) if corspolicy != nil { vh.TypedPerFilterConfig = map[string]*anypb.Any{ @@ -673,9 +673,9 @@ func CORSVirtualHost(hostname string, corspolicy *envoy_cors_v3.CorsPolicy, rout return vh } -// RouteConfiguration returns a *envoy_route_v3.RouteConfiguration. -func RouteConfiguration(name string, virtualhosts ...*envoy_route_v3.VirtualHost) *envoy_route_v3.RouteConfiguration { - return &envoy_route_v3.RouteConfiguration{ +// RouteConfiguration returns a *envoy_config_route_v3.RouteConfiguration. +func RouteConfiguration(name string, virtualhosts ...*envoy_config_route_v3.VirtualHost) *envoy_config_route_v3.RouteConfiguration { + return &envoy_config_route_v3.RouteConfiguration{ Name: name, VirtualHosts: virtualhosts, RequestHeadersToAdd: headers( @@ -687,12 +687,12 @@ func RouteConfiguration(name string, virtualhosts ...*envoy_route_v3.VirtualHost } } -// corsPolicy returns a *envoy_cors_v3.CorsPolicy -func corsPolicy(cp *dag.CORSPolicy) *envoy_cors_v3.CorsPolicy { +// corsPolicy returns a *envoy_filter_http_cors_v3.CorsPolicy +func corsPolicy(cp *dag.CORSPolicy) *envoy_filter_http_cors_v3.CorsPolicy { if cp == nil { return nil } - ecp := &envoy_cors_v3.CorsPolicy{ + ecp := &envoy_filter_http_cors_v3.CorsPolicy{ AllowCredentials: wrapperspb.Bool(cp.AllowCredentials), AllowHeaders: strings.Join(cp.AllowHeaders, ","), AllowMethods: strings.Join(cp.AllowMethods, ","), @@ -706,19 +706,19 @@ func corsPolicy(cp *dag.CORSPolicy) *envoy_cors_v3.CorsPolicy { ecp.MaxAge = fmt.Sprintf("%.0f", cp.MaxAge.Duration().Seconds()) } - ecp.AllowOriginStringMatch = []*matcher.StringMatcher{} + ecp.AllowOriginStringMatch = []*envoy_matcher_v3.StringMatcher{} for _, ao := range cp.AllowOrigin { - m := &matcher.StringMatcher{} + m := &envoy_matcher_v3.StringMatcher{} switch ao.Type { case dag.CORSAllowOriginMatchExact: // Even though we use the exact matcher, Envoy always makes an exception for the `*` value // https://github.com/envoyproxy/envoy/blob/d6e2fd0185ca620745479da2c43c0564eeaf35c5/source/extensions/filters/http/cors/cors_filter.cc#L142 - m.MatchPattern = &matcher.StringMatcher_Exact{ + m.MatchPattern = &envoy_matcher_v3.StringMatcher_Exact{ Exact: ao.Value, } m.IgnoreCase = true case dag.CORSAllowOriginMatchRegex: - m.MatchPattern = &matcher.StringMatcher_SafeRegex{ + m.MatchPattern = &envoy_matcher_v3.StringMatcher_SafeRegex{ SafeRegex: SafeRegexMatch(ao.Value), } } @@ -727,25 +727,25 @@ func corsPolicy(cp *dag.CORSPolicy) *envoy_cors_v3.CorsPolicy { return ecp } -func headers(first *envoy_core_v3.HeaderValueOption, rest ...*envoy_core_v3.HeaderValueOption) []*envoy_core_v3.HeaderValueOption { - return append([]*envoy_core_v3.HeaderValueOption{first}, rest...) +func headers(first *envoy_config_core_v3.HeaderValueOption, rest ...*envoy_config_core_v3.HeaderValueOption) []*envoy_config_core_v3.HeaderValueOption { + return append([]*envoy_config_core_v3.HeaderValueOption{first}, rest...) } -func appendHeader(key, value string) *envoy_core_v3.HeaderValueOption { - return &envoy_core_v3.HeaderValueOption{ - Header: &envoy_core_v3.HeaderValue{ +func appendHeader(key, value string) *envoy_config_core_v3.HeaderValueOption { + return &envoy_config_core_v3.HeaderValueOption{ + Header: &envoy_config_core_v3.HeaderValue{ Key: key, Value: value, }, - AppendAction: envoy_core_v3.HeaderValueOption_APPEND_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_APPEND_IF_EXISTS_OR_ADD, } } -func headerMatcher(headers []dag.HeaderMatchCondition) []*envoy_route_v3.HeaderMatcher { - var envoyHeaders []*envoy_route_v3.HeaderMatcher +func headerMatcher(headers []dag.HeaderMatchCondition) []*envoy_config_route_v3.HeaderMatcher { + var envoyHeaders []*envoy_config_route_v3.HeaderMatcher for _, h := range headers { - header := &envoy_route_v3.HeaderMatcher{ + header := &envoy_config_route_v3.HeaderMatcher{ Name: h.Name, InvertMatch: h.Invert, // We only want to turn on TreatMissingHeaderAsEmpty on invert matches @@ -754,20 +754,20 @@ func headerMatcher(headers []dag.HeaderMatchCondition) []*envoy_route_v3.HeaderM switch h.MatchType { case dag.HeaderMatchTypeExact: - header.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{Exact: h.Value}, + header.HeaderMatchSpecifier = &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{Exact: h.Value}, IgnoreCase: h.IgnoreCase, }, } case dag.HeaderMatchTypeContains: header.HeaderMatchSpecifier = containsMatch(h.Value, h.IgnoreCase) case dag.HeaderMatchTypePresent: - header.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PresentMatch{PresentMatch: true} + header.HeaderMatchSpecifier = &envoy_config_route_v3.HeaderMatcher_PresentMatch{PresentMatch: true} case dag.HeaderMatchTypeRegex: - header.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_SafeRegex{ + header.HeaderMatchSpecifier = &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ SafeRegex: SafeRegexMatch(h.Value), }, }, @@ -778,53 +778,53 @@ func headerMatcher(headers []dag.HeaderMatchCondition) []*envoy_route_v3.HeaderM return envoyHeaders } -func queryParamMatcher(queryParams []dag.QueryParamMatchCondition) []*envoy_route_v3.QueryParameterMatcher { - var envoyQueryParamMatchers []*envoy_route_v3.QueryParameterMatcher +func queryParamMatcher(queryParams []dag.QueryParamMatchCondition) []*envoy_config_route_v3.QueryParameterMatcher { + var envoyQueryParamMatchers []*envoy_config_route_v3.QueryParameterMatcher for _, q := range queryParams { - queryParam := &envoy_route_v3.QueryParameterMatcher{ + queryParam := &envoy_config_route_v3.QueryParameterMatcher{ Name: q.Name, } switch q.MatchType { case dag.QueryParamMatchTypeExact: - queryParam.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{Exact: q.Value}, + queryParam.QueryParameterMatchSpecifier = &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{Exact: q.Value}, IgnoreCase: q.IgnoreCase, }, } case dag.QueryParamMatchTypePrefix: - queryParam.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Prefix{Prefix: q.Value}, + queryParam.QueryParameterMatchSpecifier = &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Prefix{Prefix: q.Value}, IgnoreCase: q.IgnoreCase, }, } case dag.QueryParamMatchTypeSuffix: - queryParam.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Suffix{Suffix: q.Value}, + queryParam.QueryParameterMatchSpecifier = &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Suffix{Suffix: q.Value}, IgnoreCase: q.IgnoreCase, }, } case dag.QueryParamMatchTypeRegex: - queryParam.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_SafeRegex{ + queryParam.QueryParameterMatchSpecifier = &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ SafeRegex: SafeRegexMatch(q.Value), }, }, } case dag.QueryParamMatchTypeContains: - queryParam.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Contains{Contains: q.Value}, + queryParam.QueryParameterMatchSpecifier = &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Contains{Contains: q.Value}, IgnoreCase: q.IgnoreCase, }, } case dag.QueryParamMatchTypePresent: - queryParam.QueryParameterMatchSpecifier = &envoy_route_v3.QueryParameterMatcher_PresentMatch{ + queryParam.QueryParameterMatchSpecifier = &envoy_config_route_v3.QueryParameterMatcher_PresentMatch{ PresentMatch: true, } } @@ -837,11 +837,11 @@ func queryParamMatcher(queryParams []dag.QueryParamMatchCondition) []*envoy_rout // containsMatch returns a HeaderMatchSpecifier which will match the // supplied substring -func containsMatch(s string, ignoreCase bool) *envoy_route_v3.HeaderMatcher_StringMatch { - return &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ +func containsMatch(s string, ignoreCase bool) *envoy_config_route_v3.HeaderMatcher_StringMatch { + return &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ IgnoreCase: ignoreCase, - MatchPattern: &matcher.StringMatcher_Contains{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Contains{ Contains: s, }, }, @@ -986,10 +986,10 @@ end return nil } - c := &lua.LuaPerRoute{ - Override: &lua.LuaPerRoute_SourceCode{ - SourceCode: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineString{ + c := &envoy_filter_http_lua_v3.LuaPerRoute{ + Override: &envoy_filter_http_lua_v3.LuaPerRoute_SourceCode{ + SourceCode: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineString{ InlineString: t.String(), }, }, diff --git a/internal/envoy/v3/route_test.go b/internal/envoy/v3/route_test.go index b9d4f5ce33a..2f91680d7e4 100644 --- a/internal/envoy/v3/route_test.go +++ b/internal/envoy/v3/route_test.go @@ -18,33 +18,33 @@ import ( "testing" "time" - envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" - - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_config_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" - envoy_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" + envoy_filter_http_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" envoy_internal_redirect_previous_routes_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/previous_routes/v3" envoy_internal_redirect_safe_cross_scheme_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/safe_cross_scheme/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/timeout" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/stretchr/testify/assert" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/protobuf" + "github.com/projectcontour/contour/internal/timeout" ) func TestRouteRoute(t *testing.T) { s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) s2 := fixture.NewService("kuard2"). - WithPorts(v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) c1 := &dag.Cluster{ Upstream: &dag.Service{ Weighted: dag.WeightedService{ @@ -81,15 +81,15 @@ func TestRouteRoute(t *testing.T) { tests := map[string]struct { route *dag.Route - want *envoy_route_v3.Route_Route + want *envoy_config_route_v3.Route_Route }{ "single service": { route: &dag.Route{ Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, }, @@ -100,12 +100,12 @@ func TestRouteRoute(t *testing.T) { Websocket: true, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - UpgradeConfigs: []*envoy_route_v3.RouteAction_UpgradeConfig{{ + UpgradeConfigs: []*envoy_config_route_v3.RouteAction_UpgradeConfig{{ UpgradeType: "websocket", }}, }, @@ -134,11 +134,11 @@ func TestRouteRoute(t *testing.T) { }, }}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ - Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ + Clusters: []*envoy_config_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: wrapperspb.UInt32(0), }, { @@ -175,11 +175,11 @@ func TestRouteRoute(t *testing.T) { }, }}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ - Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ + Clusters: []*envoy_config_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: wrapperspb.UInt32(0), }, { @@ -188,7 +188,7 @@ func TestRouteRoute(t *testing.T) { }}, }, }, - UpgradeConfigs: []*envoy_route_v3.RouteAction_UpgradeConfig{{ + UpgradeConfigs: []*envoy_config_route_v3.RouteAction_UpgradeConfig{{ UpgradeType: "websocket", }}, }, @@ -222,39 +222,39 @@ func TestRouteRoute(t *testing.T) { }, }}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ - Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ + Clusters: []*envoy_config_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: wrapperspb.UInt32(1), - RequestHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ - Header: &envoy_core_v3.HeaderValue{ + RequestHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "K-Foo", Value: "bar", }, - AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, }, { - Header: &envoy_core_v3.HeaderValue{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "K-Sauce", Value: "spicy", }, - AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, }}, RequestHeadersToRemove: []string{"K-Bar"}, - ResponseHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ - Header: &envoy_core_v3.HeaderValue{ + ResponseHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "K-Blah", Value: "boo", }, - AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, }}, ResponseHeadersToRemove: []string{"K-Baz"}, }}, }, }, - UpgradeConfigs: []*envoy_route_v3.RouteAction_UpgradeConfig{{ + UpgradeConfigs: []*envoy_config_route_v3.RouteAction_UpgradeConfig{{ UpgradeType: "websocket", }}, }, @@ -268,9 +268,9 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, }, @@ -285,12 +285,12 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - RetryPolicy: &envoy_route_v3.RetryPolicy{ + RetryPolicy: &envoy_config_route_v3.RetryPolicy{ RetryOn: "503", NumRetries: wrapperspb.UInt32(6), PerTryTimeout: durationpb.New(100 * time.Millisecond), @@ -308,12 +308,12 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - RetryPolicy: &envoy_route_v3.RetryPolicy{ + RetryPolicy: &envoy_config_route_v3.RetryPolicy{ RetryOn: "retriable-status-codes", RetriableStatusCodes: []uint32{503, 503, 504}, NumRetries: wrapperspb.UInt32(6), @@ -329,9 +329,9 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, Timeout: durationpb.New(90 * time.Second), @@ -345,9 +345,9 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, Timeout: durationpb.New(0), @@ -361,9 +361,9 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, IdleTimeout: durationpb.New(600 * time.Second), @@ -377,9 +377,9 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, IdleTimeout: durationpb.New(0), @@ -397,14 +397,14 @@ func TestRouteRoute(t *testing.T) { }}, }, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/e4f81994fe", }, - HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{{ - PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{ - Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{ + HashPolicy: []*envoy_config_route_v3.RouteAction_HashPolicy{{ + PolicySpecifier: &envoy_config_route_v3.RouteAction_HashPolicy_Cookie_{ + Cookie: &envoy_config_route_v3.RouteAction_HashPolicy_Cookie{ Name: "X-Contour-Session-Affinity", Ttl: durationpb.New(0), Path: "/", @@ -425,11 +425,11 @@ func TestRouteRoute(t *testing.T) { }}, }, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ - Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ + Clusters: []*envoy_config_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/e4f81994fe", Weight: wrapperspb.UInt32(1), }, { @@ -438,9 +438,9 @@ func TestRouteRoute(t *testing.T) { }}, }, }, - HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{{ - PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{ - Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{ + HashPolicy: []*envoy_config_route_v3.RouteAction_HashPolicy{{ + PolicySpecifier: &envoy_config_route_v3.RouteAction_HashPolicy_Cookie_{ + Cookie: &envoy_config_route_v3.RouteAction_HashPolicy_Cookie{ Name: "X-Contour-Session-Affinity", Ttl: durationpb.New(0), Path: "/", @@ -467,23 +467,23 @@ func TestRouteRoute(t *testing.T) { }, }, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/1a2ffc1fef", }, - HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{ + HashPolicy: []*envoy_config_route_v3.RouteAction_HashPolicy{ { Terminal: true, - PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Header_{ - Header: &envoy_route_v3.RouteAction_HashPolicy_Header{ + PolicySpecifier: &envoy_config_route_v3.RouteAction_HashPolicy_Header_{ + Header: &envoy_config_route_v3.RouteAction_HashPolicy_Header{ HeaderName: "X-Some-Header", }, }, }, { - PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Header_{ - Header: &envoy_route_v3.RouteAction_HashPolicy_Header{ + PolicySpecifier: &envoy_config_route_v3.RouteAction_HashPolicy_Header_{ + Header: &envoy_config_route_v3.RouteAction_HashPolicy_Header{ HeaderName: "User-Agent", }, }, @@ -506,22 +506,22 @@ func TestRouteRoute(t *testing.T) { }, }, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/1a2ffc1fef", }, - HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{ + HashPolicy: []*envoy_config_route_v3.RouteAction_HashPolicy{ { - PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties_{ - ConnectionProperties: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties{ + PolicySpecifier: &envoy_config_route_v3.RouteAction_HashPolicy_ConnectionProperties_{ + ConnectionProperties: &envoy_config_route_v3.RouteAction_HashPolicy_ConnectionProperties{ SourceIp: true, }, }, }, { - PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Header_{ - Header: &envoy_route_v3.RouteAction_HashPolicy_Header{ + PolicySpecifier: &envoy_config_route_v3.RouteAction_HashPolicy_Header_{ + Header: &envoy_config_route_v3.RouteAction_HashPolicy_Header{ HeaderName: "User-Agent", }, }, @@ -547,23 +547,23 @@ func TestRouteRoute(t *testing.T) { }, }, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/1a2ffc1fef", }, - HashPolicy: []*envoy_route_v3.RouteAction_HashPolicy{ + HashPolicy: []*envoy_config_route_v3.RouteAction_HashPolicy{ { Terminal: true, - PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter_{ - QueryParameter: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter{ + PolicySpecifier: &envoy_config_route_v3.RouteAction_HashPolicy_QueryParameter_{ + QueryParameter: &envoy_config_route_v3.RouteAction_HashPolicy_QueryParameter{ Name: "something", }, }, }, { - PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter_{ - QueryParameter: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter{ + PolicySpecifier: &envoy_config_route_v3.RouteAction_HashPolicy_QueryParameter_{ + QueryParameter: &envoy_config_route_v3.RouteAction_HashPolicy_QueryParameter{ Name: "other", }, }, @@ -579,12 +579,12 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - HostRewriteSpecifier: &envoy_route_v3.RouteAction_HostRewriteLiteral{HostRewriteLiteral: "bar.com"}, + HostRewriteSpecifier: &envoy_config_route_v3.RouteAction_HostRewriteLiteral{HostRewriteLiteral: "bar.com"}, }, }, }, @@ -608,18 +608,18 @@ func TestRouteRoute(t *testing.T) { }, }}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ - Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ + Clusters: []*envoy_config_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: wrapperspb.UInt32(1), - HostRewriteSpecifier: &envoy_route_v3.WeightedCluster_ClusterWeight_HostRewriteLiteral{HostRewriteLiteral: "s1.com"}, + HostRewriteSpecifier: &envoy_config_route_v3.WeightedCluster_ClusterWeight_HostRewriteLiteral{HostRewriteLiteral: "s1.com"}, }}, }, }, - HostRewriteSpecifier: &envoy_route_v3.RouteAction_HostRewriteLiteral{HostRewriteLiteral: "bar.com"}, + HostRewriteSpecifier: &envoy_config_route_v3.RouteAction_HostRewriteLiteral{HostRewriteLiteral: "bar.com"}, }, }, }, @@ -658,22 +658,22 @@ func TestRouteRoute(t *testing.T) { }, }}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ - Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ + Clusters: []*envoy_config_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: wrapperspb.UInt32(20), - HostRewriteSpecifier: &envoy_route_v3.WeightedCluster_ClusterWeight_HostRewriteLiteral{HostRewriteLiteral: "s2.com"}, + HostRewriteSpecifier: &envoy_config_route_v3.WeightedCluster_ClusterWeight_HostRewriteLiteral{HostRewriteLiteral: "s2.com"}, }, { Name: "default/kuard/8080/da39a3ee5e", Weight: wrapperspb.UInt32(80), - HostRewriteSpecifier: &envoy_route_v3.WeightedCluster_ClusterWeight_HostRewriteLiteral{HostRewriteLiteral: "s1.com"}, + HostRewriteSpecifier: &envoy_config_route_v3.WeightedCluster_ClusterWeight_HostRewriteLiteral{HostRewriteLiteral: "s1.com"}, }}, }, }, - HostRewriteSpecifier: &envoy_route_v3.RouteAction_HostRewriteLiteral{HostRewriteLiteral: "bar.com"}, + HostRewriteSpecifier: &envoy_config_route_v3.RouteAction_HostRewriteLiteral{HostRewriteLiteral: "bar.com"}, }, }, }, @@ -707,14 +707,14 @@ func TestRouteRoute(t *testing.T) { }, }, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - RequestMirrorPolicies: []*envoy_route_v3.RouteAction_RequestMirrorPolicy{{ + RequestMirrorPolicies: []*envoy_config_route_v3.RouteAction_RequestMirrorPolicy{{ Cluster: "default/kuard/8080/da39a3ee5e", - RuntimeFraction: &envoy_core_v3.RuntimeFractionalPercent{ + RuntimeFraction: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -766,15 +766,15 @@ func TestRouteRoute(t *testing.T) { }, }, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - RequestMirrorPolicies: []*envoy_route_v3.RouteAction_RequestMirrorPolicy{ + RequestMirrorPolicies: []*envoy_config_route_v3.RouteAction_RequestMirrorPolicy{ { Cluster: "default/kuard/8080/da39a3ee5e", - RuntimeFraction: &envoy_core_v3.RuntimeFractionalPercent{ + RuntimeFraction: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -783,7 +783,7 @@ func TestRouteRoute(t *testing.T) { }, { Cluster: "default/kuard2/8080/da39a3ee5e", - RuntimeFraction: &envoy_core_v3.RuntimeFractionalPercent{ + RuntimeFraction: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -799,9 +799,9 @@ func TestRouteRoute(t *testing.T) { Clusters: []*dag.Cluster{c1}, PathRewritePolicy: &dag.PathRewritePolicy{PrefixRewrite: "/rewrite"}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, PrefixRewrite: "/rewrite", @@ -813,13 +813,13 @@ func TestRouteRoute(t *testing.T) { Clusters: []*dag.Cluster{c1}, PathRewritePolicy: &dag.PathRewritePolicy{FullPathRewrite: "/rewrite"}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - RegexRewrite: &matcher.RegexMatchAndSubstitute{ - Pattern: &matcher.RegexMatcher{ + RegexRewrite: &envoy_matcher_v3.RegexMatchAndSubstitute{ + Pattern: &envoy_matcher_v3.RegexMatcher{ Regex: "^/.*$", }, Substitution: "/rewrite", @@ -832,13 +832,13 @@ func TestRouteRoute(t *testing.T) { Clusters: []*dag.Cluster{c1}, PathRewritePolicy: &dag.PathRewritePolicy{PrefixRegexRemove: "^/prefix/*"}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - RegexRewrite: &matcher.RegexMatchAndSubstitute{ - Pattern: &matcher.RegexMatcher{ + RegexRewrite: &envoy_matcher_v3.RegexMatchAndSubstitute{ + Pattern: &envoy_matcher_v3.RegexMatcher{ Regex: "^/prefix/*", }, Substitution: "/", @@ -856,15 +856,15 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - InternalRedirectPolicy: &envoy_route_v3.InternalRedirectPolicy{ + InternalRedirectPolicy: &envoy_config_route_v3.InternalRedirectPolicy{ MaxInternalRedirects: wrapperspb.UInt32(5), RedirectResponseCodes: []uint32{307}, - Predicates: []*envoy_core_v3.TypedExtensionConfig{ + Predicates: []*envoy_config_core_v3.TypedExtensionConfig{ { Name: "envoy.internal_redirect_predicates.safe_cross_scheme", TypedConfig: protobuf.MustMarshalAny(&envoy_internal_redirect_safe_cross_scheme_v3.SafeCrossSchemeConfig{}), @@ -887,14 +887,14 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - InternalRedirectPolicy: &envoy_route_v3.InternalRedirectPolicy{ + InternalRedirectPolicy: &envoy_config_route_v3.InternalRedirectPolicy{ MaxInternalRedirects: wrapperspb.UInt32(5), - Predicates: []*envoy_core_v3.TypedExtensionConfig{}, + Predicates: []*envoy_config_core_v3.TypedExtensionConfig{}, AllowCrossSchemeRedirect: true, }, }, @@ -908,14 +908,14 @@ func TestRouteRoute(t *testing.T) { }, Clusters: []*dag.Cluster{c1}, }, - want: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + want: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/kuard/8080/da39a3ee5e", }, - InternalRedirectPolicy: &envoy_route_v3.InternalRedirectPolicy{ + InternalRedirectPolicy: &envoy_config_route_v3.InternalRedirectPolicy{ MaxInternalRedirects: nil, - Predicates: []*envoy_core_v3.TypedExtensionConfig{ + Predicates: []*envoy_config_core_v3.TypedExtensionConfig{ { Name: "envoy.internal_redirect_predicates.previous_routes", TypedConfig: protobuf.MustMarshalAny(&envoy_internal_redirect_previous_routes_v3.PreviousRoutesConfig{}), @@ -939,23 +939,23 @@ func TestRouteRoute(t *testing.T) { func TestRouteDirectResponse(t *testing.T) { tests := map[string]struct { directResponse *dag.DirectResponse - want *envoy_route_v3.Route_DirectResponse + want *envoy_config_route_v3.Route_DirectResponse }{ "503-nobody": { directResponse: &dag.DirectResponse{StatusCode: 503}, - want: &envoy_route_v3.Route_DirectResponse{ - DirectResponse: &envoy_route_v3.DirectResponseAction{ + want: &envoy_config_route_v3.Route_DirectResponse{ + DirectResponse: &envoy_config_route_v3.DirectResponseAction{ Status: 503, }, }, }, "503": { directResponse: &dag.DirectResponse{StatusCode: 503, Body: "Service Unavailable"}, - want: &envoy_route_v3.Route_DirectResponse{ - DirectResponse: &envoy_route_v3.DirectResponseAction{ + want: &envoy_config_route_v3.Route_DirectResponse{ + DirectResponse: &envoy_config_route_v3.DirectResponseAction{ Status: 503, - Body: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineString{ + Body: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineString{ InlineString: "Service Unavailable", }, }, @@ -964,19 +964,19 @@ func TestRouteDirectResponse(t *testing.T) { }, "402-nobody": { directResponse: &dag.DirectResponse{StatusCode: 402}, - want: &envoy_route_v3.Route_DirectResponse{ - DirectResponse: &envoy_route_v3.DirectResponseAction{ + want: &envoy_config_route_v3.Route_DirectResponse{ + DirectResponse: &envoy_config_route_v3.DirectResponseAction{ Status: 402, }, }, }, "402": { directResponse: &dag.DirectResponse{StatusCode: 402, Body: "Payment Required"}, - want: &envoy_route_v3.Route_DirectResponse{ - DirectResponse: &envoy_route_v3.DirectResponseAction{ + want: &envoy_config_route_v3.Route_DirectResponse{ + DirectResponse: &envoy_config_route_v3.DirectResponseAction{ Status: 402, - Body: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineString{ + Body: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineString{ InlineString: "Payment Required", }, }, @@ -996,7 +996,7 @@ func TestRouteDirectResponse(t *testing.T) { func TestWeightedClusters(t *testing.T) { tests := map[string]struct { route *dag.Route - want *envoy_route_v3.WeightedCluster + want *envoy_config_route_v3.WeightedCluster }{ "multiple services w/o weights": { route: &dag.Route{ @@ -1006,7 +1006,7 @@ func TestWeightedClusters(t *testing.T) { Weight: 1, ServiceName: "kuard", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Port: 8080, }, }, @@ -1017,15 +1017,15 @@ func TestWeightedClusters(t *testing.T) { Weight: 1, ServiceName: "nginx", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Port: 8080, }, }, }, }}, }, - want: &envoy_route_v3.WeightedCluster{ - Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ + want: &envoy_config_route_v3.WeightedCluster{ + Clusters: []*envoy_config_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: wrapperspb.UInt32(1), }, { @@ -1042,7 +1042,7 @@ func TestWeightedClusters(t *testing.T) { Weight: 1, ServiceName: "kuard", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Port: 8080, }, }, @@ -1054,7 +1054,7 @@ func TestWeightedClusters(t *testing.T) { Weight: 1, ServiceName: "nginx", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Port: 8080, }, }, @@ -1062,8 +1062,8 @@ func TestWeightedClusters(t *testing.T) { Weight: 20, }}, }, - want: &envoy_route_v3.WeightedCluster{ - Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ + want: &envoy_config_route_v3.WeightedCluster{ + Clusters: []*envoy_config_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: wrapperspb.UInt32(80), }, { @@ -1080,7 +1080,7 @@ func TestWeightedClusters(t *testing.T) { Weight: 1, ServiceName: "kuard", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Port: 8080, }, }, @@ -1092,7 +1092,7 @@ func TestWeightedClusters(t *testing.T) { Weight: 1, ServiceName: "nginx", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Port: 8080, }, }, @@ -1104,15 +1104,15 @@ func TestWeightedClusters(t *testing.T) { Weight: 1, ServiceName: "notraffic", ServiceNamespace: "default", - ServicePort: v1.ServicePort{ + ServicePort: core_v1.ServicePort{ Port: 8080, }, }, }, }}, }, - want: &envoy_route_v3.WeightedCluster{ - Clusters: []*envoy_route_v3.WeightedCluster_ClusterWeight{{ + want: &envoy_config_route_v3.WeightedCluster{ + Clusters: []*envoy_config_route_v3.WeightedCluster_ClusterWeight{{ Name: "default/kuard/8080/da39a3ee5e", Weight: wrapperspb.UInt32(80), }, { @@ -1137,19 +1137,19 @@ func TestWeightedClusters(t *testing.T) { func TestRouteConfiguration(t *testing.T) { tests := map[string]struct { name string - virtualhosts []*envoy_route_v3.VirtualHost - want *envoy_route_v3.RouteConfiguration + virtualhosts []*envoy_config_route_v3.VirtualHost + want *envoy_config_route_v3.RouteConfiguration }{ "empty": { name: "ingress_http", - want: &envoy_route_v3.RouteConfiguration{ + want: &envoy_config_route_v3.RouteConfiguration{ Name: "ingress_http", - RequestHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ - Header: &envoy_core_v3.HeaderValue{ + RequestHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "x-request-start", Value: "t=%START_TIME(%s.%3f)%", }, - AppendAction: envoy_core_v3.HeaderValueOption_APPEND_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_APPEND_IF_EXISTS_OR_ADD, }}, IgnorePortInHostMatching: true, }, @@ -1159,17 +1159,17 @@ func TestRouteConfiguration(t *testing.T) { virtualhosts: virtualhosts( VirtualHost("www.example.com"), ), - want: &envoy_route_v3.RouteConfiguration{ + want: &envoy_config_route_v3.RouteConfiguration{ Name: "ingress_https", VirtualHosts: virtualhosts( VirtualHost("www.example.com"), ), - RequestHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ - Header: &envoy_core_v3.HeaderValue{ + RequestHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "x-request-start", Value: "t=%START_TIME(%s.%3f)%", }, - AppendAction: envoy_core_v3.HeaderValueOption_APPEND_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_APPEND_IF_EXISTS_OR_ADD, }}, IgnorePortInHostMatching: true, }, @@ -1188,12 +1188,12 @@ func TestVirtualHost(t *testing.T) { tests := map[string]struct { hostname string port int - want *envoy_route_v3.VirtualHost + want *envoy_config_route_v3.VirtualHost }{ "default hostname": { hostname: "*", port: 9999, - want: &envoy_route_v3.VirtualHost{ + want: &envoy_config_route_v3.VirtualHost{ Name: "*", Domains: []string{"*"}, }, @@ -1201,7 +1201,7 @@ func TestVirtualHost(t *testing.T) { "wildcard hostname": { hostname: "*.bar.com", port: 9999, - want: &envoy_route_v3.VirtualHost{ + want: &envoy_config_route_v3.VirtualHost{ Name: "*.bar.com", Domains: []string{"*.bar.com"}, }, @@ -1209,7 +1209,7 @@ func TestVirtualHost(t *testing.T) { "www.example.com": { hostname: "www.example.com", port: 9999, - want: &envoy_route_v3.VirtualHost{ + want: &envoy_config_route_v3.VirtualHost{ Name: "www.example.com", Domains: []string{"www.example.com"}, }, @@ -1226,23 +1226,23 @@ func TestVirtualHost(t *testing.T) { func TestCORSVirtualHost(t *testing.T) { tests := map[string]struct { hostname string - cp *envoy_cors_v3.CorsPolicy - want *envoy_route_v3.VirtualHost + cp *envoy_filter_http_cors_v3.CorsPolicy + want *envoy_config_route_v3.VirtualHost }{ "nil cors policy": { hostname: "www.example.com", cp: nil, - want: &envoy_route_v3.VirtualHost{ + want: &envoy_config_route_v3.VirtualHost{ Name: "www.example.com", Domains: []string{"www.example.com"}, }, }, "cors policy": { hostname: "www.example.com", - cp: &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + cp: &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -1250,14 +1250,14 @@ func TestCORSVirtualHost(t *testing.T) { }, AllowMethods: "GET,POST,PUT", }, - want: &envoy_route_v3.VirtualHost{ + want: &envoy_config_route_v3.VirtualHost{ Name: "www.example.com", Domains: []string{"www.example.com"}, TypedPerFilterConfig: map[string]*anypb.Any{ - CORSFilterName: protobuf.MustMarshalAny(&envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + CORSFilterName: protobuf.MustMarshalAny(&envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -1280,17 +1280,17 @@ func TestCORSVirtualHost(t *testing.T) { func TestCORSPolicy(t *testing.T) { tests := map[string]struct { cp *dag.CORSPolicy - want *envoy_cors_v3.CorsPolicy + want *envoy_filter_http_cors_v3.CorsPolicy }{ "only required properties set": { cp: &dag.CORSPolicy{ AllowOrigin: []dag.CORSAllowOriginMatch{{Type: dag.CORSAllowOriginMatchExact, Value: "*"}}, AllowMethods: []string{"GET", "POST", "PUT"}, }, - want: &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + want: &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -1309,17 +1309,17 @@ func TestCORSPolicy(t *testing.T) { }, AllowMethods: []string{"GET"}, }, - want: &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + want: &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_SafeRegex{ - SafeRegex: &matcher.RegexMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: &envoy_matcher_v3.RegexMatcher{ Regex: `.*\.foo\.com`, }, }, }, { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "https://bar.com", }, IgnoreCase: true, @@ -1336,10 +1336,10 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, AllowCredentials: true, }, - want: &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + want: &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -1356,10 +1356,10 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, AllowHeaders: []string{"header-1", "header-2"}, }, - want: &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + want: &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -1377,10 +1377,10 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, ExposeHeaders: []string{"header-1", "header-2"}, }, - want: &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + want: &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -1398,10 +1398,10 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, MaxAge: timeout.DurationSetting(10 * time.Minute), }, - want: &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + want: &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -1419,10 +1419,10 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, MaxAge: timeout.DefaultSetting(), }, - want: &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + want: &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -1439,10 +1439,10 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, MaxAge: timeout.DisabledSetting(), }, - want: &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + want: &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -1460,10 +1460,10 @@ func TestCORSPolicy(t *testing.T) { AllowMethods: []string{"GET", "POST", "PUT"}, AllowPrivateNetwork: true, }, - want: &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + want: &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -1487,7 +1487,7 @@ func TestIPFilters(t *testing.T) { tests := map[string]struct { ipRules []dag.IPFilterRule allow bool - want *envoy_rbac_v3.RBACPerRoute + want *envoy_filter_http_rbac_v3.RBACPerRoute }{ "allow remote ipv4": { ipRules: []dag.IPFilterRule{ @@ -1500,8 +1500,8 @@ func TestIPFilters(t *testing.T) { }, }, allow: true, - want: &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + want: &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_ALLOW, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -1513,7 +1513,7 @@ func TestIPFilters(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_RemoteIp{ - RemoteIp: &envoy_core_v3.CidrRange{ + RemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "192.168.0.0", PrefixLen: wrapperspb.UInt32(24), }, @@ -1536,8 +1536,8 @@ func TestIPFilters(t *testing.T) { }, }, allow: false, - want: &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + want: &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_DENY, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -1549,7 +1549,7 @@ func TestIPFilters(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_RemoteIp{ - RemoteIp: &envoy_core_v3.CidrRange{ + RemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "192.168.0.0", PrefixLen: wrapperspb.UInt32(24), }, @@ -1572,8 +1572,8 @@ func TestIPFilters(t *testing.T) { }, }, allow: true, - want: &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + want: &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_ALLOW, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -1585,7 +1585,7 @@ func TestIPFilters(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_RemoteIp{ - RemoteIp: &envoy_core_v3.CidrRange{ + RemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "2001:db8::68", PrefixLen: wrapperspb.UInt32(24), }, @@ -1608,8 +1608,8 @@ func TestIPFilters(t *testing.T) { }, }, allow: false, - want: &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + want: &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_DENY, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -1621,7 +1621,7 @@ func TestIPFilters(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_RemoteIp{ - RemoteIp: &envoy_core_v3.CidrRange{ + RemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "2001:db8::68", PrefixLen: wrapperspb.UInt32(24), }, @@ -1644,8 +1644,8 @@ func TestIPFilters(t *testing.T) { }, }, allow: true, - want: &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + want: &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_ALLOW, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -1657,7 +1657,7 @@ func TestIPFilters(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_DirectRemoteIp{ - DirectRemoteIp: &envoy_core_v3.CidrRange{ + DirectRemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "192.168.0.0", PrefixLen: wrapperspb.UInt32(24), }, @@ -1680,8 +1680,8 @@ func TestIPFilters(t *testing.T) { }, }, allow: false, - want: &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + want: &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_DENY, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -1693,7 +1693,7 @@ func TestIPFilters(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_DirectRemoteIp{ - DirectRemoteIp: &envoy_core_v3.CidrRange{ + DirectRemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "192.168.0.0", PrefixLen: wrapperspb.UInt32(24), }, @@ -1716,8 +1716,8 @@ func TestIPFilters(t *testing.T) { }, }, allow: true, - want: &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + want: &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_ALLOW, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -1729,7 +1729,7 @@ func TestIPFilters(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_DirectRemoteIp{ - DirectRemoteIp: &envoy_core_v3.CidrRange{ + DirectRemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "2001:db8::68", PrefixLen: wrapperspb.UInt32(24), }, @@ -1752,8 +1752,8 @@ func TestIPFilters(t *testing.T) { }, }, allow: false, - want: &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + want: &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_DENY, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -1765,7 +1765,7 @@ func TestIPFilters(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_DirectRemoteIp{ - DirectRemoteIp: &envoy_core_v3.CidrRange{ + DirectRemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "2001:db8::68", PrefixLen: wrapperspb.UInt32(24), }, @@ -1802,8 +1802,8 @@ func TestIPFilters(t *testing.T) { }, }, allow: true, - want: &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + want: &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_ALLOW, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -1816,7 +1816,7 @@ func TestIPFilters(t *testing.T) { Principals: []*envoy_config_rbac_v3.Principal{ { Identifier: &envoy_config_rbac_v3.Principal_DirectRemoteIp{ - DirectRemoteIp: &envoy_core_v3.CidrRange{ + DirectRemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "2001:db8::68", PrefixLen: wrapperspb.UInt32(24), }, @@ -1824,7 +1824,7 @@ func TestIPFilters(t *testing.T) { }, { Identifier: &envoy_config_rbac_v3.Principal_DirectRemoteIp{ - DirectRemoteIp: &envoy_core_v3.CidrRange{ + DirectRemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "2001:db6::68", PrefixLen: wrapperspb.UInt32(24), }, @@ -1832,7 +1832,7 @@ func TestIPFilters(t *testing.T) { }, { Identifier: &envoy_config_rbac_v3.Principal_RemoteIp{ - RemoteIp: &envoy_core_v3.CidrRange{ + RemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "192.168.0.0", PrefixLen: wrapperspb.UInt32(24), }, @@ -1870,8 +1870,8 @@ func TestIPFilters(t *testing.T) { }, }, allow: false, - want: &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + want: &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_DENY, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -1884,7 +1884,7 @@ func TestIPFilters(t *testing.T) { Principals: []*envoy_config_rbac_v3.Principal{ { Identifier: &envoy_config_rbac_v3.Principal_DirectRemoteIp{ - DirectRemoteIp: &envoy_core_v3.CidrRange{ + DirectRemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "2001:db8::68", PrefixLen: wrapperspb.UInt32(24), }, @@ -1892,7 +1892,7 @@ func TestIPFilters(t *testing.T) { }, { Identifier: &envoy_config_rbac_v3.Principal_RemoteIp{ - RemoteIp: &envoy_core_v3.CidrRange{ + RemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "192.168.0.0", PrefixLen: wrapperspb.UInt32(24), }, @@ -1900,7 +1900,7 @@ func TestIPFilters(t *testing.T) { }, { Identifier: &envoy_config_rbac_v3.Principal_RemoteIp{ - RemoteIp: &envoy_core_v3.CidrRange{ + RemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "192.165.0.0", PrefixLen: wrapperspb.UInt32(24), }, @@ -1924,9 +1924,9 @@ func TestIPFilters(t *testing.T) { func TestUpgradeHTTPS(t *testing.T) { got := UpgradeHTTPS() - want := &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + want := &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -1938,7 +1938,7 @@ func TestUpgradeHTTPS(t *testing.T) { func TestRouteMatch(t *testing.T) { tests := map[string]struct { route *dag.Route - want *envoy_route_v3.RouteMatch + want *envoy_config_route_v3.RouteMatch }{ "contains match with dashes": { route: &dag.Route{ @@ -1949,13 +1949,13 @@ func TestRouteMatch(t *testing.T) { Invert: false, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header", InvertMatch: false, - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Contains{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Contains{ Contains: "11-22-33-44", }, }, @@ -1972,13 +1972,13 @@ func TestRouteMatch(t *testing.T) { Invert: false, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header", InvertMatch: false, - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Contains{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Contains{ Contains: "11.22.33.44", }, }, @@ -1995,13 +1995,13 @@ func TestRouteMatch(t *testing.T) { Invert: false, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header", InvertMatch: false, - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Contains{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Contains{ Contains: "11.[22].*33.44", }, }, @@ -2019,14 +2019,14 @@ func TestRouteMatch(t *testing.T) { TreatMissingAsEmpty: true, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header", InvertMatch: true, TreatMissingHeaderAsEmpty: true, - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Contains{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Contains{ Contains: "foo", }, }, @@ -2041,8 +2041,8 @@ func TestRouteMatch(t *testing.T) { PrefixMatchType: dag.PrefixMatchString, }, }, - want: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ + want: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{ Prefix: "/foo", }, }, @@ -2054,8 +2054,8 @@ func TestRouteMatch(t *testing.T) { PrefixMatchType: dag.PrefixMatchSegment, }, }, - want: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_PathSeparatedPrefix{ + want: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_PathSeparatedPrefix{ PathSeparatedPrefix: "/foo", }, }, @@ -2067,8 +2067,8 @@ func TestRouteMatch(t *testing.T) { PrefixMatchType: dag.PrefixMatchSegment, }, }, - want: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_PathSeparatedPrefix{ + want: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_PathSeparatedPrefix{ PathSeparatedPrefix: "/foo", }, }, @@ -2080,8 +2080,8 @@ func TestRouteMatch(t *testing.T) { PrefixMatchType: dag.PrefixMatchSegment, }, }, - want: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_PathSeparatedPrefix{ + want: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_PathSeparatedPrefix{ PathSeparatedPrefix: "/foo", }, }, @@ -2092,8 +2092,8 @@ func TestRouteMatch(t *testing.T) { Path: "/foo", }, }, - want: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Path{ + want: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Path{ Path: "/foo", }, }, @@ -2104,8 +2104,8 @@ func TestRouteMatch(t *testing.T) { Regex: "/v.1/*", }, }, - want: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_SafeRegex{ + want: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_SafeRegex{ // note, unlike header conditions this is not a quoted regex because // the value comes directly from the Ingress.Paths.Path value which // is permitted to be a bare regex. @@ -2122,10 +2122,10 @@ func TestRouteMatch(t *testing.T) { MatchType: dag.HeaderMatchTypePresent, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header-foo", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_PresentMatch{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_PresentMatch{ PresentMatch: true, }, }}, @@ -2139,11 +2139,11 @@ func TestRouteMatch(t *testing.T) { Invert: true, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header-foo", InvertMatch: true, - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_PresentMatch{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_PresentMatch{ PresentMatch: true, }, }}, @@ -2157,12 +2157,12 @@ func TestRouteMatch(t *testing.T) { Value: "bar", }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header-foo", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{Exact: "bar"}, + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{Exact: "bar"}, IgnoreCase: false, }, }, @@ -2178,12 +2178,12 @@ func TestRouteMatch(t *testing.T) { IgnoreCase: true, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header-foo", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{Exact: "bar"}, + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{Exact: "bar"}, IgnoreCase: true, }, }, @@ -2199,13 +2199,13 @@ func TestRouteMatch(t *testing.T) { Invert: true, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header-foo", InvertMatch: true, - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{Exact: "bar"}, + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{Exact: "bar"}, IgnoreCase: false, }, }, @@ -2222,13 +2222,13 @@ func TestRouteMatch(t *testing.T) { IgnoreCase: true, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header-foo", InvertMatch: true, - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{Exact: "bar"}, + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{Exact: "bar"}, IgnoreCase: true, }, }, @@ -2245,14 +2245,14 @@ func TestRouteMatch(t *testing.T) { TreatMissingAsEmpty: true, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header-foo", InvertMatch: true, TreatMissingHeaderAsEmpty: true, - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{Exact: "bar"}, + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{Exact: "bar"}, }, }, }}, @@ -2267,12 +2267,12 @@ func TestRouteMatch(t *testing.T) { IgnoreCase: false, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header-foo", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Contains{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Contains{ Contains: "bar", }, }, @@ -2289,13 +2289,13 @@ func TestRouteMatch(t *testing.T) { IgnoreCase: true, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-header-foo", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ IgnoreCase: true, - MatchPattern: &matcher.StringMatcher_Contains{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Contains{ Contains: "bar", }, }, @@ -2312,14 +2312,14 @@ func TestRouteMatch(t *testing.T) { Invert: false, }}, }, - want: &envoy_route_v3.RouteMatch{ - Headers: []*envoy_route_v3.HeaderMatcher{{ + want: &envoy_config_route_v3.RouteMatch{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: "x-regex-header", InvertMatch: false, - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_SafeRegex{ - SafeRegex: &matcher.RegexMatcher{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: &envoy_matcher_v3.RegexMatcher{ Regex: "[a-z0-9][a-z0-9-]+someniceregex", }, }, @@ -2338,13 +2338,13 @@ func TestRouteMatch(t *testing.T) { }, }, }, - want: &envoy_route_v3.RouteMatch{ - QueryParameters: []*envoy_route_v3.QueryParameterMatcher{ + want: &envoy_config_route_v3.RouteMatch{ + QueryParameters: []*envoy_config_route_v3.QueryParameterMatcher{ { Name: "query-param-1", - QueryParameterMatchSpecifier: &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "query-value-1", }, }, @@ -2364,13 +2364,13 @@ func TestRouteMatch(t *testing.T) { }, }, }, - want: &envoy_route_v3.RouteMatch{ - QueryParameters: []*envoy_route_v3.QueryParameterMatcher{ + want: &envoy_config_route_v3.RouteMatch{ + QueryParameters: []*envoy_config_route_v3.QueryParameterMatcher{ { Name: "query-param-1", - QueryParameterMatchSpecifier: &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "query-value-1", }, IgnoreCase: true, @@ -2390,13 +2390,13 @@ func TestRouteMatch(t *testing.T) { }, }, }, - want: &envoy_route_v3.RouteMatch{ - QueryParameters: []*envoy_route_v3.QueryParameterMatcher{ + want: &envoy_config_route_v3.RouteMatch{ + QueryParameters: []*envoy_config_route_v3.QueryParameterMatcher{ { Name: "query-param-1", - QueryParameterMatchSpecifier: &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Prefix{ + QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Prefix{ Prefix: "query-value-1", }, }, @@ -2416,13 +2416,13 @@ func TestRouteMatch(t *testing.T) { }, }, }, - want: &envoy_route_v3.RouteMatch{ - QueryParameters: []*envoy_route_v3.QueryParameterMatcher{ + want: &envoy_config_route_v3.RouteMatch{ + QueryParameters: []*envoy_config_route_v3.QueryParameterMatcher{ { Name: "query-param-1", - QueryParameterMatchSpecifier: &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Prefix{ + QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Prefix{ Prefix: "query-value-1", }, IgnoreCase: true, @@ -2442,13 +2442,13 @@ func TestRouteMatch(t *testing.T) { }, }, }, - want: &envoy_route_v3.RouteMatch{ - QueryParameters: []*envoy_route_v3.QueryParameterMatcher{ + want: &envoy_config_route_v3.RouteMatch{ + QueryParameters: []*envoy_config_route_v3.QueryParameterMatcher{ { Name: "query-param-1", - QueryParameterMatchSpecifier: &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Suffix{ + QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Suffix{ Suffix: "query-value-1", }, }, @@ -2468,13 +2468,13 @@ func TestRouteMatch(t *testing.T) { }, }, }, - want: &envoy_route_v3.RouteMatch{ - QueryParameters: []*envoy_route_v3.QueryParameterMatcher{ + want: &envoy_config_route_v3.RouteMatch{ + QueryParameters: []*envoy_config_route_v3.QueryParameterMatcher{ { Name: "query-param-1", - QueryParameterMatchSpecifier: &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Suffix{ + QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Suffix{ Suffix: "query-value-1", }, IgnoreCase: true, @@ -2494,13 +2494,13 @@ func TestRouteMatch(t *testing.T) { }, }, }, - want: &envoy_route_v3.RouteMatch{ - QueryParameters: []*envoy_route_v3.QueryParameterMatcher{ + want: &envoy_config_route_v3.RouteMatch{ + QueryParameters: []*envoy_config_route_v3.QueryParameterMatcher{ { Name: "query-param-1", - QueryParameterMatchSpecifier: &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_SafeRegex{ + QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ SafeRegex: SafeRegexMatch("^query-.*"), }, }, @@ -2519,13 +2519,13 @@ func TestRouteMatch(t *testing.T) { }, }, }, - want: &envoy_route_v3.RouteMatch{ - QueryParameters: []*envoy_route_v3.QueryParameterMatcher{ + want: &envoy_config_route_v3.RouteMatch{ + QueryParameters: []*envoy_config_route_v3.QueryParameterMatcher{ { Name: "query-param-1", - QueryParameterMatchSpecifier: &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Contains{ + QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Contains{ Contains: "query-value-1", }, }, @@ -2545,13 +2545,13 @@ func TestRouteMatch(t *testing.T) { }, }, }, - want: &envoy_route_v3.RouteMatch{ - QueryParameters: []*envoy_route_v3.QueryParameterMatcher{ + want: &envoy_config_route_v3.RouteMatch{ + QueryParameters: []*envoy_config_route_v3.QueryParameterMatcher{ { Name: "query-param-1", - QueryParameterMatchSpecifier: &envoy_route_v3.QueryParameterMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Contains{ + QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Contains{ Contains: "query-value-1", }, IgnoreCase: true, @@ -2570,11 +2570,11 @@ func TestRouteMatch(t *testing.T) { }, }, }, - want: &envoy_route_v3.RouteMatch{ - QueryParameters: []*envoy_route_v3.QueryParameterMatcher{ + want: &envoy_config_route_v3.RouteMatch{ + QueryParameters: []*envoy_config_route_v3.QueryParameterMatcher{ { Name: "query-param-1", - QueryParameterMatchSpecifier: &envoy_route_v3.QueryParameterMatcher_PresentMatch{ + QueryParameterMatchSpecifier: &envoy_config_route_v3.QueryParameterMatcher_PresentMatch{ PresentMatch: true, }, }, @@ -2594,14 +2594,14 @@ func TestRouteMatch(t *testing.T) { func TestRouteRedirect(t *testing.T) { tests := map[string]struct { redirect *dag.Redirect - want *envoy_route_v3.Route_Redirect + want *envoy_config_route_v3.Route_Redirect }{ "hostname specified": { redirect: &dag.Redirect{ Hostname: "foo.bar", }, - want: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ + want: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ HostRedirect: "foo.bar", }, }, @@ -2610,9 +2610,9 @@ func TestRouteRedirect(t *testing.T) { redirect: &dag.Redirect{ Scheme: "https", }, - want: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_SchemeRedirect{ + want: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_SchemeRedirect{ SchemeRedirect: "https", }, }, @@ -2622,8 +2622,8 @@ func TestRouteRedirect(t *testing.T) { redirect: &dag.Redirect{ PortNumber: 8080, }, - want: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ + want: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ PortRedirect: 8080, }, }, @@ -2632,9 +2632,9 @@ func TestRouteRedirect(t *testing.T) { redirect: &dag.Redirect{ StatusCode: 302, }, - want: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - ResponseCode: envoy_route_v3.RedirectAction_FOUND, + want: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + ResponseCode: envoy_config_route_v3.RedirectAction_FOUND, }, }, }, @@ -2644,9 +2644,9 @@ func TestRouteRedirect(t *testing.T) { FullPathRewrite: "/blog", }, }, - want: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - PathRewriteSpecifier: &envoy_route_v3.RedirectAction_PathRedirect{ + want: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + PathRewriteSpecifier: &envoy_config_route_v3.RedirectAction_PathRedirect{ PathRedirect: "/blog", }, }, @@ -2658,9 +2658,9 @@ func TestRouteRedirect(t *testing.T) { PrefixRewrite: "/blog", }, }, - want: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - PathRewriteSpecifier: &envoy_route_v3.RedirectAction_PrefixRewrite{ + want: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + PathRewriteSpecifier: &envoy_config_route_v3.RedirectAction_PrefixRewrite{ PrefixRewrite: "/blog", }, }, @@ -2672,11 +2672,11 @@ func TestRouteRedirect(t *testing.T) { PrefixRegexRemove: "^/blog/*", }, }, - want: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - PathRewriteSpecifier: &envoy_route_v3.RedirectAction_RegexRewrite{ - RegexRewrite: &matcher.RegexMatchAndSubstitute{ - Pattern: &matcher.RegexMatcher{ + want: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + PathRewriteSpecifier: &envoy_config_route_v3.RedirectAction_RegexRewrite{ + RegexRewrite: &envoy_matcher_v3.RegexMatchAndSubstitute{ + Pattern: &envoy_matcher_v3.RegexMatcher{ Regex: "^/blog/*", }, Substitution: "/", @@ -2689,8 +2689,8 @@ func TestRouteRedirect(t *testing.T) { redirect: &dag.Redirect{ StatusCode: 303, }, - want: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{}, + want: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{}, }, }, "all options specified": { @@ -2703,15 +2703,15 @@ func TestRouteRedirect(t *testing.T) { FullPathRewrite: "/blog", }, }, - want: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ + want: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ HostRedirect: "foo.bar", - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_SchemeRedirect{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_SchemeRedirect{ SchemeRedirect: "https", }, PortRedirect: 8443, - ResponseCode: envoy_route_v3.RedirectAction_FOUND, - PathRewriteSpecifier: &envoy_route_v3.RedirectAction_PathRedirect{ + ResponseCode: envoy_config_route_v3.RedirectAction_FOUND, + PathRewriteSpecifier: &envoy_config_route_v3.RedirectAction_PathRedirect{ PathRedirect: "/blog", }, }, @@ -2727,4 +2727,6 @@ func TestRouteRedirect(t *testing.T) { } } -func virtualhosts(v ...*envoy_route_v3.VirtualHost) []*envoy_route_v3.VirtualHost { return v } +func virtualhosts(v ...*envoy_config_route_v3.VirtualHost) []*envoy_config_route_v3.VirtualHost { + return v +} diff --git a/internal/envoy/v3/secret.go b/internal/envoy/v3/secret.go index 5670e6fe2f8..c2630b7cd60 100644 --- a/internal/envoy/v3/secret.go +++ b/internal/envoy/v3/secret.go @@ -14,25 +14,26 @@ package v3 import ( - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" ) -// Secret creates new envoy_tls_v3.Secret from secret. -func Secret(s *dag.Secret) *envoy_tls_v3.Secret { - return &envoy_tls_v3.Secret{ +// Secret creates new envoy_transport_socket_tls_v3.Secret from secret. +func Secret(s *dag.Secret) *envoy_transport_socket_tls_v3.Secret { + return &envoy_transport_socket_tls_v3.Secret{ Name: envoy.Secretname(s), - Type: &envoy_tls_v3.Secret_TlsCertificate{ - TlsCertificate: &envoy_tls_v3.TlsCertificate{ - PrivateKey: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + Type: &envoy_transport_socket_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_transport_socket_tls_v3.TlsCertificate{ + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: s.PrivateKey(), }, }, - CertificateChain: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: s.Cert(), }, }, diff --git a/internal/envoy/v3/secret_test.go b/internal/envoy/v3/secret_test.go index 99ec7a474c4..17a5cdc64b1 100644 --- a/internal/envoy/v3/secret_test.go +++ b/internal/envoy/v3/secret_test.go @@ -16,45 +16,46 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + "github.com/stretchr/testify/assert" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" "github.com/projectcontour/contour/internal/protobuf" - "github.com/stretchr/testify/assert" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestSecret(t *testing.T) { tests := map[string]struct { secret *dag.Secret - want *envoy_tls_v3.Secret + want *envoy_transport_socket_tls_v3.Secret }{ "simple secret": { secret: &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, Data: map[string][]byte{ - v1.TLSCertKey: []byte("cert"), - v1.TLSPrivateKeyKey: []byte("key"), + core_v1.TLSCertKey: []byte("cert"), + core_v1.TLSPrivateKeyKey: []byte("key"), }, }, }, - want: &envoy_tls_v3.Secret{ + want: &envoy_transport_socket_tls_v3.Secret{ Name: "default/simple/cd1b506996", - Type: &envoy_tls_v3.Secret_TlsCertificate{ - TlsCertificate: &envoy_tls_v3.TlsCertificate{ - PrivateKey: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + Type: &envoy_transport_socket_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_transport_socket_tls_v3.TlsCertificate{ + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: []byte("key"), }, }, - CertificateChain: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: []byte("cert"), }, }, @@ -79,14 +80,14 @@ func TestSecretname(t *testing.T) { }{ "simple": { secret: &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, Data: map[string][]byte{ - v1.TLSCertKey: []byte("cert"), - v1.TLSPrivateKeyKey: []byte("key"), + core_v1.TLSCertKey: []byte("cert"), + core_v1.TLSPrivateKeyKey: []byte("key"), }, }, }, @@ -94,14 +95,14 @@ func TestSecretname(t *testing.T) { }, "far too long": { secret: &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "must-be-in-want-of-a-wife", Namespace: "it-is-a-truth-universally-acknowledged-that-a-single-man-in-possession-of-a-good-fortune", }, Data: map[string][]byte{ - v1.TLSCertKey: []byte("cert"), - v1.TLSPrivateKeyKey: []byte("key"), + core_v1.TLSCertKey: []byte("cert"), + core_v1.TLSPrivateKeyKey: []byte("key"), }, }, }, diff --git a/internal/envoy/v3/socket.go b/internal/envoy/v3/socket.go index 3a7869d0157..5885779eaef 100644 --- a/internal/envoy/v3/socket.go +++ b/internal/envoy/v3/socket.go @@ -14,26 +14,27 @@ package v3 import ( - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + "github.com/projectcontour/contour/internal/protobuf" ) // UpstreamTLSTransportSocket returns a custom transport socket using the UpstreamTlsContext provided. -func UpstreamTLSTransportSocket(tls *envoy_tls_v3.UpstreamTlsContext) *envoy_core_v3.TransportSocket { - return &envoy_core_v3.TransportSocket{ +func UpstreamTLSTransportSocket(tls *envoy_transport_socket_tls_v3.UpstreamTlsContext) *envoy_config_core_v3.TransportSocket { + return &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ + ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(tls), }, } } // DownstreamTLSTransportSocket returns a custom transport socket using the DownstreamTlsContext provided. -func DownstreamTLSTransportSocket(tls *envoy_tls_v3.DownstreamTlsContext) *envoy_core_v3.TransportSocket { - return &envoy_core_v3.TransportSocket{ +func DownstreamTLSTransportSocket(tls *envoy_transport_socket_tls_v3.DownstreamTlsContext) *envoy_config_core_v3.TransportSocket { + return &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ + ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(tls), }, } diff --git a/internal/envoy/v3/socket_options.go b/internal/envoy/v3/socket_options.go index a2b583f1070..16fb894ab6a 100644 --- a/internal/envoy/v3/socket_options.go +++ b/internal/envoy/v3/socket_options.go @@ -14,12 +14,13 @@ package v3 import ( - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + "github.com/projectcontour/contour/internal/envoy" ) type SocketOptions struct { - options []*envoy_core_v3.SocketOption + options []*envoy_config_core_v3.SocketOption } func NewSocketOptions() *SocketOptions { @@ -29,39 +30,39 @@ func NewSocketOptions() *SocketOptions { func (so *SocketOptions) TCPKeepalive() *SocketOptions { so.options = append(so.options, // Enable TCP keep-alive. - &envoy_core_v3.SocketOption{ + &envoy_config_core_v3.SocketOption{ Description: "Enable TCP keep-alive", Level: envoy.SOL_SOCKET, Name: envoy.SO_KEEPALIVE, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 1}, - State: envoy_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: 1}, + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, }, // The time (in seconds) the connection needs to remain idle // before TCP starts sending keepalive probes. - &envoy_core_v3.SocketOption{ + &envoy_config_core_v3.SocketOption{ Description: "TCP keep-alive initial idle time", Level: envoy.IPPROTO_TCP, Name: envoy.TCP_KEEPIDLE, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 45}, - State: envoy_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: 45}, + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, }, // The time (in seconds) between individual keepalive probes. - &envoy_core_v3.SocketOption{ + &envoy_config_core_v3.SocketOption{ Description: "TCP keep-alive time between probes", Level: envoy.IPPROTO_TCP, Name: envoy.TCP_KEEPINTVL, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 5}, - State: envoy_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: 5}, + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, }, // The maximum number of TCP keep-alive probes to send before // giving up and killing the connection if no response is // obtained from the other end. - &envoy_core_v3.SocketOption{ + &envoy_config_core_v3.SocketOption{ Description: "TCP keep-alive probe count", Level: envoy.IPPROTO_TCP, Name: envoy.TCP_KEEPCNT, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 9}, - State: envoy_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: 9}, + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, }, ) @@ -72,12 +73,12 @@ func (so *SocketOptions) TCPKeepalive() *SocketOptions { func (so *SocketOptions) TOS(value int32) *SocketOptions { if value != 0 { so.options = append(so.options, - &envoy_core_v3.SocketOption{ + &envoy_config_core_v3.SocketOption{ Description: "Set IPv4 TOS field", Level: envoy.IPPROTO_IP, Name: envoy.IP_TOS, - State: envoy_core_v3.SocketOption_STATE_LISTENING, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: int64(value)}, + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: int64(value)}, }) } return so @@ -87,17 +88,17 @@ func (so *SocketOptions) TOS(value int32) *SocketOptions { func (so *SocketOptions) TrafficClass(value int32) *SocketOptions { if value != 0 { so.options = append(so.options, - &envoy_core_v3.SocketOption{ + &envoy_config_core_v3.SocketOption{ Description: "Set IPv6 Traffic Class field", Level: envoy.IPPROTO_IPV6, Name: envoy.IPV6_TCLASS, - State: envoy_core_v3.SocketOption_STATE_LISTENING, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: int64(value)}, + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: int64(value)}, }) } return so } -func (so *SocketOptions) Build() []*envoy_core_v3.SocketOption { +func (so *SocketOptions) Build() []*envoy_config_core_v3.SocketOption { return so.options } diff --git a/internal/envoy/v3/socket_options_test.go b/internal/envoy/v3/socket_options_test.go index fc7a688b9c0..301625981a4 100644 --- a/internal/envoy/v3/socket_options_test.go +++ b/internal/envoy/v3/socket_options_test.go @@ -16,9 +16,10 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - "github.com/projectcontour/contour/internal/envoy" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" "github.com/stretchr/testify/assert" + + "github.com/projectcontour/contour/internal/envoy" ) func TestSocketOptions(t *testing.T) { @@ -28,13 +29,13 @@ func TestSocketOptions(t *testing.T) { so.TOS(64) assert.Equal(t, - []*envoy_core_v3.SocketOption{ + []*envoy_config_core_v3.SocketOption{ { Description: "Set IPv4 TOS field", Level: envoy.IPPROTO_IP, Name: envoy.IP_TOS, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 64}, - State: envoy_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: 64}, + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, }, }, so.Build(), @@ -42,20 +43,20 @@ func TestSocketOptions(t *testing.T) { so.TrafficClass(64) assert.Equal(t, - []*envoy_core_v3.SocketOption{ + []*envoy_config_core_v3.SocketOption{ { Description: "Set IPv4 TOS field", Level: envoy.IPPROTO_IP, Name: envoy.IP_TOS, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 64}, - State: envoy_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: 64}, + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, }, { Description: "Set IPv6 Traffic Class field", Level: envoy.IPPROTO_IPV6, Name: envoy.IPV6_TCLASS, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: 64}, - State: envoy_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: 64}, + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, }, }, so.Build(), diff --git a/internal/envoy/v3/socket_test.go b/internal/envoy/v3/socket_test.go index 7949673283d..d81d3b45247 100644 --- a/internal/envoy/v3/socket_test.go +++ b/internal/envoy/v3/socket_test.go @@ -16,24 +16,25 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/protobuf" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestUpstreamTLSTransportSocket(t *testing.T) { tests := map[string]struct { - ctxt *envoy_tls_v3.UpstreamTlsContext - want *envoy_core_v3.TransportSocket + ctxt *envoy_transport_socket_tls_v3.UpstreamTlsContext + want *envoy_config_core_v3.TransportSocket }{ "h2": { ctxt: UpstreamTLSContext(nil, "", nil, nil, "h2"), - want: &envoy_core_v3.TransportSocket{ + want: &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ + ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(UpstreamTLSContext(nil, "", nil, nil, "h2")), }, }, @@ -50,27 +51,27 @@ func TestUpstreamTLSTransportSocket(t *testing.T) { func TestDownstreamTLSTransportSocket(t *testing.T) { serverSecret := &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tls-cert", Namespace: "default", }, Data: map[string][]byte{ - v1.TLSCertKey: []byte("cert"), - v1.TLSPrivateKeyKey: []byte("key"), + core_v1.TLSCertKey: []byte("cert"), + core_v1.TLSPrivateKeyKey: []byte("key"), }, }, } tests := map[string]struct { - ctxt *envoy_tls_v3.DownstreamTlsContext - want *envoy_core_v3.TransportSocket + ctxt *envoy_transport_socket_tls_v3.DownstreamTlsContext + want *envoy_config_core_v3.TransportSocket }{ "default/tls": { - ctxt: DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, nil, "client-subject-name", "h2", "http/1.1"), - want: &envoy_core_v3.TransportSocket{ + ctxt: DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "client-subject-name", "h2", "http/1.1"), + want: &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(DownstreamTLSContext(serverSecret, envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, nil, "client-subject-name", "h2", "http/1.1")), + ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(DownstreamTLSContext(serverSecret, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "client-subject-name", "h2", "http/1.1")), }, }, }, diff --git a/internal/envoy/v3/stats.go b/internal/envoy/v3/stats.go index ee9ba681bcf..21cc7b57c1f 100644 --- a/internal/envoy/v3/stats.go +++ b/internal/envoy/v3/stats.go @@ -14,16 +14,17 @@ package v3 import ( - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/protobuf" "google.golang.org/protobuf/types/known/wrapperspb" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/protobuf" ) const ( @@ -31,18 +32,18 @@ const ( metricsCaBundleSDSName = "metrics-ca-certificate" ) -// StatsListeners returns an array of *envoy_listener_v3.Listeners, +// StatsListeners returns an array of *envoy_config_listener_v3.Listeners, // either single HTTP listener or HTTP and HTTPS listeners depending on config. // The listeners are configured to serve: // - prometheus metrics on /stats (either over HTTP or HTTPS) // - readiness probe on /ready (always over HTTP) -func StatsListeners(metrics contour_api_v1alpha1.MetricsConfig, health contour_api_v1alpha1.HealthConfig) []*envoy_listener_v3.Listener { - var listeners []*envoy_listener_v3.Listener +func StatsListeners(metrics contour_v1alpha1.MetricsConfig, health contour_v1alpha1.HealthConfig) []*envoy_config_listener_v3.Listener { + var listeners []*envoy_config_listener_v3.Listener switch { // Create HTTPS listener for metrics and HTTP listener for health. case metrics.TLS != nil: - listeners = []*envoy_listener_v3.Listener{{ + listeners = []*envoy_config_listener_v3.Listener{{ Name: "stats", Address: SocketAddress(metrics.Address, metrics.Port), SocketOptions: NewSocketOptions().TCPKeepalive().Build(), @@ -59,7 +60,7 @@ func StatsListeners(metrics contour_api_v1alpha1.MetricsConfig, health contour_a // Create combined HTTP listener for metrics and health. case (metrics.Address == health.Address) && (metrics.Port == health.Port): - listeners = []*envoy_listener_v3.Listener{{ + listeners = []*envoy_config_listener_v3.Listener{{ Name: "stats-health", Address: SocketAddress(metrics.Address, metrics.Port), SocketOptions: NewSocketOptions().TCPKeepalive().Build(), @@ -68,7 +69,7 @@ func StatsListeners(metrics contour_api_v1alpha1.MetricsConfig, health contour_a // Create separate HTTP listeners for metrics and health. default: - listeners = []*envoy_listener_v3.Listener{{ + listeners = []*envoy_config_listener_v3.Listener{{ Name: "stats", Address: SocketAddress(metrics.Address, metrics.Port), SocketOptions: NewSocketOptions().TCPKeepalive().Build(), @@ -84,10 +85,10 @@ func StatsListeners(metrics contour_api_v1alpha1.MetricsConfig, health contour_a return listeners } -// AdminListener returns a *envoy_listener_v3.Listener configured to serve Envoy +// AdminListener returns a *envoy_config_listener_v3.Listener configured to serve Envoy // debug routes from the admin webpage. -func AdminListener(port int) *envoy_listener_v3.Listener { - return &envoy_listener_v3.Listener{ +func AdminListener(port int) *envoy_config_listener_v3.Listener { + return &envoy_config_listener_v3.Listener{ Name: "envoy-admin", Address: SocketAddress("127.0.0.1", port), FilterChains: filterChain("envoy-admin", nil, @@ -110,18 +111,18 @@ func AdminListener(port int) *envoy_listener_v3.Listener { } // filterChain returns a filter chain used by static listeners. -func filterChain(statsPrefix string, transportSocket *envoy_core_v3.TransportSocket, routes *http.HttpConnectionManager_RouteConfig) []*envoy_listener_v3.FilterChain { - return []*envoy_listener_v3.FilterChain{{ - Filters: []*envoy_listener_v3.Filter{{ +func filterChain(statsPrefix string, transportSocket *envoy_config_core_v3.TransportSocket, routes *envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_RouteConfig) []*envoy_config_listener_v3.FilterChain { + return []*envoy_config_listener_v3.FilterChain{{ + Filters: []*envoy_config_listener_v3.Filter{{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: statsPrefix, RouteSpecifier: routes, - HttpFilters: []*http.HttpFilter{{ + HttpFilters: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{{ Name: wellknown.Router, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, }}, NormalizePath: wrapperspb.Bool(true), @@ -133,10 +134,10 @@ func filterChain(statsPrefix string, transportSocket *envoy_core_v3.TransportSoc } // routeForAdminInterface creates static RouteConfig that forwards requested prefixes to Envoy admin interface. -func routeForAdminInterface(prefixes ...string) *http.HttpConnectionManager_RouteConfig { - config := &http.HttpConnectionManager_RouteConfig{ - RouteConfig: &envoy_route_v3.RouteConfiguration{ - VirtualHosts: []*envoy_route_v3.VirtualHost{{ +func routeForAdminInterface(prefixes ...string) *envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_RouteConfig { + config := &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_RouteConfig{ + RouteConfig: &envoy_config_route_v3.RouteConfiguration{ + VirtualHosts: []*envoy_config_route_v3.VirtualHost{{ Name: "backend", Domains: []string{"*"}, }}, @@ -145,15 +146,15 @@ func routeForAdminInterface(prefixes ...string) *http.HttpConnectionManager_Rout for _, prefix := range prefixes { config.RouteConfig.VirtualHosts[0].Routes = append(config.RouteConfig.VirtualHosts[0].Routes, - &envoy_route_v3.Route{ - Match: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ + &envoy_config_route_v3.Route{ + Match: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{ Prefix: prefix, }, }, - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "envoy-admin", }, }, @@ -166,14 +167,14 @@ func routeForAdminInterface(prefixes ...string) *http.HttpConnectionManager_Rout // downstreamTLSContext creates TLS context when HTTPS is used to protect Envoy stats endpoint. // Certificates and key are hardcoded to the SDS secrets which are returned by StatsSecrets. -func downstreamTLSContext(clientValidation bool) *envoy_tls_v3.DownstreamTlsContext { - context := &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ - TlsParams: &envoy_tls_v3.TlsParameters{ - TlsMinimumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_3, - TlsMaximumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_3, +func downstreamTLSContext(clientValidation bool) *envoy_transport_socket_tls_v3.DownstreamTlsContext { + context := &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + TlsParams: &envoy_transport_socket_tls_v3.TlsParameters{ + TlsMinimumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, + TlsMaximumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, }, - TlsCertificateSdsSecretConfigs: []*envoy_tls_v3.SdsSecretConfig{{ + TlsCertificateSdsSecretConfigs: []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: metricsServerCertSDSName, SdsConfig: ConfigSource("contour"), }}, @@ -181,8 +182,8 @@ func downstreamTLSContext(clientValidation bool) *envoy_tls_v3.DownstreamTlsCont } if clientValidation { - context.CommonTlsContext.ValidationContextType = &envoy_tls_v3.CommonTlsContext_ValidationContextSdsSecretConfig{ - ValidationContextSdsSecretConfig: &envoy_tls_v3.SdsSecretConfig{ + context.CommonTlsContext.ValidationContextType = &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContextSdsSecretConfig{ + ValidationContextSdsSecretConfig: &envoy_transport_socket_tls_v3.SdsSecretConfig{ Name: metricsCaBundleSDSName, SdsConfig: ConfigSource("contour"), }, @@ -194,22 +195,22 @@ func downstreamTLSContext(clientValidation bool) *envoy_tls_v3.DownstreamTlsCont } // StatsSecrets returns SDS secrets that refer to local file paths in Envoy container. -func StatsSecrets(metricsTLS *contour_api_v1alpha1.MetricsTLS) []*envoy_tls_v3.Secret { - secrets := []*envoy_tls_v3.Secret{} +func StatsSecrets(metricsTLS *contour_v1alpha1.MetricsTLS) []*envoy_transport_socket_tls_v3.Secret { + secrets := []*envoy_transport_socket_tls_v3.Secret{} if metricsTLS != nil { if metricsTLS.CertFile != "" && metricsTLS.KeyFile != "" { - secrets = append(secrets, &envoy_tls_v3.Secret{ + secrets = append(secrets, &envoy_transport_socket_tls_v3.Secret{ Name: metricsServerCertSDSName, - Type: &envoy_tls_v3.Secret_TlsCertificate{ - TlsCertificate: &envoy_tls_v3.TlsCertificate{ - CertificateChain: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + Type: &envoy_transport_socket_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_transport_socket_tls_v3.TlsCertificate{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: metricsTLS.CertFile, }, }, - PrivateKey: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: metricsTLS.KeyFile, }, }, @@ -218,12 +219,12 @@ func StatsSecrets(metricsTLS *contour_api_v1alpha1.MetricsTLS) []*envoy_tls_v3.S }) } if metricsTLS.CAFile != "" { - secrets = append(secrets, &envoy_tls_v3.Secret{ + secrets = append(secrets, &envoy_transport_socket_tls_v3.Secret{ Name: metricsCaBundleSDSName, - Type: &envoy_tls_v3.Secret_ValidationContext{ - ValidationContext: &envoy_tls_v3.CertificateValidationContext{ - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + Type: &envoy_transport_socket_tls_v3.Secret_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: metricsTLS.CAFile, }, }, diff --git a/internal/envoy/v3/stats_test.go b/internal/envoy/v3/stats_test.go index d48a69a8690..dc10c34808f 100644 --- a/internal/envoy/v3/stats_test.go +++ b/internal/envoy/v3/stats_test.go @@ -16,43 +16,44 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_router_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/protobuf" "google.golang.org/protobuf/types/known/wrapperspb" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/protobuf" ) func TestStatsListeners(t *testing.T) { - readyRoute := &envoy_route_v3.Route{ - Match: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ + readyRoute := &envoy_config_route_v3.Route{ + Match: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{ Prefix: "/ready", }, }, - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "envoy-admin", }, }, }, } - statsRoute := &envoy_route_v3.Route{ - Match: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ + statsRoute := &envoy_config_route_v3.Route{ + Match: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{ Prefix: "/stats", }, }, - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "envoy-admin", }, }, @@ -60,9 +61,9 @@ func TestStatsListeners(t *testing.T) { } type testcase struct { - metrics contour_api_v1alpha1.MetricsConfig - health contour_api_v1alpha1.HealthConfig - want []*envoy_listener_v3.Listener + metrics contour_v1alpha1.MetricsConfig + health contour_v1alpha1.HealthConfig + want []*envoy_config_listener_v3.Listener } run := func(t *testing.T, name string, tc testcase) { @@ -75,30 +76,30 @@ func TestStatsListeners(t *testing.T) { } run(t, "stats-and-health-over-http-single-listener", testcase{ - metrics: contour_api_v1alpha1.MetricsConfig{Address: "127.0.0.127", Port: 8123}, - health: contour_api_v1alpha1.HealthConfig{Address: "127.0.0.127", Port: 8123}, - want: []*envoy_listener_v3.Listener{{ + metrics: contour_v1alpha1.MetricsConfig{Address: "127.0.0.127", Port: 8123}, + health: contour_v1alpha1.HealthConfig{Address: "127.0.0.127", Port: 8123}, + want: []*envoy_config_listener_v3.Listener{{ Name: "stats-health", Address: SocketAddress("127.0.0.127", 8123), FilterChains: FilterChains( - &envoy_listener_v3.Filter{ + &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "stats", - RouteSpecifier: &http.HttpConnectionManager_RouteConfig{ - RouteConfig: &envoy_route_v3.RouteConfiguration{ - VirtualHosts: []*envoy_route_v3.VirtualHost{{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_RouteConfig{ + RouteConfig: &envoy_config_route_v3.RouteConfiguration{ + VirtualHosts: []*envoy_config_route_v3.VirtualHost{{ Name: "backend", Domains: []string{"*"}, - Routes: []*envoy_route_v3.Route{readyRoute, statsRoute}, + Routes: []*envoy_config_route_v3.Route{readyRoute, statsRoute}, }}, }, }, - HttpFilters: []*http.HttpFilter{{ + HttpFilters: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{{ Name: wellknown.Router, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, }}, NormalizePath: wrapperspb.Bool(true), @@ -111,40 +112,40 @@ func TestStatsListeners(t *testing.T) { }) run(t, "stats-over-https-and-health-over-http", testcase{ - metrics: contour_api_v1alpha1.MetricsConfig{ + metrics: contour_v1alpha1.MetricsConfig{ Address: "127.0.0.127", Port: 8123, - TLS: &contour_api_v1alpha1.MetricsTLS{ + TLS: &contour_v1alpha1.MetricsTLS{ CertFile: "certfile", KeyFile: "keyfile", }, }, - health: contour_api_v1alpha1.HealthConfig{ + health: contour_v1alpha1.HealthConfig{ Address: "127.0.0.127", Port: 8124, }, - want: []*envoy_listener_v3.Listener{{ + want: []*envoy_config_listener_v3.Listener{{ Name: "stats", Address: SocketAddress("127.0.0.127", 8123), - FilterChains: []*envoy_listener_v3.FilterChain{{ - Filters: []*envoy_listener_v3.Filter{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + Filters: []*envoy_config_listener_v3.Filter{{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "stats", - RouteSpecifier: &http.HttpConnectionManager_RouteConfig{ - RouteConfig: &envoy_route_v3.RouteConfiguration{ - VirtualHosts: []*envoy_route_v3.VirtualHost{{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_RouteConfig{ + RouteConfig: &envoy_config_route_v3.RouteConfiguration{ + VirtualHosts: []*envoy_config_route_v3.VirtualHost{{ Name: "backend", Domains: []string{"*"}, - Routes: []*envoy_route_v3.Route{statsRoute}, + Routes: []*envoy_config_route_v3.Route{statsRoute}, }}, }, }, - HttpFilters: []*http.HttpFilter{{ + HttpFilters: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{{ Name: wellknown.Router, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, }}, NormalizePath: wrapperspb.Bool(true), @@ -152,13 +153,13 @@ func TestStatsListeners(t *testing.T) { }, }}, TransportSocket: DownstreamTLSTransportSocket( - &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ - TlsParams: &envoy_tls_v3.TlsParameters{ - TlsMinimumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_3, - TlsMaximumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_3, + &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + TlsParams: &envoy_transport_socket_tls_v3.TlsParameters{ + TlsMinimumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, + TlsMaximumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, }, - TlsCertificateSdsSecretConfigs: []*envoy_tls_v3.SdsSecretConfig{{ + TlsCertificateSdsSecretConfigs: []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: "metrics-tls-certificate", SdsConfig: ConfigSource("contour"), }}, @@ -171,24 +172,24 @@ func TestStatsListeners(t *testing.T) { Name: "health", Address: SocketAddress("127.0.0.127", 8124), FilterChains: FilterChains( - &envoy_listener_v3.Filter{ + &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "stats", - RouteSpecifier: &http.HttpConnectionManager_RouteConfig{ - RouteConfig: &envoy_route_v3.RouteConfiguration{ - VirtualHosts: []*envoy_route_v3.VirtualHost{{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_RouteConfig{ + RouteConfig: &envoy_config_route_v3.RouteConfiguration{ + VirtualHosts: []*envoy_config_route_v3.VirtualHost{{ Name: "backend", Domains: []string{"*"}, - Routes: []*envoy_route_v3.Route{readyRoute}, + Routes: []*envoy_config_route_v3.Route{readyRoute}, }}, }, }, - HttpFilters: []*http.HttpFilter{{ + HttpFilters: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{{ Name: wellknown.Router, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, }}, NormalizePath: wrapperspb.Bool(true), @@ -201,41 +202,41 @@ func TestStatsListeners(t *testing.T) { }) run(t, "stats-over-https-with-client-auth-and-health-over-http", testcase{ - metrics: contour_api_v1alpha1.MetricsConfig{ + metrics: contour_v1alpha1.MetricsConfig{ Address: "127.0.0.127", Port: 8123, - TLS: &contour_api_v1alpha1.MetricsTLS{ + TLS: &contour_v1alpha1.MetricsTLS{ CertFile: "certfile", KeyFile: "keyfile", CAFile: "cabundle", }, }, - health: contour_api_v1alpha1.HealthConfig{ + health: contour_v1alpha1.HealthConfig{ Address: "127.0.0.127", Port: 8124, }, - want: []*envoy_listener_v3.Listener{{ + want: []*envoy_config_listener_v3.Listener{{ Name: "stats", Address: SocketAddress("127.0.0.127", 8123), - FilterChains: []*envoy_listener_v3.FilterChain{{ - Filters: []*envoy_listener_v3.Filter{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + Filters: []*envoy_config_listener_v3.Filter{{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "stats", - RouteSpecifier: &http.HttpConnectionManager_RouteConfig{ - RouteConfig: &envoy_route_v3.RouteConfiguration{ - VirtualHosts: []*envoy_route_v3.VirtualHost{{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_RouteConfig{ + RouteConfig: &envoy_config_route_v3.RouteConfiguration{ + VirtualHosts: []*envoy_config_route_v3.VirtualHost{{ Name: "backend", Domains: []string{"*"}, - Routes: []*envoy_route_v3.Route{statsRoute}, + Routes: []*envoy_config_route_v3.Route{statsRoute}, }}, }, }, - HttpFilters: []*http.HttpFilter{{ + HttpFilters: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{{ Name: wellknown.Router, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, }}, NormalizePath: wrapperspb.Bool(true), @@ -243,18 +244,18 @@ func TestStatsListeners(t *testing.T) { }, }}, TransportSocket: DownstreamTLSTransportSocket( - &envoy_tls_v3.DownstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ - TlsParams: &envoy_tls_v3.TlsParameters{ - TlsMinimumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_3, - TlsMaximumProtocolVersion: envoy_tls_v3.TlsParameters_TLSv1_3, + &envoy_transport_socket_tls_v3.DownstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + TlsParams: &envoy_transport_socket_tls_v3.TlsParameters{ + TlsMinimumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, + TlsMaximumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, }, - TlsCertificateSdsSecretConfigs: []*envoy_tls_v3.SdsSecretConfig{{ + TlsCertificateSdsSecretConfigs: []*envoy_transport_socket_tls_v3.SdsSecretConfig{{ Name: "metrics-tls-certificate", SdsConfig: ConfigSource("contour"), }}, - ValidationContextType: &envoy_tls_v3.CommonTlsContext_ValidationContextSdsSecretConfig{ - ValidationContextSdsSecretConfig: &envoy_tls_v3.SdsSecretConfig{ + ValidationContextType: &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContextSdsSecretConfig{ + ValidationContextSdsSecretConfig: &envoy_transport_socket_tls_v3.SdsSecretConfig{ Name: "metrics-ca-certificate", SdsConfig: ConfigSource("contour"), }, @@ -269,24 +270,24 @@ func TestStatsListeners(t *testing.T) { Name: "health", Address: SocketAddress("127.0.0.127", 8124), FilterChains: FilterChains( - &envoy_listener_v3.Filter{ + &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "stats", - RouteSpecifier: &http.HttpConnectionManager_RouteConfig{ - RouteConfig: &envoy_route_v3.RouteConfiguration{ - VirtualHosts: []*envoy_route_v3.VirtualHost{{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_RouteConfig{ + RouteConfig: &envoy_config_route_v3.RouteConfiguration{ + VirtualHosts: []*envoy_config_route_v3.VirtualHost{{ Name: "backend", Domains: []string{"*"}, - Routes: []*envoy_route_v3.Route{readyRoute}, + Routes: []*envoy_config_route_v3.Route{readyRoute}, }}, }, }, - HttpFilters: []*http.HttpFilter{{ + HttpFilters: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{{ Name: wellknown.Router, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, }}, NormalizePath: wrapperspb.Bool(true), @@ -299,36 +300,36 @@ func TestStatsListeners(t *testing.T) { }) run(t, "stats-and-health-over-http-but-different-listeners", testcase{ - metrics: contour_api_v1alpha1.MetricsConfig{ + metrics: contour_v1alpha1.MetricsConfig{ Address: "127.0.0.127", Port: 8123, }, - health: contour_api_v1alpha1.HealthConfig{ + health: contour_v1alpha1.HealthConfig{ Address: "127.0.0.128", Port: 8124, }, - want: []*envoy_listener_v3.Listener{{ + want: []*envoy_config_listener_v3.Listener{{ Name: "stats", Address: SocketAddress("127.0.0.127", 8123), FilterChains: FilterChains( - &envoy_listener_v3.Filter{ + &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "stats", - RouteSpecifier: &http.HttpConnectionManager_RouteConfig{ - RouteConfig: &envoy_route_v3.RouteConfiguration{ - VirtualHosts: []*envoy_route_v3.VirtualHost{{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_RouteConfig{ + RouteConfig: &envoy_config_route_v3.RouteConfiguration{ + VirtualHosts: []*envoy_config_route_v3.VirtualHost{{ Name: "backend", Domains: []string{"*"}, - Routes: []*envoy_route_v3.Route{statsRoute}, + Routes: []*envoy_config_route_v3.Route{statsRoute}, }}, }, }, - HttpFilters: []*http.HttpFilter{{ + HttpFilters: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{{ Name: wellknown.Router, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, }}, NormalizePath: wrapperspb.Bool(true), @@ -341,24 +342,24 @@ func TestStatsListeners(t *testing.T) { Name: "health", Address: SocketAddress("127.0.0.128", 8124), FilterChains: FilterChains( - &envoy_listener_v3.Filter{ + &envoy_config_listener_v3.Filter{ Name: wellknown.HTTPConnectionManager, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&http.HttpConnectionManager{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_http_connection_manager_v3.HttpConnectionManager{ StatPrefix: "stats", - RouteSpecifier: &http.HttpConnectionManager_RouteConfig{ - RouteConfig: &envoy_route_v3.RouteConfiguration{ - VirtualHosts: []*envoy_route_v3.VirtualHost{{ + RouteSpecifier: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_RouteConfig{ + RouteConfig: &envoy_config_route_v3.RouteConfiguration{ + VirtualHosts: []*envoy_config_route_v3.VirtualHost{{ Name: "backend", Domains: []string{"*"}, - Routes: []*envoy_route_v3.Route{readyRoute}, + Routes: []*envoy_config_route_v3.Route{readyRoute}, }}, }, }, - HttpFilters: []*http.HttpFilter{{ + HttpFilters: []*envoy_filter_network_http_connection_manager_v3.HttpFilter{{ Name: wellknown.Router, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_router_v3.Router{}), + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_router_v3.Router{}), }, }}, NormalizePath: wrapperspb.Bool(true), @@ -373,8 +374,8 @@ func TestStatsListeners(t *testing.T) { func TestStatsTLSSecrets(t *testing.T) { type testcase struct { - metricsTLS contour_api_v1alpha1.MetricsTLS - want []*envoy_tls_v3.Secret + metricsTLS contour_v1alpha1.MetricsTLS + want []*envoy_transport_socket_tls_v3.Secret } run := func(t *testing.T, name string, tc testcase) { t.Helper() @@ -385,21 +386,21 @@ func TestStatsTLSSecrets(t *testing.T) { } run(t, "only-server-credentials", testcase{ - metricsTLS: contour_api_v1alpha1.MetricsTLS{ + metricsTLS: contour_v1alpha1.MetricsTLS{ CertFile: "certfile", KeyFile: "keyfile", }, - want: []*envoy_tls_v3.Secret{{ + want: []*envoy_transport_socket_tls_v3.Secret{{ Name: "metrics-tls-certificate", - Type: &envoy_tls_v3.Secret_TlsCertificate{ - TlsCertificate: &envoy_tls_v3.TlsCertificate{ - CertificateChain: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + Type: &envoy_transport_socket_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_transport_socket_tls_v3.TlsCertificate{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: "certfile", }, }, - PrivateKey: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: "keyfile", }, }, @@ -409,22 +410,22 @@ func TestStatsTLSSecrets(t *testing.T) { }) run(t, "with-client-authentication", testcase{ - metricsTLS: contour_api_v1alpha1.MetricsTLS{ + metricsTLS: contour_v1alpha1.MetricsTLS{ CertFile: "certfile", KeyFile: "keyfile", CAFile: "cabundle", }, - want: []*envoy_tls_v3.Secret{{ + want: []*envoy_transport_socket_tls_v3.Secret{{ Name: "metrics-tls-certificate", - Type: &envoy_tls_v3.Secret_TlsCertificate{ - TlsCertificate: &envoy_tls_v3.TlsCertificate{ - CertificateChain: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + Type: &envoy_transport_socket_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_transport_socket_tls_v3.TlsCertificate{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: "certfile", }, }, - PrivateKey: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: "keyfile", }, }, @@ -432,10 +433,10 @@ func TestStatsTLSSecrets(t *testing.T) { }, }, { Name: "metrics-ca-certificate", - Type: &envoy_tls_v3.Secret_ValidationContext{ - ValidationContext: &envoy_tls_v3.CertificateValidationContext{ - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_Filename{ + Type: &envoy_transport_socket_tls_v3.Secret_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_Filename{ Filename: "cabundle", }, }, diff --git a/internal/envoy/v3/tls.go b/internal/envoy/v3/tls.go index 0d6006cc1f5..5311df43289 100644 --- a/internal/envoy/v3/tls.go +++ b/internal/envoy/v3/tls.go @@ -14,16 +14,16 @@ package v3 import ( - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" ) -func ParseTLSVersion(version string) envoy_tls_v3.TlsParameters_TlsProtocol { +func ParseTLSVersion(version string) envoy_transport_socket_tls_v3.TlsParameters_TlsProtocol { switch version { case "1.2": - return envoy_tls_v3.TlsParameters_TLSv1_2 + return envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2 case "1.3": - return envoy_tls_v3.TlsParameters_TLSv1_3 + return envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3 default: - return envoy_tls_v3.TlsParameters_TLS_AUTO + return envoy_transport_socket_tls_v3.TlsParameters_TLS_AUTO } } diff --git a/internal/envoy/v3/tracing.go b/internal/envoy/v3/tracing.go index ffd44084968..37eaed2d5f5 100644 --- a/internal/envoy/v3/tracing.go +++ b/internal/envoy/v3/tracing.go @@ -15,19 +15,20 @@ package v3 import ( envoy_config_trace_v3 "github.com/envoyproxy/go-control-plane/envoy/config/trace/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" envoy_trace_v3 "github.com/envoyproxy/go-control-plane/envoy/type/tracing/v3" - envoy_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" + envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" + "google.golang.org/protobuf/types/known/wrapperspb" + "k8s.io/apimachinery/pkg/types" + "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/timeout" - "google.golang.org/protobuf/types/known/wrapperspb" - "k8s.io/apimachinery/pkg/types" ) // TracingConfig returns a tracing config, // or nil if config is nil. -func TracingConfig(tracing *EnvoyTracingConfig) *http.HttpConnectionManager_Tracing { +func TracingConfig(tracing *EnvoyTracingConfig) *envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Tracing { if tracing == nil { return nil } @@ -39,8 +40,8 @@ func TracingConfig(tracing *EnvoyTracingConfig) *http.HttpConnectionManager_Trac } } - return &http.HttpConnectionManager_Tracing{ - OverallSampling: &envoy_type.Percent{ + return &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Tracing{ + OverallSampling: &envoy_type_v3.Percent{ Value: tracing.OverallSampling, }, MaxPathTagLength: wrapperspb.UInt32(tracing.MaxPathTagLength), diff --git a/internal/envoy/v3/tracing_test.go b/internal/envoy/v3/tracing_test.go index 72cffe7269e..0c4bea5f936 100644 --- a/internal/envoy/v3/tracing_test.go +++ b/internal/envoy/v3/tracing_test.go @@ -17,23 +17,24 @@ import ( "testing" "time" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_config_trace_v3 "github.com/envoyproxy/go-control-plane/envoy/config/trace/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" envoy_trace_v3 "github.com/envoyproxy/go-control-plane/envoy/type/tracing/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/timeout" "github.com/stretchr/testify/assert" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" + + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/protobuf" + "github.com/projectcontour/contour/internal/timeout" ) func TestTracingConfig(t *testing.T) { tests := map[string]struct { tracing *EnvoyTracingConfig - want *http.HttpConnectionManager_Tracing + want *envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Tracing }{ "nil config": { tracing: nil, @@ -62,7 +63,7 @@ func TestTracingConfig(t *testing.T) { }, }, }, - want: &http.HttpConnectionManager_Tracing{ + want: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Tracing{ OverallSampling: &envoy_type_v3.Percent{ Value: 100.0, }, @@ -97,9 +98,9 @@ func TestTracingConfig(t *testing.T) { Name: "envoy.tracers.opentelemetry", ConfigType: &envoy_config_trace_v3.Tracing_Http_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&envoy_config_trace_v3.OpenTelemetryConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "extension/projectcontour/otel-collector", Authority: "some-server.com", }, @@ -122,7 +123,7 @@ func TestTracingConfig(t *testing.T) { MaxPathTagLength: 256, CustomTags: nil, }, - want: &http.HttpConnectionManager_Tracing{ + want: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Tracing{ OverallSampling: &envoy_type_v3.Percent{ Value: 100.0, }, @@ -132,9 +133,9 @@ func TestTracingConfig(t *testing.T) { Name: "envoy.tracers.opentelemetry", ConfigType: &envoy_config_trace_v3.Tracing_Http_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&envoy_config_trace_v3.OpenTelemetryConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "extension/projectcontour/otel-collector", Authority: "some-server.com", }, @@ -157,7 +158,7 @@ func TestTracingConfig(t *testing.T) { MaxPathTagLength: 256, CustomTags: nil, }, - want: &http.HttpConnectionManager_Tracing{ + want: &envoy_filter_network_http_connection_manager_v3.HttpConnectionManager_Tracing{ OverallSampling: &envoy_type_v3.Percent{ Value: 100.0, }, @@ -167,9 +168,9 @@ func TestTracingConfig(t *testing.T) { Name: "envoy.tracers.opentelemetry", ConfigType: &envoy_config_trace_v3.Tracing_Http_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(&envoy_config_trace_v3.OpenTelemetryConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: "extension/projectcontour/otel-collector", Authority: "extension.projectcontour.otel-collector", }, diff --git a/internal/featuretests/kubernetes.go b/internal/featuretests/kubernetes.go index c72fbb5de7d..e0b5dcfdb15 100644 --- a/internal/featuretests/kubernetes.go +++ b/internal/featuretests/kubernetes.go @@ -18,15 +18,16 @@ package featuretests import ( "testing" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/fixture" "github.com/tsaarni/certyaml" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/fixture" ) -func IngressBackend(svc *v1.Service) *networking_v1.IngressBackend { +func IngressBackend(svc *core_v1.Service) *networking_v1.IngressBackend { return &networking_v1.IngressBackend{ Service: &networking_v1.IngressServiceBackend{ Name: svc.Name, @@ -56,43 +57,43 @@ var CRL = certyaml.CRL{ Issuer: &CACertificate, } -func TLSSecret(t *testing.T, name string, credential *certyaml.Certificate) *v1.Secret { +func TLSSecret(t *testing.T, name string, credential *certyaml.Certificate) *core_v1.Secret { cert, key, err := credential.PEM() if err != nil { t.Fatal(err) } - return &v1.Secret{ + return &core_v1.Secret{ ObjectMeta: fixture.ObjectMeta(name), - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{ - v1.TLSCertKey: cert, - v1.TLSPrivateKeyKey: key, + core_v1.TLSCertKey: cert, + core_v1.TLSPrivateKeyKey: key, }, } } -func CASecret(t *testing.T, name string, credential *certyaml.Certificate) *v1.Secret { +func CASecret(t *testing.T, name string, credential *certyaml.Certificate) *core_v1.Secret { cert, _, err := credential.PEM() if err != nil { t.Fatal(err) } - return &v1.Secret{ + return &core_v1.Secret{ ObjectMeta: fixture.ObjectMeta(name), - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ dag.CACertificateKey: cert, }, } } -func CRLSecret(t *testing.T, name string, credential *certyaml.CRL) *v1.Secret { +func CRLSecret(t *testing.T, name string, credential *certyaml.CRL) *core_v1.Secret { crl, err := credential.PEM() if err != nil { t.Fatal(err) } - return &v1.Secret{ + return &core_v1.Secret{ ObjectMeta: fixture.ObjectMeta(name), - Type: v1.SecretTypeOpaque, + Type: core_v1.SecretTypeOpaque, Data: map[string][]byte{ dag.CRLKey: crl, }, @@ -107,9 +108,9 @@ func PEMBytes(t *testing.T, cert *certyaml.Certificate) []byte { return c } -func Endpoints(ns, name string, subsets ...v1.EndpointSubset) *v1.Endpoints { - return &v1.Endpoints{ - ObjectMeta: metav1.ObjectMeta{ +func Endpoints(ns, name string, subsets ...core_v1.EndpointSubset) *core_v1.Endpoints { + return &core_v1.Endpoints{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: ns, }, @@ -117,22 +118,22 @@ func Endpoints(ns, name string, subsets ...v1.EndpointSubset) *v1.Endpoints { } } -func Ports(eps ...v1.EndpointPort) []v1.EndpointPort { +func Ports(eps ...core_v1.EndpointPort) []core_v1.EndpointPort { return eps } -func Port(name string, port int32) v1.EndpointPort { - return v1.EndpointPort{ +func Port(name string, port int32) core_v1.EndpointPort { + return core_v1.EndpointPort{ Name: name, Port: port, Protocol: "TCP", } } -func Addresses(ips ...string) []v1.EndpointAddress { - var addrs []v1.EndpointAddress +func Addresses(ips ...string) []core_v1.EndpointAddress { + var addrs []core_v1.EndpointAddress for _, ip := range ips { - addrs = append(addrs, v1.EndpointAddress{IP: ip}) + addrs = append(addrs, core_v1.EndpointAddress{IP: ip}) } return addrs } diff --git a/internal/featuretests/v3/authorization_test.go b/internal/featuretests/v3/authorization_test.go index f29fd845a39..2e5458ef6bb 100644 --- a/internal/featuretests/v3/authorization_test.go +++ b/internal/featuretests/v3/authorization_test.go @@ -19,28 +19,29 @@ import ( "testing" "time" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_config_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - envoy_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" + "google.golang.org/protobuf/types/known/durationpb" + core_v1 "k8s.io/api/core/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - "google.golang.org/protobuf/types/known/durationpb" - corev1 "k8s.io/api/core/v1" ) const defaultResponseTimeout = time.Minute * 60 -func grpcCluster(name string) *envoy_config_filter_http_ext_authz_v3.ExtAuthz_GrpcService { - return &envoy_config_filter_http_ext_authz_v3.ExtAuthz_GrpcService{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ +func grpcCluster(name string) *envoy_filter_http_ext_authz_v3.ExtAuthz_GrpcService { + return &envoy_filter_http_ext_authz_v3.ExtAuthz_GrpcService{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: name, Authority: strings.ReplaceAll(name, "/", "."), }, @@ -56,16 +57,16 @@ func authzResponseTimeout(t *testing.T, rh ResourceEventHandlerWrapper, c *Conto p := fixture.NewProxy("proxy"). WithFQDN(fqdn). WithCertificate("certificate"). - WithAuthServer(contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + WithAuthServer(contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", }, ResponseTimeout: "10m", }). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, }}, }) @@ -74,29 +75,29 @@ func authzResponseTimeout(t *testing.T, rh ResourceEventHandlerWrapper, c *Conto cluster := grpcCluster("extension/auth/extension") cluster.GrpcService.Timeout = durationpb.New(10 * time.Minute) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, defaultHTTPListener(), - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls(fqdn, featuretests.TLSSecret(t, "certificate", &featuretests.ServerCertificate), authzFilterFor( fqdn, - &envoy_config_filter_http_ext_authz_v3.ExtAuthz{ + &envoy_filter_http_ext_authz_v3.ExtAuthz{ Services: cluster, ClearRouteCache: true, IncludePeerCertificate: true, - StatusOnError: &envoy_type.HttpStatus{ - Code: envoy_type.StatusCode_Forbidden, + StatusOnError: &envoy_type_v3.HttpStatus{ + Code: envoy_type_v3.StatusCode_Forbidden, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, ), nil, "h2", "http/1.1"), @@ -114,25 +115,25 @@ func authzInvalidResponseTimeout(t *testing.T, rh ResourceEventHandlerWrapper, c p := fixture.NewProxy("proxy"). WithFQDN(fqdn). WithCertificate("certificate"). - WithAuthServer(contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + WithAuthServer(contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", }, ResponseTimeout: "invalid-timeout", }). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, }}, }) rh.OnAdd(p) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, statsListener()), - }).Status(p).HasError(contour_api_v1.ConditionTypeAuthError, "AuthResponseTimeoutInvalid", `Spec.Virtualhost.Authorization.ResponseTimeout is invalid: unable to parse timeout string "invalid-timeout": time: invalid duration "invalid-timeout"`) + }).Status(p).HasError(contour_v1.ConditionTypeAuthError, "AuthResponseTimeoutInvalid", `Spec.Virtualhost.Authorization.ResponseTimeout is invalid: unable to parse timeout string "invalid-timeout": time: invalid duration "invalid-timeout"`) } func authzFailOpen(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { @@ -141,44 +142,44 @@ func authzFailOpen(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { p := fixture.NewProxy("proxy"). WithFQDN(fqdn). WithCertificate("certificate"). - WithAuthServer(contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + WithAuthServer(contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", }, FailOpen: true, }). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, }}, }) rh.OnAdd(p) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, defaultHTTPListener(), - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls(fqdn, featuretests.TLSSecret(t, "certificate", &featuretests.ServerCertificate), authzFilterFor( fqdn, - &envoy_config_filter_http_ext_authz_v3.ExtAuthz{ + &envoy_filter_http_ext_authz_v3.ExtAuthz{ Services: grpcCluster("extension/auth/extension"), ClearRouteCache: true, FailureModeAllow: true, IncludePeerCertificate: true, - StatusOnError: &envoy_type.HttpStatus{ - Code: envoy_type.StatusCode_Forbidden, + StatusOnError: &envoy_type_v3.HttpStatus{ + Code: envoy_type_v3.StatusCode_Forbidden, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, ), nil, "h2", "http/1.1"), @@ -193,15 +194,15 @@ func authzFallbackIncompat(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont p := fixture.NewProxy("proxy"). WithFQDN("echo.projectcontour.io"). WithCertificate("certificate"). - WithAuthServer(contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + WithAuthServer(contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", }, }). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, }}, }) @@ -209,17 +210,17 @@ func authzFallbackIncompat(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont rh.OnAdd(p) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, statsListener()), - }).Status(p).HasError(contour_api_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.Virtualhost.TLS fallback & client authorization are incompatible") + }).Status(p).HasError(contour_v1.ConditionTypeTLSError, "TLSIncompatibleFeatures", "Spec.Virtualhost.TLS fallback & client authorization are incompatible") } func authzOverrideDisabled(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { const enabled = "enabled.projectcontour.io" const disabled = "disabled.projectcontour.io" - extensionRef := contour_api_v1.ExtensionServiceReference{ + extensionRef := contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", } @@ -227,18 +228,18 @@ func authzOverrideDisabled(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont rh.OnAdd(fixture.NewProxy("enabled"). WithFQDN(enabled). WithCertificate("certificate"). - WithAuthServer(contour_api_v1.AuthorizationServer{ + WithAuthServer(contour_v1.AuthorizationServer{ ExtensionServiceRef: extensionRef, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{Disabled: false}, + AuthPolicy: &contour_v1.AuthorizationPolicy{Disabled: false}, }). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/disabled")), - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{Disabled: true}, + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, + AuthPolicy: &contour_v1.AuthorizationPolicy{Disabled: true}, }, { Conditions: matchconditions(prefixMatchCondition("/default")), - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, }}, }), ) @@ -246,18 +247,18 @@ func authzOverrideDisabled(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont rh.OnAdd(fixture.NewProxy("disabled"). WithFQDN(disabled). WithCertificate("certificate"). - WithAuthServer(contour_api_v1.AuthorizationServer{ + WithAuthServer(contour_v1.AuthorizationServer{ ExtensionServiceRef: extensionRef, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{Disabled: true}, + AuthPolicy: &contour_v1.AuthorizationPolicy{Disabled: true}, }). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/enabled")), - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{}, + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, + AuthPolicy: &contour_v1.AuthorizationPolicy{}, }, { Conditions: matchconditions(prefixMatchCondition("/default")), - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, }}, }), ) @@ -267,23 +268,23 @@ func authzOverrideDisabled(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont // the other path should have the opposite enablement. disabledConfig := withFilterConfig(envoy_v3.ExtAuthzFilterName, - &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_Disabled{ + &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute_Disabled{ Disabled: true, }, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( path.Join("https", disabled), envoy_v3.VirtualHost(disabled, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/enabled"), Action: routeCluster("default/app-server/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/default"), Action: routeCluster("default/app-server/80/da39a3ee5e"), TypedPerFilterConfig: disabledConfig, @@ -293,12 +294,12 @@ func authzOverrideDisabled(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont envoy_v3.RouteConfiguration( path.Join("https", enabled), envoy_v3.VirtualHost(enabled, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/disabled"), Action: routeCluster("default/app-server/80/da39a3ee5e"), TypedPerFilterConfig: disabledConfig, }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/default"), Action: routeCluster("default/app-server/80/da39a3ee5e"), }, @@ -307,21 +308,21 @@ func authzOverrideDisabled(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont envoy_v3.RouteConfiguration( "ingress_http", envoy_v3.VirtualHost(disabled, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/enabled"), Action: withRedirect(), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/default"), Action: withRedirect(), }, ), envoy_v3.VirtualHost(enabled, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/disabled"), Action: withRedirect(), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/default"), Action: withRedirect(), }, @@ -337,33 +338,33 @@ func authzMergeRouteContext(t *testing.T, rh ResourceEventHandlerWrapper, c *Con rh.OnAdd(fixture.NewProxy("proxy-root"). WithFQDN(fqdn). WithCertificate("certificate"). - WithAuthServer(contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + WithAuthServer(contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", }, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "root-element": "root", "common-element": "root", }, }, }). - WithSpec(contour_api_v1.HTTPProxySpec{ - Includes: []contour_api_v1.Include{{ + WithSpec(contour_v1.HTTPProxySpec{ + Includes: []contour_v1.Include{{ Name: "proxy-leaf", }}, }), ) rh.OnAdd(fixture.NewProxy("proxy-leaf"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "app-server", Port: 80, }}, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "common-element": "leaf", "leaf-element": "leaf", @@ -381,19 +382,19 @@ func authzMergeRouteContext(t *testing.T, rh ResourceEventHandlerWrapper, c *Con "leaf-element": "leaf", } - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( path.Join("https", fqdn), envoy_v3.VirtualHost(fqdn, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/app-server/80/da39a3ee5e"), TypedPerFilterConfig: withFilterConfig(envoy_v3.ExtAuthzFilterName, - &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ - CheckSettings: &envoy_config_filter_http_ext_authz_v3.CheckSettings{ + &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ + CheckSettings: &envoy_filter_http_ext_authz_v3.CheckSettings{ ContextExtensions: context, }, }, @@ -404,7 +405,7 @@ func authzMergeRouteContext(t *testing.T, rh ResourceEventHandlerWrapper, c *Con envoy_v3.RouteConfiguration( "ingress_http", envoy_v3.VirtualHost(fqdn, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withRedirect(), }, @@ -420,17 +421,17 @@ func authzInvalidReference(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont invalid := fixture.NewProxy("proxy"). WithFQDN(fqdn). WithCertificate("certificate"). - WithAuthServer(contour_api_v1.AuthorizationServer{}). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + WithAuthServer(contour_v1.AuthorizationServer{}). + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "app-server", Port: 80, }}, }}, }) - invalid.Spec.VirtualHost.Authorization.ExtensionServiceRef = contour_api_v1.ExtensionServiceReference{ + invalid.Spec.VirtualHost.Authorization.ExtensionServiceRef = contour_v1.ExtensionServiceReference{ APIVersion: "foo/bar", Namespace: "", Name: "", @@ -439,12 +440,12 @@ func authzInvalidReference(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont rh.OnDelete(invalid) rh.OnAdd(invalid) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, statsListener()), - }).Status(invalid).HasError(contour_api_v1.ConditionTypeAuthError, "AuthBadResourceVersion", `Spec.Virtualhost.Authorization.extensionRef specifies an unsupported resource version "foo/bar"`) + }).Status(invalid).HasError(contour_v1.ConditionTypeAuthError, "AuthBadResourceVersion", `Spec.Virtualhost.Authorization.extensionRef specifies an unsupported resource version "foo/bar"`) - invalid.Spec.VirtualHost.Authorization.ExtensionServiceRef = contour_api_v1.ExtensionServiceReference{ + invalid.Spec.VirtualHost.Authorization.ExtensionServiceRef = contour_v1.ExtensionServiceReference{ APIVersion: "projectcontour.io/v1alpha1", Namespace: "missing", Name: "extension", @@ -453,12 +454,12 @@ func authzInvalidReference(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont rh.OnDelete(invalid) rh.OnAdd(invalid) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, statsListener()), - }).Status(invalid).HasError(contour_api_v1.ConditionTypeAuthError, "ExtensionServiceNotFound", `Spec.Virtualhost.Authorization.ServiceRef extension service "missing/extension" not found`) + }).Status(invalid).HasError(contour_v1.ConditionTypeAuthError, "ExtensionServiceNotFound", `Spec.Virtualhost.Authorization.ServiceRef extension service "missing/extension" not found`) - invalid.Spec.VirtualHost.Authorization.ExtensionServiceRef = contour_api_v1.ExtensionServiceReference{ + invalid.Spec.VirtualHost.Authorization.ExtensionServiceRef = contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", } @@ -466,29 +467,29 @@ func authzInvalidReference(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont rh.OnDelete(invalid) rh.OnAdd(invalid) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, defaultHTTPListener(), - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls(fqdn, featuretests.TLSSecret(t, "certificate", &featuretests.ServerCertificate), authzFilterFor( fqdn, - &envoy_config_filter_http_ext_authz_v3.ExtAuthz{ + &envoy_filter_http_ext_authz_v3.ExtAuthz{ Services: grpcCluster("extension/auth/extension"), ClearRouteCache: true, FailureModeAllow: false, IncludePeerCertificate: true, - StatusOnError: &envoy_type.HttpStatus{ - Code: envoy_type.StatusCode_Forbidden, + StatusOnError: &envoy_type_v3.HttpStatus{ + Code: envoy_type_v3.StatusCode_Forbidden, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, ), nil, "h2", "http/1.1"), @@ -505,50 +506,50 @@ func authzWithRequestBodyBufferSettings(t *testing.T, rh ResourceEventHandlerWra p := fixture.NewProxy("proxy"). WithFQDN(fqdn). WithCertificate("certificate"). - WithAuthServer(contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + WithAuthServer(contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", }, FailOpen: true, - WithRequestBody: &contour_api_v1.AuthorizationServerBufferSettings{ + WithRequestBody: &contour_v1.AuthorizationServerBufferSettings{ MaxRequestBytes: 100, AllowPartialMessage: true, PackAsBytes: true, }, }). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{Name: "app-server", Port: 80}}, + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{Name: "app-server", Port: 80}}, }}, }) rh.OnAdd(p) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, defaultHTTPListener(), - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls(fqdn, featuretests.TLSSecret(t, "certificate", &featuretests.ServerCertificate), authzFilterFor( fqdn, - &envoy_config_filter_http_ext_authz_v3.ExtAuthz{ + &envoy_filter_http_ext_authz_v3.ExtAuthz{ Services: grpcCluster("extension/auth/extension"), ClearRouteCache: true, FailureModeAllow: true, IncludePeerCertificate: true, - StatusOnError: &envoy_type.HttpStatus{ - Code: envoy_type.StatusCode_Forbidden, + StatusOnError: &envoy_type_v3.HttpStatus{ + Code: envoy_type_v3.StatusCode_Forbidden, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, - WithRequestBody: &envoy_config_filter_http_ext_authz_v3.BufferSettings{ + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, + WithRequestBody: &envoy_filter_http_ext_authz_v3.BufferSettings{ MaxRequestBytes: 100, AllowPartialMessage: true, PackAsBytes: true, @@ -584,29 +585,29 @@ func TestAuthorization(t *testing.T) { // Add common test fixtures. rh.OnAdd(fixture.NewService("auth/oidc-server"). - WithPorts(corev1.ServicePort{Port: 8081})) + WithPorts(core_v1.ServicePort{Port: 8081})) - rh.OnAdd(featuretests.Endpoints("auth", "oidc-server", corev1.EndpointSubset{ + rh.OnAdd(featuretests.Endpoints("auth", "oidc-server", core_v1.EndpointSubset{ Addresses: featuretests.Addresses("192.168.183.21"), Ports: featuretests.Ports(featuretests.Port("", 8081)), })) - rh.OnAdd(&v1alpha1.ExtensionService{ + rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("auth/extension"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "oidc-server", Port: 8081}, }, - TimeoutPolicy: &contour_api_v1.TimeoutPolicy{ + TimeoutPolicy: &contour_v1.TimeoutPolicy{ Response: defaultResponseTimeout.String(), }, }, }) rh.OnAdd(fixture.NewService("app-server"). - WithPorts(corev1.ServicePort{Port: 80})) + WithPorts(core_v1.ServicePort{Port: 80})) - rh.OnAdd(featuretests.Endpoints("auth", "app-server", corev1.EndpointSubset{ + rh.OnAdd(featuretests.Endpoints("auth", "app-server", core_v1.EndpointSubset{ Addresses: featuretests.Addresses("192.168.183.21"), Ports: featuretests.Ports(featuretests.Port("", 80)), })) diff --git a/internal/featuretests/v3/backendcavalidation_test.go b/internal/featuretests/v3/backendcavalidation_test.go index 24fea2f46b3..2e5c7720e44 100644 --- a/internal/featuretests/v3/backendcavalidation_test.go +++ b/internal/featuretests/v3/backendcavalidation_test.go @@ -16,13 +16,14 @@ package v3 import ( "testing" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/ref" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestClusterServiceTLSBackendCAValidation(t *testing.T) { @@ -33,17 +34,17 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { svc := fixture.NewService("default/kuard"). Annotate("projectcontour.io/upstream-protocol.tls", "securebackend,443"). - WithPorts(v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8080)}) - p1 := &contour_api_v1.HTTPProxy{ + p1 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, }}, @@ -55,7 +56,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { rh.OnAdd(p1) // assert that the insecure listener and the stats listener are present in LDS. - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), statsListener(), @@ -64,25 +65,25 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { }) // assert that there is a regular, non validation enabled cluster in CDS. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster(cluster("default/kuard/443/4929fca9d4", "default/kuard/securebackend", "default_kuard_443"), nil, "", "", nil, nil), ), TypeUrl: clusterType, }) - p2 := &contour_api_v1.HTTPProxy{ + p2 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", }, @@ -93,7 +94,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { rh.OnUpdate(p1, p2) // assert that the insecure listener and the stats listener are present in LDS. - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), statsListener(), @@ -101,7 +102,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { TypeUrl: listenerType, }) - expectedResponse := &envoy_discovery_v3.DiscoveryResponse{ + expectedResponse := &envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster(cluster("default/kuard/443/c6ccd34de5", "default/kuard/securebackend", "default_kuard_443"), caSecret, "subjname", "", nil, nil), ), @@ -113,7 +114,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { // Contour does not use SDS to transmit the CA for upstream validation, issue 1405, // assert that SDS is empty. - c.Request(secretType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(secretType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ // we are asking for all SDS responses, the list is empty so // resources is nil, not []any.Any{} -- an empty slice. Resources: nil, @@ -122,16 +123,16 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { rh.OnDelete(p2) - hp1 := &contour_api_v1.HTTPProxy{ + hp1 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/a")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", }, @@ -142,7 +143,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { rh.OnAdd(hp1) // assert that the insecure listener and the stats listener are present in LDS. - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), statsListener(), @@ -151,7 +152,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { }) // assert that the cluster now has a certificate and subject name. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster(cluster("default/kuard/443/c6ccd34de5", "default/kuard/securebackend", "default_kuard_443"), caSecret, "subjname", "", nil, nil), ), @@ -160,7 +161,7 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { // Contour does not use SDS to transmit the CA for upstream validation, issue 1405, // assert that SDS is empty. - c.Request(secretType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(secretType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ // we are asking for all SDS responses, the list is empty so // resources is nil, not []any.Any{} -- an empty slice. Resources: nil, @@ -173,19 +174,19 @@ func TestClusterServiceTLSBackendCAValidation(t *testing.T) { rh.OnAdd(serverSecret) tcpproxy := fixture.NewProxy("tcpproxy").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: serverSecret.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, Protocol: ref.To("tls"), - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", }, diff --git a/internal/featuretests/v3/backendclientauth_test.go b/internal/featuretests/v3/backendclientauth_test.go index 39f45fb979c..9326f76ad0f 100644 --- a/internal/featuretests/v3/backendclientauth_test.go +++ b/internal/featuretests/v3/backendclientauth_test.go @@ -16,19 +16,20 @@ package v3 import ( "testing" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - projcontour "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + "github.com/sirupsen/logrus" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + "k8s.io/apimachinery/pkg/types" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/ref" - "github.com/sirupsen/logrus" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/types" ) func proxyClientCertificateOpt(t *testing.T) func(*dag.Builder) { @@ -74,20 +75,20 @@ func TestBackendClientAuthenticationWithHTTPProxy(t *testing.T) { rh.OnAdd(caSecret) svc := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 443}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 443}) rh.OnAdd(svc) proxy := fixture.NewProxy("authenticated").WithSpec( - projcontour.HTTPProxySpec{ - VirtualHost: &projcontour.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []projcontour.Route{{ - Services: []projcontour.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, Protocol: ref.To("tls"), - UpstreamValidation: &projcontour.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", }, @@ -96,7 +97,7 @@ func TestBackendClientAuthenticationWithHTTPProxy(t *testing.T) { }) rh.OnAdd(proxy) - expectedResponse := &envoy_discovery_v3.DiscoveryResponse{ + expectedResponse := &envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster(cluster("default/backend/443/950c17581f", "default/backend/http", "default_backend_443"), caSecret, "subjname", "", clientSecret, nil), ), @@ -108,19 +109,19 @@ func TestBackendClientAuthenticationWithHTTPProxy(t *testing.T) { rh.OnDelete(proxy) tcpproxy := fixture.NewProxy("tcpproxy").WithSpec( - projcontour.HTTPProxySpec{ - VirtualHost: &projcontour.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &projcontour.TLS{ + TLS: &contour_v1.TLS{ SecretName: serverSecret.Name, }, }, - TCPProxy: &projcontour.TCPProxy{ - Services: []projcontour.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, Protocol: ref.To("tls"), - UpstreamValidation: &projcontour.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", }, @@ -133,7 +134,7 @@ func TestBackendClientAuthenticationWithHTTPProxy(t *testing.T) { // Test the error branch when Envoy client certificate secret does not exist. rh.OnDelete(clientSecret) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: nil, TypeUrl: clusterType, }) @@ -150,7 +151,7 @@ func TestBackendClientAuthenticationWithIngress(t *testing.T) { svc := fixture.NewService("backend"). Annotate("projectcontour.io/upstream-protocol.tls", "443"). - WithPorts(v1.ServicePort{Name: "http", Port: 443}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 443}) rh.OnAdd(svc) ingress := &networking_v1.Ingress{ @@ -161,7 +162,7 @@ func TestBackendClientAuthenticationWithIngress(t *testing.T) { } rh.OnAdd(ingress) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsClusterWithoutValidation(cluster("default/backend/443/4929fca9d4", "default/backend/http", "default_backend_443"), "", clientSecret, nil), ), @@ -170,7 +171,7 @@ func TestBackendClientAuthenticationWithIngress(t *testing.T) { // Test the error branch when Envoy client certificate secret does not exist. rh.OnDelete(clientSecret) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: nil, TypeUrl: clusterType, }) @@ -186,16 +187,16 @@ func TestBackendClientAuthenticationWithExtensionService(t *testing.T) { rh.OnAdd(caSecret) svc := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "grpc", Port: 6001}) + WithPorts(core_v1.ServicePort{Name: "grpc", Port: 6001}) rh.OnAdd(svc) - ext := &v1alpha1.ExtensionService{ + ext := &contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: svc.Name, Port: 6001}, }, - UpstreamValidation: &projcontour.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", }, @@ -216,19 +217,19 @@ func TestBackendClientAuthenticationWithExtensionService(t *testing.T) { "h2", ), ) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( h2cCluster(cluster("extension/default/ext", "extension/default/ext", "extension_default_ext")), - &envoy_cluster_v3.Cluster{TransportSocket: tlsSocket}, + &envoy_config_cluster_v3.Cluster{TransportSocket: tlsSocket}, ), ), }) // Test the error branch when Envoy client certificate secret does not exist. rh.OnDelete(clientSecret) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: nil, TypeUrl: clusterType, }) diff --git a/internal/featuretests/v3/cluster_test.go b/internal/featuretests/v3/cluster_test.go index 6c16aa8a7e0..5ea19360b91 100644 --- a/internal/featuretests/v3/cluster_test.go +++ b/internal/featuretests/v3/cluster_test.go @@ -16,25 +16,26 @@ package v3 import ( "testing" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/dag" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/featuretests" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" "github.com/sirupsen/logrus" "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/dag" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/featuretests" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" ) // projectcontour/contour#186 @@ -44,10 +45,10 @@ func TestClusterLongServiceName(t *testing.T) { defer done() s1 := fixture.NewService("default/kbujbkuhdod66gjdmwmijz8xzgsx1nkfbrloezdjiulquzk4x3p0nnvpzi8r"). - WithPorts(v1.ServicePort{Port: 8080}) + WithPorts(core_v1.ServicePort{Port: 8080}) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -60,7 +61,7 @@ func TestClusterLongServiceName(t *testing.T) { rh.OnAdd(s1) // check that it's been translated correctly. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kbujbkuh-c83ceb/8080/da39a3ee5e", "default/kbujbkuhdod66gjdmwmijz8xzgsx1nkfbrloezdjiulquzk4x3p0nnvpzi8r", "default_kbujbkuhdod66gjdmwmijz8xzgsx1nkfbrloezdjiulquzk4x3p0nnvpzi8r_8080"), ), @@ -76,10 +77,10 @@ func TestClusterAddUpdateDelete(t *testing.T) { // s1 is a simple tcp 80 -> 8080 service. s1 := fixture.NewService("default/kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -90,7 +91,7 @@ func TestClusterAddUpdateDelete(t *testing.T) { rh.OnAdd(i1) i2 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuarder", Namespace: "default", }, @@ -117,7 +118,7 @@ func TestClusterAddUpdateDelete(t *testing.T) { rh.OnAdd(s1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/80/da39a3ee5e", "default/kuard", "default_kuard_80"), ), @@ -126,13 +127,13 @@ func TestClusterAddUpdateDelete(t *testing.T) { // s2 is the same as s1, but the service port has a name s2 := fixture.NewService("default/kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) // replace s1 with s2 rh.OnUpdate(s1, s2) // check that we get two CDS records because the port is now named. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/80/da39a3ee5e", "default/kuard/http", "default_kuard_80"), ), @@ -143,8 +144,8 @@ func TestClusterAddUpdateDelete(t *testing.T) { // requires all ports to be named if there is more than one of them. s3 := fixture.NewService("default/kuard"). WithPorts( - v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}, - v1.ServicePort{Name: "https", Port: 443, TargetPort: intstr.FromInt(8443)}, + core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}, + core_v1.ServicePort{Name: "https", Port: 443, TargetPort: intstr.FromInt(8443)}, ) // replace s2 with s3 @@ -152,7 +153,7 @@ func TestClusterAddUpdateDelete(t *testing.T) { // check that we get four CDS records. Order is important // because the CDS cache is sorted. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/443/da39a3ee5e", "default/kuard/https", "default_kuard_443"), cluster("default/kuard/80/da39a3ee5e", "default/kuard/http", "default_kuard_80"), @@ -163,7 +164,7 @@ func TestClusterAddUpdateDelete(t *testing.T) { // s4 is s3 with the http port removed. s4 := fixture.NewService("default/kuard"). WithPorts( - v1.ServicePort{Name: "https", Port: 443, TargetPort: intstr.FromInt(8443)}, + core_v1.ServicePort{Name: "https", Port: 443, TargetPort: intstr.FromInt(8443)}, ) // replace s3 with s4 @@ -171,7 +172,7 @@ func TestClusterAddUpdateDelete(t *testing.T) { // check that we get two CDS records only, and that the 80 and http // records have been removed even though the service object remains. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/443/da39a3ee5e", "default/kuard/https", "default_kuard_443"), ), @@ -185,7 +186,7 @@ func TestClusterRenameUpdateDelete(t *testing.T) { defer done() i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -219,13 +220,13 @@ func TestClusterRenameUpdateDelete(t *testing.T) { s1 := fixture.NewService("default/kuard"). WithPorts( - v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}, - v1.ServicePort{Name: "https", Port: 443, TargetPort: intstr.FromInt(8443)}, + core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}, + core_v1.ServicePort{Name: "https", Port: 443, TargetPort: intstr.FromInt(8443)}, ) rh.OnAdd(s1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/443/da39a3ee5e", "default/kuard/https", "default_kuard_443"), cluster("default/kuard/80/da39a3ee5e", "default/kuard/http", "default_kuard_80"), @@ -235,11 +236,11 @@ func TestClusterRenameUpdateDelete(t *testing.T) { // s2 removes the name on port 80, moves it to port 443 and deletes the https port s2 := fixture.NewService("default/kuard"). - WithPorts(v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8080)}) rh.OnUpdate(s1, s2) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/443/da39a3ee5e", "default/kuard", "default_kuard_443"), ), @@ -249,7 +250,7 @@ func TestClusterRenameUpdateDelete(t *testing.T) { // now replace s2 with s1 to check it works in the other direction. rh.OnUpdate(s2, s1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/443/da39a3ee5e", "default/kuard/https", "default_kuard_443"), cluster("default/kuard/80/da39a3ee5e", "default/kuard/http", "default_kuard_80"), @@ -260,7 +261,7 @@ func TestClusterRenameUpdateDelete(t *testing.T) { // cleanup and check rh.OnDelete(s1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: nil, TypeUrl: clusterType, }) @@ -273,10 +274,10 @@ func TestIssue243(t *testing.T) { t.Run("single unnamed service with a different numeric target port", func(t *testing.T) { s1 := fixture.NewService("default/kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -289,7 +290,7 @@ func TestIssue243(t *testing.T) { rh.OnAdd(s1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/80/da39a3ee5e", "default/kuard", "default_kuard_80"), ), @@ -309,10 +310,10 @@ func TestIssue247(t *testing.T) { // protocol: TCP // targetPort: kuard s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("kuard")}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("kuard")}) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -324,7 +325,7 @@ func TestIssue247(t *testing.T) { rh.OnAdd(s1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/80/da39a3ee5e", "default/kuard", "default_kuard_80"), ), @@ -337,12 +338,12 @@ func TestCDSResourceFiltering(t *testing.T) { defer done() s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("kuard")}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("kuard")}) s2 := fixture.NewService("httpbin"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromString("httpbin")}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromString("httpbin")}) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -368,7 +369,7 @@ func TestCDSResourceFiltering(t *testing.T) { rh.OnAdd(s1) rh.OnAdd(s2) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // note, resources are sorted by Cluster.Name cluster("default/httpbin/8080/da39a3ee5e", "default/httpbin", "default_httpbin_8080"), @@ -378,19 +379,19 @@ func TestCDSResourceFiltering(t *testing.T) { }) // assert we can filter on one resource - c.Request(clusterType, "default/kuard/80/da39a3ee5e").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType, "default/kuard/80/da39a3ee5e").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/80/da39a3ee5e", "default/kuard", "default_kuard_80")), TypeUrl: clusterType, }) // assert a non matching filter returns a response with no entries. - c.Request(clusterType, "default/httpbin/9000").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType, "default/httpbin/9000").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, }) } -func circuitBreakerGlobalOpt(t *testing.T, g *contour_api_v1alpha1.GlobalCircuitBreakerDefaults) func(*dag.Builder) { +func circuitBreakerGlobalOpt(t *testing.T, g *contour_v1alpha1.GlobalCircuitBreakerDefaults) func(*dag.Builder) { return func(b *dag.Builder) { log := fixture.NewTestLogger(t) log.SetLevel(logrus.DebugLevel) @@ -413,7 +414,7 @@ func circuitBreakerGlobalOpt(t *testing.T, g *contour_api_v1alpha1.GlobalCircuit } func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { - g := &contour_api_v1alpha1.GlobalCircuitBreakerDefaults{ + g := &contour_v1alpha1.GlobalCircuitBreakerDefaults{ MaxConnections: 13, MaxPendingRequests: 14, MaxRequests: 15, @@ -428,10 +429,10 @@ func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { Annotate("projectcontour.io/max-requests", "404"). Annotate("projectcontour.io/max-retries", "7"). Annotate("projectcontour.io/per-host-max-connections", "45"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromString("8080")}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromString("8080")}) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "kuard", }, @@ -444,24 +445,24 @@ func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { rh.OnAdd(s1) // check that it's been translated correctly. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/8080/da39a3ee5e", AltStatName: "default_kuard_8080", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(9000), MaxPendingRequests: wrapperspb.UInt32(4096), MaxRequests: wrapperspb.UInt32(404), MaxRetries: wrapperspb.UInt32(7), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(45), }}, }, @@ -475,29 +476,29 @@ func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { Annotate("projectcontour.io/max-pending-requests", "9999"). Annotate("projectcontour.io/max-requests", "1e6"). Annotate("projectcontour.io/max-retries", "0"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromString("8080")}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromString("8080")}) rh.OnUpdate(s1, s2) // check that it's been translated correctly. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/8080/da39a3ee5e", AltStatName: "default_kuard_8080", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxPendingRequests: wrapperspb.UInt32(9999), MaxConnections: wrapperspb.UInt32(13), MaxRequests: wrapperspb.UInt32(15), MaxRetries: wrapperspb.UInt32(17), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }), ), @@ -509,29 +510,29 @@ func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { Annotate("projectcontour.io/max-pending-requests", "0"). Annotate("projectcontour.io/max-requests", "0"). Annotate("projectcontour.io/max-retries", "0"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromString("8080")}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromString("8080")}) rh.OnUpdate(s2, s3) // check that it's been translated correctly. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/8080/da39a3ee5e", AltStatName: "default_kuard_8080", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(13), MaxPendingRequests: wrapperspb.UInt32(14), MaxRequests: wrapperspb.UInt32(15), MaxRetries: wrapperspb.UInt32(17), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }), ), @@ -540,7 +541,7 @@ func TestClusterCircuitbreakerAnnotationsIngress(t *testing.T) { } func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { - g := &contour_api_v1alpha1.GlobalCircuitBreakerDefaults{ + g := &contour_v1alpha1.GlobalCircuitBreakerDefaults{ MaxConnections: 13, MaxPendingRequests: 14, MaxRequests: 15, @@ -554,19 +555,19 @@ func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { Annotate("projectcontour.io/max-pending-requests", "4096"). Annotate("projectcontour.io/max-requests", "404"). Annotate("projectcontour.io/max-retries", "7"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) rh.OnAdd( - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "kuard", Port: 80, @@ -580,24 +581,24 @@ func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { rh.OnAdd(s1) // check that it's been translated correctly. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/da39a3ee5e", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(9000), MaxPendingRequests: wrapperspb.UInt32(4096), MaxRequests: wrapperspb.UInt32(404), MaxRetries: wrapperspb.UInt32(7), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }), ), @@ -609,29 +610,29 @@ func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { Annotate("projectcontour.io/max-pending-requests", "9999"). Annotate("projectcontour.io/max-requests", "1e6"). Annotate("projectcontour.io/max-retries", "0"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) rh.OnUpdate(s1, s2) // check that it's been translated correctly. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/da39a3ee5e", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxPendingRequests: wrapperspb.UInt32(9999), MaxConnections: wrapperspb.UInt32(13), MaxRequests: wrapperspb.UInt32(15), MaxRetries: wrapperspb.UInt32(17), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }), ), @@ -643,29 +644,29 @@ func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { Annotate("projectcontour.io/max-pending-requests", "0"). Annotate("projectcontour.io/max-requests", "0"). Annotate("projectcontour.io/max-retries", "0"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) rh.OnUpdate(s2, s3) // check that it's been translated correctly. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/da39a3ee5e", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(13), MaxPendingRequests: wrapperspb.UInt32(14), MaxRequests: wrapperspb.UInt32(15), MaxRetries: wrapperspb.UInt32(17), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }), ), @@ -674,7 +675,7 @@ func TestClusterCircuitbreakerAnnotationsHTTPProxy(t *testing.T) { } func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { - g := &contour_api_v1alpha1.GlobalCircuitBreakerDefaults{ + g := &contour_v1alpha1.GlobalCircuitBreakerDefaults{ MaxConnections: 13, MaxPendingRequests: 14, MaxRequests: 15, @@ -688,27 +689,27 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { Annotate("projectcontour.io/max-pending-requests", "4096"). Annotate("projectcontour.io/max-requests", "404"). Annotate("projectcontour.io/max-retries", "7"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) gc := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, } gt := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -732,7 +733,7 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { rh.OnAdd(gt) rh.OnAdd(&gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -757,24 +758,24 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { rh.OnAdd(s1) // check that it's been translated correctly. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/da39a3ee5e", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(9000), MaxPendingRequests: wrapperspb.UInt32(4096), MaxRequests: wrapperspb.UInt32(404), MaxRetries: wrapperspb.UInt32(7), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }), ), @@ -786,29 +787,29 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { Annotate("projectcontour.io/max-pending-requests", "9999"). Annotate("projectcontour.io/max-requests", "1e6"). Annotate("projectcontour.io/max-retries", "0"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) rh.OnUpdate(s1, s2) // check that it's been translated correctly. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/da39a3ee5e", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxPendingRequests: wrapperspb.UInt32(9999), MaxConnections: wrapperspb.UInt32(13), MaxRequests: wrapperspb.UInt32(15), MaxRetries: wrapperspb.UInt32(17), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }), ), @@ -820,29 +821,29 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { Annotate("projectcontour.io/max-pending-requests", "0"). Annotate("projectcontour.io/max-requests", "0"). Annotate("projectcontour.io/max-retries", "0"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) rh.OnUpdate(s2, s3) // check that it's been translated correctly. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/da39a3ee5e", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(13), MaxPendingRequests: wrapperspb.UInt32(14), MaxRequests: wrapperspb.UInt32(15), MaxRetries: wrapperspb.UInt32(17), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{}}, + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{}}, }, }), ), @@ -857,30 +858,30 @@ func TestClusterPerServiceParameters(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}), ) - rh.OnAdd(&contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + rh.OnAdd(&contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, Weight: 90, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, Weight: 60, @@ -889,7 +890,7 @@ func TestClusterPerServiceParameters(t *testing.T) { }, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // note, resources are sorted by Cluster.Name cluster("default/kuard/80/da39a3ee5e", "default/kuard", "default_kuard_80"), @@ -905,35 +906,35 @@ func TestClusterLoadBalancerStrategyPerRoute(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}), ) - rh.OnAdd(&contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + rh.OnAdd(&contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "Random", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/b", }}, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "WeightedLeastRequest", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, }}, @@ -941,27 +942,27 @@ func TestClusterLoadBalancerStrategyPerRoute(t *testing.T) { }, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/58d888c08a", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - LbPolicy: envoy_cluster_v3.Cluster_RANDOM, + LbPolicy: envoy_config_cluster_v3.Cluster_RANDOM, }), - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/8bf87fefba", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, - LbPolicy: envoy_cluster_v3.Cluster_LEAST_REQUEST, + LbPolicy: envoy_config_cluster_v3.Cluster_LEAST_REQUEST, }), ), TypeUrl: clusterType, @@ -973,20 +974,20 @@ func TestClusterWithHealthChecks(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}), ) // proxy1 has a basic health check policy. - proxy1 := fixture.NewProxy("default/simple").WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + proxy1 := fixture.NewProxy("default/simple").WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - HealthCheckPolicy: &contour_api_v1.HTTPHealthCheckPolicy{ + HealthCheckPolicy: &contour_v1.HTTPHealthCheckPolicy{ Path: "/healthz", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, Weight: 90, @@ -997,7 +998,7 @@ func TestClusterWithHealthChecks(t *testing.T) { rh.OnAdd(proxy1) c.Status(proxy1).IsValid() - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, clusterWithHealthCheck("default/kuard/80/bc862a33ca", "default/kuard", "default_kuard_80", "/healthz", nil), ), @@ -1005,20 +1006,20 @@ func TestClusterWithHealthChecks(t *testing.T) { }) // proxy2 has valid expected status ranges. - proxy2 := fixture.NewProxy("default/simple").WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + proxy2 := fixture.NewProxy("default/simple").WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - HealthCheckPolicy: &contour_api_v1.HTTPHealthCheckPolicy{ + HealthCheckPolicy: &contour_v1.HTTPHealthCheckPolicy{ Path: "/healthz", - ExpectedStatuses: []contour_api_v1.HTTPStatusRange{ + ExpectedStatuses: []contour_v1.HTTPStatusRange{ {Start: 200, End: 300}, {Start: 500, End: 600}, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, Weight: 90, @@ -1029,7 +1030,7 @@ func TestClusterWithHealthChecks(t *testing.T) { rh.OnUpdate(proxy1, proxy2) c.Status(proxy2).IsValid() - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, clusterWithHealthCheck("default/kuard/80/bc862a33ca", "default/kuard", "default_kuard_80", "/healthz", []*envoy_type_v3.Int64Range{ {Start: 200, End: 300}, @@ -1040,20 +1041,20 @@ func TestClusterWithHealthChecks(t *testing.T) { }) // proxy3 has an invalid expected status range (end is too large). - proxy3 := fixture.NewProxy("default/simple").WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + proxy3 := fixture.NewProxy("default/simple").WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - HealthCheckPolicy: &contour_api_v1.HTTPHealthCheckPolicy{ + HealthCheckPolicy: &contour_v1.HTTPHealthCheckPolicy{ Path: "/healthz", - ExpectedStatuses: []contour_api_v1.HTTPStatusRange{ + ExpectedStatuses: []contour_v1.HTTPStatusRange{ {Start: 200, End: 300}, {Start: 500, End: 601}, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, Weight: 90, @@ -1062,24 +1063,24 @@ func TestClusterWithHealthChecks(t *testing.T) { }) rh.OnUpdate(proxy2, proxy3) - c.Status(proxy3).HasError(contour_api_v1.ConditionTypeRouteError, "HealthCheckPolicyInvalid", "invalid expected status range: end must be in the range [101, 600]") - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{}) + c.Status(proxy3).HasError(contour_v1.ConditionTypeRouteError, "HealthCheckPolicyInvalid", "invalid expected status range: end must be in the range [101, 600]") + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{}) // proxy4 has an invalid expected status range (start is too small). - proxy4 := fixture.NewProxy("default/simple").WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + proxy4 := fixture.NewProxy("default/simple").WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - HealthCheckPolicy: &contour_api_v1.HTTPHealthCheckPolicy{ + HealthCheckPolicy: &contour_v1.HTTPHealthCheckPolicy{ Path: "/healthz", - ExpectedStatuses: []contour_api_v1.HTTPStatusRange{ + ExpectedStatuses: []contour_v1.HTTPStatusRange{ {Start: 99, End: 300}, {Start: 599, End: 600}, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, Weight: 90, @@ -1088,8 +1089,8 @@ func TestClusterWithHealthChecks(t *testing.T) { }) rh.OnUpdate(proxy3, proxy4) - c.Status(proxy4).HasError(contour_api_v1.ConditionTypeRouteError, "HealthCheckPolicyInvalid", "invalid expected status range: start must be in the range [100, 599]") - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{}) + c.Status(proxy4).HasError(contour_v1.ConditionTypeRouteError, "HealthCheckPolicyInvalid", "invalid expected status range: start must be in the range [100, 599]") + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{}) } // Test processing a service that exists but is not referenced @@ -1102,30 +1103,30 @@ func TestUnreferencedService(t *testing.T) { // This service which is added should cause a DAG rebuild s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) rh.OnAdd(s1) - rh.OnAdd(&contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + rh.OnAdd(&contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "www.example.com"}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "www.example.com"}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, Weight: 90, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/b", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, Weight: 60, @@ -1135,7 +1136,7 @@ func TestUnreferencedService(t *testing.T) { }) res := c.Request(clusterType) - res.Equals(&envoy_discovery_v3.DiscoveryResponse{ + res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/80/da39a3ee5e", "default/kuard", "default_kuard_80"), ), @@ -1144,11 +1145,11 @@ func TestUnreferencedService(t *testing.T) { res.assertEqualVersion(t, "1") // This service which is added should not cause a DAG rebuild s2 := fixture.NewService("kuard-notreferenced"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s2) res = c.Request(clusterType) - res.Equals(&envoy_discovery_v3.DiscoveryResponse{ + res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/80/da39a3ee5e", "default/kuard", "default_kuard_80"), ), @@ -1159,7 +1160,7 @@ func TestUnreferencedService(t *testing.T) { // does not trigger a rebuild rh.OnDelete(s2) res = c.Request(clusterType) - res.Equals(&envoy_discovery_v3.DiscoveryResponse{ + res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/80/da39a3ee5e", "default/kuard", "default_kuard_80"), ), diff --git a/internal/featuretests/v3/corspolicy_test.go b/internal/featuretests/v3/corspolicy_test.go index 11adda20ddf..710db4a5aa7 100644 --- a/internal/featuretests/v3/corspolicy_test.go +++ b/internal/featuretests/v3/corspolicy_test.go @@ -16,16 +16,17 @@ package v3 import ( "testing" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/fixture" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/fixture" ) func TestCorsPolicy(t *testing.T) { @@ -33,20 +34,20 @@ func TestCorsPolicy(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) // Allow origin rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, }, - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -54,22 +55,22 @@ func TestCorsPolicy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("hello.world", - &envoy_cors_v3.CorsPolicy{ + &envoy_filter_http_cors_v3.CorsPolicy{ AllowCredentials: &wrapperspb.BoolValue{Value: false}, AllowPrivateNetworkAccess: &wrapperspb.BoolValue{Value: false}, - AllowOriginStringMatch: []*matcher.StringMatcher{{ - MatchPattern: &matcher.StringMatcher_Exact{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, }}, AllowMethods: "GET", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/svc1/80/da39a3ee5e"), }), @@ -80,15 +81,15 @@ func TestCorsPolicy(t *testing.T) { // More advanced allow origin usage. rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"http://example.com", `https://example-[abcd]+\.org`}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, }, - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -96,23 +97,23 @@ func TestCorsPolicy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("hello.world", - &envoy_cors_v3.CorsPolicy{ + &envoy_filter_http_cors_v3.CorsPolicy{ AllowCredentials: &wrapperspb.BoolValue{Value: false}, AllowPrivateNetworkAccess: &wrapperspb.BoolValue{Value: false}, - AllowOriginStringMatch: []*matcher.StringMatcher{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "http://example.com", }, IgnoreCase: true, }, { - MatchPattern: &matcher.StringMatcher_SafeRegex{ - SafeRegex: &matcher.RegexMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: &envoy_matcher_v3.RegexMatcher{ Regex: `https://example-[abcd]+\.org`, }, }, @@ -120,7 +121,7 @@ func TestCorsPolicy(t *testing.T) { }, AllowMethods: "GET", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/svc1/80/da39a3ee5e"), }), @@ -131,16 +132,16 @@ func TestCorsPolicy(t *testing.T) { // Allow credentials rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowCredentials: true, }, - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -148,13 +149,13 @@ func TestCorsPolicy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("hello.world", - &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{{ - MatchPattern: &matcher.StringMatcher_Exact{ + &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -163,7 +164,7 @@ func TestCorsPolicy(t *testing.T) { AllowPrivateNetworkAccess: &wrapperspb.BoolValue{Value: false}, AllowMethods: "GET", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/svc1/80/da39a3ee5e"), }), @@ -174,16 +175,16 @@ func TestCorsPolicy(t *testing.T) { // Allow methods rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, AllowCredentials: true, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET", "POST", "OPTIONS"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET", "POST", "OPTIONS"}, }, - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -191,13 +192,13 @@ func TestCorsPolicy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("hello.world", - &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{{ - MatchPattern: &matcher.StringMatcher_Exact{ + &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -206,7 +207,7 @@ func TestCorsPolicy(t *testing.T) { AllowPrivateNetworkAccess: &wrapperspb.BoolValue{Value: false}, AllowMethods: "GET,POST,OPTIONS", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/svc1/80/da39a3ee5e"), }), @@ -217,17 +218,17 @@ func TestCorsPolicy(t *testing.T) { // Allow headers rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowCredentials: true, - AllowHeaders: []contour_api_v1.CORSHeaderValue{"custom-header-1", "custom-header-2"}, + AllowHeaders: []contour_v1.CORSHeaderValue{"custom-header-1", "custom-header-2"}, }, - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -235,13 +236,13 @@ func TestCorsPolicy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("hello.world", - &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{{ - MatchPattern: &matcher.StringMatcher_Exact{ + &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -251,7 +252,7 @@ func TestCorsPolicy(t *testing.T) { AllowHeaders: "custom-header-1,custom-header-2", AllowMethods: "GET", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/svc1/80/da39a3ee5e"), }), @@ -262,17 +263,17 @@ func TestCorsPolicy(t *testing.T) { // Expose headers rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowCredentials: true, - ExposeHeaders: []contour_api_v1.CORSHeaderValue{"custom-header-1", "custom-header-2"}, + ExposeHeaders: []contour_v1.CORSHeaderValue{"custom-header-1", "custom-header-2"}, }, - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -280,14 +281,14 @@ func TestCorsPolicy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("hello.world", - &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{ + &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{ { - MatchPattern: &matcher.StringMatcher_Exact{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -298,7 +299,7 @@ func TestCorsPolicy(t *testing.T) { ExposeHeaders: "custom-header-1,custom-header-2", AllowMethods: "GET", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/svc1/80/da39a3ee5e"), }), @@ -309,17 +310,17 @@ func TestCorsPolicy(t *testing.T) { // Max Age rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowCredentials: true, MaxAge: "10m", }, - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -327,13 +328,13 @@ func TestCorsPolicy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("hello.world", - &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{{ - MatchPattern: &matcher.StringMatcher_Exact{ + &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -343,7 +344,7 @@ func TestCorsPolicy(t *testing.T) { MaxAge: "600", AllowMethods: "GET", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/svc1/80/da39a3ee5e"), }), @@ -354,29 +355,29 @@ func TestCorsPolicy(t *testing.T) { // Allow PrivateNetworkAccess rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowPrivateNetwork: true, }, - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, }}, })) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("hello.world", - &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{{ - MatchPattern: &matcher.StringMatcher_Exact{ + &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -385,7 +386,7 @@ func TestCorsPolicy(t *testing.T) { AllowCredentials: &wrapperspb.BoolValue{Value: false}, AllowPrivateNetworkAccess: &wrapperspb.BoolValue{Value: true}, }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/svc1/80/da39a3ee5e"), }), @@ -396,17 +397,17 @@ func TestCorsPolicy(t *testing.T) { // Disable preflight request caching rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowCredentials: true, MaxAge: "0s", }, - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -414,13 +415,13 @@ func TestCorsPolicy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("hello.world", - &envoy_cors_v3.CorsPolicy{ - AllowOriginStringMatch: []*matcher.StringMatcher{{ - MatchPattern: &matcher.StringMatcher_Exact{ + &envoy_filter_http_cors_v3.CorsPolicy{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, @@ -430,7 +431,7 @@ func TestCorsPolicy(t *testing.T) { MaxAge: "0", AllowMethods: "GET", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/svc1/80/da39a3ee5e"), }), @@ -440,19 +441,19 @@ func TestCorsPolicy(t *testing.T) { }) // Virtual hosts with an invalid max age in their policy are not added - invvhost := &contour_api_v1.HTTPProxy{ + invvhost := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET"}, AllowCredentials: true, MaxAge: "-10m", }, - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -462,7 +463,7 @@ func TestCorsPolicy(t *testing.T) { rh.OnAdd(invvhost) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http")), TypeUrl: routeType, diff --git a/internal/featuretests/v3/directresponsepolicy_test.go b/internal/featuretests/v3/directresponsepolicy_test.go index 564dca3951e..c6375cf881a 100644 --- a/internal/featuretests/v3/directresponsepolicy_test.go +++ b/internal/featuretests/v3/directresponsepolicy_test.go @@ -16,14 +16,15 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestDirectResponsePolicy_HTTProxy(t *testing.T) { @@ -31,14 +32,14 @@ func TestDirectResponsePolicy_HTTProxy(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) proxy403 := fixture.NewProxy("simple-403").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "directresponse.projectcontour.io"}, - Routes: []contour_api_v1.Route{{ - DirectResponsePolicy: &contour_api_v1.HTTPDirectResponsePolicy{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "directresponse.projectcontour.io"}, + Routes: []contour_v1.Route{{ + DirectResponsePolicy: &contour_v1.HTTPDirectResponsePolicy{ StatusCode: 403, Body: "forbidden", }, @@ -47,18 +48,18 @@ func TestDirectResponsePolicy_HTTProxy(t *testing.T) { rh.OnAdd(proxy403) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("directresponse.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_DirectResponse{ - DirectResponse: &envoy_route_v3.DirectResponseAction{ + Action: &envoy_config_route_v3.Route_DirectResponse{ + DirectResponse: &envoy_config_route_v3.DirectResponseAction{ Status: 403, - Body: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineString{ + Body: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineString{ InlineString: "forbidden", }, }, @@ -72,10 +73,10 @@ func TestDirectResponsePolicy_HTTProxy(t *testing.T) { }) proxyNobody := fixture.NewProxy("simple-nobody").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "directresponse.projectcontour.io"}, - Routes: []contour_api_v1.Route{{ - DirectResponsePolicy: &contour_api_v1.HTTPDirectResponsePolicy{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "directresponse.projectcontour.io"}, + Routes: []contour_v1.Route{{ + DirectResponsePolicy: &contour_v1.HTTPDirectResponsePolicy{ StatusCode: 200, }, }}, @@ -83,15 +84,15 @@ func TestDirectResponsePolicy_HTTProxy(t *testing.T) { rh.OnUpdate(proxy403, proxyNobody) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("directresponse.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_DirectResponse{ - DirectResponse: &envoy_route_v3.DirectResponseAction{ + Action: &envoy_config_route_v3.Route_DirectResponse{ + DirectResponse: &envoy_config_route_v3.DirectResponseAction{ Status: 200, }, }, @@ -103,14 +104,14 @@ func TestDirectResponsePolicy_HTTProxy(t *testing.T) { }) proxyInvalid := fixture.NewProxy("simple-multiple-match").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "directresponse.projectcontour.io"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "directresponse.projectcontour.io"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, - DirectResponsePolicy: &contour_api_v1.HTTPDirectResponsePolicy{ + DirectResponsePolicy: &contour_v1.HTTPDirectResponsePolicy{ StatusCode: 200, }, }}, @@ -118,7 +119,7 @@ func TestDirectResponsePolicy_HTTProxy(t *testing.T) { rh.OnUpdate(proxyNobody, proxyInvalid) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), diff --git a/internal/featuretests/v3/downstreamvalidation_test.go b/internal/featuretests/v3/downstreamvalidation_test.go index 3642c488b31..ef1d6028a26 100644 --- a/internal/featuretests/v3/downstreamvalidation_test.go +++ b/internal/featuretests/v3/downstreamvalidation_test.go @@ -16,15 +16,16 @@ package v3 import ( "testing" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestDownstreamTLSCertificateValidation(t *testing.T) { @@ -38,22 +39,22 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { rh.OnAdd(clientCASecret) service := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(service) proxy1 := fixture.NewProxy("example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: serverTLSSecret.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: clientCASecret.Name, }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -62,7 +63,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { rh.OnAdd(proxy1) - ingressHTTPS := &envoy_listener_v3.Listener{ + ingressHTTPS := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -84,7 +85,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPS, @@ -94,18 +95,18 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }).Status(proxy1).IsValid() proxy2 := fixture.NewProxy("example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: serverTLSSecret.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ SkipClientCertValidation: true, }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -114,7 +115,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { rh.OnUpdate(proxy1, proxy2) - ingressHTTPSSkipVerify := &envoy_listener_v3.Listener{ + ingressHTTPSSkipVerify := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -132,7 +133,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPSSkipVerify, @@ -142,19 +143,19 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }).Status(proxy2).IsValid() proxy3 := fixture.NewProxy("example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: serverTLSSecret.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ SkipClientCertValidation: true, CACertificate: clientCASecret.Name, }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -162,7 +163,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }) rh.OnUpdate(proxy2, proxy3) - ingressHTTPSSkipVerifyWithCA := &envoy_listener_v3.Listener{ + ingressHTTPSSkipVerifyWithCA := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -185,7 +186,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPSSkipVerifyWithCA, @@ -198,19 +199,19 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { rh.OnAdd(crlSecret) proxy4 := fixture.NewProxy("example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: serverTLSSecret.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: clientCASecret.Name, CertificateRevocationList: crlSecret.Name, }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -218,7 +219,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }) rh.OnUpdate(proxy3, proxy4) - ingressHTTPSWithCRLandCA := &envoy_listener_v3.Listener{ + ingressHTTPSWithCRLandCA := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -242,7 +243,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPSWithCRLandCA, @@ -251,20 +252,20 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }).Status(proxy4).IsValid() proxy5 := fixture.NewProxy("example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: serverTLSSecret.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: clientCASecret.Name, CertificateRevocationList: crlSecret.Name, OnlyVerifyLeafCertCrl: true, }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -272,7 +273,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }) rh.OnUpdate(proxy4, proxy5) - ingressHTTPSWithLeafCRLandCA := &envoy_listener_v3.Listener{ + ingressHTTPSWithLeafCRLandCA := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -297,7 +298,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPSWithLeafCRLandCA, @@ -306,19 +307,19 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }).Status(proxy5).IsValid() proxy6 := fixture.NewProxy("example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: serverTLSSecret.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: clientCASecret.Name, OptionalClientCertificate: true, }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -326,7 +327,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }) rh.OnUpdate(proxy5, proxy6) - ingressHTTPSOptionalVerify := &envoy_listener_v3.Listener{ + ingressHTTPSOptionalVerify := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -348,7 +349,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPSOptionalVerify, @@ -357,14 +358,14 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }).Status(proxy6).IsValid() proxy7 := fixture.NewProxy("example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: serverTLSSecret.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: clientCASecret.Name, - ForwardClientCertificate: &contour_api_v1.ClientCertificateDetails{ + ForwardClientCertificate: &contour_v1.ClientCertificateDetails{ Subject: true, Cert: true, Chain: true, @@ -374,8 +375,8 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -383,7 +384,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }) rh.OnUpdate(proxy6, proxy7) - ingressHTTPSForwardClientCert := &envoy_listener_v3.Listener{ + ingressHTTPSForwardClientCert := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -410,7 +411,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPSForwardClientCert, @@ -419,14 +420,14 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }).Status(proxy7).IsValid() proxy8 := fixture.NewProxy("example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: serverTLSSecret.Name, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ SkipClientCertValidation: true, - ForwardClientCertificate: &contour_api_v1.ClientCertificateDetails{ + ForwardClientCertificate: &contour_v1.ClientCertificateDetails{ Subject: true, DNS: true, URI: true, @@ -434,8 +435,8 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -443,7 +444,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { }) rh.OnUpdate(proxy7, proxy8) - ingressHTTPSForwardClientCertSkipValidation := &envoy_listener_v3.Listener{ + ingressHTTPSForwardClientCertSkipValidation := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -464,7 +465,7 @@ func TestDownstreamTLSCertificateValidation(t *testing.T) { ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPSForwardClientCertSkipValidation, diff --git a/internal/featuretests/v3/endpoints_test.go b/internal/featuretests/v3/endpoints_test.go index ad077051718..4a1ee075aaa 100644 --- a/internal/featuretests/v3/endpoints_test.go +++ b/internal/featuretests/v3/endpoints_test.go @@ -16,13 +16,14 @@ package v3 import ( "testing" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" ) // test that adding and removing endpoints don't leave objects @@ -32,15 +33,15 @@ func TestAddRemoveEndpoints(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud"). - WithPorts(v1.ServicePort{Name: "https", Port: 8443}, - v1.ServicePort{Name: "http", Port: 8000}), + WithPorts(core_v1.ServicePort{Name: "https", Port: 8443}, + core_v1.ServicePort{Name: "http", Port: 8000}), ) rh.OnAdd(fixture.NewProxy("super-long-namespace-name-oh-boy/proxy"). WithFQDN("proxy.example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "what-a-descriptive-service-name-you-must-be-so-proud", Port: 8000, }, { @@ -57,7 +58,7 @@ func TestAddRemoveEndpoints(t *testing.T) { e1 := featuretests.Endpoints( "super-long-namespace-name-oh-boy", "what-a-descriptive-service-name-you-must-be-so-proud", - v1.EndpointSubset{ + core_v1.EndpointSubset{ Addresses: featuretests.Addresses( "172.16.0.2", "172.16.0.1", @@ -72,16 +73,16 @@ func TestAddRemoveEndpoints(t *testing.T) { rh.OnAdd(e1) // check that it's been translated correctly. - c.Request(endpointType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(endpointType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/http", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("172.16.0.1", 8000), // endpoints and cluster names should be sorted envoy_v3.SocketAddress("172.16.0.2", 8000), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/https", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("172.16.0.1", 8443), @@ -95,7 +96,7 @@ func TestAddRemoveEndpoints(t *testing.T) { // remove e1 and check that the EDS cache is now empty. rh.OnDelete(e1) - c.Request(endpointType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(endpointType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/http"), envoy_v3.ClusterLoadAssignment("super-long-namespace-name-oh-boy/what-a-descriptive-service-name-you-must-be-so-proud/https"), @@ -109,26 +110,26 @@ func TestAddEndpointComplicated(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Name: "foo", Port: 8080}, - v1.ServicePort{Name: "admin", Port: 9000}), + WithPorts(core_v1.ServicePort{Name: "foo", Port: 8080}, + core_v1.ServicePort{Name: "admin", Port: 9000}), ) rh.OnAdd(fixture.NewProxy("kuard"). WithFQDN("kuard.example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/foo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/admin", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 9000, }}, @@ -139,7 +140,7 @@ func TestAddEndpointComplicated(t *testing.T) { e1 := featuretests.Endpoints( "default", "kuard", - v1.EndpointSubset{ + core_v1.EndpointSubset{ Addresses: featuretests.Addresses( "10.48.1.78", ), @@ -150,7 +151,7 @@ func TestAddEndpointComplicated(t *testing.T) { featuretests.Port("foo", 8080), ), }, - v1.EndpointSubset{ + core_v1.EndpointSubset{ Addresses: featuretests.Addresses( "10.48.1.78", "10.48.1.77", @@ -163,17 +164,17 @@ func TestAddEndpointComplicated(t *testing.T) { rh.OnAdd(e1) - c.Request(endpointType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(endpointType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: endpointType, Resources: resources(t, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/kuard/admin", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.48.1.77", 9000), envoy_v3.SocketAddress("10.48.1.78", 9000), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/kuard/foo", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.48.1.78", 8080), @@ -188,15 +189,15 @@ func TestEndpointFilter(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("default/kuard").WithPorts( - v1.ServicePort{Name: "foo", Port: 8080}, - v1.ServicePort{Name: "admin", Port: 9000}, + core_v1.ServicePort{Name: "foo", Port: 8080}, + core_v1.ServicePort{Name: "admin", Port: 9000}, )) rh.OnAdd(fixture.NewProxy("default/kuard"). WithFQDN("kuard.example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -209,7 +210,7 @@ func TestEndpointFilter(t *testing.T) { rh.OnAdd(featuretests.Endpoints( "default", "kuard", - v1.EndpointSubset{ + core_v1.EndpointSubset{ Addresses: featuretests.Addresses( "10.48.1.78", ), @@ -220,7 +221,7 @@ func TestEndpointFilter(t *testing.T) { featuretests.Port("foo", 8080), ), }, - v1.EndpointSubset{ + core_v1.EndpointSubset{ Addresses: featuretests.Addresses( "10.48.1.77", "10.48.1.78", @@ -231,17 +232,17 @@ func TestEndpointFilter(t *testing.T) { }, )) - c.Request(endpointType, "default/kuard/foo").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(endpointType, "default/kuard/foo").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: endpointType, Resources: resources(t, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/kuard/foo", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.48.1.78", 8080)), }, ), }) - c.Request(endpointType, "default/kuard/bar").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(endpointType, "default/kuard/bar").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: endpointType, Resources: resources(t, envoy_v3.ClusterLoadAssignment("default/kuard/bar"), @@ -256,14 +257,14 @@ func TestIssue602(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("simple").WithPorts( - v1.ServicePort{Port: 8080}, + core_v1.ServicePort{Port: 8080}, )) rh.OnAdd(fixture.NewProxy("simple"). WithFQDN("simple.example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "simple", Port: 8080, }}, @@ -271,7 +272,7 @@ func TestIssue602(t *testing.T) { }), ) - e1 := featuretests.Endpoints("default", "simple", v1.EndpointSubset{ + e1 := featuretests.Endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: featuretests.Addresses("192.168.183.24"), Ports: featuretests.Ports( featuretests.Port("", 8080), @@ -280,9 +281,9 @@ func TestIssue602(t *testing.T) { rh.OnAdd(e1) // Assert endpoint was added - c.Request(endpointType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(endpointType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, @@ -294,7 +295,7 @@ func TestIssue602(t *testing.T) { e2 := featuretests.Endpoints("default", "simple") rh.OnUpdate(e1, e2) - c.Request(endpointType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(endpointType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.ClusterLoadAssignment("default/simple")), TypeUrl: endpointType, }) diff --git a/internal/featuretests/v3/envoy.go b/internal/featuretests/v3/envoy.go index 5e2cc4d3da3..6d3187a66bd 100644 --- a/internal/featuretests/v3/envoy.go +++ b/internal/featuretests/v3/envoy.go @@ -19,40 +19,40 @@ import ( "path" "time" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" + envoy_filter_http_jwt_authn_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_filter_network_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_upstream_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" - - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_config_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" - envoy_jwt_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - envoy_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - envoy_extensions_upstream_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/dag" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/protobuf" - xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/dag" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/protobuf" + xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" ) // DefaultCluster returns a copy of the default Cluster, with each // Cluster given in the parameter slice merged on top. This makes it // relatively fluent to compose Clusters by tweaking a few fields. -func DefaultCluster(clusters ...*envoy_cluster_v3.Cluster) *envoy_cluster_v3.Cluster { +func DefaultCluster(clusters ...*envoy_config_cluster_v3.Cluster) *envoy_config_cluster_v3.Cluster { // NOTE: Keep this in sync with envoy.defaultCluster(). - defaults := &envoy_cluster_v3.Cluster{ + defaults := &envoy_config_cluster_v3.Cluster{ ConnectTimeout: durationpb.New(2 * time.Second), - LbPolicy: envoy_cluster_v3.Cluster_ROUND_ROBIN, + LbPolicy: envoy_config_cluster_v3.Cluster_ROUND_ROBIN, CommonLbConfig: envoy_v3.ClusterCommonLBConfig(), } @@ -63,15 +63,15 @@ func DefaultCluster(clusters ...*envoy_cluster_v3.Cluster) *envoy_cluster_v3.Clu return defaults } -func clusterWithHealthCheck(name, servicename, statName, healthCheckPath string, expectedStatuses []*envoy_type_v3.Int64Range) *envoy_cluster_v3.Cluster { +func clusterWithHealthCheck(name, servicename, statName, healthCheckPath string, expectedStatuses []*envoy_type_v3.Int64Range) *envoy_config_cluster_v3.Cluster { c := cluster(name, servicename, statName) - c.HealthChecks = []*envoy_core_v3.HealthCheck{{ + c.HealthChecks = []*envoy_config_core_v3.HealthCheck{{ Timeout: durationpb.New(2 * time.Second), Interval: durationpb.New(10 * time.Second), UnhealthyThreshold: wrapperspb.UInt32(3), HealthyThreshold: wrapperspb.UInt32(2), - HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ Host: "contour-envoy-healthcheck", Path: healthCheckPath, ExpectedStatuses: expectedStatuses, @@ -82,12 +82,12 @@ func clusterWithHealthCheck(name, servicename, statName, healthCheckPath string, return c } -func externalNameCluster(name, servicename, statName, externalName string, port int) *envoy_cluster_v3.Cluster { - return DefaultCluster(&envoy_cluster_v3.Cluster{ +func externalNameCluster(name, servicename, statName, externalName string, port int) *envoy_config_cluster_v3.Cluster { + return DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: name, - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_STRICT_DNS), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_STRICT_DNS), AltStatName: statName, - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: servicename, Endpoints: envoy_v3.Endpoints( envoy_v3.SocketAddress(externalName, port), @@ -96,10 +96,10 @@ func externalNameCluster(name, servicename, statName, externalName string, port }) } -func routeCluster(cluster string, opts ...func(*envoy_route_v3.Route_Route)) *envoy_route_v3.Route_Route { - r := &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ +func routeCluster(cluster string, opts ...func(*envoy_config_route_v3.Route_Route)) *envoy_config_route_v3.Route_Route { + r := &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: cluster, }, }, @@ -112,7 +112,7 @@ func routeCluster(cluster string, opts ...func(*envoy_route_v3.Route_Route)) *en return r } -func routePrefix(prefix string) *envoy_route_v3.RouteMatch { +func routePrefix(prefix string) *envoy_config_route_v3.RouteMatch { return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.PrefixMatchCondition{ Prefix: prefix, @@ -120,7 +120,7 @@ func routePrefix(prefix string) *envoy_route_v3.RouteMatch { }) } -func routePrefixWithHeaderConditions(prefix string, headers ...dag.HeaderMatchCondition) *envoy_route_v3.RouteMatch { +func routePrefixWithHeaderConditions(prefix string, headers ...dag.HeaderMatchCondition) *envoy_config_route_v3.RouteMatch { return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.PrefixMatchCondition{ Prefix: prefix, @@ -129,7 +129,7 @@ func routePrefixWithHeaderConditions(prefix string, headers ...dag.HeaderMatchCo }) } -func routePrefixWithQueryParameterConditions(prefix string, queryParams ...dag.QueryParamMatchCondition) *envoy_route_v3.RouteMatch { +func routePrefixWithQueryParameterConditions(prefix string, queryParams ...dag.QueryParamMatchCondition) *envoy_config_route_v3.RouteMatch { return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.PrefixMatchCondition{ Prefix: prefix, @@ -138,52 +138,52 @@ func routePrefixWithQueryParameterConditions(prefix string, queryParams ...dag.Q }) } -func routeSegmentPrefix(prefix string) *envoy_route_v3.RouteMatch { - return &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_PathSeparatedPrefix{ +func routeSegmentPrefix(prefix string) *envoy_config_route_v3.RouteMatch { + return &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_PathSeparatedPrefix{ PathSeparatedPrefix: prefix, }, } } -func routeHostRewrite(cluster, newHostName string) *envoy_route_v3.Route_Route { - return &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{Cluster: cluster}, - HostRewriteSpecifier: &envoy_route_v3.RouteAction_HostRewriteLiteral{HostRewriteLiteral: newHostName}, +func routeHostRewrite(cluster, newHostName string) *envoy_config_route_v3.Route_Route { + return &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{Cluster: cluster}, + HostRewriteSpecifier: &envoy_config_route_v3.RouteAction_HostRewriteLiteral{HostRewriteLiteral: newHostName}, }, } } -func routeHostRewriteHeader(cluster, hostnameHeader string) *envoy_route_v3.Route_Route { - return &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{Cluster: cluster}, - HostRewriteSpecifier: &envoy_route_v3.RouteAction_HostRewriteHeader{HostRewriteHeader: hostnameHeader}, +func routeHostRewriteHeader(cluster, hostnameHeader string) *envoy_config_route_v3.Route_Route { + return &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{Cluster: cluster}, + HostRewriteSpecifier: &envoy_config_route_v3.RouteAction_HostRewriteHeader{HostRewriteHeader: hostnameHeader}, }, } } -func upgradeHTTPS(match *envoy_route_v3.RouteMatch) *envoy_route_v3.Route { - return &envoy_route_v3.Route{ +func upgradeHTTPS(match *envoy_config_route_v3.RouteMatch) *envoy_config_route_v3.Route { + return &envoy_config_route_v3.Route{ Match: match, Action: envoy_v3.UpgradeHTTPS(), } } -func cluster(name, servicename, statName string) *envoy_cluster_v3.Cluster { - return DefaultCluster(&envoy_cluster_v3.Cluster{ +func cluster(name, servicename, statName string) *envoy_config_cluster_v3.Cluster { + return DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: name, - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: statName, - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: servicename, }, }) } -func tlsCluster(c *envoy_cluster_v3.Cluster, ca *v1.Secret, subjectName, sni string, clientSecret *v1.Secret, upstreamTLS *dag.UpstreamTLS, alpnProtocols ...string) *envoy_cluster_v3.Cluster { +func tlsCluster(c *envoy_config_cluster_v3.Cluster, ca *core_v1.Secret, subjectName, sni string, clientSecret *core_v1.Secret, upstreamTLS *dag.UpstreamTLS, alpnProtocols ...string) *envoy_config_cluster_v3.Cluster { var secret *dag.Secret if clientSecret != nil { secret = &dag.Secret{Object: clientSecret} @@ -210,7 +210,7 @@ func tlsCluster(c *envoy_cluster_v3.Cluster, ca *v1.Secret, subjectName, sni str return c } -func tlsClusterWithoutValidation(c *envoy_cluster_v3.Cluster, sni string, clientSecret *v1.Secret, upstreamTLS *dag.UpstreamTLS, alpnProtocols ...string) *envoy_cluster_v3.Cluster { +func tlsClusterWithoutValidation(c *envoy_config_cluster_v3.Cluster, sni string, clientSecret *core_v1.Secret, upstreamTLS *dag.UpstreamTLS, alpnProtocols ...string) *envoy_config_cluster_v3.Cluster { var secret *dag.Secret if clientSecret != nil { secret = &dag.Secret{Object: clientSecret} @@ -228,13 +228,13 @@ func tlsClusterWithoutValidation(c *envoy_cluster_v3.Cluster, sni string, client return c } -func h2cCluster(c *envoy_cluster_v3.Cluster) *envoy_cluster_v3.Cluster { +func h2cCluster(c *envoy_config_cluster_v3.Cluster) *envoy_config_cluster_v3.Cluster { c.TypedExtensionProtocolOptions = map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": protobuf.MustMarshalAny( - &envoy_extensions_upstream_http_v3.HttpProtocolOptions{ - UpstreamProtocolOptions: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, + &envoy_upstream_http_v3.HttpProtocolOptions{ + UpstreamProtocolOptions: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, }, }, }), @@ -242,33 +242,33 @@ func h2cCluster(c *envoy_cluster_v3.Cluster) *envoy_cluster_v3.Cluster { return c } -func withConnectionTimeout(c *envoy_cluster_v3.Cluster, timeout time.Duration, httpVersion envoy_v3.HTTPVersionType) *envoy_cluster_v3.Cluster { - var config *envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig +func withConnectionTimeout(c *envoy_config_cluster_v3.Cluster, timeout time.Duration, httpVersion envoy_v3.HTTPVersionType) *envoy_config_cluster_v3.Cluster { + var config *envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig switch httpVersion { // Default protocol version in Envoy is HTTP1.1. case envoy_v3.HTTPVersion1, envoy_v3.HTTPVersionAuto: - config = &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{}, + config = &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_HttpProtocolOptions{}, } case envoy_v3.HTTPVersion2: - config = &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, + config = &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, } case envoy_v3.HTTPVersion3: - config = &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http3ProtocolOptions{}, + config = &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http3ProtocolOptions{}, } } c.TypedExtensionProtocolOptions = map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": protobuf.MustMarshalAny( - &envoy_extensions_upstream_http_v3.HttpProtocolOptions{ - CommonHttpProtocolOptions: &envoy_core_v3.HttpProtocolOptions{ + &envoy_upstream_http_v3.HttpProtocolOptions{ + CommonHttpProtocolOptions: &envoy_config_core_v3.HttpProtocolOptions{ IdleTimeout: durationpb.New(timeout), }, - UpstreamProtocolOptions: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + UpstreamProtocolOptions: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ ExplicitHttpConfig: config, }, }), @@ -276,20 +276,20 @@ func withConnectionTimeout(c *envoy_cluster_v3.Cluster, timeout time.Duration, h return c } -func withResponseTimeout(route *envoy_route_v3.Route_Route, timeout time.Duration) *envoy_route_v3.Route_Route { +func withResponseTimeout(route *envoy_config_route_v3.Route_Route, timeout time.Duration) *envoy_config_route_v3.Route_Route { route.Route.Timeout = durationpb.New(timeout) return route } -func withIdleTimeout(route *envoy_route_v3.Route_Route, timeout time.Duration) *envoy_route_v3.Route_Route { +func withIdleTimeout(route *envoy_config_route_v3.Route_Route, timeout time.Duration) *envoy_config_route_v3.Route_Route { route.Route.IdleTimeout = durationpb.New(timeout) return route } -func withMirrorPolicy(route *envoy_route_v3.Route_Route, mirror string, weight int64) *envoy_route_v3.Route_Route { - route.Route.RequestMirrorPolicies = []*envoy_route_v3.RouteAction_RequestMirrorPolicy{{ +func withMirrorPolicy(route *envoy_config_route_v3.Route_Route, mirror string, weight int64) *envoy_config_route_v3.Route_Route { + route.Route.RequestMirrorPolicies = []*envoy_config_route_v3.RouteAction_RequestMirrorPolicy{{ Cluster: mirror, - RuntimeFraction: &envoy_core_v3.RuntimeFractionalPercent{ + RuntimeFraction: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: uint32(weight), Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -299,13 +299,13 @@ func withMirrorPolicy(route *envoy_route_v3.Route_Route, mirror string, weight i return route } -func withPrefixRewrite(route *envoy_route_v3.Route_Route, replacement string) *envoy_route_v3.Route_Route { +func withPrefixRewrite(route *envoy_config_route_v3.Route_Route, replacement string) *envoy_config_route_v3.Route_Route { route.Route.PrefixRewrite = replacement return route } -func withRetryPolicy(route *envoy_route_v3.Route_Route, retryOn string, numRetries uint32, perTryTimeout time.Duration) *envoy_route_v3.Route_Route { - route.Route.RetryPolicy = &envoy_route_v3.RetryPolicy{ +func withRetryPolicy(route *envoy_config_route_v3.Route_Route, retryOn string, numRetries uint32, perTryTimeout time.Duration) *envoy_config_route_v3.Route_Route { + route.Route.RetryPolicy = &envoy_config_route_v3.RetryPolicy{ RetryOn: retryOn, } if numRetries > 0 { @@ -317,19 +317,19 @@ func withRetryPolicy(route *envoy_route_v3.Route_Route, retryOn string, numRetri return route } -func withWebsocket(route *envoy_route_v3.Route_Route) *envoy_route_v3.Route_Route { +func withWebsocket(route *envoy_config_route_v3.Route_Route) *envoy_config_route_v3.Route_Route { route.Route.UpgradeConfigs = append(route.Route.UpgradeConfigs, - &envoy_route_v3.RouteAction_UpgradeConfig{ + &envoy_config_route_v3.RouteAction_UpgradeConfig{ UpgradeType: "websocket", }, ) return route } -func withSessionAffinity(route *envoy_route_v3.Route_Route) *envoy_route_v3.Route_Route { - route.Route.HashPolicy = append(route.Route.HashPolicy, &envoy_route_v3.RouteAction_HashPolicy{ - PolicySpecifier: &envoy_route_v3.RouteAction_HashPolicy_Cookie_{ - Cookie: &envoy_route_v3.RouteAction_HashPolicy_Cookie{ +func withSessionAffinity(route *envoy_config_route_v3.Route_Route) *envoy_config_route_v3.Route_Route { + route.Route.HashPolicy = append(route.Route.HashPolicy, &envoy_config_route_v3.RouteAction_HashPolicy{ + PolicySpecifier: &envoy_config_route_v3.RouteAction_HashPolicy_Cookie_{ + Cookie: &envoy_config_route_v3.RouteAction_HashPolicy_Cookie{ Name: "X-Contour-Session-Affinity", Ttl: durationpb.New(0), Path: "/", @@ -346,28 +346,28 @@ type hashPolicySpecifier struct { parameterName string } -func withRequestHashPolicySpecifiers(route *envoy_route_v3.Route_Route, policies ...hashPolicySpecifier) *envoy_route_v3.Route_Route { +func withRequestHashPolicySpecifiers(route *envoy_config_route_v3.Route_Route, policies ...hashPolicySpecifier) *envoy_config_route_v3.Route_Route { for _, p := range policies { - hp := &envoy_route_v3.RouteAction_HashPolicy{ + hp := &envoy_config_route_v3.RouteAction_HashPolicy{ Terminal: p.terminal, } if p.hashSourceIP { - hp.PolicySpecifier = &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties_{ - ConnectionProperties: &envoy_route_v3.RouteAction_HashPolicy_ConnectionProperties{ + hp.PolicySpecifier = &envoy_config_route_v3.RouteAction_HashPolicy_ConnectionProperties_{ + ConnectionProperties: &envoy_config_route_v3.RouteAction_HashPolicy_ConnectionProperties{ SourceIp: true, }, } } if len(p.headerName) > 0 { - hp.PolicySpecifier = &envoy_route_v3.RouteAction_HashPolicy_Header_{ - Header: &envoy_route_v3.RouteAction_HashPolicy_Header{ + hp.PolicySpecifier = &envoy_config_route_v3.RouteAction_HashPolicy_Header_{ + Header: &envoy_config_route_v3.RouteAction_HashPolicy_Header{ HeaderName: p.headerName, }, } } if len(p.parameterName) > 0 { - hp.PolicySpecifier = &envoy_route_v3.RouteAction_HashPolicy_QueryParameter_{ - QueryParameter: &envoy_route_v3.RouteAction_HashPolicy_QueryParameter{ + hp.PolicySpecifier = &envoy_config_route_v3.RouteAction_HashPolicy_QueryParameter_{ + QueryParameter: &envoy_config_route_v3.RouteAction_HashPolicy_QueryParameter{ Name: p.parameterName, }, } @@ -377,10 +377,10 @@ func withRequestHashPolicySpecifiers(route *envoy_route_v3.Route_Route, policies return route } -func withRedirect() *envoy_route_v3.Route_Redirect { - return &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ +func withRedirect() *envoy_config_route_v3.Route_Redirect { + return &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -398,20 +398,20 @@ type weightedCluster struct { weight uint32 } -func routeWeightedCluster(clusters ...weightedCluster) *envoy_route_v3.Route_Route { - return &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ +func routeWeightedCluster(clusters ...weightedCluster) *envoy_config_route_v3.Route_Route { + return &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ WeightedClusters: weightedClusters(clusters), }, }, } } -func weightedClusters(clusters []weightedCluster) *envoy_route_v3.WeightedCluster { - var wc envoy_route_v3.WeightedCluster +func weightedClusters(clusters []weightedCluster) *envoy_config_route_v3.WeightedCluster { + var wc envoy_config_route_v3.WeightedCluster for _, c := range clusters { - wc.Clusters = append(wc.Clusters, &envoy_route_v3.WeightedCluster_ClusterWeight{ + wc.Clusters = append(wc.Clusters, &envoy_config_route_v3.WeightedCluster_ClusterWeight{ Name: c.name, Weight: wrapperspb.UInt32(c.weight), }) @@ -420,18 +420,18 @@ func weightedClusters(clusters []weightedCluster) *envoy_route_v3.WeightedCluste } // appendFilterChains is a helper to turn variadic FilterChain arguments into the corresponding slice. -func appendFilterChains(chains ...*envoy_listener_v3.FilterChain) []*envoy_listener_v3.FilterChain { +func appendFilterChains(chains ...*envoy_config_listener_v3.FilterChain) []*envoy_config_listener_v3.FilterChain { return chains } // filterchaintls returns a FilterChain wrapping the given virtual host. -func filterchaintls(domain string, secret *v1.Secret, filter *envoy_listener_v3.Filter, peerValidationContext *dag.PeerValidationContext, alpn ...string) *envoy_listener_v3.FilterChain { +func filterchaintls(domain string, secret *core_v1.Secret, filter *envoy_config_listener_v3.Filter, peerValidationContext *dag.PeerValidationContext, alpn ...string) *envoy_config_listener_v3.FilterChain { return envoy_v3.FilterChainTLS( domain, envoy_v3.DownstreamTLSContext( &dag.Secret{Object: secret}, - envoy_tls_v3.TlsParameters_TLSv1_2, - envoy_tls_v3.TlsParameters_TLSv1_3, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, peerValidationContext, alpn...), @@ -440,12 +440,12 @@ func filterchaintls(domain string, secret *v1.Secret, filter *envoy_listener_v3. } // filterchaintlsfallback returns a FilterChain for the given TLS fallback certificate. -func filterchaintlsfallback(fallbackSecret *v1.Secret, peerValidationContext *dag.PeerValidationContext, alpn ...string) *envoy_listener_v3.FilterChain { +func filterchaintlsfallback(fallbackSecret *core_v1.Secret, peerValidationContext *dag.PeerValidationContext, alpn ...string) *envoy_config_listener_v3.FilterChain { return envoy_v3.FilterChainTLSFallback( envoy_v3.DownstreamTLSContext( &dag.Secret{Object: fallbackSecret}, - envoy_tls_v3.TlsParameters_TLSv1_2, - envoy_tls_v3.TlsParameters_TLSv1_3, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, peerValidationContext, alpn...), @@ -454,51 +454,51 @@ func filterchaintlsfallback(fallbackSecret *v1.Secret, peerValidationContext *da DefaultFilters(). RouteConfigName(xdscache_v3.ENVOY_FALLBACK_ROUTECONFIG). MetricsPrefix(xdscache_v3.ENVOY_HTTPS_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). Get(), ), ) } -func httpsFilterFor(vhost string) *envoy_listener_v3.Filter { +func httpsFilterFor(vhost string) *envoy_config_listener_v3.Filter { return envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). RouteConfigName(path.Join("https", vhost)). MetricsPrefix(xdscache_v3.ENVOY_HTTPS_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). Get() } -func httpFilterForGateway() *envoy_listener_v3.Filter { +func httpFilterForGateway() *envoy_config_listener_v3.Filter { return envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). RouteConfigName("http-80"). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). EnableWebsockets(true). Get() } -func httpsFilterForGateway(listener, vhost string) *envoy_listener_v3.Filter { +func httpsFilterForGateway(listener, vhost string) *envoy_config_listener_v3.Filter { return envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). RouteConfigName(path.Join(listener, vhost)). MetricsPrefix(listener). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). EnableWebsockets(true). Get() } // httpsFilterWithXfccFor does the same as httpsFilterFor but enable // client certs details forwarding -func httpsFilterWithXfccFor(vhost string, d *dag.ClientCertificateDetails) *envoy_listener_v3.Filter { +func httpsFilterWithXfccFor(vhost string, d *dag.ClientCertificateDetails) *envoy_config_listener_v3.Filter { return envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). RouteConfigName(path.Join("https", vhost)). MetricsPrefix(xdscache_v3.ENVOY_HTTPS_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). ForwardClientCertificate(d). Get() } @@ -508,52 +508,52 @@ func httpsFilterWithXfccFor(vhost string, d *dag.ClientCertificateDetails) *envo // filter chain. func authzFilterFor( vhost string, - authz *envoy_config_filter_http_ext_authz_v3.ExtAuthz, -) *envoy_listener_v3.Filter { + authz *envoy_filter_http_ext_authz_v3.ExtAuthz, +) *envoy_config_listener_v3.Filter { return envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). - AddFilter(&http.HttpFilter{ + AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: envoy_v3.ExtAuthzFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(authz), }, }). RouteConfigName(path.Join("https", vhost)). MetricsPrefix(xdscache_v3.ENVOY_HTTPS_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). Get() } func jwtAuthnFilterFor( vhost string, - jwt *envoy_jwt_v3.JwtAuthentication, -) *envoy_listener_v3.Filter { + jwt *envoy_filter_http_jwt_authn_v3.JwtAuthentication, +) *envoy_config_listener_v3.Filter { return envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). - AddFilter(&http.HttpFilter{ + AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: envoy_v3.JWTAuthnFilterName, - ConfigType: &http.HttpFilter_TypedConfig{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ TypedConfig: protobuf.MustMarshalAny(jwt), }, }). RouteConfigName(path.Join("https", vhost)). MetricsPrefix(xdscache_v3.ENVOY_HTTPS_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). Get() } -func tcpproxy(statPrefix, cluster string) *envoy_listener_v3.Filter { - return &envoy_listener_v3.Filter{ +func tcpproxy(statPrefix, cluster string) *envoy_config_listener_v3.Filter { + return &envoy_config_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tcp_proxy_v3.TcpProxy{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_tcp_proxy_v3.TcpProxy{ StatPrefix: statPrefix, - ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_Cluster{ + ClusterSpecifier: &envoy_filter_network_tcp_proxy_v3.TcpProxy_Cluster{ Cluster: cluster, }, - AccessLog: envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo), + AccessLog: envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), IdleTimeout: durationpb.New(9001 * time.Second), }), }, @@ -565,48 +565,48 @@ type clusterWeight struct { weight uint32 } -func tcpproxyWeighted(statPrefix string, clusters ...clusterWeight) *envoy_listener_v3.Filter { - weightedClusters := &envoy_tcp_proxy_v3.TcpProxy_WeightedCluster{} +func tcpproxyWeighted(statPrefix string, clusters ...clusterWeight) *envoy_config_listener_v3.Filter { + weightedClusters := &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster{} for _, clusterWeight := range clusters { - weightedClusters.Clusters = append(weightedClusters.Clusters, &envoy_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{ + weightedClusters.Clusters = append(weightedClusters.Clusters, &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{ Name: clusterWeight.name, Weight: clusterWeight.weight, }) } - return &envoy_listener_v3.Filter{ + return &envoy_config_listener_v3.Filter{ Name: wellknown.TCPProxy, - ConfigType: &envoy_listener_v3.Filter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tcp_proxy_v3.TcpProxy{ + ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_network_tcp_proxy_v3.TcpProxy{ StatPrefix: statPrefix, - ClusterSpecifier: &envoy_tcp_proxy_v3.TcpProxy_WeightedClusters{ + ClusterSpecifier: &envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedClusters{ WeightedClusters: weightedClusters, }, - AccessLog: envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo), + AccessLog: envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), IdleTimeout: durationpb.New(9001 * time.Second), }), }, } } -func statsListener() *envoy_listener_v3.Listener { +func statsListener() *envoy_config_listener_v3.Listener { // Single listener with metrics and health endpoints. listeners := envoy_v3.StatsListeners( - contour_api_v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, - contour_api_v1alpha1.HealthConfig{Address: "0.0.0.0", Port: 8002}) + contour_v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, + contour_v1alpha1.HealthConfig{Address: "0.0.0.0", Port: 8002}) return listeners[0] } -func envoyAdminListener(port int) *envoy_listener_v3.Listener { +func envoyAdminListener(port int) *envoy_config_listener_v3.Listener { return envoy_v3.AdminListener(port) } -func defaultHTTPListener() *envoy_listener_v3.Listener { - return &envoy_listener_v3.Listener{ +func defaultHTTPListener() *envoy_config_listener_v3.Listener { + return &envoy_config_listener_v3.Listener{ Name: "ingress_http", Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo), 0), + envoy_v3.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), 0), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } diff --git a/internal/featuretests/v3/extensionservice_test.go b/internal/featuretests/v3/extensionservice_test.go index 379ddd7fff2..2d02676f5a1 100644 --- a/internal/featuretests/v3/extensionservice_test.go +++ b/internal/featuretests/v3/extensionservice_test.go @@ -17,41 +17,42 @@ import ( "testing" "time" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - envoy_v3_tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + core_v1 "k8s.io/api/core/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/ref" - corev1 "k8s.io/api/core/v1" ) func extBasic(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - rh.OnAdd(&v1alpha1.ExtensionService{ + rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, {Name: "svc2", Port: 8082}, }, }, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( h2cCluster(cluster("extension/ns/ext", "extension/ns/ext", "extension_ns_ext")), - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( - &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ + &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ AlpnProtocols: []string{"h2"}, }, // Note there's no SNI in this scenario. @@ -62,11 +63,11 @@ func extBasic(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { ), }) - c.Request(endpointType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(endpointType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: endpointType, - Resources: resources(t, &envoy_endpoint_v3.ClusterLoadAssignment{ + Resources: resources(t, &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "extension/ns/ext", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.20", 8081))[0], envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.21", 8082))[0], }, @@ -75,18 +76,18 @@ func extBasic(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { } func extCleartext(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - rh.OnAdd(&v1alpha1.ExtensionService{ + rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ Protocol: ref.To("h2c"), - Services: []v1alpha1.ExtensionServiceTarget{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, {Name: "svc2", Port: 8082}, }, }, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( @@ -97,13 +98,13 @@ func extCleartext(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { } func extUpstreamValidation(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - ext := &v1alpha1.ExtensionService{ + ext := &contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, }, - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "cacert", SubjectName: "ext.projectcontour.io", }, @@ -114,22 +115,22 @@ func extUpstreamValidation(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont // Enabling validation add SNI as well as CA and server altname validation. tlsSocket := envoy_v3.UpstreamTLSTransportSocket( - &envoy_v3_tls.UpstreamTlsContext{ + &envoy_transport_socket_tls_v3.UpstreamTlsContext{ Sni: "ext.projectcontour.io", - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ AlpnProtocols: []string{"h2"}, - ValidationContextType: &envoy_v3_tls.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_v3_tls.CertificateValidationContext{ - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + ValidationContextType: &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: featuretests.PEMBytes(t, &featuretests.CACertificate), }, }, - MatchTypedSubjectAltNames: []*envoy_v3_tls.SubjectAltNameMatcher{ + MatchTypedSubjectAltNames: []*envoy_transport_socket_tls_v3.SubjectAltNameMatcher{ { - SanType: envoy_v3_tls.SubjectAltNameMatcher_DNS, - Matcher: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + SanType: envoy_transport_socket_tls_v3.SubjectAltNameMatcher_DNS, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "ext.projectcontour.io", }, }, @@ -141,24 +142,24 @@ func extUpstreamValidation(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont }, ) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( h2cCluster(cluster("extension/ns/ext", "extension/ns/ext", "extension_ns_ext")), - &envoy_cluster_v3.Cluster{TransportSocket: tlsSocket}, + &envoy_config_cluster_v3.Cluster{TransportSocket: tlsSocket}, ), ), }) // Update the validation spec to reference a missing secret. - rh.OnUpdate(ext, &v1alpha1.ExtensionService{ + rh.OnUpdate(ext, &contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, }, - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "missing", SubjectName: "ext.projectcontour.io", }, @@ -166,7 +167,7 @@ func extUpstreamValidation(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont }) // No Clusters are build because the CACertificate secret didn't resolve. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, }) @@ -174,13 +175,13 @@ func extUpstreamValidation(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont rh.OnAdd(featuretests.CASecret(t, "otherNs/cacert", &featuretests.CACertificate)) // Update the validation spec to reference a secret that is not delegated. - rh.OnUpdate(ext, &v1alpha1.ExtensionService{ + rh.OnUpdate(ext, &contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, }, - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "otherNs/cacert", SubjectName: "ext.projectcontour.io", }, @@ -188,15 +189,15 @@ func extUpstreamValidation(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont }) // No Clusters are build because the CACertificate secret is not delegated. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, }) // Delegate the CACertificate secret to be used in the ExtensionService's namespace - rh.OnAdd(&contour_api_v1.TLSCertificateDelegation{ + rh.OnAdd(&contour_v1.TLSCertificateDelegation{ ObjectMeta: fixture.ObjectMeta("otherNs/delegate-cacert"), - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: "cacert", TargetNamespaces: []string{"*"}, }}, @@ -204,12 +205,12 @@ func extUpstreamValidation(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont }) // Expect cluster corresponding to the ExtensionService. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( h2cCluster(cluster("extension/ns/ext", "extension/ns/ext", "extension_ns_ext")), - &envoy_cluster_v3.Cluster{TransportSocket: tlsSocket}, + &envoy_config_cluster_v3.Cluster{TransportSocket: tlsSocket}, ), ), }) @@ -217,54 +218,54 @@ func extUpstreamValidation(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont func extExternalName(_ *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { rh.OnAdd(fixture.NewService("ns/external"). - WithSpec(corev1.ServiceSpec{ - Type: corev1.ServiceTypeExternalName, + WithSpec(core_v1.ServiceSpec{ + Type: core_v1.ServiceTypeExternalName, ExternalName: "external.projectcontour.io", - Ports: []corev1.ServicePort{{ + Ports: []core_v1.ServicePort{{ Port: 443, - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, }}, }), ) - rh.OnAdd(&v1alpha1.ExtensionService{ + rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "external", Port: 443}, }, }, }) // Using externalname services isn't implemented, so doesn't build a cluster. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, }) } // extIdleConnectionTimeout sets timeout on ExtensionService which will be set in cluster. func extIdleConnectionTimeout(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - rh.OnAdd(&v1alpha1.ExtensionService{ + rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, }, - TimeoutPolicy: &contour_api_v1.TimeoutPolicy{ + TimeoutPolicy: &contour_v1.TimeoutPolicy{ IdleConnection: "60s", }, }, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( withConnectionTimeout(cluster("extension/ns/ext", "extension/ns/ext", "extension_ns_ext"), 60*time.Second, envoy_v3.HTTPVersion2), - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( - &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ + &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ AlpnProtocols: []string{"h2"}, }, }, @@ -276,48 +277,48 @@ func extIdleConnectionTimeout(t *testing.T, rh ResourceEventHandlerWrapper, c *C } func extMissingService(_ *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - rh.OnAdd(&v1alpha1.ExtensionService{ + rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "missing", Port: 443}, }, }, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, }) } func extInvalidTimeout(_ *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - rh.OnAdd(&v1alpha1.ExtensionService{ + rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, {Name: "svc2", Port: 8082}, }, - TimeoutPolicy: &contour_api_v1.TimeoutPolicy{ + TimeoutPolicy: &contour_v1.TimeoutPolicy{ Response: "invalid", }, }, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, }) } func extInconsistentProto(_ *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - rh.OnAdd(&v1alpha1.ExtensionService{ + rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, }, Protocol: ref.To("h2c"), - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "cacert", SubjectName: "ext.projectcontour.io", }, @@ -325,21 +326,21 @@ func extInconsistentProto(_ *testing.T, rh ResourceEventHandlerWrapper, c *Conto }) // Should have no clusters because Protocol and UpstreamValidation is inconsistent. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, }) } // "Cookie" and "RequestHash" policies are not valid on ExtensionService. func extInvalidLoadBalancerPolicy(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - ext := &v1alpha1.ExtensionService{ + ext := &contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, {Name: "svc2", Port: 8082}, }, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "Cookie", }, }, @@ -347,17 +348,17 @@ func extInvalidLoadBalancerPolicy(t *testing.T, rh ResourceEventHandlerWrapper, rh.OnAdd(ext) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( // Default load balancer policy should be set as we were passed // an invalid value, we can assert we get a basic cluster. h2cCluster(cluster("extension/ns/ext", "extension/ns/ext", "extension_ns_ext")), - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( - &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ + &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ AlpnProtocols: []string{"h2"}, }, }, @@ -367,30 +368,30 @@ func extInvalidLoadBalancerPolicy(t *testing.T, rh ResourceEventHandlerWrapper, ), }) - rh.OnUpdate(ext, &v1alpha1.ExtensionService{ + rh.OnUpdate(ext, &contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, {Name: "svc2", Port: 8082}, }, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", }, }, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( // Default load balancer policy should be set as we were passed // an invalid value, we can assert we get a basic cluster. h2cCluster(cluster("extension/ns/ext", "extension/ns/ext", "extension_ns_ext")), - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( - &envoy_v3_tls.UpstreamTlsContext{ - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ + &envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ AlpnProtocols: []string{"h2"}, }, }, @@ -423,15 +424,15 @@ func TestExtensionService(t *testing.T) { // Add common test fixtures. rh.OnAdd(featuretests.CASecret(t, "ns/cacert", &featuretests.CACertificate)) - rh.OnAdd(fixture.NewService("ns/svc1").WithPorts(corev1.ServicePort{Port: 8081})) - rh.OnAdd(fixture.NewService("ns/svc2").WithPorts(corev1.ServicePort{Port: 8082})) + rh.OnAdd(fixture.NewService("ns/svc1").WithPorts(core_v1.ServicePort{Port: 8081})) + rh.OnAdd(fixture.NewService("ns/svc2").WithPorts(core_v1.ServicePort{Port: 8082})) - rh.OnAdd(featuretests.Endpoints("ns", "svc1", corev1.EndpointSubset{ + rh.OnAdd(featuretests.Endpoints("ns", "svc1", core_v1.EndpointSubset{ Addresses: featuretests.Addresses("192.168.183.20"), Ports: featuretests.Ports(featuretests.Port("", 8081)), })) - rh.OnAdd(featuretests.Endpoints("ns", "svc2", corev1.EndpointSubset{ + rh.OnAdd(featuretests.Endpoints("ns", "svc2", core_v1.EndpointSubset{ Addresses: featuretests.Addresses("192.168.183.21"), Ports: featuretests.Ports(featuretests.Port("", 8082)), })) diff --git a/internal/featuretests/v3/externalname_test.go b/internal/featuretests/v3/externalname_test.go index c05abdfa143..23e0678304f 100644 --- a/internal/featuretests/v3/externalname_test.go +++ b/internal/featuretests/v3/externalname_test.go @@ -16,44 +16,44 @@ package v3 import ( "testing" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/featuretests" - "github.com/projectcontour/contour/internal/ref" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_upstream_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" "github.com/sirupsen/logrus" + "google.golang.org/protobuf/types/known/anypb" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_extensions_upstream_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/protobuf" - "google.golang.org/protobuf/types/known/anypb" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" + "github.com/projectcontour/contour/internal/ref" ) -// Assert that services of type v1.ServiceTypeExternalName can be +// Assert that services of type core_v1.ServiceTypeExternalName can be // referenced by an Ingress, or HTTPProxy document. func TestExternalNameService(t *testing.T) { rh, c, done := setup(t, enableExternalNameService(t)) defer done() s1 := fixture.NewService("kuard"). - WithSpec(v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + WithSpec(core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Port: 80, TargetPort: intstr.FromInt(8080), }}, ExternalName: "foo.io", - Type: v1.ServiceTypeExternalName, + Type: core_v1.ServiceTypeExternalName, }) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: s1.Namespace, }, @@ -64,11 +64,11 @@ func TestExternalNameService(t *testing.T) { rh.OnAdd(s1) rh.OnAdd(i1) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/80/da39a3ee5e"), }, @@ -78,7 +78,7 @@ func TestExternalNameService(t *testing.T) { TypeUrl: routeType, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, externalNameCluster("default/kuard/80/da39a3ee5e", "default/kuard", "default_kuard_80", "foo.io", 80), ), @@ -89,9 +89,9 @@ func TestExternalNameService(t *testing.T) { rh.OnAdd(fixture.NewProxy("kuard"). WithFQDN("kuard.projectcontour.io"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -99,11 +99,11 @@ func TestExternalNameService(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/80/a28d1ec01b"), }, @@ -113,7 +113,7 @@ func TestExternalNameService(t *testing.T) { TypeUrl: routeType, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, externalNameCluster("default/kuard/80/a28d1ec01b", "default/kuard", "default_kuard_80", "foo.io", 80), ), @@ -122,17 +122,17 @@ func TestExternalNameService(t *testing.T) { // After we set the Host header, the cluster should remain // the same, but the Route should do update the Host header. - rh.OnDelete(fixture.NewProxy("kuard").WithSpec(contour_api_v1.HTTPProxySpec{})) + rh.OnDelete(fixture.NewProxy("kuard").WithSpec(contour_v1.HTTPProxySpec{})) rh.OnAdd(fixture.NewProxy("kuard"). WithFQDN("kuard.projectcontour.io"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "external.address", }}, @@ -141,12 +141,12 @@ func TestExternalNameService(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeHostRewrite("default/kuard/80/95e871afaf", "external.address"), }, @@ -155,7 +155,7 @@ func TestExternalNameService(t *testing.T) { ), }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, externalNameCluster("default/kuard/80/95e871afaf", "default/kuard", "default_kuard_80", "foo.io", 80), @@ -166,18 +166,18 @@ func TestExternalNameService(t *testing.T) { // should still find that the same configuration applies, but // TLS is enabled and the SNI server name is overwritten from // the Host header. - rh.OnDelete(fixture.NewProxy("kuard").WithSpec(contour_api_v1.HTTPProxySpec{})) + rh.OnDelete(fixture.NewProxy("kuard").WithSpec(contour_v1.HTTPProxySpec{})) rh.OnAdd(fixture.NewProxy("kuard"). WithFQDN("kuard.projectcontour.io"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Protocol: ref.To("h2"), Name: s1.Name, Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "external.address", }}, @@ -186,12 +186,12 @@ func TestExternalNameService(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeHostRewrite("default/kuard/80/cdbf075ad8", "external.address"), }, @@ -200,24 +200,24 @@ func TestExternalNameService(t *testing.T) { ), }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( externalNameCluster("default/kuard/80/cdbf075ad8", "default/kuard", "default_kuard_80", "foo.io", 80), - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ TypedExtensionProtocolOptions: map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": protobuf.MustMarshalAny( - &envoy_extensions_upstream_http_v3.HttpProtocolOptions{ - UpstreamProtocolOptions: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, + &envoy_upstream_http_v3.HttpProtocolOptions{ + UpstreamProtocolOptions: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, }, }, }), }, }, - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( envoy_v3.UpstreamTLSContext(nil, "external.address", nil, nil, "h2"), ), @@ -230,18 +230,18 @@ func TestExternalNameService(t *testing.T) { // means HTTP/1.1 over TLS) rather than HTTP/2. We should get // TLS enabled with the overridden SNI name. but no HTTP/2 // protocol config. - rh.OnDelete(fixture.NewProxy("kuard").WithSpec(contour_api_v1.HTTPProxySpec{})) + rh.OnDelete(fixture.NewProxy("kuard").WithSpec(contour_v1.HTTPProxySpec{})) rh.OnAdd(fixture.NewProxy("kuard"). WithFQDN("kuard.projectcontour.io"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Protocol: ref.To("tls"), Name: s1.Name, Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "external.address", }}, @@ -250,12 +250,12 @@ func TestExternalNameService(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeHostRewrite("default/kuard/80/f9439c1de8", "external.address"), }, @@ -264,12 +264,12 @@ func TestExternalNameService(t *testing.T) { ), }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( externalNameCluster("default/kuard/80/f9439c1de8", "default/kuard", "default_kuard_80", "foo.io", 80), - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( envoy_v3.UpstreamTLSContext(nil, "external.address", nil, nil), ), @@ -282,14 +282,14 @@ func TestExternalNameService(t *testing.T) { // Create TCPProxy with upstream protocol 'tls' to an externalName type service // and verify that the SNI on the upstream request matches the externalName value. - rh.OnDelete(fixture.NewProxy("kuard").WithSpec(contour_api_v1.HTTPProxySpec{})) + rh.OnDelete(fixture.NewProxy("kuard").WithSpec(contour_v1.HTTPProxySpec{})) rh.OnAdd(sec1) rh.OnAdd(fixture.NewProxy("kuard"). WithFQDN("kuard.projectcontour.io"). WithCertificate(sec1.Name). - WithSpec(contour_api_v1.HTTPProxySpec{ - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + WithSpec(contour_v1.HTTPProxySpec{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Protocol: ref.To("tls"), Name: s1.Name, Port: 80, @@ -298,12 +298,12 @@ func TestExternalNameService(t *testing.T) { }), ) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( externalNameCluster("default/kuard/80/7d449598f5", "default/kuard", "default_kuard_80", "foo.io", 80), - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ TransportSocket: envoy_v3.UpstreamTLSTransportSocket( envoy_v3.UpstreamTLSContext(nil, "foo.io", nil, nil), ), diff --git a/internal/featuretests/v3/fallbackcert_test.go b/internal/featuretests/v3/fallbackcert_test.go index 9e3cb6905d6..0f92dc731ed 100644 --- a/internal/featuretests/v3/fallbackcert_test.go +++ b/internal/featuretests/v3/fallbackcert_test.go @@ -16,19 +16,20 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" ) func TestFallbackCertificate(t *testing.T) { @@ -55,21 +56,21 @@ func TestFallbackCertificate(t *testing.T) { rh.OnAdd(fallbackSecret) s1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(s1) // Valid HTTPProxy without FallbackCertificate enabled proxy1 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "fallback.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: false, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -79,10 +80,10 @@ func TestFallbackCertificate(t *testing.T) { rh.OnAdd(proxy1) // We should start with a single generic HTTPS service. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -100,16 +101,16 @@ func TestFallbackCertificate(t *testing.T) { // Valid HTTPProxy with FallbackCertificate enabled proxy2 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "fallback.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -119,18 +120,18 @@ func TestFallbackCertificate(t *testing.T) { rh.OnUpdate(proxy1, proxy2) // Invalid since there's no TLSCertificateDelegation configured - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: nil, TypeUrl: listenerType, }) - certDelegationAll := &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + certDelegationAll := &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbackcertdelegation", Namespace: "admin", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: "fallbacksecret", TargetNamespaces: []string{"*"}, }}, @@ -141,10 +142,10 @@ func TestFallbackCertificate(t *testing.T) { // Now we should still have the generic HTTPS service filter, // but also the fallback certificate filter. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -163,18 +164,18 @@ func TestFallbackCertificate(t *testing.T) { rh.OnDelete(certDelegationAll) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: nil, TypeUrl: listenerType, }) - certDelegationSingle := &contour_api_v1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + certDelegationSingle := &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbackcertdelegation", Namespace: "admin", }, - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: "fallbacksecret", TargetNamespaces: []string{"default"}, }}, @@ -183,10 +184,10 @@ func TestFallbackCertificate(t *testing.T) { rh.OnAdd(certDelegationSingle) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -205,19 +206,19 @@ func TestFallbackCertificate(t *testing.T) { // Invalid HTTPProxy with FallbackCertificate enabled along with ClientValidation proxy3 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "fallback.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, - ClientValidation: &contour_api_v1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "something", }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -226,23 +227,23 @@ func TestFallbackCertificate(t *testing.T) { rh.OnUpdate(proxy2, proxy3) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: nil, }) // Valid HTTPProxy with FallbackCertificate enabled proxy4 := fixture.NewProxy("simple-two").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "anotherfallback.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -252,10 +253,10 @@ func TestFallbackCertificate(t *testing.T) { rh.OnUpdate(proxy3, proxy2) // proxy3 is invalid, resolve that to test two valid proxies rh.OnAdd(proxy4) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -277,38 +278,38 @@ func TestFallbackCertificate(t *testing.T) { // We should have emitted TLS certificate secrets for both // the proxy certificate and for the fallback certificate. - c.Request(secretType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(secretType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: secretType, Resources: resources(t, - &envoy_tls_v3.Secret{ + &envoy_transport_socket_tls_v3.Secret{ Name: envoy.Secretname(&dag.Secret{Object: fallbackSecret}), - Type: &envoy_tls_v3.Secret_TlsCertificate{ - TlsCertificate: &envoy_tls_v3.TlsCertificate{ - CertificateChain: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ - InlineBytes: fallbackSecret.Data[v1.TLSCertKey], + Type: &envoy_transport_socket_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_transport_socket_tls_v3.TlsCertificate{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ + InlineBytes: fallbackSecret.Data[core_v1.TLSCertKey], }, }, - PrivateKey: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ - InlineBytes: fallbackSecret.Data[v1.TLSPrivateKeyKey], + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ + InlineBytes: fallbackSecret.Data[core_v1.TLSPrivateKeyKey], }, }, }, }, }, - &envoy_tls_v3.Secret{ + &envoy_transport_socket_tls_v3.Secret{ Name: envoy.Secretname(&dag.Secret{Object: sec1}), - Type: &envoy_tls_v3.Secret_TlsCertificate{ - TlsCertificate: &envoy_tls_v3.TlsCertificate{ - CertificateChain: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ - InlineBytes: sec1.Data[v1.TLSCertKey], + Type: &envoy_transport_socket_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_transport_socket_tls_v3.TlsCertificate{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ + InlineBytes: sec1.Data[core_v1.TLSCertKey], }, }, - PrivateKey: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ - InlineBytes: sec1.Data[v1.TLSPrivateKeyKey], + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ + InlineBytes: sec1.Data[core_v1.TLSPrivateKeyKey], }, }, }, @@ -319,7 +320,7 @@ func TestFallbackCertificate(t *testing.T) { rh.OnDelete(fallbackSecret) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: nil, }) @@ -327,7 +328,7 @@ func TestFallbackCertificate(t *testing.T) { rh.OnDelete(proxy4) rh.OnDelete(proxy2) - c.Request(secretType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(secretType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: secretType, Resources: nil, }) diff --git a/internal/featuretests/v3/featuretests.go b/internal/featuretests/v3/featuretests.go index fe3f2b1548f..deb22209c04 100644 --- a/internal/featuretests/v3/featuretests.go +++ b/internal/featuretests/v3/featuretests.go @@ -24,9 +24,9 @@ import ( "testing" "time" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" envoy_service_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/service/cluster/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" envoy_service_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/service/endpoint/v3" envoy_service_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/service/listener/v3" envoy_service_route_v3 "github.com/envoyproxy/go-control-plane/envoy/service/route/v3" @@ -40,11 +40,11 @@ import ( "google.golang.org/grpc/credentials/insecure" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/client-go/tools/cache" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/fixture" @@ -93,8 +93,8 @@ func setup(t *testing.T, opts ...any) (ResourceEventHandlerWrapper, *Contour, fu resources := []xdscache.ResourceCache{ xdscache_v3.NewListenerCache( conf, - v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, - v1alpha1.HealthConfig{Address: "0.0.0.0", Port: 8002}, + contour_v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, + contour_v1alpha1.HealthConfig{Address: "0.0.0.0", Port: 8002}, 0, ), &xdscache_v3.SecretCache{}, @@ -229,7 +229,7 @@ func (r *resourceEventHandler) OnAdd(obj any) { } switch obj.(type) { - case *v1.Endpoints: + case *core_v1.Endpoints: r.EndpointsHandler.OnAdd(obj, false) default: r.EventHandler.OnAdd(obj, false) @@ -251,7 +251,7 @@ func (r *resourceEventHandler) OnUpdate(oldObj, newObj any) { } switch newObj.(type) { - case *v1.Endpoints: + case *core_v1.Endpoints: r.EndpointsHandler.OnUpdate(oldObj, newObj) default: r.EventHandler.OnUpdate(oldObj, newObj) @@ -270,7 +270,7 @@ func (r *resourceEventHandler) OnDelete(obj any) { } switch obj.(type) { - case *v1.Endpoints: + case *core_v1.Endpoints: r.EndpointsHandler.OnDelete(obj) default: r.EventHandler.OnDelete(obj) @@ -283,7 +283,7 @@ func (r *resourceEventHandler) OnDelete(obj any) { // routeResources returns the given routes as a slice of any.Any // resources, appropriately sorted. -func routeResources(t *testing.T, routes ...*envoy_route_v3.RouteConfiguration) []*anypb.Any { +func routeResources(t *testing.T, routes ...*envoy_config_route_v3.RouteConfiguration) []*anypb.Any { sort.Stable(sorter.For(routes)) return resources(t, protobuf.AsMessages(routes)...) } @@ -298,20 +298,20 @@ func resources(t *testing.T, protos ...proto.Message) []*anypb.Any { } type grpcStream interface { - Send(*envoy_discovery_v3.DiscoveryRequest) error - Recv() (*envoy_discovery_v3.DiscoveryResponse, error) + Send(*envoy_service_discovery_v3.DiscoveryRequest) error + Recv() (*envoy_service_discovery_v3.DiscoveryResponse, error) } type StatusResult struct { *Contour Err error - Have *contour_api_v1.HTTPProxyStatus + Have *contour_v1.HTTPProxyStatus } // Equals asserts that the status result is not an error and matches // the wanted status exactly. -func (s *StatusResult) Equals(want contour_api_v1.HTTPProxyStatus) *Contour { +func (s *StatusResult) Equals(want contour_v1.HTTPProxyStatus) *Contour { s.T.Helper() // We should never get an error fetching the status for an @@ -326,7 +326,7 @@ func (s *StatusResult) Equals(want contour_api_v1.HTTPProxyStatus) *Contour { // Like asserts that the status result is not an error and matches // non-empty fields in the wanted status. -func (s *StatusResult) Like(want contour_api_v1.HTTPProxyStatus) *Contour { +func (s *StatusResult) Like(want contour_v1.HTTPProxyStatus) *Contour { s.T.Helper() // We should never get an error fetching the status for an @@ -337,15 +337,15 @@ func (s *StatusResult) Like(want contour_api_v1.HTTPProxyStatus) *Contour { if len(want.CurrentStatus) > 0 { assert.Equal(s.T, - contour_api_v1.HTTPProxyStatus{CurrentStatus: want.CurrentStatus}, - contour_api_v1.HTTPProxyStatus{CurrentStatus: s.Have.CurrentStatus}, + contour_v1.HTTPProxyStatus{CurrentStatus: want.CurrentStatus}, + contour_v1.HTTPProxyStatus{CurrentStatus: s.Have.CurrentStatus}, ) } if len(want.Description) > 0 { assert.Equal(s.T, - contour_api_v1.HTTPProxyStatus{Description: want.Description}, - contour_api_v1.HTTPProxyStatus{Description: s.Have.Description}, + contour_v1.HTTPProxyStatus{Description: want.Description}, + contour_v1.HTTPProxyStatus{Description: s.Have.Description}, ) } @@ -357,7 +357,7 @@ func (s *StatusResult) Like(want contour_api_v1.HTTPProxyStatus) *Contour { func (s *StatusResult) HasError(condType, reason, message string) *Contour { assert.Equal(s.T, string(status.ProxyStatusInvalid), s.Have.CurrentStatus) assert.Equal(s.T, "At least one error present, see Errors for details", s.Have.Description) - validCond := s.Have.GetConditionFor(contour_api_v1.ValidConditionType) + validCond := s.Have.GetConditionFor(contour_v1.ValidConditionType) assert.NotNil(s.T, validCond) subCond, ok := validCond.GetError(condType) @@ -450,7 +450,7 @@ func (c *Contour) Request(typeurl string, names ...string) *Response { default: c.Fatal("unknown typeURL:", typeurl) } - resp := c.sendRequest(st, &envoy_discovery_v3.DiscoveryRequest{ + resp := c.sendRequest(st, &envoy_service_discovery_v3.DiscoveryRequest{ TypeUrl: typeurl, ResourceNames: names, }) @@ -460,7 +460,7 @@ func (c *Contour) Request(typeurl string, names ...string) *Response { } } -func (c *Contour) sendRequest(stream grpcStream, req *envoy_discovery_v3.DiscoveryRequest) *envoy_discovery_v3.DiscoveryResponse { +func (c *Contour) sendRequest(stream grpcStream, req *envoy_service_discovery_v3.DiscoveryRequest) *envoy_service_discovery_v3.DiscoveryResponse { err := stream.Send(req) require.NoError(c, err) resp, err := stream.Recv() @@ -470,12 +470,12 @@ func (c *Contour) sendRequest(stream grpcStream, req *envoy_discovery_v3.Discove type Response struct { *Contour - *envoy_discovery_v3.DiscoveryResponse + *envoy_service_discovery_v3.DiscoveryResponse } // Equals tests that the response retrieved from Contour is equal to the supplied value. // TODO(youngnick) This function really should be copied to an `EqualResources` function. -func (r *Response) Equals(want *envoy_discovery_v3.DiscoveryResponse) *Contour { +func (r *Response) Equals(want *envoy_service_discovery_v3.DiscoveryResponse) *Contour { r.Helper() protobuf.RequireEqual(r.T, want.Resources, r.DiscoveryResponse.Resources) diff --git a/internal/featuretests/v3/global_authorization_test.go b/internal/featuretests/v3/global_authorization_test.go index 3bea4145d5d..dbafac189e1 100644 --- a/internal/featuretests/v3/global_authorization_test.go +++ b/internal/featuretests/v3/global_authorization_test.go @@ -16,16 +16,20 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_config_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - envoy_type "github.com/envoyproxy/go-control-plane/envoy/type/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "google.golang.org/protobuf/types/known/anypb" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" @@ -34,24 +38,21 @@ import ( "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/timeout" xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" - "google.golang.org/protobuf/types/known/anypb" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func globalExternalAuthorizationFilterExists(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, @@ -69,7 +70,7 @@ func globalExternalAuthorizationFilterExists(t *testing.T, rh ResourceEventHandl // extAuthz filter. httpListener.FilterChains = envoy_v3.FilterChains(getGlobalExtAuthHCM()) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, httpListener, @@ -80,16 +81,16 @@ func globalExternalAuthorizationFilterExists(t *testing.T, rh ResourceEventHandl func globalExternalAuthorizationFilterExistsTLS(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { p := fixture.NewProxy("TLSProxy"). WithFQDN("foo.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "certificate", }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, @@ -107,25 +108,25 @@ func globalExternalAuthorizationFilterExistsTLS(t *testing.T, rh ResourceEventHa // extAuthz filter. httpListener.FilterChains = envoy_v3.FilterChains(getGlobalExtAuthHCM()) - httpsListener := &envoy_listener_v3.Listener{ + httpsListener := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("foo.com", featuretests.TLSSecret(t, "certificate", &featuretests.ServerCertificate), authzFilterFor( "foo.com", - &envoy_config_filter_http_ext_authz_v3.ExtAuthz{ + &envoy_filter_http_ext_authz_v3.ExtAuthz{ Services: grpcCluster("extension/auth/extension"), ClearRouteCache: true, IncludePeerCertificate: true, - StatusOnError: &envoy_type.HttpStatus{ - Code: envoy_type.StatusCode_Forbidden, + StatusOnError: &envoy_type_v3.HttpStatus{ + Code: envoy_type_v3.StatusCode_Forbidden, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, ), nil, "h2", "http/1.1"), @@ -133,7 +134,7 @@ func globalExternalAuthorizationFilterExistsTLS(t *testing.T, rh ResourceEventHa SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, httpListener, @@ -145,21 +146,21 @@ func globalExternalAuthorizationFilterExistsTLS(t *testing.T, rh ResourceEventHa func globalExternalAuthorizationWithTLSGlobalAuthDisabled(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { p := fixture.NewProxy("TLSProxy"). WithFQDN("foo.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "certificate", }, - Authorization: &contour_api_v1.AuthorizationServer{ - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + Authorization: &contour_v1.AuthorizationServer{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Disabled: true, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, @@ -177,13 +178,13 @@ func globalExternalAuthorizationWithTLSGlobalAuthDisabled(t *testing.T, rh Resou // extAuthz filter. httpListener.FilterChains = envoy_v3.FilterChains(getGlobalExtAuthHCM()) - httpsListener := &envoy_listener_v3.Listener{ + httpsListener := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("foo.com", featuretests.TLSSecret(t, "certificate", &featuretests.ServerCertificate), httpsFilterFor("foo.com"), @@ -192,7 +193,7 @@ func globalExternalAuthorizationWithTLSGlobalAuthDisabled(t *testing.T, rh Resou SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, httpListener, @@ -202,24 +203,24 @@ func globalExternalAuthorizationWithTLSGlobalAuthDisabled(t *testing.T, rh Resou } func globalExternalAuthorizationWithMergedAuthPolicy(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, }, }, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "header_type": "proxy_config", "header_2": "message_2", @@ -237,27 +238,27 @@ func globalExternalAuthorizationWithMergedAuthPolicy(t *testing.T, rh ResourceEv // extAuthz filter. httpListener.FilterChains = envoy_v3.FilterChains(getGlobalExtAuthHCM()) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, httpListener, statsListener()), }).Status(p).IsValid() - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "ingress_http", envoy_v3.VirtualHost("foo.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ envoy_v3.ExtAuthzFilterName: protobuf.MustMarshalAny( - &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ - CheckSettings: &envoy_config_filter_http_ext_authz_v3.CheckSettings{ + &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ + CheckSettings: &envoy_filter_http_ext_authz_v3.CheckSettings{ ContextExtensions: map[string]string{ "header_type": "proxy_config", "header_1": "message_1", @@ -278,22 +279,22 @@ func globalExternalAuthorizationWithMergedAuthPolicy(t *testing.T, rh ResourceEv func globalExternalAuthorizationWithMergedAuthPolicyTLS(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { p := fixture.NewProxy("TLSProxy"). WithFQDN("foo.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "certificate", }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, }, }, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "header_type": "proxy_config", "header_2": "message_2", @@ -311,25 +312,25 @@ func globalExternalAuthorizationWithMergedAuthPolicyTLS(t *testing.T, rh Resourc // extAuthz filter. httpListener.FilterChains = envoy_v3.FilterChains(getGlobalExtAuthHCM()) - httpsListener := &envoy_listener_v3.Listener{ + httpsListener := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("foo.com", featuretests.TLSSecret(t, "certificate", &featuretests.ServerCertificate), authzFilterFor( "foo.com", - &envoy_config_filter_http_ext_authz_v3.ExtAuthz{ + &envoy_filter_http_ext_authz_v3.ExtAuthz{ Services: grpcCluster("extension/auth/extension"), ClearRouteCache: true, IncludePeerCertificate: true, - StatusOnError: &envoy_type.HttpStatus{ - Code: envoy_type.StatusCode_Forbidden, + StatusOnError: &envoy_type_v3.HttpStatus{ + Code: envoy_type_v3.StatusCode_Forbidden, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, ), nil, "h2", "http/1.1"), @@ -337,7 +338,7 @@ func globalExternalAuthorizationWithMergedAuthPolicyTLS(t *testing.T, rh Resourc SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, httpListener, @@ -345,20 +346,20 @@ func globalExternalAuthorizationWithMergedAuthPolicyTLS(t *testing.T, rh Resourc statsListener()), }).Status(p).IsValid() - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/foo.com", envoy_v3.VirtualHost("foo.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ envoy_v3.ExtAuthzFilterName: protobuf.MustMarshalAny( - &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ - CheckSettings: &envoy_config_filter_http_ext_authz_v3.CheckSettings{ + &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ + CheckSettings: &envoy_filter_http_ext_authz_v3.CheckSettings{ ContextExtensions: map[string]string{ "header_type": "proxy_config", "header_1": "message_1", @@ -375,7 +376,7 @@ func globalExternalAuthorizationWithMergedAuthPolicyTLS(t *testing.T, rh Resourc envoy_v3.RouteConfiguration( "ingress_http", envoy_v3.VirtualHost("foo.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withRedirect(), }, @@ -388,29 +389,29 @@ func globalExternalAuthorizationWithMergedAuthPolicyTLS(t *testing.T, rh Resourc func globalExternalAuthorizationWithTLSAuthOverride(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { p := fixture.NewProxy("TLSProxy"). WithFQDN("foo.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "certificate", }, - Authorization: &contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + Authorization: &contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: "auth", Name: "extension", }, ResponseTimeout: defaultResponseTimeout.String(), FailOpen: true, - WithRequestBody: &contour_api_v1.AuthorizationServerBufferSettings{ + WithRequestBody: &contour_v1.AuthorizationServerBufferSettings{ MaxRequestBytes: 512, PackAsBytes: true, AllowPartialMessage: true, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, @@ -428,31 +429,31 @@ func globalExternalAuthorizationWithTLSAuthOverride(t *testing.T, rh ResourceEve // extAuthz filter. httpListener.FilterChains = envoy_v3.FilterChains(getGlobalExtAuthHCM()) - httpsListener := &envoy_listener_v3.Listener{ + httpsListener := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("foo.com", featuretests.TLSSecret(t, "certificate", &featuretests.ServerCertificate), authzFilterFor( "foo.com", - &envoy_config_filter_http_ext_authz_v3.ExtAuthz{ + &envoy_filter_http_ext_authz_v3.ExtAuthz{ Services: grpcCluster("extension/auth/extension"), ClearRouteCache: true, IncludePeerCertificate: true, FailureModeAllow: true, - StatusOnError: &envoy_type.HttpStatus{ - Code: envoy_type.StatusCode_Forbidden, + StatusOnError: &envoy_type_v3.HttpStatus{ + Code: envoy_type_v3.StatusCode_Forbidden, }, - WithRequestBody: &envoy_config_filter_http_ext_authz_v3.BufferSettings{ + WithRequestBody: &envoy_filter_http_ext_authz_v3.BufferSettings{ MaxRequestBytes: 512, PackAsBytes: true, AllowPartialMessage: true, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, ), nil, "h2", "http/1.1"), @@ -460,7 +461,7 @@ func globalExternalAuthorizationWithTLSAuthOverride(t *testing.T, rh ResourceEve SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, httpListener, @@ -505,14 +506,14 @@ func TestGlobalAuthorization(t *testing.T) { func(b *dag.Builder) { for _, processor := range b.Processors { if httpProxyProcessor, ok := processor.(*dag.HTTPProxyProcessor); ok { - httpProxyProcessor.GlobalExternalAuthorization = &contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + httpProxyProcessor.GlobalExternalAuthorization = &contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Name: "extension", Namespace: "auth", }, FailOpen: false, ResponseTimeout: defaultResponseTimeout.String(), - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "header_type": "root_config", "header_1": "message_1", @@ -525,31 +526,31 @@ func TestGlobalAuthorization(t *testing.T) { defer done() // Add common test fixtures. - rh.OnAdd(fixture.NewService("s1").WithPorts(corev1.ServicePort{Port: 80})) + rh.OnAdd(fixture.NewService("s1").WithPorts(core_v1.ServicePort{Port: 80})) rh.OnAdd(fixture.NewService("auth/oidc-server"). - WithPorts(corev1.ServicePort{Port: 8081})) + WithPorts(core_v1.ServicePort{Port: 8081})) - rh.OnAdd(featuretests.Endpoints("auth", "oidc-server", corev1.EndpointSubset{ + rh.OnAdd(featuretests.Endpoints("auth", "oidc-server", core_v1.EndpointSubset{ Addresses: featuretests.Addresses("192.168.183.21"), Ports: featuretests.Ports(featuretests.Port("", 8081)), })) - rh.OnAdd(&contour_api_v1alpha1.ExtensionService{ + rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("auth/extension"), - Spec: contour_api_v1alpha1.ExtensionServiceSpec{ - Services: []contour_api_v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "oidc-server", Port: 8081}, }, - TimeoutPolicy: &contour_api_v1.TimeoutPolicy{ + TimeoutPolicy: &contour_v1.TimeoutPolicy{ Response: defaultResponseTimeout.String(), }, }, }) rh.OnAdd(fixture.NewService("app-server"). - WithPorts(corev1.ServicePort{Port: 80})) + WithPorts(core_v1.ServicePort{Port: 80})) - rh.OnAdd(featuretests.Endpoints("auth", "app-server", corev1.EndpointSubset{ + rh.OnAdd(featuretests.Endpoints("auth", "app-server", core_v1.EndpointSubset{ Addresses: featuretests.Addresses("192.168.183.21"), Ports: featuretests.Ports(featuretests.Port("", 80)), })) @@ -562,23 +563,23 @@ func TestGlobalAuthorization(t *testing.T) { } // getGlobalExtAuthHCM returns a HTTP Connection Manager with Global External Authorization configured. -func getGlobalExtAuthHCM() *envoy_listener_v3.Filter { +func getGlobalExtAuthHCM() *envoy_config_listener_v3.Filter { return envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName("ingress_http"). MetricsPrefix("ingress_http"). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). - AddFilter(&http.HttpFilter{ + AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPExternalAuthorization, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_config_filter_http_ext_authz_v3.ExtAuthz{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ext_authz_v3.ExtAuthz{ Services: grpcCluster("extension/auth/extension"), ClearRouteCache: true, IncludePeerCertificate: true, - StatusOnError: &envoy_type.HttpStatus{ - Code: envoy_type.StatusCode_Forbidden, + StatusOnError: &envoy_type_v3.HttpStatus{ + Code: envoy_type_v3.StatusCode_Forbidden, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }), }, }). diff --git a/internal/featuretests/v3/globalratelimit_test.go b/internal/featuretests/v3/globalratelimit_test.go index afe7e16e33c..258681ba2e3 100644 --- a/internal/featuretests/v3/globalratelimit_test.go +++ b/internal/featuretests/v3/globalratelimit_test.go @@ -16,15 +16,19 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - ratelimit_config_v3 "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - ratelimit_filter_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" @@ -32,24 +36,21 @@ import ( "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/protobuf" xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" ) func globalRateLimitFilterExists(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, @@ -68,24 +69,24 @@ func globalRateLimitFilterExists(t *testing.T, rh ResourceEventHandlerWrapper, c hcm := envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName("ingress_http"). MetricsPrefix("ingress_http"). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). - AddFilter(&http.HttpFilter{ + AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "contour", FailureModeDeny: true, - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: dag.ExtensionClusterName(k8s.NamespacedNameFrom("projectcontour/ratelimit")), Authority: "extension.projectcontour.ratelimit", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, }), }, @@ -94,7 +95,7 @@ func globalRateLimitFilterExists(t *testing.T, rh ResourceEventHandlerWrapper, c httpListener.FilterChains = envoy_v3.FilterChains(hcm) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, httpListener, @@ -103,23 +104,23 @@ func globalRateLimitFilterExists(t *testing.T, rh ResourceEventHandlerWrapper, c } func globalRateLimitNoRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour, tls tlsConfig) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: true, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, @@ -131,7 +132,7 @@ func globalRateLimitNoRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWra } if tls.enabled { - p.Spec.VirtualHost.TLS = &contour_api_v1.TLS{ + p.Spec.VirtualHost.TLS = &contour_v1.TLS{ SecretName: "tls-cert", EnableFallbackCertificate: tls.fallbackEnabled, } @@ -142,13 +143,13 @@ func globalRateLimitNoRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWra switch tls.enabled { case true: - c.Request(routeType, "https/foo.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType, "https/foo.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/foo.com", envoy_v3.VirtualHost("foo.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), }, @@ -157,13 +158,13 @@ func globalRateLimitNoRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWra ), }) if tls.fallbackEnabled { - c.Request(routeType, "ingress_fallbackcert").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType, "ingress_fallbackcert").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "ingress_fallbackcert", envoy_v3.VirtualHost("foo.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), }, @@ -173,13 +174,13 @@ func globalRateLimitNoRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWra }) } default: - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "ingress_http", envoy_v3.VirtualHost("foo.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), }, @@ -191,24 +192,24 @@ func globalRateLimitNoRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWra } func globalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour, tls tlsConfig) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RemoteAddress: &contour_api_v1.RemoteAddressDescriptor{}, + RemoteAddress: &contour_v1.RemoteAddressDescriptor{}, }, { - GenericKey: &contour_api_v1.GenericKeyDescriptor{Value: "generic-key-value"}, + GenericKey: &contour_v1.GenericKeyDescriptor{Value: "generic-key-value"}, }, }, }, @@ -216,9 +217,9 @@ func globalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerW }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, @@ -230,7 +231,7 @@ func globalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerW } if tls.enabled { - p.Spec.VirtualHost.TLS = &contour_api_v1.TLS{ + p.Spec.VirtualHost.TLS = &contour_v1.TLS{ SecretName: "tls-cert", EnableFallbackCertificate: tls.fallbackEnabled, } @@ -239,23 +240,23 @@ func globalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerW rh.OnAdd(p) c.Status(p).IsValid() - route := &envoy_route_v3.Route{ + route := &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), } vhost := envoy_v3.VirtualHost("foo.com", route) - vhost.RateLimits = []*envoy_route_v3.RateLimit{ + vhost.RateLimits = []*envoy_config_route_v3.RateLimit{ { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RemoteAddress_{ - RemoteAddress: &envoy_route_v3.RateLimit_Action_RemoteAddress{}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RemoteAddress_{ + RemoteAddress: &envoy_config_route_v3.RateLimit_Action_RemoteAddress{}, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value"}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value"}, }, }, }, @@ -264,18 +265,18 @@ func globalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerW switch tls.enabled { case true: - c.Request(routeType, "https/foo.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType, "https/foo.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("https/foo.com", vhost)), }) if tls.fallbackEnabled { - c.Request(routeType, "ingress_fallbackcert").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType, "ingress_fallbackcert").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_fallbackcert", vhost)), }) } default: - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", vhost)), }) @@ -283,38 +284,38 @@ func globalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerW } func globalRateLimitRouteRateLimitDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour, tls tlsConfig) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: true, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RemoteAddress: &contour_api_v1.RemoteAddressDescriptor{}, + RemoteAddress: &contour_v1.RemoteAddressDescriptor{}, }, { - GenericKey: &contour_api_v1.GenericKeyDescriptor{Value: "generic-key-value"}, + GenericKey: &contour_v1.GenericKeyDescriptor{Value: "generic-key-value"}, }, }, }, @@ -327,7 +328,7 @@ func globalRateLimitRouteRateLimitDefined(t *testing.T, rh ResourceEventHandlerW } if tls.enabled { - p.Spec.VirtualHost.TLS = &contour_api_v1.TLS{ + p.Spec.VirtualHost.TLS = &contour_v1.TLS{ SecretName: "tls-cert", EnableFallbackCertificate: tls.fallbackEnabled, } @@ -336,20 +337,20 @@ func globalRateLimitRouteRateLimitDefined(t *testing.T, rh ResourceEventHandlerW rh.OnAdd(p) c.Status(p).IsValid() - route := &envoy_route_v3.Route{ + route := &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: routeCluster("default/s1/80/da39a3ee5e", func(r *envoy_route_v3.Route_Route) { - r.Route.RateLimits = []*envoy_route_v3.RateLimit{ + Action: routeCluster("default/s1/80/da39a3ee5e", func(r *envoy_config_route_v3.Route_Route) { + r.Route.RateLimits = []*envoy_config_route_v3.RateLimit{ { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RemoteAddress_{ - RemoteAddress: &envoy_route_v3.RateLimit_Action_RemoteAddress{}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RemoteAddress_{ + RemoteAddress: &envoy_config_route_v3.RateLimit_Action_RemoteAddress{}, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value"}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value"}, }, }, }, @@ -362,18 +363,18 @@ func globalRateLimitRouteRateLimitDefined(t *testing.T, rh ResourceEventHandlerW switch tls.enabled { case true: - c.Request(routeType, "https/foo.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType, "https/foo.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("https/foo.com", vhost)), }) if tls.fallbackEnabled { - c.Request(routeType, "ingress_fallbackcert").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType, "ingress_fallbackcert").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_fallbackcert", vhost)), }) } default: - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", vhost)), }) @@ -381,24 +382,24 @@ func globalRateLimitRouteRateLimitDefined(t *testing.T, rh ResourceEventHandlerW } func globalRateLimitVhostAndRouteRateLimitDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour, tls tlsConfig) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RemoteAddress: &contour_api_v1.RemoteAddressDescriptor{}, + RemoteAddress: &contour_v1.RemoteAddressDescriptor{}, }, { - GenericKey: &contour_api_v1.GenericKeyDescriptor{Value: "generic-key-value-vhost"}, + GenericKey: &contour_v1.GenericKeyDescriptor{Value: "generic-key-value-vhost"}, }, }, }, @@ -406,24 +407,24 @@ func globalRateLimitVhostAndRouteRateLimitDefined(t *testing.T, rh ResourceEvent }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RemoteAddress: &contour_api_v1.RemoteAddressDescriptor{}, + RemoteAddress: &contour_v1.RemoteAddressDescriptor{}, }, { - GenericKey: &contour_api_v1.GenericKeyDescriptor{Value: "generic-key-value"}, + GenericKey: &contour_v1.GenericKeyDescriptor{Value: "generic-key-value"}, }, }, }, @@ -436,7 +437,7 @@ func globalRateLimitVhostAndRouteRateLimitDefined(t *testing.T, rh ResourceEvent } if tls.enabled { - p.Spec.VirtualHost.TLS = &contour_api_v1.TLS{ + p.Spec.VirtualHost.TLS = &contour_v1.TLS{ SecretName: "tls-cert", EnableFallbackCertificate: tls.fallbackEnabled, } @@ -445,20 +446,20 @@ func globalRateLimitVhostAndRouteRateLimitDefined(t *testing.T, rh ResourceEvent rh.OnAdd(p) c.Status(p).IsValid() - route := &envoy_route_v3.Route{ + route := &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: routeCluster("default/s1/80/da39a3ee5e", func(r *envoy_route_v3.Route_Route) { - r.Route.RateLimits = []*envoy_route_v3.RateLimit{ + Action: routeCluster("default/s1/80/da39a3ee5e", func(r *envoy_config_route_v3.Route_Route) { + r.Route.RateLimits = []*envoy_config_route_v3.RateLimit{ { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RemoteAddress_{ - RemoteAddress: &envoy_route_v3.RateLimit_Action_RemoteAddress{}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RemoteAddress_{ + RemoteAddress: &envoy_config_route_v3.RateLimit_Action_RemoteAddress{}, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value"}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value"}, }, }, }, @@ -468,17 +469,17 @@ func globalRateLimitVhostAndRouteRateLimitDefined(t *testing.T, rh ResourceEvent } vhost := envoy_v3.VirtualHost("foo.com", route) - vhost.RateLimits = []*envoy_route_v3.RateLimit{ + vhost.RateLimits = []*envoy_config_route_v3.RateLimit{ { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RemoteAddress_{ - RemoteAddress: &envoy_route_v3.RateLimit_Action_RemoteAddress{}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RemoteAddress_{ + RemoteAddress: &envoy_config_route_v3.RateLimit_Action_RemoteAddress{}, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value-vhost"}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value-vhost"}, }, }, }, @@ -487,18 +488,18 @@ func globalRateLimitVhostAndRouteRateLimitDefined(t *testing.T, rh ResourceEvent switch tls.enabled { case true: - c.Request(routeType, "https/foo.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType, "https/foo.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("https/foo.com", vhost)), }) if tls.fallbackEnabled { - c.Request(routeType, "ingress_fallbackcert").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType, "ingress_fallbackcert").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_fallbackcert", vhost)), }) } default: - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", vhost)), }) @@ -506,33 +507,33 @@ func globalRateLimitVhostAndRouteRateLimitDefined(t *testing.T, rh ResourceEvent } func defaultGlobalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour, tls tlsConfig) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RemoteAddress: &contour_api_v1.RemoteAddressDescriptor{}, + RemoteAddress: &contour_v1.RemoteAddressDescriptor{}, }, { - GenericKey: &contour_api_v1.GenericKeyDescriptor{Value: "generic-key-value"}, + GenericKey: &contour_v1.GenericKeyDescriptor{Value: "generic-key-value"}, }, }, }, @@ -545,7 +546,7 @@ func defaultGlobalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventH } if tls.enabled { - p.Spec.VirtualHost.TLS = &contour_api_v1.TLS{ + p.Spec.VirtualHost.TLS = &contour_v1.TLS{ SecretName: "tls-cert", EnableFallbackCertificate: tls.fallbackEnabled, } @@ -554,20 +555,20 @@ func defaultGlobalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventH rh.OnAdd(p) c.Status(p).IsValid() - route := &envoy_route_v3.Route{ + route := &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: routeCluster("default/s1/80/da39a3ee5e", func(r *envoy_route_v3.Route_Route) { - r.Route.RateLimits = []*envoy_route_v3.RateLimit{ + Action: routeCluster("default/s1/80/da39a3ee5e", func(r *envoy_config_route_v3.Route_Route) { + r.Route.RateLimits = []*envoy_config_route_v3.RateLimit{ { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RemoteAddress_{ - RemoteAddress: &envoy_route_v3.RateLimit_Action_RemoteAddress{}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RemoteAddress_{ + RemoteAddress: &envoy_config_route_v3.RateLimit_Action_RemoteAddress{}, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value"}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value"}, }, }, }, @@ -577,12 +578,12 @@ func defaultGlobalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventH } vhost := envoy_v3.VirtualHost("foo.com", route) - vhost.RateLimits = []*envoy_route_v3.RateLimit{ + vhost.RateLimits = []*envoy_config_route_v3.RateLimit{ { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{ DescriptorKey: "generic-key-vhost", DescriptorValue: "generic-key-vhost", }, @@ -594,18 +595,18 @@ func defaultGlobalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventH switch tls.enabled { case true: - c.Request(routeType, "https/foo.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType, "https/foo.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("https/foo.com", vhost)), }) if tls.fallbackEnabled { - c.Request(routeType, "ingress_fallbackcert").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType, "ingress_fallbackcert").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_fallbackcert", vhost)), }) } default: - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", vhost)), }) @@ -613,50 +614,50 @@ func defaultGlobalRateLimitVhostRateLimitDefined(t *testing.T, rh ResourceEventH } func globalRateLimitMultipleDescriptorsAndEntries(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: true, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Global: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ // first descriptor { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RemoteAddress: &contour_api_v1.RemoteAddressDescriptor{}, + RemoteAddress: &contour_v1.RemoteAddressDescriptor{}, }, { - GenericKey: &contour_api_v1.GenericKeyDescriptor{Value: "generic-key-value"}, + GenericKey: &contour_v1.GenericKeyDescriptor{Value: "generic-key-value"}, }, }, }, // second descriptor { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RequestHeader: &contour_api_v1.RequestHeaderDescriptor{HeaderName: "X-Contour", DescriptorKey: "header-descriptor"}, + RequestHeader: &contour_v1.RequestHeaderDescriptor{HeaderName: "X-Contour", DescriptorKey: "header-descriptor"}, }, { - GenericKey: &contour_api_v1.GenericKeyDescriptor{Key: "generic-key-key", Value: "generic-key-value-2"}, + GenericKey: &contour_v1.GenericKeyDescriptor{Key: "generic-key-key", Value: "generic-key-value-2"}, }, }, }, @@ -671,37 +672,37 @@ func globalRateLimitMultipleDescriptorsAndEntries(t *testing.T, rh ResourceEvent rh.OnAdd(p) c.Status(p).IsValid() - route := &envoy_route_v3.Route{ + route := &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: routeCluster("default/s1/80/da39a3ee5e", func(r *envoy_route_v3.Route_Route) { - r.Route.RateLimits = []*envoy_route_v3.RateLimit{ + Action: routeCluster("default/s1/80/da39a3ee5e", func(r *envoy_config_route_v3.Route_Route) { + r.Route.RateLimits = []*envoy_config_route_v3.RateLimit{ { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RemoteAddress_{ - RemoteAddress: &envoy_route_v3.RateLimit_Action_RemoteAddress{}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RemoteAddress_{ + RemoteAddress: &envoy_config_route_v3.RateLimit_Action_RemoteAddress{}, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value"}, + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{DescriptorValue: "generic-key-value"}, }, }, }, }, { - Actions: []*envoy_route_v3.RateLimit_Action{ + Actions: []*envoy_config_route_v3.RateLimit_Action{ { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_RequestHeaders_{ - RequestHeaders: &envoy_route_v3.RateLimit_Action_RequestHeaders{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_RequestHeaders_{ + RequestHeaders: &envoy_config_route_v3.RateLimit_Action_RequestHeaders{ HeaderName: "X-Contour", DescriptorKey: "header-descriptor", }, }, }, { - ActionSpecifier: &envoy_route_v3.RateLimit_Action_GenericKey_{ - GenericKey: &envoy_route_v3.RateLimit_Action_GenericKey{ + ActionSpecifier: &envoy_config_route_v3.RateLimit_Action_GenericKey_{ + GenericKey: &envoy_config_route_v3.RateLimit_Action_GenericKey{ DescriptorKey: "generic-key-key", DescriptorValue: "generic-key-value-2", }, @@ -713,7 +714,7 @@ func globalRateLimitMultipleDescriptorsAndEntries(t *testing.T, rh ResourceEvent }), } - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("foo.com", route))), }) @@ -808,18 +809,18 @@ func TestGlobalRateLimiting(t *testing.T) { Namespace: "default", } - httpProxyProcessor.GlobalRateLimitService = &contour_api_v1alpha1.RateLimitServiceConfig{ - ExtensionService: contour_api_v1alpha1.NamespacedName{ + httpProxyProcessor.GlobalRateLimitService = &contour_v1alpha1.RateLimitServiceConfig{ + ExtensionService: contour_v1alpha1.NamespacedName{ Name: "extension", Namespace: "ratelimit", }, Domain: "contour", - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contour_api_v1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "generic-key-vhost", Value: "generic-key-vhost", }, @@ -837,8 +838,8 @@ func TestGlobalRateLimiting(t *testing.T) { defer done() // Add common test fixtures. - rh.OnAdd(fixture.NewService("s1").WithPorts(corev1.ServicePort{Port: 80})) - rh.OnAdd(fixture.NewService("s2").WithPorts(corev1.ServicePort{Port: 80})) + rh.OnAdd(fixture.NewService("s1").WithPorts(core_v1.ServicePort{Port: 80})) + rh.OnAdd(fixture.NewService("s2").WithPorts(core_v1.ServicePort{Port: 80})) rh.OnAdd(featuretests.TLSSecret(t, "tls-cert", &featuretests.ServerCertificate)) rh.OnAdd(featuretests.TLSSecret(t, "fallback-cert", &featuretests.ServerCertificate)) diff --git a/internal/featuretests/v3/headercondition_test.go b/internal/featuretests/v3/headercondition_test.go index 4c4eca82724..4e8be094dc5 100644 --- a/internal/featuretests/v3/headercondition_test.go +++ b/internal/featuretests/v3/headercondition_test.go @@ -16,15 +16,16 @@ package v3 import ( "testing" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { @@ -32,27 +33,27 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) rh.OnAdd(fixture.NewService("svc2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) rh.OnAdd(fixture.NewService("svc3"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) - proxy1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -62,7 +63,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/"), headerContainsMatchCondition("x-header", "abc", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -72,7 +73,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), headerContainsMatchCondition("x-header", "abc", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -82,7 +83,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), headerNotExactMatchCondition("x-beta-release", "true", false, true), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -92,7 +93,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), headerNotContainsMatchCondition("x-beta-release", "t", false, true), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -102,11 +103,11 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { } rh.OnAdd(proxy1) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/blog", dag.HeaderMatchCondition{ Name: "x-beta-release", Value: "true", @@ -116,7 +117,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/blog", dag.HeaderMatchCondition{ Name: "x-beta-release", Value: "t", @@ -126,7 +127,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/blog", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -135,7 +136,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -144,7 +145,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -155,10 +156,10 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }) proxy2 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -167,7 +168,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/"), headerNotContainsMatchCondition("x-header", "123", false, false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -176,7 +177,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), headerNotContainsMatchCondition("x-header", "abc", false, false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -185,11 +186,11 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { rh.OnUpdate(proxy1, proxy2) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/blog", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -198,7 +199,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "123", @@ -207,7 +208,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -218,10 +219,10 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }) proxy3 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -230,7 +231,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/"), headerExactMatchCondition("x-header", "abc", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -239,7 +240,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), headerExactMatchCondition("x-header", "123", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -248,11 +249,11 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { rh.OnUpdate(proxy2, proxy3) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/blog", dag.HeaderMatchCondition{ Name: "x-header", Value: "123", @@ -261,7 +262,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -270,7 +271,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -281,10 +282,10 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }) proxy4 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -293,7 +294,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/"), headerNotExactMatchCondition("x-header", "abc", false, false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -302,7 +303,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), headerNotExactMatchCondition("x-header", "123", false, false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -311,11 +312,11 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { rh.OnUpdate(proxy3, proxy4) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/blog", dag.HeaderMatchCondition{ Name: "x-header", Value: "123", @@ -324,7 +325,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -333,7 +334,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -344,10 +345,10 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }) proxy5 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -356,7 +357,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/"), headerPresentMatchCondition("x-header"), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -365,7 +366,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), headerPresentMatchCondition("x-header"), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -374,11 +375,11 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { rh.OnUpdate(proxy4, proxy5) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/blog", dag.HeaderMatchCondition{ Name: "x-header", MatchType: "present", @@ -386,7 +387,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", MatchType: "present", @@ -394,7 +395,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -407,15 +408,15 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { // proxy with two routes that have the same prefix and a Contains header // condition on the same header, differing only in the value of the condition. proxy6 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{ { Conditions: matchconditions( prefixMatchCondition("/"), headerContainsMatchCondition("x-header", "abc", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -425,7 +426,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/"), headerContainsMatchCondition("x-header", "def", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -436,11 +437,11 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { rh.OnUpdate(proxy5, proxy6) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -449,7 +450,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "def", @@ -467,15 +468,15 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { // proxy with two routes that both have a condition on the same // header, one using Contains and one using NotContains. proxy7 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{ { Conditions: matchconditions( prefixMatchCondition("/"), headerContainsMatchCondition("x-header", "abc", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -485,7 +486,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/"), headerNotContainsMatchCondition("x-header", "abc", false, false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -496,11 +497,11 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { rh.OnUpdate(proxy6, proxy7) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -509,7 +510,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -526,10 +527,10 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { // proxy with regex match header condition. proxy8 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -538,7 +539,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/"), headerRegexMatchCondition("x-header", "^123.*"), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -547,7 +548,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { prefixMatchCondition("/"), headerRegexMatchCondition("x-header", "^789.*"), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -556,11 +557,11 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { rh.OnUpdate(proxy7, proxy8) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "^123.*", @@ -568,7 +569,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "^789.*", @@ -576,7 +577,7 @@ func TestConditions_ContainsHeader_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, diff --git a/internal/featuretests/v3/headerpolicy_test.go b/internal/featuretests/v3/headerpolicy_test.go index 9b9ff24ec41..f47d32c4852 100644 --- a/internal/featuretests/v3/headerpolicy_test.go +++ b/internal/featuretests/v3/headerpolicy_test.go @@ -16,15 +16,16 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { @@ -35,19 +36,19 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "goodbye.planet", }}, @@ -56,11 +57,11 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeHostRewrite("default/svc1/80/3eb3d00648", "goodbye.planet"), }, @@ -72,15 +73,15 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { // Non-Host header rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "x-header", Value: "goodbye.planet", }}, @@ -89,19 +90,19 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), - RequestHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ - Header: &envoy_core_v3.HeaderValue{ + RequestHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "X-Header", Value: "goodbye.planet", }, - AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, }}, }, ), @@ -112,15 +113,15 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { // Empty value for replaceHeader in HeadersPolicy rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", }}, }, @@ -128,11 +129,11 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -144,10 +145,10 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { rh.OnAdd(fixture.NewService("externalname"). Annotate("projectcontour.io/upstream-protocol.tls", "https,443"). - WithSpec(v1.ServiceSpec{ + WithSpec(core_v1.ServiceSpec{ ExternalName: "goodbye.planet", - Type: v1.ServiceTypeExternalName, - Ports: []v1.ServicePort{{ + Type: core_v1.ServiceTypeExternalName, + Ports: []core_v1.ServicePort{{ Port: 443, Name: "https", }}, @@ -158,18 +159,18 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { // Proxy with SNI rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - TLS: &contour_api_v1.TLS{SecretName: "foo"}, + TLS: &contour_v1.TLS{SecretName: "foo"}, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "externalname", Port: 443, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "goodbye.planet", }}, @@ -178,15 +179,15 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -195,7 +196,7 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { ), envoy_v3.RouteConfiguration("https/hello.world", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeHostRewrite("default/externalname/443/9ebffe8f28", "goodbye.planet"), }, @@ -204,7 +205,7 @@ func TestHeaderPolicy_ReplaceHeader_HTTProxy(t *testing.T) { TypeUrl: routeType, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster(externalNameCluster("default/externalname/443/9ebffe8f28", "default/externalname/https", "default_externalname_443", "goodbye.planet", 443), nil, "goodbye.planet", "goodbye.planet", nil, nil), ), @@ -220,19 +221,19 @@ func TestHeaderPolicy_ReplaceHostHeader_HTTProxy(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "%REQ(x-goodbye-planet)%", }}, @@ -241,11 +242,11 @@ func TestHeaderPolicy_ReplaceHostHeader_HTTProxy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeHostRewriteHeader("default/svc1/80/da39a3ee5e", "X-Goodbye-Planet"), }, @@ -257,10 +258,10 @@ func TestHeaderPolicy_ReplaceHostHeader_HTTProxy(t *testing.T) { rh.OnAdd(fixture.NewService("externalname"). Annotate("projectcontour.io/upstream-protocol.tls", "https,443"). - WithSpec(v1.ServiceSpec{ + WithSpec(core_v1.ServiceSpec{ ExternalName: "goodbye.planet", - Type: v1.ServiceTypeExternalName, - Ports: []v1.ServicePort{{ + Type: core_v1.ServiceTypeExternalName, + Ports: []core_v1.ServicePort{{ Port: 443, Name: "https", }}, @@ -271,18 +272,18 @@ func TestHeaderPolicy_ReplaceHostHeader_HTTProxy(t *testing.T) { // Proxy with SNI rh.OnAdd(fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hello.world", - TLS: &contour_api_v1.TLS{SecretName: "foo"}, + TLS: &contour_v1.TLS{SecretName: "foo"}, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "externalname", Port: 443, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Host", Value: "%REQ(x-goodbye-planet)%", }}, @@ -291,15 +292,15 @@ func TestHeaderPolicy_ReplaceHostHeader_HTTProxy(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -308,7 +309,7 @@ func TestHeaderPolicy_ReplaceHostHeader_HTTProxy(t *testing.T) { ), envoy_v3.RouteConfiguration("https/hello.world", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeHostRewriteHeader("default/externalname/443/9ebffe8f28", "X-Goodbye-Planet"), }, @@ -317,7 +318,7 @@ func TestHeaderPolicy_ReplaceHostHeader_HTTProxy(t *testing.T) { TypeUrl: routeType, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster(externalNameCluster("default/externalname/443/9ebffe8f28", "default/externalname/https", "default_externalname_443", "goodbye.planet", 443), nil, "goodbye.planet", "goodbye.planet", nil, nil), ), diff --git a/internal/featuretests/v3/httpproxy.go b/internal/featuretests/v3/httpproxy.go index ad55286f5c1..d5b3da9446f 100644 --- a/internal/featuretests/v3/httpproxy.go +++ b/internal/featuretests/v3/httpproxy.go @@ -16,22 +16,22 @@ package v3 // HTTPProxy helpers import ( - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) -func matchconditions(first contour_api_v1.MatchCondition, rest ...contour_api_v1.MatchCondition) []contour_api_v1.MatchCondition { - return append([]contour_api_v1.MatchCondition{first}, rest...) +func matchconditions(first contour_v1.MatchCondition, rest ...contour_v1.MatchCondition) []contour_v1.MatchCondition { + return append([]contour_v1.MatchCondition{first}, rest...) } -func prefixMatchCondition(prefix string) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ +func prefixMatchCondition(prefix string) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ Prefix: prefix, } } -func headerContainsMatchCondition(name, value string, ignoreCase bool) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - Header: &contour_api_v1.HeaderMatchCondition{ +func headerContainsMatchCondition(name, value string, ignoreCase bool) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: name, Contains: value, IgnoreCase: ignoreCase, @@ -39,9 +39,9 @@ func headerContainsMatchCondition(name, value string, ignoreCase bool) contour_a } } -func headerNotContainsMatchCondition(name, value string, ignoreCase, treatMissingAsEmpty bool) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - Header: &contour_api_v1.HeaderMatchCondition{ +func headerNotContainsMatchCondition(name, value string, ignoreCase, treatMissingAsEmpty bool) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: name, NotContains: value, IgnoreCase: ignoreCase, @@ -50,9 +50,9 @@ func headerNotContainsMatchCondition(name, value string, ignoreCase, treatMissin } } -func headerExactMatchCondition(name, value string, ignoreCase bool) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - Header: &contour_api_v1.HeaderMatchCondition{ +func headerExactMatchCondition(name, value string, ignoreCase bool) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: name, Exact: value, IgnoreCase: ignoreCase, @@ -60,9 +60,9 @@ func headerExactMatchCondition(name, value string, ignoreCase bool) contour_api_ } } -func headerNotExactMatchCondition(name, value string, ignoreCase, treatMissingAsEmpty bool) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - Header: &contour_api_v1.HeaderMatchCondition{ +func headerNotExactMatchCondition(name, value string, ignoreCase, treatMissingAsEmpty bool) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: name, NotExact: value, IgnoreCase: ignoreCase, @@ -71,27 +71,27 @@ func headerNotExactMatchCondition(name, value string, ignoreCase, treatMissingAs } } -func headerPresentMatchCondition(name string) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - Header: &contour_api_v1.HeaderMatchCondition{ +func headerPresentMatchCondition(name string) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: name, Present: true, }, } } -func headerRegexMatchCondition(name, value string) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - Header: &contour_api_v1.HeaderMatchCondition{ +func headerRegexMatchCondition(name, value string) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: name, Regex: value, }, } } -func queryParameterExactMatchCondition(name, value string, ignoreCase bool) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ +func queryParameterExactMatchCondition(name, value string, ignoreCase bool) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: name, Exact: value, IgnoreCase: ignoreCase, @@ -99,9 +99,9 @@ func queryParameterExactMatchCondition(name, value string, ignoreCase bool) cont } } -func queryParameterPrefixMatchCondition(name, value string, ignoreCase bool) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ +func queryParameterPrefixMatchCondition(name, value string, ignoreCase bool) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: name, Prefix: value, IgnoreCase: ignoreCase, @@ -109,9 +109,9 @@ func queryParameterPrefixMatchCondition(name, value string, ignoreCase bool) con } } -func queryParameterSuffixMatchCondition(name, value string, ignoreCase bool) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ +func queryParameterSuffixMatchCondition(name, value string, ignoreCase bool) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: name, Suffix: value, IgnoreCase: ignoreCase, @@ -119,18 +119,18 @@ func queryParameterSuffixMatchCondition(name, value string, ignoreCase bool) con } } -func queryParameterRegexMatchCondition(name, value string) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ +func queryParameterRegexMatchCondition(name, value string) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: name, Regex: value, }, } } -func queryParameterContainsMatchCondition(name, value string, ignoreCase bool) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ +func queryParameterContainsMatchCondition(name, value string, ignoreCase bool) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: name, Contains: value, IgnoreCase: ignoreCase, @@ -138,9 +138,9 @@ func queryParameterContainsMatchCondition(name, value string, ignoreCase bool) c } } -func queryParameterPresentMatchCondition(name string) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ +func queryParameterPresentMatchCondition(name string) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: name, Present: true, }, diff --git a/internal/featuretests/v3/httproute_test.go b/internal/featuretests/v3/httproute_test.go index 00558c16f4b..ce8f69ac72c 100644 --- a/internal/featuretests/v3/httproute_test.go +++ b/internal/featuretests/v3/httproute_test.go @@ -16,41 +16,42 @@ package v3 import ( "testing" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" + gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/ref" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) var ( gc = &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, } gateway = &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -93,11 +94,11 @@ func TestGateway_TLS(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) rh.OnAdd(fixture.NewService("svc2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) sec1 := featuretests.TLSSecret(t, "projectcontour/tlscert", &featuretests.ServerCertificate) @@ -109,7 +110,7 @@ func TestGateway_TLS(t *testing.T) { rh.OnAdd(gateway) rh.OnAdd(&gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -132,14 +133,14 @@ func TestGateway_TLS(t *testing.T) { }, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("http-80", envoy_v3.VirtualHost("test.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routeSegmentPrefix("/blog"), Action: routeCluster("default/svc2/80/da39a3ee5e"), - }, &envoy_route_v3.Route{ + }, &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -147,10 +148,10 @@ func TestGateway_TLS(t *testing.T) { ), envoy_v3.RouteConfiguration("https-443/test.projectcontour.io", envoy_v3.VirtualHost("test.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routeSegmentPrefix("/blog"), Action: routeCluster("default/svc2/80/da39a3ee5e"), - }, &envoy_route_v3.Route{ + }, &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -160,10 +161,10 @@ func TestGateway_TLS(t *testing.T) { TypeUrl: routeType, }) - c.Request(listenerType, "https-443").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "https-443").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-443", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( diff --git a/internal/featuretests/v3/ingressclass_test.go b/internal/featuretests/v3/ingressclass_test.go index 3e9fc4e04ed..c05a2d480cc 100644 --- a/internal/featuretests/v3/ingressclass_test.go +++ b/internal/featuretests/v3/ingressclass_test.go @@ -16,18 +16,19 @@ package v3 import ( "testing" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/ref" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) const ( @@ -43,7 +44,7 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { defer done() svc := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) // Ingress @@ -60,11 +61,11 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { rh.OnAdd(ingressValid) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -86,7 +87,7 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { rh.OnUpdate(ingressValid, ingressWrongClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -102,7 +103,7 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { } rh.OnUpdate(ingressWrongClass, ingressNoClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -112,11 +113,11 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { // --- insert valid ingress object rh.OnAdd(ingressValid) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -129,7 +130,7 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { rh.OnDelete(ingressValid) // verify ingress is gone - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -142,12 +143,12 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { // --- ingress class matches explicitly proxyValid := fixture.NewProxy(HTTPProxyName). Annotate("projectcontour.io/ingress.class", "linkerd"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -156,11 +157,11 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { rh.OnAdd(proxyValid) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -173,12 +174,12 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { // --- wrong ingress class specified proxyWrongClass := fixture.NewProxy(HTTPProxyName). Annotate("kubernetes.io/ingress.class", "contour"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -188,7 +189,7 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { rh.OnUpdate(proxyValid, proxyWrongClass) // ingress class does not match ingress controller, ignored. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -197,12 +198,12 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { // --- no ingress class specified proxyNoClass := fixture.NewProxy(HTTPProxyName). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -212,7 +213,7 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { rh.OnUpdate(proxyWrongClass, proxyNoClass) // ingress class does not match ingress controller, ignored. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -222,11 +223,11 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { // --- insert valid httpproxy object rh.OnAdd(proxyValid) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -239,7 +240,7 @@ func TestIngressClassAnnotation_Configured(t *testing.T) { rh.OnDelete(proxyValid) // verify ingress is gone - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -257,7 +258,7 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { defer done() svc := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) // Ingress @@ -272,11 +273,11 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { rh.OnAdd(ingressNoClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -298,11 +299,11 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { rh.OnUpdate(ingressNoClass, ingressMatchingClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -323,7 +324,7 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { } rh.OnUpdate(ingressMatchingClass, ingressNonMatchingClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -333,11 +334,11 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { // --- insert valid ingress object rh.OnAdd(ingressNoClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -350,7 +351,7 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { rh.OnDelete(ingressNoClass) // verify ingress is gone - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -362,12 +363,12 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { { // --- no ingress class specified proxyNoClass := fixture.NewProxy(HTTPProxyName). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -376,11 +377,11 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { rh.OnAdd(proxyNoClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -393,12 +394,12 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { // --- matching ingress class specified proxyMatchingClass := fixture.NewProxy(HTTPProxyName). Annotate("kubernetes.io/ingress.class", "contour"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -407,11 +408,11 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { rh.OnUpdate(proxyNoClass, proxyMatchingClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -424,12 +425,12 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { // --- non-matching ingress class specified proxyNonMatchingClass := fixture.NewProxy(HTTPProxyName). Annotate("kubernetes.io/ingress.class", "invalid"). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -439,7 +440,7 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { rh.OnUpdate(proxyMatchingClass, proxyNonMatchingClass) // ingress class does not match ingress controller, ignored. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -449,11 +450,11 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { // --- insert valid httpproxy object rh.OnAdd(proxyNoClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -466,7 +467,7 @@ func TestIngressClassAnnotation_NotConfigured(t *testing.T) { rh.OnDelete(proxyNoClass) // verify ingress is gone - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -486,17 +487,17 @@ func TestIngressClassAnnotationUpdate(t *testing.T) { defer done() svc := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) - vhost := &contour_api_v1.HTTPProxy{ + vhost := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("default/kuard"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -511,11 +512,11 @@ func TestIngressClassAnnotationUpdate(t *testing.T) { rh.OnAdd(vhost) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -534,7 +535,7 @@ func TestIngressClassAnnotationUpdate(t *testing.T) { rh.OnUpdate(orig, vhost) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -549,7 +550,7 @@ func TestIngressClassResource_Configured(t *testing.T) { defer done() svc := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) ingressClass := networking_v1.IngressClass{ @@ -574,11 +575,11 @@ func TestIngressClassResource_Configured(t *testing.T) { rh.OnAdd(ingressValid) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -599,7 +600,7 @@ func TestIngressClassResource_Configured(t *testing.T) { rh.OnUpdate(ingressValid, ingressWrongClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -615,7 +616,7 @@ func TestIngressClassResource_Configured(t *testing.T) { } rh.OnUpdate(ingressWrongClass, ingressNoClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -628,11 +629,11 @@ func TestIngressClassResource_Configured(t *testing.T) { // Insert valid ingress object rh.OnAdd(ingressValid) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -645,7 +646,7 @@ func TestIngressClassResource_Configured(t *testing.T) { rh.OnDelete(ingressValid) // Verify ingress is gone. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -657,12 +658,12 @@ func TestIngressClassResource_Configured(t *testing.T) { { // --- ingress class matches explicitly proxyValid := fixture.NewProxy(HTTPProxyName). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -672,11 +673,11 @@ func TestIngressClassResource_Configured(t *testing.T) { rh.OnAdd(proxyValid) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -688,12 +689,12 @@ func TestIngressClassResource_Configured(t *testing.T) { // --- wrong ingress class specified proxyWrongClass := fixture.NewProxy(HTTPProxyName). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -704,7 +705,7 @@ func TestIngressClassResource_Configured(t *testing.T) { rh.OnUpdate(proxyValid, proxyWrongClass) // ingress class does not match ingress controller, ignored. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -713,12 +714,12 @@ func TestIngressClassResource_Configured(t *testing.T) { // --- no ingress class specified proxyNoClass := fixture.NewProxy(HTTPProxyName). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -728,7 +729,7 @@ func TestIngressClassResource_Configured(t *testing.T) { rh.OnUpdate(proxyWrongClass, proxyNoClass) // ingress class does not match ingress controller, ignored. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -738,11 +739,11 @@ func TestIngressClassResource_Configured(t *testing.T) { // --- insert valid httpproxy object rh.OnAdd(proxyValid) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -755,7 +756,7 @@ func TestIngressClassResource_Configured(t *testing.T) { rh.OnDelete(proxyValid) // verify ingress is gone - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -769,7 +770,7 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { defer done() svc := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) ingressClass := networking_v1.IngressClass{ @@ -793,11 +794,11 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { rh.OnAdd(ingressNoClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -818,11 +819,11 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { rh.OnUpdate(ingressNoClass, ingressMatchingClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -842,7 +843,7 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { } rh.OnUpdate(ingressMatchingClass, ingressNonMatchingClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -855,11 +856,11 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { // Insert valid ingress object rh.OnAdd(ingressMatchingClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -872,7 +873,7 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { rh.OnDelete(ingressMatchingClass) // Verify ingress is gone. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -884,12 +885,12 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { { // --- no ingress class specified proxyNoClass := fixture.NewProxy(HTTPProxyName). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -898,11 +899,11 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { rh.OnAdd(proxyNoClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -914,12 +915,12 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { // --- matching ingress class specified proxyMatchingClass := fixture.NewProxy(HTTPProxyName). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -929,11 +930,11 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { rh.OnUpdate(proxyNoClass, proxyMatchingClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -945,12 +946,12 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { // --- non-matching ingress class specified proxyNonMatchingClass := fixture.NewProxy(HTTPProxyName). - WithSpec(contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + WithSpec(contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: int(svc.Spec.Ports[0].Port), }}, @@ -961,7 +962,7 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { rh.OnUpdate(proxyMatchingClass, proxyNonMatchingClass) // ingress class does not match ingress controller, ignored. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -971,11 +972,11 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { // --- insert valid httpproxy object rh.OnAdd(proxyNoClass) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -988,7 +989,7 @@ func TestIngressClassResource_NotConfigured(t *testing.T) { rh.OnDelete(proxyNoClass) // verify ingress is gone - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), diff --git a/internal/featuretests/v3/internalredirectpolicy_test.go b/internal/featuretests/v3/internalredirectpolicy_test.go index 6eb1924637d..c3c021ed120 100644 --- a/internal/featuretests/v3/internalredirectpolicy_test.go +++ b/internal/featuretests/v3/internalredirectpolicy_test.go @@ -16,22 +16,22 @@ package v3 import ( "testing" - "google.golang.org/protobuf/types/known/wrapperspb" - - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" envoy_internal_redirect_previous_routes_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/previous_routes/v3" envoy_internal_redirect_safe_cross_scheme_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/safe_cross_scheme/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + "google.golang.org/protobuf/types/known/wrapperspb" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/protobuf" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) -func withInternalRedirectPolicy(route *envoy_route_v3.Route_Route, policy *envoy_route_v3.InternalRedirectPolicy) *envoy_route_v3.Route_Route { +func withInternalRedirectPolicy(route *envoy_config_route_v3.Route_Route, policy *envoy_config_route_v3.InternalRedirectPolicy) *envoy_config_route_v3.Route_Route { route.Route.InternalRedirectPolicy = policy return route } @@ -41,18 +41,18 @@ func TestInternalRedirectPolicy_HTTProxy(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) proxy := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, - InternalRedirectPolicy: &contour_api_v1.HTTPInternalRedirectPolicy{}, + InternalRedirectPolicy: &contour_v1.HTTPInternalRedirectPolicy{}, }}, }) @@ -60,13 +60,13 @@ func TestInternalRedirectPolicy_HTTProxy(t *testing.T) { conf := c.Request(routeType) // Verify default values - conf.Equals(&envoy_discovery_v3.DiscoveryResponse{ + conf.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: withInternalRedirectPolicy(routeCluster("default/svc1/80/da39a3ee5e"), &envoy_route_v3.InternalRedirectPolicy{ + Action: withInternalRedirectPolicy(routeCluster("default/svc1/80/da39a3ee5e"), &envoy_config_route_v3.InternalRedirectPolicy{ MaxInternalRedirects: nil, RedirectResponseCodes: []uint32{}, Predicates: nil, @@ -80,14 +80,14 @@ func TestInternalRedirectPolicy_HTTProxy(t *testing.T) { }) proxyCrossAlways := fixture.NewProxy("always").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, - InternalRedirectPolicy: &contour_api_v1.HTTPInternalRedirectPolicy{ + InternalRedirectPolicy: &contour_v1.HTTPInternalRedirectPolicy{ AllowCrossSchemeRedirect: "Always", }, }}, @@ -96,13 +96,13 @@ func TestInternalRedirectPolicy_HTTProxy(t *testing.T) { rh.OnUpdate(proxy, proxyCrossAlways) // Always: No predicate and AllowCrossSchemeRedirect true - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: withInternalRedirectPolicy(routeCluster("default/svc1/80/da39a3ee5e"), &envoy_route_v3.InternalRedirectPolicy{ + Action: withInternalRedirectPolicy(routeCluster("default/svc1/80/da39a3ee5e"), &envoy_config_route_v3.InternalRedirectPolicy{ AllowCrossSchemeRedirect: true, }), }, @@ -113,14 +113,14 @@ func TestInternalRedirectPolicy_HTTProxy(t *testing.T) { }) proxyCrossNever := fixture.NewProxy("always").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, - InternalRedirectPolicy: &contour_api_v1.HTTPInternalRedirectPolicy{ + InternalRedirectPolicy: &contour_v1.HTTPInternalRedirectPolicy{ AllowCrossSchemeRedirect: "Never", }, }}, @@ -129,13 +129,13 @@ func TestInternalRedirectPolicy_HTTProxy(t *testing.T) { rh.OnUpdate(proxyCrossAlways, proxyCrossNever) // Never: No predicate and AllowCrossSchemeRedirect false - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: withInternalRedirectPolicy(routeCluster("default/svc1/80/da39a3ee5e"), &envoy_route_v3.InternalRedirectPolicy{ + Action: withInternalRedirectPolicy(routeCluster("default/svc1/80/da39a3ee5e"), &envoy_config_route_v3.InternalRedirectPolicy{ AllowCrossSchemeRedirect: false, }), }, @@ -146,16 +146,16 @@ func TestInternalRedirectPolicy_HTTProxy(t *testing.T) { }) proxySafeOnly := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, - InternalRedirectPolicy: &contour_api_v1.HTTPInternalRedirectPolicy{ + InternalRedirectPolicy: &contour_v1.HTTPInternalRedirectPolicy{ MaxInternalRedirects: 2, - RedirectResponseCodes: []contour_api_v1.RedirectResponseCode{302, 307}, + RedirectResponseCodes: []contour_v1.RedirectResponseCode{302, 307}, DenyRepeatedRouteRedirect: true, AllowCrossSchemeRedirect: "SafeOnly", }, @@ -165,16 +165,16 @@ func TestInternalRedirectPolicy_HTTProxy(t *testing.T) { rh.OnUpdate(proxyCrossNever, proxySafeOnly) // Ensure predicates are properly generated for SafeOnly and DenyRepeatedRouteRedirect - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: withInternalRedirectPolicy(routeCluster("default/svc1/80/da39a3ee5e"), &envoy_route_v3.InternalRedirectPolicy{ + Action: withInternalRedirectPolicy(routeCluster("default/svc1/80/da39a3ee5e"), &envoy_config_route_v3.InternalRedirectPolicy{ MaxInternalRedirects: wrapperspb.UInt32(2), RedirectResponseCodes: []uint32{302, 307}, - Predicates: []*envoy_core_v3.TypedExtensionConfig{ + Predicates: []*envoy_config_core_v3.TypedExtensionConfig{ { Name: "envoy.internal_redirect_predicates.safe_cross_scheme", TypedConfig: protobuf.MustMarshalAny(&envoy_internal_redirect_safe_cross_scheme_v3.SafeCrossSchemeConfig{}), diff --git a/internal/featuretests/v3/ipfilter_test.go b/internal/featuretests/v3/ipfilter_test.go index 4092056a31c..3a19fb804a5 100644 --- a/internal/featuretests/v3/ipfilter_test.go +++ b/internal/featuretests/v3/ipfilter_test.go @@ -16,19 +16,20 @@ package v3 import ( "testing" - corev3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_config_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/fixture" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_rbac_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/fixture" ) func TestIPFilterPolicy(t *testing.T) { @@ -36,24 +37,24 @@ func TestIPFilterPolicy(t *testing.T) { defer done() s1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "vhfilter", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "test1.test.com", - IPAllowFilterPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourceRemote, + IPAllowFilterPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourceRemote, CIDR: "8.8.8.8/24", }}, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -62,14 +63,14 @@ func TestIPFilterPolicy(t *testing.T) { } rh.OnAdd(hp1) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", virtualHostWithFilters(envoy_v3.VirtualHost(hp1.Spec.VirtualHost.Fqdn, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/backend/80/da39a3ee5e"), }, - ), withFilterConfig(envoy_v3.RBACFilterName, &envoy_rbac_v3.RBACPerRoute{Rbac: &envoy_rbac_v3.RBAC{ + ), withFilterConfig(envoy_v3.RBACFilterName, &envoy_filter_http_rbac_v3.RBACPerRoute{Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_ALLOW, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -81,7 +82,7 @@ func TestIPFilterPolicy(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_RemoteIp{ - RemoteIp: &corev3.CidrRange{ + RemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "8.8.8.0", PrefixLen: wrapperspb.UInt32(24), }, @@ -96,28 +97,28 @@ func TestIPFilterPolicy(t *testing.T) { TypeUrl: routeType, }) - hp2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "vhfilter", Namespace: s1.Namespace, ResourceVersion: "2", Generation: 2, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "test1.test.com", - IPAllowFilterPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourceRemote, + IPAllowFilterPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourceRemote, CIDR: "8.8.8.8/24", }}, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - IPDenyFilterPolicy: []contour_api_v1.IPFilterPolicy{{ - Source: contour_api_v1.IPFilterSourcePeer, + IPDenyFilterPolicy: []contour_v1.IPFilterPolicy{{ + Source: contour_v1.IPFilterSourcePeer, CIDR: "2001:db8::68", }}, }}, @@ -125,14 +126,14 @@ func TestIPFilterPolicy(t *testing.T) { } rh.OnUpdate(hp1, hp2) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", virtualHostWithFilters(envoy_v3.VirtualHost(hp1.Spec.VirtualHost.Fqdn, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/backend/80/da39a3ee5e"), - TypedPerFilterConfig: withFilterConfig(envoy_v3.RBACFilterName, &envoy_rbac_v3.RBACPerRoute{ - Rbac: &envoy_rbac_v3.RBAC{ + TypedPerFilterConfig: withFilterConfig(envoy_v3.RBACFilterName, &envoy_filter_http_rbac_v3.RBACPerRoute{ + Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_DENY, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -144,7 +145,7 @@ func TestIPFilterPolicy(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_DirectRemoteIp{ - DirectRemoteIp: &corev3.CidrRange{ + DirectRemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "2001:db8::68", PrefixLen: wrapperspb.UInt32(128), }, @@ -156,7 +157,7 @@ func TestIPFilterPolicy(t *testing.T) { }, }), }, - ), withFilterConfig(envoy_v3.RBACFilterName, &envoy_rbac_v3.RBACPerRoute{Rbac: &envoy_rbac_v3.RBAC{ + ), withFilterConfig(envoy_v3.RBACFilterName, &envoy_filter_http_rbac_v3.RBACPerRoute{Rbac: &envoy_filter_http_rbac_v3.RBAC{ Rules: &envoy_config_rbac_v3.RBAC{ Action: envoy_config_rbac_v3.RBAC_ALLOW, Policies: map[string]*envoy_config_rbac_v3.Policy{ @@ -168,7 +169,7 @@ func TestIPFilterPolicy(t *testing.T) { }, Principals: []*envoy_config_rbac_v3.Principal{{ Identifier: &envoy_config_rbac_v3.Principal_RemoteIp{ - RemoteIp: &corev3.CidrRange{ + RemoteIp: &envoy_config_core_v3.CidrRange{ AddressPrefix: "8.8.8.0", PrefixLen: wrapperspb.UInt32(24), }, @@ -183,19 +184,19 @@ func TestIPFilterPolicy(t *testing.T) { TypeUrl: routeType, }) - hp3 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp3 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "vhfilter", Namespace: s1.Namespace, ResourceVersion: "3", Generation: 3, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "test1.test.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -204,10 +205,10 @@ func TestIPFilterPolicy(t *testing.T) { } rh.OnUpdate(hp2, hp3) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost(hp1.Spec.VirtualHost.Fqdn, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/backend/80/da39a3ee5e"), }, @@ -217,7 +218,7 @@ func TestIPFilterPolicy(t *testing.T) { rh.OnDelete(hp3) } -func virtualHostWithFilters(vh *envoy_route_v3.VirtualHost, typedPerFilterConfig map[string]*anypb.Any) *envoy_route_v3.VirtualHost { +func virtualHostWithFilters(vh *envoy_config_route_v3.VirtualHost, typedPerFilterConfig map[string]*anypb.Any) *envoy_config_route_v3.VirtualHost { vh.TypedPerFilterConfig = typedPerFilterConfig return vh } diff --git a/internal/featuretests/v3/jwtverification_test.go b/internal/featuretests/v3/jwtverification_test.go index 7a0dce2e5df..6c91d08e62a 100644 --- a/internal/featuretests/v3/jwtverification_test.go +++ b/internal/featuretests/v3/jwtverification_test.go @@ -17,24 +17,25 @@ import ( "testing" "time" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_jwt_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_jwt_authn_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "google.golang.org/protobuf/types/known/anypb" + "google.golang.org/protobuf/types/known/durationpb" + core_v1 "k8s.io/api/core/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/protobuf" - "google.golang.org/protobuf/types/known/anypb" - "google.golang.org/protobuf/types/known/durationpb" - corev1 "k8s.io/api/core/v1" ) func TestJWTVerification(t *testing.T) { @@ -45,20 +46,20 @@ func TestJWTVerification(t *testing.T) { rh.OnAdd(sec1) s1 := fixture.NewService("s1"). - WithPorts(corev1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(s1) // Valid HTTPProxy without JWT verification enabled proxy1 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -68,10 +69,10 @@ func TestJWTVerification(t *testing.T) { rh.OnAdd(proxy1) // We should start with a single generic HTTPS service. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -88,17 +89,17 @@ func TestJWTVerification(t *testing.T) { // Valid HTTPProxy with JWT verification enabled proxy2 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -106,12 +107,12 @@ func TestJWTVerification(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, }}, }) @@ -120,10 +121,10 @@ func TestJWTVerification(t *testing.T) { // Now we should have the JWT authentication filter, // a cluster for the JWKS URI and the route should have // a reference to the requirement. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -131,15 +132,15 @@ func TestJWTVerification(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -149,9 +150,9 @@ func TestJWTVerification(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, @@ -162,32 +163,32 @@ func TestJWTVerification(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "dnsname/https/jwt.example.com", - ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{ - Type: envoy_cluster_v3.Cluster_STRICT_DNS, + ClusterDiscoveryType: &envoy_config_cluster_v3.Cluster_Type{ + Type: envoy_config_cluster_v3.Cluster_STRICT_DNS, }, - CommonLbConfig: &envoy_cluster_v3.Cluster_CommonLbConfig{ + CommonLbConfig: &envoy_config_cluster_v3.Cluster_CommonLbConfig{ HealthyPanicThreshold: &envoy_type_v3.Percent{Value: 0}, }, ConnectTimeout: durationpb.New(2 * time.Second), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/https/jwt.example.com", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ - Address: &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_SocketAddress{ - SocketAddress: &envoy_core_v3.SocketAddress{ - Protocol: envoy_core_v3.SocketAddress_TCP, + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ + Address: &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_config_core_v3.SocketAddress{ + Protocol: envoy_config_core_v3.SocketAddress_TCP, Address: "jwt.example.com", - PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortSpecifier: &envoy_config_core_v3.SocketAddress_PortValue{ PortValue: uint32(443), }, }, @@ -200,29 +201,29 @@ func TestJWTVerification(t *testing.T) { }, }, }, - TransportSocket: &envoy_core_v3.TransportSocket{ + TransportSocket: &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tls_v3.UpstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{}, + ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{}, Sni: "jwt.example.com", }), }, }, }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, }), }, }, @@ -234,17 +235,17 @@ func TestJWTVerification(t *testing.T) { // Valid HTTPProxy with JWT verification enabled, with all paths // *except* /css opting into verification. proxy3 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -252,17 +253,17 @@ func TestJWTVerification(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, }, { - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/css"}}, - Services: []contour_api_v1.Service{{ + Conditions: []contour_v1.MatchCondition{{Prefix: "/css"}}, + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -273,10 +274,10 @@ func TestJWTVerification(t *testing.T) { rh.OnUpdate(proxy2, proxy3) // Verify that the "/css" JWT rule gets sorted before the "/" one. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -284,15 +285,15 @@ func TestJWTVerification(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -302,9 +303,9 @@ func TestJWTVerification(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, @@ -315,22 +316,22 @@ func TestJWTVerification(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/css"), Action: routeCluster("default/s1/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, }), }, }, @@ -341,18 +342,18 @@ func TestJWTVerification(t *testing.T) { // Same as proxy3, except using "opt-out" pattern instead of "opt-in". proxy4 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Default: true, Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -360,20 +361,20 @@ func TestJWTVerification(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/css"}}, - Services: []contour_api_v1.Service{{ + Conditions: []contour_v1.MatchCondition{{Prefix: "/css"}}, + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Disabled: true}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Disabled: true}, }, }, }) @@ -381,10 +382,10 @@ func TestJWTVerification(t *testing.T) { rh.OnUpdate(proxy3, proxy4) // Verify that the "/css" JWT rule gets sorted before the "/" one. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -392,15 +393,15 @@ func TestJWTVerification(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -410,9 +411,9 @@ func TestJWTVerification(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, @@ -423,22 +424,22 @@ func TestJWTVerification(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/css"), Action: routeCluster("default/s1/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, }), }, }, @@ -449,18 +450,18 @@ func TestJWTVerification(t *testing.T) { // Route overrides the default provider. proxy5 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Default: true, Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -469,7 +470,7 @@ func TestJWTVerification(t *testing.T) { { Name: "provider-2", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -477,13 +478,13 @@ func TestJWTVerification(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-2"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-2"}, }, }, }) @@ -491,10 +492,10 @@ func TestJWTVerification(t *testing.T) { rh.OnUpdate(proxy4, proxy5) // Verify that the route requires "provider-2". - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -502,15 +503,15 @@ func TestJWTVerification(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -521,11 +522,11 @@ func TestJWTVerification(t *testing.T) { }, "provider-2": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -535,14 +536,14 @@ func TestJWTVerification(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, "provider-2": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-2", }, }, @@ -553,18 +554,18 @@ func TestJWTVerification(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-2"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-2"}, }), }, }, @@ -575,17 +576,17 @@ func TestJWTVerification(t *testing.T) { // JWKS with a non-standard port proxy6 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com:8443/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -593,22 +594,22 @@ func TestJWTVerification(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, }}, }) rh.OnUpdate(proxy5, proxy6) // the JWKS cluster should reflect the non-standard port. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -616,15 +617,15 @@ func TestJWTVerification(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com:8443/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -634,9 +635,9 @@ func TestJWTVerification(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, @@ -647,32 +648,32 @@ func TestJWTVerification(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "dnsname/https/jwt.example.com", - ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{ - Type: envoy_cluster_v3.Cluster_STRICT_DNS, + ClusterDiscoveryType: &envoy_config_cluster_v3.Cluster_Type{ + Type: envoy_config_cluster_v3.Cluster_STRICT_DNS, }, - CommonLbConfig: &envoy_cluster_v3.Cluster_CommonLbConfig{ + CommonLbConfig: &envoy_config_cluster_v3.Cluster_CommonLbConfig{ HealthyPanicThreshold: &envoy_type_v3.Percent{Value: 0}, }, ConnectTimeout: durationpb.New(2 * time.Second), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/https/jwt.example.com", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ - Address: &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_SocketAddress{ - SocketAddress: &envoy_core_v3.SocketAddress{ - Protocol: envoy_core_v3.SocketAddress_TCP, + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ + Address: &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_config_core_v3.SocketAddress{ + Protocol: envoy_config_core_v3.SocketAddress_TCP, Address: "jwt.example.com", - PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortSpecifier: &envoy_config_core_v3.SocketAddress_PortValue{ PortValue: uint32(8443), }, }, @@ -685,29 +686,29 @@ func TestJWTVerification(t *testing.T) { }, }, }, - TransportSocket: &envoy_core_v3.TransportSocket{ + TransportSocket: &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tls_v3.UpstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{}, + ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{}, Sni: "jwt.example.com", }), }, }, }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, }), }, }, @@ -720,19 +721,19 @@ func TestJWTVerification(t *testing.T) { // JWKS with upstream validation proxy7 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "cacert", SubjectName: "jwt.example.com", }, @@ -742,21 +743,21 @@ func TestJWTVerification(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, }}, }) rh.OnUpdate(proxy6, proxy7) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -764,15 +765,15 @@ func TestJWTVerification(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -782,9 +783,9 @@ func TestJWTVerification(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, @@ -795,32 +796,32 @@ func TestJWTVerification(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "dnsname/https/jwt.example.com", - ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{ - Type: envoy_cluster_v3.Cluster_STRICT_DNS, + ClusterDiscoveryType: &envoy_config_cluster_v3.Cluster_Type{ + Type: envoy_config_cluster_v3.Cluster_STRICT_DNS, }, - CommonLbConfig: &envoy_cluster_v3.Cluster_CommonLbConfig{ + CommonLbConfig: &envoy_config_cluster_v3.Cluster_CommonLbConfig{ HealthyPanicThreshold: &envoy_type_v3.Percent{Value: 0}, }, ConnectTimeout: durationpb.New(2 * time.Second), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/https/jwt.example.com", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ - Address: &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_SocketAddress{ - SocketAddress: &envoy_core_v3.SocketAddress{ - Protocol: envoy_core_v3.SocketAddress_TCP, + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ + Address: &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_config_core_v3.SocketAddress{ + Protocol: envoy_config_core_v3.SocketAddress_TCP, Address: "jwt.example.com", - PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortSpecifier: &envoy_config_core_v3.SocketAddress_PortValue{ PortValue: uint32(443), }, }, @@ -833,23 +834,23 @@ func TestJWTVerification(t *testing.T) { }, }, }, - TransportSocket: &envoy_core_v3.TransportSocket{ + TransportSocket: &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tls_v3.UpstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{ - ValidationContextType: &envoy_tls_v3.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_tls_v3.CertificateValidationContext{ - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + ValidationContextType: &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: featuretests.PEMBytes(t, &featuretests.CACertificate), }, }, - MatchTypedSubjectAltNames: []*envoy_tls_v3.SubjectAltNameMatcher{ + MatchTypedSubjectAltNames: []*envoy_transport_socket_tls_v3.SubjectAltNameMatcher{ { - SanType: envoy_tls_v3.SubjectAltNameMatcher_DNS, - Matcher: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + SanType: envoy_transport_socket_tls_v3.SubjectAltNameMatcher_DNS, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "jwt.example.com", }, }, @@ -864,18 +865,18 @@ func TestJWTVerification(t *testing.T) { }, }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, }), }, }, @@ -886,17 +887,17 @@ func TestJWTVerification(t *testing.T) { // JWKS with a DNS lookup family specified proxy8 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com:8443/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -905,22 +906,22 @@ func TestJWTVerification(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, }}, }) rh.OnUpdate(proxy7, proxy8) // the JWKS cluster should reflect the non-default DNS lookup family. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -928,15 +929,15 @@ func TestJWTVerification(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com:8443/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -946,9 +947,9 @@ func TestJWTVerification(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, @@ -959,32 +960,32 @@ func TestJWTVerification(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "dnsname/https/jwt.example.com", - ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{ - Type: envoy_cluster_v3.Cluster_STRICT_DNS, + ClusterDiscoveryType: &envoy_config_cluster_v3.Cluster_Type{ + Type: envoy_config_cluster_v3.Cluster_STRICT_DNS, }, - CommonLbConfig: &envoy_cluster_v3.Cluster_CommonLbConfig{ + CommonLbConfig: &envoy_config_cluster_v3.Cluster_CommonLbConfig{ HealthyPanicThreshold: &envoy_type_v3.Percent{Value: 0}, }, ConnectTimeout: durationpb.New(2 * time.Second), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/https/jwt.example.com", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ - Address: &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_SocketAddress{ - SocketAddress: &envoy_core_v3.SocketAddress{ - Protocol: envoy_core_v3.SocketAddress_TCP, + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ + Address: &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_config_core_v3.SocketAddress{ + Protocol: envoy_config_core_v3.SocketAddress_TCP, Address: "jwt.example.com", - PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortSpecifier: &envoy_config_core_v3.SocketAddress_PortValue{ PortValue: uint32(8443), }, }, @@ -997,30 +998,30 @@ func TestJWTVerification(t *testing.T) { }, }, }, - TransportSocket: &envoy_core_v3.TransportSocket{ + TransportSocket: &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tls_v3.UpstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{}, + ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{}, Sni: "jwt.example.com", }), }, }, - DnsLookupFamily: envoy_cluster_v3.Cluster_V4_ONLY, + DnsLookupFamily: envoy_config_cluster_v3.Cluster_V4_ONLY, }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, }), }, }, @@ -1031,17 +1032,17 @@ func TestJWTVerification(t *testing.T) { // JWT Provider with ForwardJWT specified. proxy9 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -1050,22 +1051,22 @@ func TestJWTVerification(t *testing.T) { }, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, }}, }) rh.OnUpdate(proxy8, proxy9) // the JWT Provider should have Forward: true. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -1073,15 +1074,15 @@ func TestJWTVerification(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -1092,9 +1093,9 @@ func TestJWTVerification(t *testing.T) { Forward: true, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, @@ -1105,32 +1106,32 @@ func TestJWTVerification(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "dnsname/https/jwt.example.com", - ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{ - Type: envoy_cluster_v3.Cluster_STRICT_DNS, + ClusterDiscoveryType: &envoy_config_cluster_v3.Cluster_Type{ + Type: envoy_config_cluster_v3.Cluster_STRICT_DNS, }, - CommonLbConfig: &envoy_cluster_v3.Cluster_CommonLbConfig{ + CommonLbConfig: &envoy_config_cluster_v3.Cluster_CommonLbConfig{ HealthyPanicThreshold: &envoy_type_v3.Percent{Value: 0}, }, ConnectTimeout: durationpb.New(2 * time.Second), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/https/jwt.example.com", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ - Address: &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_SocketAddress{ - SocketAddress: &envoy_core_v3.SocketAddress{ - Protocol: envoy_core_v3.SocketAddress_TCP, + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ + Address: &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_config_core_v3.SocketAddress{ + Protocol: envoy_config_core_v3.SocketAddress_TCP, Address: "jwt.example.com", - PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortSpecifier: &envoy_config_core_v3.SocketAddress_PortValue{ PortValue: uint32(443), }, }, @@ -1143,29 +1144,29 @@ func TestJWTVerification(t *testing.T) { }, }, }, - TransportSocket: &envoy_core_v3.TransportSocket{ + TransportSocket: &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tls_v3.UpstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{}, + ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{}, Sni: "jwt.example.com", }), }, }, }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, }), }, }, @@ -1183,28 +1184,28 @@ func TestJWTVerification_Inclusion(t *testing.T) { rh.OnAdd(sec1) s1 := fixture.NewService("s1"). - WithPorts(corev1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(s1) // Valid HTTPProxy with an include without JWT verification enabled proxy1p := fixture.NewProxy("simple-parent").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Includes: []contour_api_v1.Include{ + Includes: []contour_v1.Include{ { Name: "simple-child", }, }, }) proxy1c := fixture.NewProxy("simple-child").WithSpec( - contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -1215,10 +1216,10 @@ func TestJWTVerification_Inclusion(t *testing.T) { rh.OnAdd(proxy1c) // We should start with a single generic HTTPS service. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -1235,17 +1236,17 @@ func TestJWTVerification_Inclusion(t *testing.T) { // Valid HTTPProxy with JWT verification enabled proxy2p := fixture.NewProxy("simple-parent").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -1253,7 +1254,7 @@ func TestJWTVerification_Inclusion(t *testing.T) { }, }, }, - Includes: []contour_api_v1.Include{ + Includes: []contour_v1.Include{ { Name: "simple-child", }, @@ -1261,13 +1262,13 @@ func TestJWTVerification_Inclusion(t *testing.T) { }) proxy2c := fixture.NewProxy("simple-child").WithSpec( - contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, }}, }) @@ -1277,10 +1278,10 @@ func TestJWTVerification_Inclusion(t *testing.T) { // Now we should have the JWT authentication filter, // a cluster for the JWKS URI and the route should have // a reference to the requirement. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -1288,15 +1289,15 @@ func TestJWTVerification_Inclusion(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -1306,9 +1307,9 @@ func TestJWTVerification_Inclusion(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, @@ -1319,32 +1320,32 @@ func TestJWTVerification_Inclusion(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(clusterType, "dnsname/https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "dnsname/https/jwt.example.com", - ClusterDiscoveryType: &envoy_cluster_v3.Cluster_Type{ - Type: envoy_cluster_v3.Cluster_STRICT_DNS, + ClusterDiscoveryType: &envoy_config_cluster_v3.Cluster_Type{ + Type: envoy_config_cluster_v3.Cluster_STRICT_DNS, }, - CommonLbConfig: &envoy_cluster_v3.Cluster_CommonLbConfig{ + CommonLbConfig: &envoy_config_cluster_v3.Cluster_CommonLbConfig{ HealthyPanicThreshold: &envoy_type_v3.Percent{Value: 0}, }, ConnectTimeout: durationpb.New(2 * time.Second), - LoadAssignment: &envoy_endpoint_v3.ClusterLoadAssignment{ + LoadAssignment: &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "dnsname/https/jwt.example.com", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ { - LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ + LbEndpoints: []*envoy_config_endpoint_v3.LbEndpoint{ { - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ - Address: &envoy_core_v3.Address{ - Address: &envoy_core_v3.Address_SocketAddress{ - SocketAddress: &envoy_core_v3.SocketAddress{ - Protocol: envoy_core_v3.SocketAddress_TCP, + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ + Address: &envoy_config_core_v3.Address{ + Address: &envoy_config_core_v3.Address_SocketAddress{ + SocketAddress: &envoy_config_core_v3.SocketAddress{ + Protocol: envoy_config_core_v3.SocketAddress_TCP, Address: "jwt.example.com", - PortSpecifier: &envoy_core_v3.SocketAddress_PortValue{ + PortSpecifier: &envoy_config_core_v3.SocketAddress_PortValue{ PortValue: uint32(443), }, }, @@ -1357,29 +1358,29 @@ func TestJWTVerification_Inclusion(t *testing.T) { }, }, }, - TransportSocket: &envoy_core_v3.TransportSocket{ + TransportSocket: &envoy_config_core_v3.TransportSocket{ Name: "envoy.transport_sockets.tls", - ConfigType: &envoy_core_v3.TransportSocket_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&envoy_tls_v3.UpstreamTlsContext{ - CommonTlsContext: &envoy_tls_v3.CommonTlsContext{}, + ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_transport_socket_tls_v3.UpstreamTlsContext{ + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{}, Sni: "jwt.example.com", }), }, }, }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, }), }, }, @@ -1391,17 +1392,17 @@ func TestJWTVerification_Inclusion(t *testing.T) { // Valid HTTPProxy with JWT verification enabled, with all paths // *except* /css opting into verification. proxy3p := fixture.NewProxy("simple-parent").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -1409,7 +1410,7 @@ func TestJWTVerification_Inclusion(t *testing.T) { }, }, }, - Includes: []contour_api_v1.Include{ + Includes: []contour_v1.Include{ { Name: "simple-child", }, @@ -1417,18 +1418,18 @@ func TestJWTVerification_Inclusion(t *testing.T) { }) proxy3c := fixture.NewProxy("simple-child").WithSpec( - contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{ + contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-1"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-1"}, }, { - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/css"}}, - Services: []contour_api_v1.Service{{ + Conditions: []contour_v1.MatchCondition{{Prefix: "/css"}}, + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -1440,10 +1441,10 @@ func TestJWTVerification_Inclusion(t *testing.T) { rh.OnUpdate(proxy2c, proxy3c) // Verify that the "/css" JWT rule gets sorted before the "/" one. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -1451,15 +1452,15 @@ func TestJWTVerification_Inclusion(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -1469,9 +1470,9 @@ func TestJWTVerification_Inclusion(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, @@ -1482,22 +1483,22 @@ func TestJWTVerification_Inclusion(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/css"), Action: routeCluster("default/s1/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, }), }, }, @@ -1508,18 +1509,18 @@ func TestJWTVerification_Inclusion(t *testing.T) { // Same as proxy3, except using "opt-out" pattern instead of "opt-in". proxy4p := fixture.NewProxy("simple-parent").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Default: true, Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -1527,7 +1528,7 @@ func TestJWTVerification_Inclusion(t *testing.T) { }, }, }, - Includes: []contour_api_v1.Include{ + Includes: []contour_v1.Include{ { Name: "simple-child", }, @@ -1535,21 +1536,21 @@ func TestJWTVerification_Inclusion(t *testing.T) { }) proxy4c := fixture.NewProxy("simple-child").WithSpec( - contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{ + contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/css"}}, - Services: []contour_api_v1.Service{{ + Conditions: []contour_v1.MatchCondition{{Prefix: "/css"}}, + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Disabled: true}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Disabled: true}, }, }, }) @@ -1558,10 +1559,10 @@ func TestJWTVerification_Inclusion(t *testing.T) { rh.OnUpdate(proxy3c, proxy4c) // Verify that the "/css" JWT rule gets sorted before the "/" one. - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -1569,15 +1570,15 @@ func TestJWTVerification_Inclusion(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -1587,9 +1588,9 @@ func TestJWTVerification_Inclusion(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, @@ -1600,22 +1601,22 @@ func TestJWTVerification_Inclusion(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/css"), Action: routeCluster("default/s1/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-1"}, }), }, }, @@ -1626,18 +1627,18 @@ func TestJWTVerification_Inclusion(t *testing.T) { // Route overrides the default provider. proxy5p := fixture.NewProxy("simple-parent").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "jwt.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - JWTProviders: []contour_api_v1.JWTProvider{ + JWTProviders: []contour_v1.JWTProvider{ { Name: "provider-1", Default: true, Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -1646,7 +1647,7 @@ func TestJWTVerification_Inclusion(t *testing.T) { { Name: "provider-2", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: "7s", CacheDuration: "30s", @@ -1654,7 +1655,7 @@ func TestJWTVerification_Inclusion(t *testing.T) { }, }, }, - Includes: []contour_api_v1.Include{ + Includes: []contour_v1.Include{ { Name: "simple-child", }, @@ -1662,14 +1663,14 @@ func TestJWTVerification_Inclusion(t *testing.T) { }) proxy5c := fixture.NewProxy("simple-child").WithSpec( - contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{ + contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, - JWTVerificationPolicy: &contour_api_v1.JWTVerificationPolicy{Require: "provider-2"}, + JWTVerificationPolicy: &contour_v1.JWTVerificationPolicy{Require: "provider-2"}, }, }, }) @@ -1678,10 +1679,10 @@ func TestJWTVerification_Inclusion(t *testing.T) { rh.OnUpdate(proxy4c, proxy5c) // Verify that the route requires "provider-2". - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -1689,15 +1690,15 @@ func TestJWTVerification_Inclusion(t *testing.T) { ), FilterChains: appendFilterChains( filterchaintls("jwt.example.com", sec1, - jwtAuthnFilterFor("jwt.example.com", &envoy_jwt_v3.JwtAuthentication{ - Providers: map[string]*envoy_jwt_v3.JwtProvider{ + jwtAuthnFilterFor("jwt.example.com", &envoy_filter_http_jwt_authn_v3.JwtAuthentication{ + Providers: map[string]*envoy_filter_http_jwt_authn_v3.JwtProvider{ "provider-1": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -1708,11 +1709,11 @@ func TestJWTVerification_Inclusion(t *testing.T) { }, "provider-2": { Issuer: "issuer.jwt.example.com", - JwksSourceSpecifier: &envoy_jwt_v3.JwtProvider_RemoteJwks{ - RemoteJwks: &envoy_jwt_v3.RemoteJwks{ - HttpUri: &envoy_core_v3.HttpUri{ + JwksSourceSpecifier: &envoy_filter_http_jwt_authn_v3.JwtProvider_RemoteJwks{ + RemoteJwks: &envoy_filter_http_jwt_authn_v3.RemoteJwks{ + HttpUri: &envoy_config_core_v3.HttpUri{ Uri: "https://jwt.example.com/jwks.json", - HttpUpstreamType: &envoy_core_v3.HttpUri_Cluster{ + HttpUpstreamType: &envoy_config_core_v3.HttpUri_Cluster{ Cluster: "dnsname/https/jwt.example.com", }, Timeout: durationpb.New(7 * time.Second), @@ -1722,14 +1723,14 @@ func TestJWTVerification_Inclusion(t *testing.T) { }, }, }, - RequirementMap: map[string]*envoy_jwt_v3.JwtRequirement{ + RequirementMap: map[string]*envoy_filter_http_jwt_authn_v3.JwtRequirement{ "provider-1": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-1", }, }, "provider-2": { - RequiresType: &envoy_jwt_v3.JwtRequirement_ProviderName{ + RequiresType: &envoy_filter_http_jwt_authn_v3.JwtRequirement_ProviderName{ ProviderName: "provider-2", }, }, @@ -1740,18 +1741,18 @@ func TestJWTVerification_Inclusion(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, ), - }).Request(routeType, "https/jwt.example.com").Equals(&envoy_discovery_v3.DiscoveryResponse{ + }).Request(routeType, "https/jwt.example.com").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "https/jwt.example.com", envoy_v3.VirtualHost("jwt.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_jwt_v3.PerRouteConfig{ - RequirementSpecifier: &envoy_jwt_v3.PerRouteConfig_RequirementName{RequirementName: "provider-2"}, + envoy_v3.JWTAuthnFilterName: protobuf.MustMarshalAny(&envoy_filter_http_jwt_authn_v3.PerRouteConfig{ + RequirementSpecifier: &envoy_filter_http_jwt_authn_v3.PerRouteConfig_RequirementName{RequirementName: "provider-2"}, }), }, }, diff --git a/internal/featuretests/v3/listeners_test.go b/internal/featuretests/v3/listeners_test.go index 0b1053f6578..195b4add6b4 100644 --- a/internal/featuretests/v3/listeners_test.go +++ b/internal/featuretests/v3/listeners_test.go @@ -16,12 +16,20 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" @@ -32,13 +40,6 @@ import ( "github.com/projectcontour/contour/internal/timeout" "github.com/projectcontour/contour/internal/xdscache" xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) func customAdminPort(t *testing.T, port int) []xdscache.ResourceCache { @@ -48,8 +49,8 @@ func customAdminPort(t *testing.T, port int) []xdscache.ResourceCache { return []xdscache.ResourceCache{ xdscache_v3.NewListenerCache( conf, - contour_api_v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, - contour_api_v1alpha1.HealthConfig{Address: "0.0.0.0", Port: 8002}, + contour_v1alpha1.MetricsConfig{Address: "0.0.0.0", Port: 8002}, + contour_v1alpha1.HealthConfig{Address: "0.0.0.0", Port: 8002}, port, ), &xdscache_v3.SecretCache{}, @@ -65,7 +66,7 @@ func TestNonTLSListener(t *testing.T) { // assert that without any ingress objects registered // there are no active listeners - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "0", Resources: resources(t, statsListener(), @@ -75,7 +76,7 @@ func TestNonTLSListener(t *testing.T) { }) svc1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(svc1) // i1 is a simple ingress, no hostname, no tls. @@ -88,7 +89,7 @@ func TestNonTLSListener(t *testing.T) { // add it and assert that we now have a ingress_http listener rh.OnAdd(i1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), statsListener(), @@ -108,7 +109,7 @@ func TestNonTLSListener(t *testing.T) { // update i1 to i2 and verify that ingress_http has gone. rh.OnUpdate(i1, i2) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -127,7 +128,7 @@ func TestNonTLSListener(t *testing.T) { // update i2 to i3 and check that ingress_http has returned rh.OnUpdate(i2, i3) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), statsListener(), @@ -140,7 +141,7 @@ func TestAdminPortListener(t *testing.T) { _, c, done := setup(t, customAdminPort(t, 9001)) defer done() - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoyAdminListener(9001), statsListener(), @@ -156,7 +157,7 @@ func TestTLSListener(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) // i1 is a tls ingress i1 := &networking_v1.Ingress{ @@ -185,7 +186,7 @@ func TestTLSListener(t *testing.T) { rh.OnAdd(s1) // assert that there is only a static listener - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -194,16 +195,16 @@ func TestTLSListener(t *testing.T) { // add ingress and assert the existence of ingress_http and ingres_https rh.OnAdd(i1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("kuard.example.com", s1, httpsFilterFor("kuard.example.com"), nil, "h2", "http/1.1"), @@ -240,15 +241,15 @@ func TestTLSListener(t *testing.T) { // update i1 to i2 and verify that ingress_http has gone. rh.OnUpdate(i1, i2) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("kuard.example.com", s1, httpsFilterFor("kuard.example.com"), nil, "h2", "http/1.1"), @@ -262,7 +263,7 @@ func TestTLSListener(t *testing.T) { // delete secret and assert that ingress_https is removed rh.OnDelete(s1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -277,28 +278,28 @@ func TestHTTPProxyTLSListener(t *testing.T) { secret1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) // p1 is a tls httpproxy - p1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: secret1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: secret1.Name, MinimumProtocolVersion: "1.2", MaximumProtocolVersion: "1.3", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc1.Name, Port: int(svc1.Spec.Ports[0].Port), }}, @@ -307,25 +308,25 @@ func TestHTTPProxyTLSListener(t *testing.T) { } // p2 is a tls httpproxy - p2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: secret1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: secret1.Name, MinimumProtocolVersion: "1.3", MaximumProtocolVersion: "1.3", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc1.Name, Port: int(svc1.Spec.Ports[0].Port), }}, @@ -337,20 +338,20 @@ func TestHTTPProxyTLSListener(t *testing.T) { rh.OnAdd(secret1) // assert that there is only a static listener - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), TypeUrl: listenerType, }) - l1 := &envoy_listener_v3.Listener{ + l1 := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("kuard.example.com", secret1, httpsFilterFor("kuard.example.com"), nil, "h2", "http/1.1"), @@ -364,7 +365,7 @@ func TestHTTPProxyTLSListener(t *testing.T) { // add ingress and assert the existence of ingress_http and ingres_https rh.OnAdd(p1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), l1, @@ -376,7 +377,7 @@ func TestHTTPProxyTLSListener(t *testing.T) { // delete secret and assert both listeners are removed because the // httpproxy is no longer valid. rh.OnDelete(secret1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -386,19 +387,19 @@ func TestHTTPProxyTLSListener(t *testing.T) { rh.OnDelete(p1) // add secret rh.OnAdd(secret1) - l2 := &envoy_listener_v3.Listener{ + l2 := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", envoy_v3.DownstreamTLSContext( &dag.Secret{Object: secret1}, - envoy_tls_v3.TlsParameters_TLSv1_3, - envoy_tls_v3.TlsParameters_TLSv1_3, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "h2", "http/1.1"), @@ -410,7 +411,7 @@ func TestHTTPProxyTLSListener(t *testing.T) { // add ingress and assert the existence of ingress_http and ingres_https rh.OnAdd(p2) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), l2, @@ -429,28 +430,28 @@ func TestTLSListenerCipherSuites(t *testing.T) { secret1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) // p1 is a tls httpproxy - p1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: secret1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: secret1.Name, MinimumProtocolVersion: "1.2", MaximumProtocolVersion: "1.2", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc1.Name, Port: int(svc1.Spec.Ports[0].Port), }}, @@ -461,19 +462,19 @@ func TestTLSListenerCipherSuites(t *testing.T) { // add secret rh.OnAdd(secret1) - l1 := &envoy_listener_v3.Listener{ + l1 := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", envoy_v3.DownstreamTLSContext( &dag.Secret{Object: secret1}, - envoy_tls_v3.TlsParameters_TLSv1_2, - envoy_tls_v3.TlsParameters_TLSv1_2, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, []string{"ECDHE-ECDSA-AES256-GCM-SHA384"}, nil, "h2", "http/1.1"), @@ -488,7 +489,7 @@ func TestTLSListenerCipherSuites(t *testing.T) { rh.OnAdd(p1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), l1, @@ -505,11 +506,11 @@ func TestLDSFilter(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) // i1 is a tls ingress i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -538,15 +539,15 @@ func TestLDSFilter(t *testing.T) { // add ingress and fetch ingress_https rh.OnAdd(i1) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("kuard.example.com", s1, httpsFilterFor("kuard.example.com"), nil, "h2", "http/1.1"), @@ -558,7 +559,7 @@ func TestLDSFilter(t *testing.T) { }) // fetch ingress_http - c.Request(listenerType, "ingress_http").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_http").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ), @@ -566,7 +567,7 @@ func TestLDSFilter(t *testing.T) { }) // fetch something non existent. - c.Request(listenerType, "HTTP").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "HTTP").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, }) } @@ -576,7 +577,7 @@ func TestLDSStreamEmpty(t *testing.T) { defer done() // assert that streaming LDS with no ingresses does not stall. - c.Request(listenerType, "ingress_http").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_http").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "0", TypeUrl: listenerType, Nonce: "0", @@ -591,7 +592,7 @@ func TestLDSIngressHTTPUseProxyProtocol(t *testing.T) { // assert that without any ingress objects registered // there is only a static listener - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "0", Resources: resources(t, statsListener(), @@ -601,11 +602,11 @@ func TestLDSIngressHTTPUseProxyProtocol(t *testing.T) { }) s1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) // i1 is a simple ingress, no hostname, no tls. i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -623,7 +624,7 @@ func TestLDSIngressHTTPUseProxyProtocol(t *testing.T) { httpListener := defaultHTTPListener() httpListener.ListenerFilters = envoy_v3.ListenerFilters(envoy_v3.ProxyProtocol()) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: resources(t, httpListener, @@ -643,11 +644,11 @@ func TestLDSIngressHTTPSUseProxyProtocol(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) // i1 is a tls ingress i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -673,7 +674,7 @@ func TestLDSIngressHTTPSUseProxyProtocol(t *testing.T) { rh.OnAdd(s1) // assert that there is only a static listener - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -689,21 +690,21 @@ func TestLDSIngressHTTPSUseProxyProtocol(t *testing.T) { httpListener := defaultHTTPListener() httpListener.ListenerFilters = envoy_v3.ListenerFilters(envoy_v3.ProxyProtocol()) - httpsListener := &envoy_listener_v3.Listener{ + httpsListener := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.ProxyProtocol(), envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("kuard.example.com", s1, httpsFilterFor("kuard.example.com"), nil, "h2", "http/1.1"), }, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, httpListener, httpsListener, @@ -730,11 +731,11 @@ func TestLDSCustomAddressAndPort(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) // i1 is a tls ingress i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -760,7 +761,7 @@ func TestLDSCustomAddressAndPort(t *testing.T) { rh.OnAdd(s1) // assert that there is only a static listener - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "0", Resources: resources(t, statsListener(), @@ -778,20 +779,20 @@ func TestLDSCustomAddressAndPort(t *testing.T) { httpListener := defaultHTTPListener() httpListener.Address = envoy_v3.SocketAddress("127.0.0.100", 9100) - httpsListener := &envoy_listener_v3.Listener{ + httpsListener := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("127.0.0.200", 9200), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("kuard.example.com", s1, httpsFilterFor("kuard.example.com"), nil, "h2", "http/1.1"), }, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, httpListener, httpsListener, @@ -811,12 +812,12 @@ func TestLDSCustomAccessLogPaths(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(svc1) // i1 is a tls ingress i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -842,7 +843,7 @@ func TestLDSCustomAccessLogPaths(t *testing.T) { rh.OnAdd(s1) // assert that there is only a static listener - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "0", Resources: resources(t, statsListener(), @@ -855,29 +856,29 @@ func TestLDSCustomAccessLogPaths(t *testing.T) { httpListener := defaultHTTPListener() httpListener.FilterChains = envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/tmp/http_access.log", "", nil, contour_api_v1alpha1.LogLevelInfo), 0), + envoy_v3.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/tmp/http_access.log", "", nil, contour_v1alpha1.LogLevelInfo), 0), ) - httpsListener := &envoy_listener_v3.Listener{ + httpsListener := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("kuard.example.com", s1, envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("kuard.example.com")). DefaultFilters(). RouteConfigName("https/kuard.example.com"). MetricsPrefix(xdscache_v3.ENVOY_HTTPS_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/tmp/https_access.log", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/tmp/https_access.log", "", nil, contour_v1alpha1.LogLevelInfo)). Get(), nil, "h2", "http/1.1"), }, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: resources(t, httpListener, @@ -894,7 +895,7 @@ func TestHTTPProxyHTTPS(t *testing.T) { defer done() // assert that there is only a static listener - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "0", Resources: resources(t, statsListener(), @@ -906,23 +907,23 @@ func TestHTTPProxyHTTPS(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) // p1 is a httpproxy that has TLS - p1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, @@ -931,7 +932,7 @@ func TestHTTPProxyHTTPS(t *testing.T) { } svc1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 8080}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8080}) // add secret rh.OnAdd(s1) @@ -942,20 +943,20 @@ func TestHTTPProxyHTTPS(t *testing.T) { // add httpproxy rh.OnAdd(p1) - ingressHTTPS := &envoy_listener_v3.Listener{ + ingressHTTPS := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ filterchaintls("example.com", s1, httpsFilterFor("example.com"), nil, "h2", "http/1.1"), }, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: resources(t, defaultHTTPListener(), @@ -979,25 +980,25 @@ func TestHTTPProxyTLSVersion(t *testing.T) { rh.OnAdd(secret1) rh.OnAdd(fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80})) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80})) // p1 is a tls httpproxy - p1 := &contour_api_v1.HTTPProxy{ + p1 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", MinimumProtocolVersion: "1.2", MaximumProtocolVersion: "1.3", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1006,19 +1007,19 @@ func TestHTTPProxyTLSVersion(t *testing.T) { } rh.OnAdd(p1) - l1 := &envoy_listener_v3.Listener{ + l1 := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", envoy_v3.DownstreamTLSContext( &dag.Secret{Object: secret1}, - envoy_tls_v3.TlsParameters_TLSv1_2, - envoy_tls_v3.TlsParameters_TLSv1_3, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "h2", "http/1.1"), @@ -1029,7 +1030,7 @@ func TestHTTPProxyTLSVersion(t *testing.T) { } // verify that p1's TLS 1.1 minimum has been upgraded to 1.2 - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), l1, @@ -1039,23 +1040,23 @@ func TestHTTPProxyTLSVersion(t *testing.T) { }) // p2 is a tls httpproxy - p2 := &contour_api_v1.HTTPProxy{ + p2 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", MinimumProtocolVersion: "1.3", MaximumProtocolVersion: "1.3", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1064,19 +1065,19 @@ func TestHTTPProxyTLSVersion(t *testing.T) { } rh.OnUpdate(p1, p2) - l2 := &envoy_listener_v3.Listener{ + l2 := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", envoy_v3.DownstreamTLSContext( &dag.Secret{Object: secret1}, - envoy_tls_v3.TlsParameters_TLSv1_3, - envoy_tls_v3.TlsParameters_TLSv1_3, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "h2", "http/1.1"), @@ -1087,7 +1088,7 @@ func TestHTTPProxyTLSVersion(t *testing.T) { } // verify that p2's TLS 1.3 minimum has NOT been downgraded to 1.2 - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), l2, @@ -1102,22 +1103,22 @@ func TestLDSHTTPProxyRootCannotDelegateToAnotherRoot(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("marketing/green"). - WithPorts(v1.ServicePort{Name: "http", Port: 80})) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80})) - child := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + child := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blog", Namespace: "marketing", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.containersteve.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "green", Port: 80, }}, @@ -1126,17 +1127,17 @@ func TestLDSHTTPProxyRootCannotDelegateToAnotherRoot(t *testing.T) { } rh.OnAdd(child) - root := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + root := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-blog", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "blog.containersteve.com", }, - Includes: []contour_api_v1.Include{{ - Conditions: []contour_api_v1.MatchCondition{{ + Includes: []contour_v1.Include{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, Name: child.Name, @@ -1148,7 +1149,7 @@ func TestLDSHTTPProxyRootCannotDelegateToAnotherRoot(t *testing.T) { // verify that port 80 is present because while it is not possible to // delegate to it, child can host a vhost which opens port 80. - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), statsListener(), @@ -1165,23 +1166,23 @@ func TestHTTPProxyXffNumTrustedHops(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80})) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80})) // p1 is a httpproxy - p1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1196,13 +1197,13 @@ func TestHTTPProxyXffNumTrustedHops(t *testing.T) { httpListener.FilterChains = envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName("ingress_http"). MetricsPrefix("ingress_http"). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). RequestTimeout(timeout.DurationSetting(0)). NumTrustedHops(1). DefaultFilters(). Get()) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, httpListener, statsListener(), @@ -1213,29 +1214,29 @@ func TestHTTPProxyXffNumTrustedHops(t *testing.T) { func TestHTTPProxyServerHeaderTransformation(t *testing.T) { rh, c, done := setup(t, func(conf *xdscache_v3.ListenerConfig) { - conf.ServerHeaderTransformation = contour_api_v1alpha1.AppendIfAbsentServerHeader + conf.ServerHeaderTransformation = contour_v1alpha1.AppendIfAbsentServerHeader }) defer done() rh.OnAdd(fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80})) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80})) // p1 is a httpproxy - p1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1250,13 +1251,13 @@ func TestHTTPProxyServerHeaderTransformation(t *testing.T) { httpListener.FilterChains = envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName("ingress_http"). MetricsPrefix("ingress_http"). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). RequestTimeout(timeout.DurationSetting(0)). - ServerHeaderTransformation(contour_api_v1alpha1.AppendIfAbsentServerHeader). + ServerHeaderTransformation(contour_v1alpha1.AppendIfAbsentServerHeader). DefaultFilters(). Get()) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, httpListener, statsListener(), @@ -1277,7 +1278,7 @@ func TestGatewayListenersSetAddress(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) tlssecret := featuretests.TLSSecret(t, "projectcontour/tlscert", &featuretests.ServerCertificate) rh.OnAdd(tlssecret) @@ -1285,7 +1286,7 @@ func TestGatewayListenersSetAddress(t *testing.T) { rh.OnAdd(gc) rh.OnAdd(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -1346,7 +1347,7 @@ func TestGatewayListenersSetAddress(t *testing.T) { }) rh.OnAdd(&gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -1397,10 +1398,10 @@ func TestGatewayListenersSetAddress(t *testing.T) { }) // Address should come from listener HTTP address. - c.Request(listenerType, "http-80").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "http-80").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "http-80", Address: envoy_v3.SocketAddress("127.0.0.100", 8080), FilterChains: envoy_v3.FilterChains(httpFilterForGateway()), @@ -1410,10 +1411,10 @@ func TestGatewayListenersSetAddress(t *testing.T) { }) // Address should come from listener HTTPS address. - c.Request(listenerType, "https-443").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "https-443").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-443", Address: envoy_v3.SocketAddress("127.0.0.200", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -1430,17 +1431,17 @@ func TestGatewayListenersSetAddress(t *testing.T) { }) // Address should come from listener HTTPS address. - c.Request(listenerType, "https-8443").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "https-8443").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-8443", Address: envoy_v3.SocketAddress("127.0.0.200", 16443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"tcp.projectcontour.io"}, }, Filters: envoy_v3.Filters( @@ -1453,12 +1454,12 @@ func TestGatewayListenersSetAddress(t *testing.T) { }) // Address should come from listener HTTP address. - c.Request(listenerType, "tcp-27017").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "tcp-27017").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "tcp-27017", Address: envoy_v3.SocketAddress("127.0.0.100", 35017), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("tcp-27017", "default/svc1/80/da39a3ee5e"), ), @@ -1473,7 +1474,7 @@ func TestGatewayListenersSetAddress(t *testing.T) { func TestSocketOptions(t *testing.T) { // Configure non-default socket options for HTTP and HTTPS listeners. rh, c, done := setup(t, func(conf *xdscache_v3.ListenerConfig) { - conf.SocketOptions = &contour_api_v1alpha1.SocketOptions{ + conf.SocketOptions = &contour_v1alpha1.SocketOptions{ TOS: 32, TrafficClass: 64, } @@ -1481,27 +1482,27 @@ func TestSocketOptions(t *testing.T) { defer done() svc1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(svc1) secret1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) rh.OnAdd(secret1) // p1 is a tls httpproxy - p1 := &contour_api_v1.HTTPProxy{ + p1 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1513,43 +1514,43 @@ func TestSocketOptions(t *testing.T) { socketOpts := envoy_v3.NewSocketOptions().TCPKeepalive().Build() // Verify that the given socket options are set on the HTTP and HTTPS listeners. - socketOpts = append(socketOpts, &envoy_core_v3.SocketOption{ + socketOpts = append(socketOpts, &envoy_config_core_v3.SocketOption{ Description: "Set IPv4 TOS field", Level: envoy.IPPROTO_IP, Name: envoy.IP_TOS, - State: envoy_core_v3.SocketOption_STATE_LISTENING, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: int64(32)}, - }, &envoy_core_v3.SocketOption{ + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: int64(32)}, + }, &envoy_config_core_v3.SocketOption{ Description: "Set IPv6 Traffic Class field", Level: envoy.IPPROTO_IPV6, Name: envoy.IPV6_TCLASS, - State: envoy_core_v3.SocketOption_STATE_LISTENING, - Value: &envoy_core_v3.SocketOption_IntValue{IntValue: int64(64)}, + State: envoy_config_core_v3.SocketOption_STATE_LISTENING, + Value: &envoy_config_core_v3.SocketOption_IntValue{IntValue: int64(64)}, }) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_http", Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( - envoy_v3.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_api_v1alpha1.LogLevelInfo), 0), + envoy_v3.HTTPConnectionManager("ingress_http", envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo), 0), ), SocketOptions: socketOpts, }, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", envoy_v3.DownstreamTLSContext( &dag.Secret{Object: secret1}, - envoy_tls_v3.TlsParameters_TLSv1_2, - envoy_tls_v3.TlsParameters_TLSv1_3, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "h2", "http/1.1"), diff --git a/internal/featuretests/v3/loadbalancerpolicy_test.go b/internal/featuretests/v3/loadbalancerpolicy_test.go index c4758a16b9c..d51b7653e7f 100644 --- a/internal/featuretests/v3/loadbalancerpolicy_test.go +++ b/internal/featuretests/v3/loadbalancerpolicy_test.go @@ -16,14 +16,15 @@ package v3 import ( "testing" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) // Session affinity is only available in httpproxy. @@ -32,20 +33,20 @@ func TestLoadBalancerPolicySessionAffinity(t *testing.T) { defer done() s1 := fixture.NewService("app").WithPorts( - v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, - v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, + core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) // simple single service proxy1 := fixture.NewProxy("simple"). WithFQDN("www.example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/cart")), - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "Cookie", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -53,27 +54,27 @@ func TestLoadBalancerPolicySessionAffinity(t *testing.T) { }) rh.OnAdd(proxy1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: s1.Namespace + "/" + s1.Name + "/80/e4f81994fe", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_80", - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: s1.Namespace + "/" + s1.Name, }, - LbPolicy: envoy_cluster_v3.Cluster_RING_HASH, + LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, }), ), TypeUrl: clusterType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/cart"), Action: withSessionAffinity(routeCluster("default/app/80/e4f81994fe")), }, @@ -88,13 +89,13 @@ func TestLoadBalancerPolicySessionAffinity(t *testing.T) { proxy1, fixture.NewProxy("simple"). WithFQDN("www.example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/cart")), - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "Cookie", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }, { @@ -105,37 +106,37 @@ func TestLoadBalancerPolicySessionAffinity(t *testing.T) { }), ) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: s1.Namespace + "/" + s1.Name + "/80/e4f81994fe", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_80", - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: s1.Namespace + "/" + s1.Name, }, - LbPolicy: envoy_cluster_v3.Cluster_RING_HASH, + LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, }), - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: s1.Namespace + "/" + s1.Name + "/8080/e4f81994fe", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_8080", - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: s1.Namespace + "/" + s1.Name, }, - LbPolicy: envoy_cluster_v3.Cluster_RING_HASH, + LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, }), ), TypeUrl: clusterType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/cart"), Action: withSessionAffinity( routeWeightedCluster( @@ -157,32 +158,32 @@ func TestLoadBalancerPolicyRequestHashHeader(t *testing.T) { defer done() s1 := fixture.NewService("app").WithPorts( - v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, - v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, + core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) proxy1 := fixture.NewProxy("simple"). WithFQDN("www.example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/cart")), - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", - RequestHashPolicies: []contour_api_v1.RequestHashPolicy{ + RequestHashPolicies: []contour_v1.RequestHashPolicy{ { Terminal: true, - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "X-Some-Header", }, }, { - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "X-Some-Other-Header", }, }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -190,27 +191,27 @@ func TestLoadBalancerPolicyRequestHashHeader(t *testing.T) { }) rh.OnAdd(proxy1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: s1.Namespace + "/" + s1.Name + "/80/1a2ffc1fef", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_80", - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: s1.Namespace + "/" + s1.Name, }, - LbPolicy: envoy_cluster_v3.Cluster_RING_HASH, + LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, }), ), TypeUrl: clusterType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/cart"), Action: withRequestHashPolicySpecifiers( routeCluster("default/app/80/1a2ffc1fef"), @@ -230,20 +231,20 @@ func TestLoadBalancerPolicyRequestHashSourceIP(t *testing.T) { defer done() s1 := fixture.NewService("app").WithPorts( - v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, - v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, + core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) proxy1 := fixture.NewProxy("simple"). WithFQDN("www.example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/cart")), - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", - RequestHashPolicies: []contour_api_v1.RequestHashPolicy{ + RequestHashPolicies: []contour_v1.RequestHashPolicy{ { - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "X-Some-Header", }, }, @@ -252,7 +253,7 @@ func TestLoadBalancerPolicyRequestHashSourceIP(t *testing.T) { }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -260,27 +261,27 @@ func TestLoadBalancerPolicyRequestHashSourceIP(t *testing.T) { }) rh.OnAdd(proxy1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: s1.Namespace + "/" + s1.Name + "/80/1a2ffc1fef", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_80", - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: s1.Namespace + "/" + s1.Name, }, - LbPolicy: envoy_cluster_v3.Cluster_RING_HASH, + LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, }), ), TypeUrl: clusterType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/cart"), Action: withRequestHashPolicySpecifiers( routeCluster("default/app/80/1a2ffc1fef"), @@ -300,32 +301,32 @@ func TestLoadBalancerPolicyRequestHashQueryParameter(t *testing.T) { defer done() s1 := fixture.NewService("app").WithPorts( - v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, - v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}, + core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) proxy1 := fixture.NewProxy("simple"). WithFQDN("www.example.com"). - WithSpec(contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ + WithSpec(contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/cart")), - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", - RequestHashPolicies: []contour_api_v1.RequestHashPolicy{ + RequestHashPolicies: []contour_v1.RequestHashPolicy{ { Terminal: true, - QueryParameterHashOptions: &contour_api_v1.QueryParameterHashOptions{ + QueryParameterHashOptions: &contour_v1.QueryParameterHashOptions{ ParameterName: "something", }, }, { - QueryParameterHashOptions: &contour_api_v1.QueryParameterHashOptions{ + QueryParameterHashOptions: &contour_v1.QueryParameterHashOptions{ ParameterName: "other", }, }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -333,27 +334,27 @@ func TestLoadBalancerPolicyRequestHashQueryParameter(t *testing.T) { }) rh.OnAdd(proxy1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - DefaultCluster(&envoy_cluster_v3.Cluster{ + DefaultCluster(&envoy_config_cluster_v3.Cluster{ Name: s1.Namespace + "/" + s1.Name + "/80/1a2ffc1fef", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), AltStatName: s1.Namespace + "_" + s1.Name + "_80", - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: s1.Namespace + "/" + s1.Name, }, - LbPolicy: envoy_cluster_v3.Cluster_RING_HASH, + LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, }), ), TypeUrl: clusterType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/cart"), Action: withRequestHashPolicySpecifiers( routeCluster("default/app/80/1a2ffc1fef"), diff --git a/internal/featuretests/v3/localratelimit_test.go b/internal/featuretests/v3/localratelimit_test.go index 3f7614f5345..9469aeb7736 100644 --- a/internal/featuretests/v3/localratelimit_test.go +++ b/internal/featuretests/v3/localratelimit_test.go @@ -17,33 +17,34 @@ import ( "testing" "time" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_config_filter_http_local_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_local_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/fixture" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/fixture" ) func filterExists(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, @@ -55,7 +56,7 @@ func filterExists(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { } rh.OnAdd(p) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, defaultHTTPListener(), @@ -64,18 +65,18 @@ func filterExists(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { } func noRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, @@ -87,13 +88,13 @@ func noRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contou } rh.OnAdd(p) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration( "ingress_http", envoy_v3.VirtualHost("foo.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), }, @@ -104,25 +105,25 @@ func noRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contou } func vhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 100, Unit: "minute", Burst: 50, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, @@ -135,25 +136,25 @@ func vhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont rh.OnAdd(p) vhost := envoy_v3.VirtualHost("foo.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/s1/80/da39a3ee5e"), }) vhost.TypedPerFilterConfig = withFilterConfig(envoy_v3.LocalRateLimitFilterName, - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "vhost.foo.com", TokenBucket: &envoy_type_v3.TokenBucket{ MaxTokens: 150, TokensPerFill: wrapperspb.UInt32(100), FillInterval: durationpb.New(time.Minute), }, - FilterEnabled: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnabled: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - FilterEnforced: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnforced: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -161,7 +162,7 @@ func vhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont }, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", vhost)), @@ -169,30 +170,30 @@ func vhostRateLimitDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont } func routeRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/s1", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 100, Unit: "minute", Burst: 50, @@ -200,19 +201,19 @@ func routeRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Con }, }, { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/s2", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s2", Port: 80, }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 5, Unit: "second", Burst: 1, @@ -227,24 +228,24 @@ func routeRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Con vhost := envoy_v3.VirtualHost("foo.com", // note, order of routes is reversed here because route sorting of prefixes // is reverse alphabetic. - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/s2"), Action: routeCluster("default/s2/80/da39a3ee5e"), TypedPerFilterConfig: withFilterConfig(envoy_v3.LocalRateLimitFilterName, - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "vhost.foo.com", TokenBucket: &envoy_type_v3.TokenBucket{ MaxTokens: 6, TokensPerFill: wrapperspb.UInt32(5), FillInterval: durationpb.New(time.Second), }, - FilterEnabled: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnabled: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - FilterEnforced: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnforced: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -252,24 +253,24 @@ func routeRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Con }, }), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/s1"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: withFilterConfig(envoy_v3.LocalRateLimitFilterName, - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "vhost.foo.com", TokenBucket: &envoy_type_v3.TokenBucket{ MaxTokens: 150, TokensPerFill: wrapperspb.UInt32(100), FillInterval: durationpb.New(time.Minute), }, - FilterEnabled: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnabled: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - FilterEnforced: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnforced: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -279,7 +280,7 @@ func routeRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Con }, ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", vhost)), @@ -287,37 +288,37 @@ func routeRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Con } func vhostAndRouteRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 100, Unit: "minute", Burst: 50, }, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/s1", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 100, Unit: "minute", Burst: 50, @@ -325,19 +326,19 @@ func vhostAndRouteRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper }, }, { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/s2", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s2", Port: 80, }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 5, Unit: "second", Burst: 1, @@ -352,24 +353,24 @@ func vhostAndRouteRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper vhost := envoy_v3.VirtualHost("foo.com", // note, order of routes is reversed here because route sorting of prefixes // is reverse alphabetic. - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/s2"), Action: routeCluster("default/s2/80/da39a3ee5e"), TypedPerFilterConfig: withFilterConfig(envoy_v3.LocalRateLimitFilterName, - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "vhost.foo.com", TokenBucket: &envoy_type_v3.TokenBucket{ MaxTokens: 6, TokensPerFill: wrapperspb.UInt32(5), FillInterval: durationpb.New(time.Second), }, - FilterEnabled: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnabled: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - FilterEnforced: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnforced: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -377,24 +378,24 @@ func vhostAndRouteRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper }, }), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/s1"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: withFilterConfig(envoy_v3.LocalRateLimitFilterName, - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "vhost.foo.com", TokenBucket: &envoy_type_v3.TokenBucket{ MaxTokens: 150, TokensPerFill: wrapperspb.UInt32(100), FillInterval: durationpb.New(time.Minute), }, - FilterEnabled: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnabled: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - FilterEnforced: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnforced: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -405,20 +406,20 @@ func vhostAndRouteRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper ) vhost.TypedPerFilterConfig = withFilterConfig(envoy_v3.LocalRateLimitFilterName, - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "vhost.foo.com", TokenBucket: &envoy_type_v3.TokenBucket{ MaxTokens: 150, TokensPerFill: wrapperspb.UInt32(100), FillInterval: durationpb.New(time.Minute), }, - FilterEnabled: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnabled: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - FilterEnforced: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnforced: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -426,7 +427,7 @@ func vhostAndRouteRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper }, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", vhost)), @@ -434,30 +435,30 @@ func vhostAndRouteRateLimitsDefined(t *testing.T, rh ResourceEventHandlerWrapper } func customResponseCode(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/s1", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 100, Unit: "minute", Burst: 50, @@ -471,24 +472,24 @@ func customResponseCode(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour rh.OnAdd(p) vhost := envoy_v3.VirtualHost("foo.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/s1"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: withFilterConfig(envoy_v3.LocalRateLimitFilterName, - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "vhost.foo.com", TokenBucket: &envoy_type_v3.TokenBucket{ MaxTokens: 150, TokensPerFill: wrapperspb.UInt32(100), FillInterval: durationpb.New(time.Minute), }, - FilterEnabled: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnabled: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - FilterEnforced: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnforced: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -499,7 +500,7 @@ func customResponseCode(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour }, ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", vhost)), @@ -507,34 +508,34 @@ func customResponseCode(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour } func customResponseHeaders(t *testing.T, rh ResourceEventHandlerWrapper, c *Contour) { - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "default", Name: "proxy1", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/s1", }, }, - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "s1", Port: 80, }, }, - RateLimitPolicy: &contour_api_v1.RateLimitPolicy{ - Local: &contour_api_v1.LocalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 100, Unit: "minute", Burst: 50, - ResponseHeadersToAdd: []contour_api_v1.HeaderValue{ + ResponseHeadersToAdd: []contour_v1.HeaderValue{ { Name: "header-name-1", Value: "header-value-1", @@ -557,61 +558,61 @@ func customResponseHeaders(t *testing.T, rh ResourceEventHandlerWrapper, c *Cont rh.OnAdd(p) vhost := envoy_v3.VirtualHost("foo.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/s1"), Action: routeCluster("default/s1/80/da39a3ee5e"), TypedPerFilterConfig: withFilterConfig(envoy_v3.LocalRateLimitFilterName, - &envoy_config_filter_http_local_ratelimit_v3.LocalRateLimit{ + &envoy_filter_http_local_ratelimit_v3.LocalRateLimit{ StatPrefix: "vhost.foo.com", TokenBucket: &envoy_type_v3.TokenBucket{ MaxTokens: 150, TokensPerFill: wrapperspb.UInt32(100), FillInterval: durationpb.New(time.Minute), }, - FilterEnabled: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnabled: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - FilterEnforced: &envoy_core_v3.RuntimeFractionalPercent{ + FilterEnforced: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, }, }, - ResponseHeadersToAdd: []*envoy_core_v3.HeaderValueOption{ + ResponseHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{ { - Header: &envoy_core_v3.HeaderValue{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "Header-Name-1", Value: "header-value-1", }, - AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, }, // a valid Envoy var (%VARNAME%) should // pass through as-is { - Header: &envoy_core_v3.HeaderValue{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "Header-Name-2", Value: "%HOSTNAME%", }, - AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, }, // a non-valid Envoy var should have its '%' // symbols escaped { - Header: &envoy_core_v3.HeaderValue{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "Header-Name-3", Value: "%%NON-ENVOY-VAR%%", }, - AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, }, }, }), }, ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: routeType, Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", vhost)), @@ -636,8 +637,8 @@ func TestLocalRateLimiting(t *testing.T) { defer done() // Add common test fixtures. - rh.OnAdd(fixture.NewService("s1").WithPorts(corev1.ServicePort{Port: 80})) - rh.OnAdd(fixture.NewService("s2").WithPorts(corev1.ServicePort{Port: 80})) + rh.OnAdd(fixture.NewService("s1").WithPorts(core_v1.ServicePort{Port: 80})) + rh.OnAdd(fixture.NewService("s2").WithPorts(core_v1.ServicePort{Port: 80})) f(t, rh, c) }) diff --git a/internal/featuretests/v3/mirrorpolicy_test.go b/internal/featuretests/v3/mirrorpolicy_test.go index 8b37aef751f..31cdcd763e3 100644 --- a/internal/featuretests/v3/mirrorpolicy_test.go +++ b/internal/featuretests/v3/mirrorpolicy_test.go @@ -16,15 +16,16 @@ package v3 import ( "testing" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/contour" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestMirrorPolicy(t *testing.T) { @@ -32,22 +33,22 @@ func TestMirrorPolicy(t *testing.T) { defer done() svc1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) svc2 := fixture.NewService("mirror"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc1) rh.OnAdd(svc2) - p1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "example.com"}, - Routes: []contour_api_v1.Route{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "example.com"}, + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc1.Name, Port: 8080, }, { @@ -60,11 +61,11 @@ func TestMirrorPolicy(t *testing.T) { } rh.OnAdd(p1) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost(p1.Spec.VirtualHost.Fqdn, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withMirrorPolicy(routeCluster("default/kuard/8080/da39a3ee5e"), "default/mirror/8080/da39a3ee5e", 100), }, @@ -76,7 +77,7 @@ func TestMirrorPolicy(t *testing.T) { // assert that are two clusters in CDS, one for the route service // and one for the mirror service. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster("default/kuard/8080/da39a3ee5e", "default/kuard", "default_kuard_8080"), cluster("default/mirror/8080/da39a3ee5e", "default/mirror", "default_mirror_8080"), @@ -90,22 +91,22 @@ func TestFractionalMirrorPolicy(t *testing.T) { defer done() svc1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) svc2 := fixture.NewService("mirror"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc1) rh.OnAdd(svc2) - p1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "example.com"}, - Routes: []contour_api_v1.Route{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "example.com"}, + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc1.Name, Port: 8080, }, { @@ -119,11 +120,11 @@ func TestFractionalMirrorPolicy(t *testing.T) { } rh.OnAdd(p1) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost(p1.Spec.VirtualHost.Fqdn, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withMirrorPolicy(routeCluster("default/kuard/8080/da39a3ee5e"), "default/mirror/8080/da39a3ee5e", 15), }, diff --git a/internal/featuretests/v3/queryparametercondition_test.go b/internal/featuretests/v3/queryparametercondition_test.go index f9f83a8564a..e7f59442273 100644 --- a/internal/featuretests/v3/queryparametercondition_test.go +++ b/internal/featuretests/v3/queryparametercondition_test.go @@ -16,15 +16,16 @@ package v3 import ( "testing" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { @@ -32,26 +33,26 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) rh.OnAdd(fixture.NewService("svc2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) rh.OnAdd(fixture.NewService("svc3"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) - proxy1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -60,7 +61,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/"), queryParameterContainsMatchCondition("query-param", "abc", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -69,7 +70,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), queryParameterContainsMatchCondition("query-param", "abc", true), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -78,11 +79,11 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { } rh.OnAdd(proxy1) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/blog", dag.QueryParamMatchCondition{ Name: "query-param", Value: "abc", @@ -91,7 +92,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "query-param", Value: "abc", @@ -100,7 +101,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -111,10 +112,10 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }) proxy2 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -123,7 +124,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/"), queryParameterExactMatchCondition("query-param", "123", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -132,7 +133,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), queryParameterExactMatchCondition("query-param", "abc", true), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -141,11 +142,11 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { rh.OnUpdate(proxy1, proxy2) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/blog", dag.QueryParamMatchCondition{ Name: "query-param", Value: "abc", @@ -154,7 +155,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "query-param", Value: "123", @@ -163,7 +164,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -174,10 +175,10 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }) proxy3 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -186,7 +187,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/"), queryParameterPrefixMatchCondition("query-param", "abc", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -195,7 +196,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), queryParameterPrefixMatchCondition("query-param", "123", true), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -204,11 +205,11 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { rh.OnUpdate(proxy2, proxy3) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/blog", dag.QueryParamMatchCondition{ Name: "query-param", Value: "123", @@ -217,7 +218,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "query-param", Value: "abc", @@ -226,7 +227,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -237,10 +238,10 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }) proxy4 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -249,7 +250,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/"), queryParameterSuffixMatchCondition("query-param", "abc", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -258,7 +259,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), queryParameterSuffixMatchCondition("query-param", "123", true), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -267,11 +268,11 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { rh.OnUpdate(proxy3, proxy4) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/blog", dag.QueryParamMatchCondition{ Name: "query-param", Value: "123", @@ -280,7 +281,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "query-param", Value: "abc", @@ -289,7 +290,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -300,10 +301,10 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }) proxy5 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -312,7 +313,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/"), queryParameterRegexMatchCondition("query-param", "^123.*"), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -321,7 +322,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), queryParameterRegexMatchCondition("query-param", "^123.*"), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -330,11 +331,11 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { rh.OnUpdate(proxy4, proxy5) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/blog", dag.QueryParamMatchCondition{ Name: "query-param", Value: "^123.*", @@ -342,7 +343,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "query-param", Value: "^123.*", @@ -350,7 +351,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -361,10 +362,10 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }) proxy6 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -373,7 +374,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/"), queryParameterPresentMatchCondition("query-param"), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -382,7 +383,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/blog"), queryParameterPresentMatchCondition("query-param"), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc3", Port: 80, }}, @@ -391,25 +392,25 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { rh.OnUpdate(proxy5, proxy6) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/blog", dag.QueryParamMatchCondition{ Name: "query-param", MatchType: "present", }), Action: routeCluster("default/svc3/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "query-param", MatchType: "present", }), Action: routeCluster("default/svc2/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/"), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, @@ -422,15 +423,15 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { // proxy with two routes that have the same prefix and a Contains query parameter // condition on the same parameter name, differing only in the value of the condition. proxy7 := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{ { Conditions: matchconditions( prefixMatchCondition("/"), queryParameterContainsMatchCondition("query-param", "abc", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, @@ -440,7 +441,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { prefixMatchCondition("/"), queryParameterContainsMatchCondition("query-param", "def", false), ), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -451,11 +452,11 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { rh.OnUpdate(proxy6, proxy7) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "query-param", Value: "abc", @@ -463,7 +464,7 @@ func TestConditions_ContainsQueryParameter_HTTProxy(t *testing.T) { }), Action: routeCluster("default/svc1/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "query-param", Value: "def", diff --git a/internal/featuretests/v3/redirectroutepolicy_test.go b/internal/featuretests/v3/redirectroutepolicy_test.go index 354efc051d6..3d8b66eae16 100644 --- a/internal/featuretests/v3/redirectroutepolicy_test.go +++ b/internal/featuretests/v3/redirectroutepolicy_test.go @@ -16,14 +16,15 @@ package v3 import ( "testing" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/ref" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { @@ -31,14 +32,14 @@ func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) proxy := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Scheme: ref.To("https"), Hostname: ref.To("envoyproxy.io"), Port: ref.To(int32(443)), @@ -50,23 +51,23 @@ func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { rh.OnAdd(proxy) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ HostRedirect: "envoyproxy.io", PortRedirect: 443, - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_SchemeRedirect{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_SchemeRedirect{ SchemeRedirect: "https", }, ResponseCode: 0, StripQuery: false, - PathRewriteSpecifier: &envoy_route_v3.RedirectAction_PathRedirect{ + PathRewriteSpecifier: &envoy_config_route_v3.RedirectAction_PathRedirect{ PathRedirect: "/blog", }, }, @@ -79,10 +80,10 @@ func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { }) proxyPrefixRewrite := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Scheme: ref.To("https"), Hostname: ref.To("envoyproxy.io"), Port: ref.To(int32(443)), @@ -94,23 +95,23 @@ func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { rh.OnUpdate(proxy, proxyPrefixRewrite) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ HostRedirect: "envoyproxy.io", PortRedirect: 443, - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_SchemeRedirect{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_SchemeRedirect{ SchemeRedirect: "https", }, ResponseCode: 0, StripQuery: false, - PathRewriteSpecifier: &envoy_route_v3.RedirectAction_PrefixRewrite{ + PathRewriteSpecifier: &envoy_config_route_v3.RedirectAction_PrefixRewrite{ PrefixRewrite: "/blogprefix", }, }, @@ -123,14 +124,14 @@ func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { }) proxyInvalid := fixture.NewProxy("simple").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "hello.world"}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "hello.world"}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc1", Port: 80, }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Scheme: ref.To("https"), Hostname: ref.To("envoyproxy.io"), Port: ref.To(int32(443)), @@ -143,7 +144,7 @@ func TestRedirectResponsePolicy_HTTProxy(t *testing.T) { rh.OnUpdate(proxyPrefixRewrite, proxyInvalid) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), diff --git a/internal/featuretests/v3/replaceprefix_test.go b/internal/featuretests/v3/replaceprefix_test.go index 4578134c159..66711c20438 100644 --- a/internal/featuretests/v3/replaceprefix_test.go +++ b/internal/featuretests/v3/replaceprefix_test.go @@ -16,17 +16,18 @@ package v3 import ( "testing" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) // Update helper to modify a proxy and call rh.OnUpdate. Returns the modified object. -func update(rh ResourceEventHandlerWrapper, old *contour_api_v1.HTTPProxy, modify func(*contour_api_v1.HTTPProxy)) *contour_api_v1.HTTPProxy { +func update(rh ResourceEventHandlerWrapper, old *contour_v1.HTTPProxy, modify func(*contour_v1.HTTPProxy)) *contour_v1.HTTPProxy { updated := old.DeepCopy() modify(updated) @@ -41,21 +42,21 @@ func basic(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)})) vhost := fixture.NewProxy("kuard").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.projectcontour.io", }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/api")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, - PathRewritePolicy: &contour_api_v1.PathRewritePolicy{ - ReplacePrefix: []contour_api_v1.ReplacePrefix{ + PathRewritePolicy: &contour_v1.PathRewritePolicy{ + ReplacePrefix: []contour_v1.ReplacePrefix{ { Replacement: "/api/v1", }, @@ -66,15 +67,15 @@ func basic(t *testing.T) { rh.OnAdd(vhost) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/api/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/v1/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/api"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/v1"), }, @@ -86,38 +87,38 @@ func basic(t *testing.T) { // Update the vhost to make the replacement ambiguous. This should remove the generated config. vhost = update(rh, vhost, - func(vhost *contour_api_v1.HTTPProxy) { - vhost.Spec.Routes[0].PathRewritePolicy.ReplacePrefix = []contour_api_v1.ReplacePrefix{ + func(vhost *contour_v1.HTTPProxy) { + vhost.Spec.Routes[0].PathRewritePolicy.ReplacePrefix = []contour_v1.ReplacePrefix{ {Replacement: "/api/v1"}, {Replacement: "/api/v2"}, } }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), TypeUrl: routeType, - }).Status(vhost).HasError(contour_api_v1.ConditionTypePrefixReplaceError, "AmbiguousReplacement", "ambiguous prefix replacement") + }).Status(vhost).HasError(contour_v1.ConditionTypePrefixReplaceError, "AmbiguousReplacement", "ambiguous prefix replacement") // The replacement isn't ambiguous any more because only one of the prefixes matches. vhost = update(rh, vhost, - func(vhost *contour_api_v1.HTTPProxy) { - vhost.Spec.Routes[0].PathRewritePolicy.ReplacePrefix = []contour_api_v1.ReplacePrefix{ + func(vhost *contour_v1.HTTPProxy) { + vhost.Spec.Routes[0].PathRewritePolicy.ReplacePrefix = []contour_v1.ReplacePrefix{ {Prefix: "/foo", Replacement: "/api/v1"}, {Prefix: "/api", Replacement: "/api/v2"}, } }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/api/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/v2/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/api"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/v2"), }, @@ -130,38 +131,38 @@ func basic(t *testing.T) { // But having duplicate prefixes in the replacements makes // it ambiguous again. vhost = update(rh, vhost, - func(vhost *contour_api_v1.HTTPProxy) { - vhost.Spec.Routes[0].PathRewritePolicy.ReplacePrefix = []contour_api_v1.ReplacePrefix{ + func(vhost *contour_v1.HTTPProxy) { + vhost.Spec.Routes[0].PathRewritePolicy.ReplacePrefix = []contour_v1.ReplacePrefix{ {Prefix: "/foo", Replacement: "/api/v1"}, {Prefix: "/foo", Replacement: "/api/v2"}, } }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), TypeUrl: routeType, - }).Status(vhost).HasError(contour_api_v1.ConditionTypePrefixReplaceError, "DuplicateReplacement", "duplicate replacement prefix '/foo'") + }).Status(vhost).HasError(contour_v1.ConditionTypePrefixReplaceError, "DuplicateReplacement", "duplicate replacement prefix '/foo'") // The "/api" prefix should have precedence over the empty prefix. vhost = update(rh, vhost, - func(vhost *contour_api_v1.HTTPProxy) { - vhost.Spec.Routes[0].PathRewritePolicy.ReplacePrefix = []contour_api_v1.ReplacePrefix{ + func(vhost *contour_v1.HTTPProxy) { + vhost.Spec.Routes[0].PathRewritePolicy.ReplacePrefix = []contour_v1.ReplacePrefix{ {Prefix: "/api", Replacement: "/api/full"}, {Prefix: "", Replacement: "/api/empty"}, } }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/api/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/full/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/api"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/full"), }, @@ -175,15 +176,15 @@ func basic(t *testing.T) { // will be used. So we expect that the default replacement prefix // will be used. update(rh, vhost, - func(vhost *contour_api_v1.HTTPProxy) { + func(vhost *contour_v1.HTTPProxy) { vhost.Spec.Routes[0].Conditions = nil }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/empty"), }, @@ -199,14 +200,14 @@ func multiInclude(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)})) vhost1 := fixture.NewProxy("host1").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "host1.projectcontour.io", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "app", Namespace: "default", Conditions: matchconditions(prefixMatchCondition("/v1")), @@ -214,11 +215,11 @@ func multiInclude(t *testing.T) { }) vhost2 := fixture.NewProxy("host2").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "host2.projectcontour.io", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "app", Namespace: "default", Conditions: matchconditions(prefixMatchCondition("/v2")), @@ -226,14 +227,14 @@ func multiInclude(t *testing.T) { }) app := fixture.NewProxy("app").WithSpec( - contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, - PathRewritePolicy: &contour_api_v1.PathRewritePolicy{ - ReplacePrefix: []contour_api_v1.ReplacePrefix{ + PathRewritePolicy: &contour_v1.PathRewritePolicy{ + ReplacePrefix: []contour_v1.ReplacePrefix{ {Prefix: "/v2", Replacement: "/api/v2"}, {Prefix: "/v1", Replacement: "/api/v1"}, }, @@ -245,25 +246,25 @@ func multiInclude(t *testing.T) { rh.OnAdd(vhost2) rh.OnAdd(app) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("host1.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v1/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/v1/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v1"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/v1"), }, ), envoy_v3.VirtualHost("host2.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/v2/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/v2"), }, @@ -275,27 +276,27 @@ func multiInclude(t *testing.T) { // Remove one of the replacements, and one cluster loses the rewrite. update(rh, app, - func(app *contour_api_v1.HTTPProxy) { - app.Spec.Routes[0].PathRewritePolicy.ReplacePrefix = []contour_api_v1.ReplacePrefix{ + func(app *contour_v1.HTTPProxy) { + app.Spec.Routes[0].PathRewritePolicy.ReplacePrefix = []contour_v1.ReplacePrefix{ {Prefix: "/v1", Replacement: "/api/v1"}, } }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("host1.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v1/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/v1/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v1"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/api/v1"), }, ), envoy_v3.VirtualHost("host2.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -311,21 +312,21 @@ func replaceWithSlash(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)})) vhost1 := fixture.NewProxy("host1").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "host1.projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, Conditions: matchconditions(prefixMatchCondition("/foo")), - PathRewritePolicy: &contour_api_v1.PathRewritePolicy{ - ReplacePrefix: []contour_api_v1.ReplacePrefix{ + PathRewritePolicy: &contour_v1.PathRewritePolicy{ + ReplacePrefix: []contour_v1.ReplacePrefix{ {Replacement: "/"}, }, }, @@ -333,18 +334,18 @@ func replaceWithSlash(t *testing.T) { }) vhost2 := fixture.NewProxy("host2").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "host2.projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 8080, }}, Conditions: matchconditions(prefixMatchCondition("/bar/")), - PathRewritePolicy: &contour_api_v1.PathRewritePolicy{ - ReplacePrefix: []contour_api_v1.ReplacePrefix{ + PathRewritePolicy: &contour_v1.PathRewritePolicy{ + ReplacePrefix: []contour_v1.ReplacePrefix{ {Replacement: "/"}, }, }, @@ -357,25 +358,25 @@ func replaceWithSlash(t *testing.T) { // Make sure that when we rewrite prefix routing conditions // '/foo' and '/foo/' to '/', we don't omit the '/' or emit // too many '/'s. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("host1.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/foo/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/foo"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/"), }, ), envoy_v3.VirtualHost("host2.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/bar/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/bar"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/"), }, @@ -389,30 +390,30 @@ func replaceWithSlash(t *testing.T) { // prefix is '/', the replacement should just end up being prepended // to whatever the client URL is. No special handling of trailing '/'. update(rh, vhost2, - func(vhost *contour_api_v1.HTTPProxy) { + func(vhost *contour_v1.HTTPProxy) { vhost.Spec.Routes[0].Conditions = matchconditions(prefixMatchCondition("/")) - vhost.Spec.Routes[0].PathRewritePolicy = &contour_api_v1.PathRewritePolicy{ - ReplacePrefix: []contour_api_v1.ReplacePrefix{ + vhost.Spec.Routes[0].PathRewritePolicy = &contour_v1.PathRewritePolicy{ + ReplacePrefix: []contour_v1.ReplacePrefix{ {Replacement: "/bar"}, }, } }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("host1.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/foo/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/foo"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/"), }, ), envoy_v3.VirtualHost("host2.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withPrefixRewrite(routeCluster("default/kuard/8080/da39a3ee5e"), "/bar"), }, @@ -434,17 +435,17 @@ func artifactoryDocker(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("artifactory/service"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(fixture.NewProxy("artifactory/routes").WithSpec( - contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "service", Port: 8080, }}, - PathRewritePolicy: &contour_api_v1.PathRewritePolicy{ - ReplacePrefix: []contour_api_v1.ReplacePrefix{ + PathRewritePolicy: &contour_v1.PathRewritePolicy{ + ReplacePrefix: []contour_v1.ReplacePrefix{ {Prefix: "/v2/container-sandbox", Replacement: "/artifactory/api/docker/container-sandbox/v2"}, {Prefix: "/v2/container-release", Replacement: "/artifactory/api/docker/container-release/v2"}, {Prefix: "/v2/container-external", Replacement: "/artifactory/api/docker/container-external/v2"}, @@ -456,11 +457,11 @@ func artifactoryDocker(t *testing.T) { ) rh.OnAdd(fixture.NewProxy("artifactory/artifactory").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "artifactory.projectcontour.io", }, - Includes: []contour_api_v1.Include{ + Includes: []contour_v1.Include{ {Name: "routes", Conditions: matchconditions(prefixMatchCondition("/v2/container-sandbox"))}, {Name: "routes", Conditions: matchconditions(prefixMatchCondition("/v2/container-release"))}, {Name: "routes", Conditions: matchconditions(prefixMatchCondition("/v2/container-external"))}, @@ -469,46 +470,46 @@ func artifactoryDocker(t *testing.T) { }), ) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("artifactory.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2/container-external/"), Action: withPrefixRewrite(routeCluster("artifactory/service/8080/da39a3ee5e"), "/artifactory/api/docker/container-external/v2/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2/container-sandbox/"), Action: withPrefixRewrite(routeCluster("artifactory/service/8080/da39a3ee5e"), "/artifactory/api/docker/container-sandbox/v2/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2/container-release/"), Action: withPrefixRewrite(routeCluster("artifactory/service/8080/da39a3ee5e"), "/artifactory/api/docker/container-release/v2/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2/container-external"), Action: withPrefixRewrite(routeCluster("artifactory/service/8080/da39a3ee5e"), "/artifactory/api/docker/container-external/v2"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2/container-sandbox"), Action: withPrefixRewrite(routeCluster("artifactory/service/8080/da39a3ee5e"), "/artifactory/api/docker/container-sandbox/v2"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2/container-release"), Action: withPrefixRewrite(routeCluster("artifactory/service/8080/da39a3ee5e"), "/artifactory/api/docker/container-release/v2"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2/container-public/"), Action: withPrefixRewrite(routeCluster("artifactory/service/8080/da39a3ee5e"), "/artifactory/api/docker/container-public/v2/"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/v2/container-public"), Action: withPrefixRewrite(routeCluster("artifactory/service/8080/da39a3ee5e"), "/artifactory/api/docker/container-public/v2"), diff --git a/internal/featuretests/v3/retrypolicy_test.go b/internal/featuretests/v3/retrypolicy_test.go index 478c9684df2..d08d72f1616 100644 --- a/internal/featuretests/v3/retrypolicy_test.go +++ b/internal/featuretests/v3/retrypolicy_test.go @@ -17,15 +17,16 @@ import ( "testing" "time" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestRetryPolicy(t *testing.T) { @@ -33,7 +34,7 @@ func TestRetryPolicy(t *testing.T) { defer done() s1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) i1 := &networking_v1.Ingress{ @@ -48,11 +49,11 @@ func TestRetryPolicy(t *testing.T) { } rh.OnAdd(i1) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withRetryPolicy(routeCluster("default/backend/80/da39a3ee5e"), "5xx,gateway-error", 7, 120*time.Millisecond), }, @@ -74,11 +75,11 @@ func TestRetryPolicy(t *testing.T) { } rh.OnUpdate(i1, i2) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withRetryPolicy(routeCluster("default/backend/80/da39a3ee5e"), "5xx,gateway-error", 7, 120*time.Millisecond), }, @@ -100,11 +101,11 @@ func TestRetryPolicy(t *testing.T) { } rh.OnUpdate(i2, i3) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withRetryPolicy(routeCluster("default/backend/80/da39a3ee5e"), "5xx,gateway-error", 7, 120*time.Millisecond), }, @@ -126,11 +127,11 @@ func TestRetryPolicy(t *testing.T) { } rh.OnUpdate(i3, i4) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withRetryPolicy(routeCluster("default/backend/80/da39a3ee5e"), "5xx,gateway-error", 0, 120*time.Millisecond), }, @@ -152,11 +153,11 @@ func TestRetryPolicy(t *testing.T) { } rh.OnUpdate(i4, i5) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withRetryPolicy(routeCluster("default/backend/80/da39a3ee5e"), "5xx,gateway-error", 1, 120*time.Millisecond), }, @@ -168,16 +169,16 @@ func TestRetryPolicy(t *testing.T) { rh.OnDelete(i5) - hp1 := &contour_api_v1.HTTPProxy{ + hp1 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "test3.test.com"}, - Routes: []contour_api_v1.Route{{ - RetryPolicy: &contour_api_v1.RetryPolicy{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "test3.test.com"}, + Routes: []contour_v1.Route{{ + RetryPolicy: &contour_v1.RetryPolicy{ NumRetries: 5, PerTryTimeout: "105s", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -186,11 +187,11 @@ func TestRetryPolicy(t *testing.T) { } rh.OnAdd(hp1) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost(hp1.Spec.VirtualHost.Fqdn, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withRetryPolicy(routeCluster("default/backend/80/da39a3ee5e"), "5xx", 5, 105*time.Second), }, @@ -200,16 +201,16 @@ func TestRetryPolicy(t *testing.T) { TypeUrl: routeType, }) - hp2 := &contour_api_v1.HTTPProxy{ + hp2 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "test3.test.com"}, - Routes: []contour_api_v1.Route{{ - RetryPolicy: &contour_api_v1.RetryPolicy{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "test3.test.com"}, + Routes: []contour_v1.Route{{ + RetryPolicy: &contour_v1.RetryPolicy{ NumRetries: -1, PerTryTimeout: "105s", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -218,11 +219,11 @@ func TestRetryPolicy(t *testing.T) { } rh.OnUpdate(hp1, hp2) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost(hp1.Spec.VirtualHost.Fqdn, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withRetryPolicy(routeCluster("default/backend/80/da39a3ee5e"), "5xx", 0, 105*time.Second), }, @@ -232,16 +233,16 @@ func TestRetryPolicy(t *testing.T) { TypeUrl: routeType, }) - hp3 := &contour_api_v1.HTTPProxy{ + hp3 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "test3.test.com"}, - Routes: []contour_api_v1.Route{{ - RetryPolicy: &contour_api_v1.RetryPolicy{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "test3.test.com"}, + Routes: []contour_v1.Route{{ + RetryPolicy: &contour_v1.RetryPolicy{ NumRetries: 0, PerTryTimeout: "105s", }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -250,11 +251,11 @@ func TestRetryPolicy(t *testing.T) { } rh.OnUpdate(hp2, hp3) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost(hp1.Spec.VirtualHost.Fqdn, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withRetryPolicy(routeCluster("default/backend/80/da39a3ee5e"), "5xx", 1, 105*time.Second), }, diff --git a/internal/featuretests/v3/rootnamespaces_test.go b/internal/featuretests/v3/rootnamespaces_test.go index a1e1a01a6e6..0a2f94ca3a7 100644 --- a/internal/featuretests/v3/rootnamespaces_test.go +++ b/internal/featuretests/v3/rootnamespaces_test.go @@ -16,15 +16,16 @@ package v3 import ( "testing" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestRootNamespaces(t *testing.T) { @@ -35,16 +36,16 @@ func TestRootNamespaces(t *testing.T) { // Not in root namespace set. svc1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc1) // Inside root namespace set. svc2 := fixture.NewService("roots/kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc2) // assert that there is only a static listener - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -52,24 +53,24 @@ func TestRootNamespaces(t *testing.T) { }) // assert that the route tables are empty - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: nil, TypeUrl: routeType, }) // hp1 is not in the root namespace set. - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hp1.example.com", }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc1.Name, Port: 8080, }}, @@ -79,7 +80,7 @@ func TestRootNamespaces(t *testing.T) { rh.OnAdd(hp1) // assert that hp1 has no effect on the listener set. - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -87,7 +88,7 @@ func TestRootNamespaces(t *testing.T) { }) // assert that the route tables are present but empty. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -95,18 +96,18 @@ func TestRootNamespaces(t *testing.T) { }) // hp2 is in the root namespace set. - hp2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc2.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hp2.example.com", }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc2.Name, Port: 8080, }}, @@ -116,7 +117,7 @@ func TestRootNamespaces(t *testing.T) { rh.OnAdd(hp2) // assert that hp2 creates port 80 listener. - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), statsListener(), @@ -125,11 +126,11 @@ func TestRootNamespaces(t *testing.T) { }) // assert that hp2.example.com's routes are visible. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hp2.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("roots/kuard/8080/da39a3ee5e"), }, diff --git a/internal/featuretests/v3/route_test.go b/internal/featuretests/v3/route_test.go index 0acd164cef4..c5047b74c6c 100644 --- a/internal/featuretests/v3/route_test.go +++ b/internal/featuretests/v3/route_test.go @@ -19,17 +19,18 @@ import ( "path" "testing" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) // projectcontour/contour#172. Updating an object from @@ -68,7 +69,7 @@ func TestEditIngress(t *testing.T) { defer done() s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) // add default/kuard to translator. @@ -81,11 +82,11 @@ func TestEditIngress(t *testing.T) { rh.OnAdd(old) // check that it's been translated correctly. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", - envoy_v3.VirtualHost("*", &envoy_route_v3.Route{ + envoy_v3.VirtualHost("*", &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }), @@ -113,11 +114,11 @@ func TestEditIngress(t *testing.T) { }) // check that ingress_http has been updated. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "2", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", - envoy_v3.VirtualHost("*", &envoy_route_v3.Route{ + envoy_v3.VirtualHost("*", &envoy_config_route_v3.Route{ Match: routePrefix("/testing"), Action: routecluster("default/kuard/80/da39a3ee5e"), }), @@ -150,12 +151,12 @@ func TestIngressPathRouteWithoutHost(t *testing.T) { defer done() s1 := fixture.NewService("hello"). - WithPorts(v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) // add default/hello to translator. rh.OnAdd(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{Name: "hello", Namespace: "default"}, + ObjectMeta: meta_v1.ObjectMeta{Name: "hello", Namespace: "default"}, Spec: networking_v1.IngressSpec{ Rules: []networking_v1.IngressRule{{ IngressRuleValue: networking_v1.IngressRuleValue{ @@ -171,12 +172,12 @@ func TestIngressPathRouteWithoutHost(t *testing.T) { }) // check that it's been translated correctly. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "2", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/hello"), Action: routecluster("default/hello/80/da39a3ee5e"), }, @@ -193,7 +194,7 @@ func TestEditIngressInPlace(t *testing.T) { defer done() i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{Name: "hello", Namespace: "default"}, + ObjectMeta: meta_v1.ObjectMeta{Name: "hello", Namespace: "default"}, Spec: networking_v1.IngressSpec{ Rules: []networking_v1.IngressRule{{ Host: "hello.example.com", @@ -216,19 +217,19 @@ func TestEditIngressInPlace(t *testing.T) { rh.OnAdd(i1) s1 := fixture.NewService("wowie"). - WithPorts(v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) s2 := fixture.NewService("kerpow"). - WithPorts(v1.ServicePort{Name: "http", Port: 9000, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 9000, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s2) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "2", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/wowie/80/da39a3ee5e"), }, @@ -260,16 +261,16 @@ func TestEditIngressInPlace(t *testing.T) { }, } rh.OnUpdate(i1, i2) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "3", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/whoop"), Action: routecluster("default/kerpow/9000/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/wowie/80/da39a3ee5e"), }, @@ -303,16 +304,16 @@ func TestEditIngressInPlace(t *testing.T) { }, } rh.OnUpdate(i2, i3) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "4", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/whoop"), Action: envoy_v3.UpgradeHTTPS(), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: envoy_v3.UpgradeHTTPS(), }, @@ -328,7 +329,7 @@ func TestEditIngressInPlace(t *testing.T) { // i4 is the same as i3, and includes a TLS spec object to enable ingress_https routes // i3 is like i2, but adds the ingress.kubernetes.io/force-ssl-redirect: "true" annotation i4 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "hello", Namespace: "default", Annotations: map[string]string{ @@ -357,16 +358,16 @@ func TestEditIngressInPlace(t *testing.T) { }, } rh.OnUpdate(i3, i4) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "5", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("hello.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/whoop"), Action: envoy_v3.UpgradeHTTPS(), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: envoy_v3.UpgradeHTTPS(), }, @@ -374,11 +375,11 @@ func TestEditIngressInPlace(t *testing.T) { ), envoy_v3.RouteConfiguration("https/hello.example.com", envoy_v3.VirtualHost("hello.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/whoop"), Action: routecluster("default/kerpow/9000/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/wowie/80/da39a3ee5e"), }, @@ -397,12 +398,12 @@ func TestSSLRedirectOverlay(t *testing.T) { defer done() s1 := fixture.NewService("app-service"). - WithPorts(v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) // i1 is a stock ingress with force-ssl-redirect on the / route i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "app", Namespace: "default", Annotations: map[string]string{ @@ -432,12 +433,12 @@ func TestSSLRedirectOverlay(t *testing.T) { rh.OnAdd(featuretests.TLSSecret(t, "example-tls", &featuretests.ServerCertificate)) s2 := fixture.NewService("nginx-ingress/challenge-service"). - WithPorts(v1.ServicePort{Name: "http", Port: 8009, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8009, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s2) // i2 is an overlay to add the let's encrypt handler. i2 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{Name: "challenge", Namespace: "nginx-ingress"}, + ObjectMeta: meta_v1.ObjectMeta{Name: "challenge", Namespace: "nginx-ingress"}, Spec: networking_v1.IngressSpec{ Rules: []networking_v1.IngressRule{{ Host: "example.com", @@ -456,22 +457,22 @@ func TestSSLRedirectOverlay(t *testing.T) { assertRDS(t, c, "5", virtualhosts( envoy_v3.VirtualHost("example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/.well-known/acme-challenge/gVJl5NWL2owUqZekjHkt_bo3OHYC2XNDURRRgLI5JTk"), Action: routecluster("nginx-ingress/challenge-service/8009/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), // match all Action: envoy_v3.UpgradeHTTPS(), }, ), ), virtualhosts( envoy_v3.VirtualHost("example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/.well-known/acme-challenge/gVJl5NWL2owUqZekjHkt_bo3OHYC2XNDURRRgLI5JTk"), Action: routecluster("nginx-ingress/challenge-service/8009/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), // match all Action: routecluster("default/app-service/8080/da39a3ee5e"), }, @@ -485,12 +486,12 @@ func TestInvalidCertInIngress(t *testing.T) { // Create an invalid TLS secret secret := featuretests.TLSSecret(t, "example-tls", &featuretests.ServerCertificate) - secret.Data[v1.TLSCertKey] = []byte("wrong") + secret.Data[core_v1.TLSCertKey] = []byte("wrong") rh.OnAdd(secret) // Create a service s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) // Create an ingress that uses the invalid secret @@ -516,7 +517,7 @@ func TestInvalidCertInIngress(t *testing.T) { assertRDS(t, c, "1", virtualhosts( envoy_v3.VirtualHost("kuard.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, @@ -528,14 +529,14 @@ func TestInvalidCertInIngress(t *testing.T) { assertRDS(t, c, "2", virtualhosts( envoy_v3.VirtualHost("kuard.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, ), ), virtualhosts( envoy_v3.VirtualHost("kuard.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, @@ -549,7 +550,7 @@ func TestIssue257(t *testing.T) { defer done() s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) // apiVersion: networking/v1 @@ -578,7 +579,7 @@ func TestIssue257(t *testing.T) { assertRDS(t, c, "2", virtualhosts( envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, @@ -626,7 +627,7 @@ func TestIssue257(t *testing.T) { assertRDS(t, c, "3", virtualhosts( envoy_v3.VirtualHost("kuard.db.gd-ms.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, @@ -639,12 +640,12 @@ func TestRDSFilter(t *testing.T) { defer done() s1 := fixture.NewService("app-service"). - WithPorts(v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) // i1 is a stock ingress with force-ssl-redirect on the / route i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "app", Namespace: "default", Annotations: map[string]string{ @@ -674,12 +675,12 @@ func TestRDSFilter(t *testing.T) { rh.OnAdd(featuretests.TLSSecret(t, "example-tls", &featuretests.ServerCertificate)) s2 := fixture.NewService("nginx-ingress/challenge-service"). - WithPorts(v1.ServicePort{Name: "http", Port: 8009, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8009, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s2) // i2 is an overlay to add the let's encrypt handler. i2 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{Name: "challenge", Namespace: "nginx-ingress"}, + ObjectMeta: meta_v1.ObjectMeta{Name: "challenge", Namespace: "nginx-ingress"}, Spec: networking_v1.IngressSpec{ Rules: []networking_v1.IngressRule{{ Host: "example.com", @@ -696,16 +697,16 @@ func TestRDSFilter(t *testing.T) { } rh.OnAdd(i2) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "5", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/.well-known/acme-challenge/gVJl5NWL2owUqZekjHkt_bo3OHYC2XNDURRRgLI5JTk"), Action: routecluster("nginx-ingress/challenge-service/8009/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), // match all Action: envoy_v3.UpgradeHTTPS(), }, @@ -713,11 +714,11 @@ func TestRDSFilter(t *testing.T) { ), envoy_v3.RouteConfiguration("https/example.com", envoy_v3.VirtualHost("example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/.well-known/acme-challenge/gVJl5NWL2owUqZekjHkt_bo3OHYC2XNDURRRgLI5JTk"), Action: routecluster("nginx-ingress/challenge-service/8009/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/app-service/8080/da39a3ee5e"), }, @@ -736,17 +737,17 @@ func TestDefaultBackendDoesNotOverwriteNamedHost(t *testing.T) { rh.OnAdd(fixture.NewService("kuard"). WithPorts( - v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}, - v1.ServicePort{Name: "alt", Port: 8080, TargetPort: intstr.FromInt(8080)}, + core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}, + core_v1.ServicePort{Name: "alt", Port: 8080, TargetPort: intstr.FromInt(8080)}, ), ) rh.OnAdd(fixture.NewService("test-gui"). - WithPorts(v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}), ) rh.OnAdd(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "hello", Namespace: "default", }, @@ -791,22 +792,22 @@ func TestDefaultBackendDoesNotOverwriteNamedHost(t *testing.T) { }, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/kuard"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, ), envoy_v3.VirtualHost("test-gui", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/test-gui/80/da39a3ee5e"), }, @@ -824,13 +825,13 @@ func TestDefaultBackendIsOverriddenByNoHostIngressRule(t *testing.T) { rh.OnAdd(fixture.NewService("kuard"). WithPorts( - v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}, - v1.ServicePort{Name: "alt", Port: 8080, TargetPort: intstr.FromInt(8080)}, + core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}, + core_v1.ServicePort{Name: "alt", Port: 8080, TargetPort: intstr.FromInt(8080)}, ), ) rh.OnAdd(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "hello", Namespace: "default", }, @@ -864,12 +865,12 @@ func TestDefaultBackendIsOverriddenByNoHostIngressRule(t *testing.T) { }, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -891,7 +892,7 @@ func TestRDSIngressClassAnnotation(t *testing.T) { defer done() s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) i1 := &networking_v1.Ingress{ @@ -905,7 +906,7 @@ func TestRDSIngressClassAnnotation(t *testing.T) { rh.OnAdd(i1) assertRDS(t, c, "1", virtualhosts( envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -945,7 +946,7 @@ func TestRDSIngressClassAnnotation(t *testing.T) { rh.OnUpdate(i3, i4) assertRDS(t, c, "3", virtualhosts( envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -963,7 +964,7 @@ func TestRDSIngressClassAnnotation(t *testing.T) { rh.OnUpdate(i4, i5) assertRDS(t, c, "4", virtualhosts( envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -983,23 +984,23 @@ func TestRDSAssertNoDataRaceDuringInsertAndStream(t *testing.T) { stop := make(chan struct{}) s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) go func() { for i := 0; i < 100; i++ { - rh.OnAdd(&contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + rh.OnAdd(&contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: fmt.Sprintf("simple-%d", i), Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: fmt.Sprintf("example-%d.com", i)}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: fmt.Sprintf("example-%d.com", i)}, + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, }}, @@ -1046,10 +1047,10 @@ func TestRDSIngressSpecMissingHTTPKey(t *testing.T) { defer done() s1 := fixture.NewService("network-test"). - WithPorts(v1.ServicePort{Name: "http", Port: 9001, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 9001, TargetPort: intstr.FromInt(8080)}) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test-ingress3", Namespace: "default", }, @@ -1075,7 +1076,7 @@ func TestRDSIngressSpecMissingHTTPKey(t *testing.T) { assertRDS(t, c, "2", virtualhosts( envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/network-test/9001/da39a3ee5e"), }, @@ -1088,27 +1089,27 @@ func TestRouteWithTLS(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(featuretests.TLSSecret(t, "example-tls", &featuretests.ServerCertificate)) - p1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "test2.test.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "example-tls", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/a", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, }}, @@ -1119,12 +1120,12 @@ func TestRouteWithTLS(t *testing.T) { rh.OnAdd(p1) // check that ingress_http has been updated. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Action: envoy_v3.UpgradeHTTPS(), Match: routePrefix("/a"), }, @@ -1132,7 +1133,7 @@ func TestRouteWithTLS(t *testing.T) { ), envoy_v3.RouteConfiguration("https/test2.test.com", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/a"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, @@ -1149,39 +1150,39 @@ func TestRouteWithTLS_InsecurePaths(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(fixture.NewService("svc2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(featuretests.TLSSecret(t, "example-tls", &featuretests.ServerCertificate)) - p1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "test2.test.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "example-tls", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/insecure", }}, PermitInsecure: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/secure", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -1192,16 +1193,16 @@ func TestRouteWithTLS_InsecurePaths(t *testing.T) { rh.OnAdd(p1) // check that ingress_http has been updated. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/insecure"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/secure"), Action: envoy_v3.UpgradeHTTPS(), }, @@ -1209,11 +1210,11 @@ func TestRouteWithTLS_InsecurePaths(t *testing.T) { ), envoy_v3.RouteConfiguration("https/test2.test.com", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/insecure"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/secure"), Action: routecluster("default/svc2/80/da39a3ee5e"), }, @@ -1239,39 +1240,39 @@ func TestRouteWithTLS_InsecurePaths_DisablePermitInsecureTrue(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(fixture.NewService("svc2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(featuretests.TLSSecret(t, "example-tls", &featuretests.ServerCertificate)) - p1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "test2.test.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "example-tls", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/insecure", }}, PermitInsecure: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, }}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/secure", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -1282,16 +1283,16 @@ func TestRouteWithTLS_InsecurePaths_DisablePermitInsecureTrue(t *testing.T) { rh.OnAdd(p1) // check that ingress_http has been updated. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/insecure"), Action: envoy_v3.UpgradeHTTPS(), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/secure"), Action: envoy_v3.UpgradeHTTPS(), }, @@ -1299,11 +1300,11 @@ func TestRouteWithTLS_InsecurePaths_DisablePermitInsecureTrue(t *testing.T) { ), envoy_v3.RouteConfiguration("https/test2.test.com", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/insecure"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/secure"), Action: routecluster("default/svc2/80/da39a3ee5e"), }, @@ -1320,10 +1321,10 @@ func TestRoutePrefixRouteRegex(t *testing.T) { rh, c, done := setup(t) defer done() - meta := metav1.ObjectMeta{Name: "kuard", Namespace: "default"} + meta := meta_v1.ObjectMeta{Name: "kuard", Namespace: "default"} s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) // add default/kuard to translator. @@ -1346,16 +1347,16 @@ func TestRoutePrefixRouteRegex(t *testing.T) { rh.OnAdd(old) // check that it's been translated correctly. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routeRegex("/[^/]+/invoices(/.*|/?)"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, @@ -1385,12 +1386,12 @@ func TestRoutePrefixRouteRegex(t *testing.T) { rh.OnAdd(invalid) // check that it's been translated correctly. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, @@ -1402,10 +1403,10 @@ func TestRoutePrefixRouteRegex(t *testing.T) { }) } -func assertRDS(t *testing.T, c *Contour, versioninfo string, ingressHTTP, ingressHTTPS []*envoy_route_v3.VirtualHost) { +func assertRDS(t *testing.T, c *Contour, versioninfo string, ingressHTTP, ingressHTTPS []*envoy_config_route_v3.VirtualHost) { t.Helper() - routes := []*envoy_route_v3.RouteConfiguration{ + routes := []*envoy_config_route_v3.RouteConfiguration{ envoy_v3.RouteConfiguration("ingress_http", ingressHTTP...), } @@ -1414,7 +1415,7 @@ func assertRDS(t *testing.T, c *Contour, versioninfo string, ingressHTTP, ingres envoy_v3.RouteConfiguration(path.Join("https", vh.Name), vh)) } - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: versioninfo, Resources: routeResources(t, routes...), TypeUrl: routeType, @@ -1422,7 +1423,7 @@ func assertRDS(t *testing.T, c *Contour, versioninfo string, ingressHTTP, ingres }) } -func routeRegex(regex string, headers ...dag.HeaderMatchCondition) *envoy_route_v3.RouteMatch { +func routeRegex(regex string, headers ...dag.HeaderMatchCondition) *envoy_config_route_v3.RouteMatch { return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.RegexMatchCondition{ Regex: regex, @@ -1431,10 +1432,10 @@ func routeRegex(regex string, headers ...dag.HeaderMatchCondition) *envoy_route_ }) } -func routecluster(cluster string) *envoy_route_v3.Route_Route { - return &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ +func routecluster(cluster string) *envoy_config_route_v3.Route_Route { + return &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: cluster, }, }, @@ -1446,25 +1447,25 @@ func TestHTTPProxyRouteWithTLS(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(featuretests.TLSSecret(t, "example-tls", &featuretests.ServerCertificate)) - proxy1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "test2.test.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "example-tls", }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: conditions(prefixCondition("/a")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, }}, @@ -1475,12 +1476,12 @@ func TestHTTPProxyRouteWithTLS(t *testing.T) { rh.OnAdd(proxy1) // check that ingress_http has been updated. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/a"), Action: envoy_v3.UpgradeHTTPS(), }, @@ -1488,7 +1489,7 @@ func TestHTTPProxyRouteWithTLS(t *testing.T) { ), envoy_v3.RouteConfiguration("https/test2.test.com", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/a"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, @@ -1505,35 +1506,35 @@ func TestHTTPProxyRouteWithTLS_InsecurePaths(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(fixture.NewService("svc2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(featuretests.TLSSecret(t, "example-tls", &featuretests.ServerCertificate)) - proxy1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "test2.test.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "example-tls", }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: conditions(prefixCondition("/insecure")), PermitInsecure: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, }}, }, { Conditions: conditions(prefixCondition("/secure")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -1544,16 +1545,16 @@ func TestHTTPProxyRouteWithTLS_InsecurePaths(t *testing.T) { rh.OnAdd(proxy1) // check that ingress_http has been updated. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/insecure"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/secure"), Action: envoy_v3.UpgradeHTTPS(), }, @@ -1561,11 +1562,11 @@ func TestHTTPProxyRouteWithTLS_InsecurePaths(t *testing.T) { ), envoy_v3.RouteConfiguration("https/test2.test.com", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/insecure"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/secure"), Action: routecluster("default/svc2/80/da39a3ee5e"), }, @@ -1591,35 +1592,35 @@ func TestHTTPProxyRouteWithTLS_InsecurePaths_DisablePermitInsecureTrue(t *testin defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(fixture.NewService("svc2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(featuretests.TLSSecret(t, "example-tls", &featuretests.ServerCertificate)) - proxy1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "test2.test.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "example-tls", }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: conditions(prefixCondition("/insecure")), PermitInsecure: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, }}, }, { Conditions: conditions(prefixCondition("/secure")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "svc2", Port: 80, }}, @@ -1630,16 +1631,16 @@ func TestHTTPProxyRouteWithTLS_InsecurePaths_DisablePermitInsecureTrue(t *testin rh.OnAdd(proxy1) // check that ingress_http has been updated. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/insecure"), Action: envoy_v3.UpgradeHTTPS(), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/secure"), Action: envoy_v3.UpgradeHTTPS(), }, @@ -1647,11 +1648,11 @@ func TestHTTPProxyRouteWithTLS_InsecurePaths_DisablePermitInsecureTrue(t *testin ), envoy_v3.RouteConfiguration("https/test2.test.com", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/insecure"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/secure"), Action: routecluster("default/svc2/80/da39a3ee5e"), }, @@ -1668,20 +1669,20 @@ func TestRDSHTTPProxyRootCannotDelegateToAnotherRoot(t *testing.T) { defer done() svc1 := fixture.NewService("marketing/green"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(svc1) - child := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + child := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blog", Namespace: svc1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.containersteve.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc1.Name, Port: 80, }}, @@ -1690,16 +1691,16 @@ func TestRDSHTTPProxyRootCannotDelegateToAnotherRoot(t *testing.T) { } rh.OnAdd(child) - root := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + root := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root-blog", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "blog.containersteve.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: child.Name, Namespace: child.Namespace, }}, @@ -1709,12 +1710,12 @@ func TestRDSHTTPProxyRootCannotDelegateToAnotherRoot(t *testing.T) { // verify that child's route is present because while it is not possible to // delegate to it, it can host www.containersteve.com. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "2", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.containersteve.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("marketing/green/80/da39a3ee5e"), }, @@ -1731,32 +1732,32 @@ func TestRDSHTTPProxyDuplicateIncludeConditions(t *testing.T) { defer done() svc1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc1) svc2 := fixture.NewService("teama/kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc2) svc3 := fixture.NewService("teamb/kuard"). - WithPorts(v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc3) - proxyRoot := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyRoot := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root", Namespace: svc1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "blogteama", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, @@ -1764,19 +1765,19 @@ func TestRDSHTTPProxyDuplicateIncludeConditions(t *testing.T) { }, { Name: "blogteama", Namespace: "teamb", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc1.Name, Port: 8080, }}, @@ -1784,14 +1785,14 @@ func TestRDSHTTPProxyDuplicateIncludeConditions(t *testing.T) { }, } - proxyChildA := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyChildA := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blogteama", Namespace: "teama", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc2.Name, Port: 8080, }}, @@ -1799,14 +1800,14 @@ func TestRDSHTTPProxyDuplicateIncludeConditions(t *testing.T) { }, } - proxyChildB := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyChildB := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "blogteamb", Namespace: "teamb", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc3.Name, Port: 8080, }}, @@ -1817,12 +1818,12 @@ func TestRDSHTTPProxyDuplicateIncludeConditions(t *testing.T) { rh.OnAdd(proxyChildA) rh.OnAdd(proxyChildB) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "2", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/blog", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -1831,7 +1832,7 @@ func TestRDSHTTPProxyDuplicateIncludeConditions(t *testing.T) { }), Action: routecluster("teama/kuard/8080/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -1843,12 +1844,14 @@ func TestRDSHTTPProxyDuplicateIncludeConditions(t *testing.T) { }) } -func virtualhosts(v ...*envoy_route_v3.VirtualHost) []*envoy_route_v3.VirtualHost { return v } +func virtualhosts(v ...*envoy_config_route_v3.VirtualHost) []*envoy_config_route_v3.VirtualHost { + return v +} -func conditions(c ...contour_api_v1.MatchCondition) []contour_api_v1.MatchCondition { return c } +func conditions(c ...contour_v1.MatchCondition) []contour_v1.MatchCondition { return c } -func prefixCondition(prefix string) contour_api_v1.MatchCondition { - return contour_api_v1.MatchCondition{ +func prefixCondition(prefix string) contour_v1.MatchCondition { + return contour_v1.MatchCondition{ Prefix: prefix, } } diff --git a/internal/featuretests/v3/routesourcemetadata_test.go b/internal/featuretests/v3/routesourcemetadata_test.go index 50f21b4f2e4..bcd7fd2049e 100644 --- a/internal/featuretests/v3/routesourcemetadata_test.go +++ b/internal/featuretests/v3/routesourcemetadata_test.go @@ -16,22 +16,23 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/dag" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/featuretests" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/gatewayapi" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" "google.golang.org/protobuf/types/known/structpb" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/dag" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/featuretests" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/gatewayapi" ) func TestRouteSourceMetadataIsSet(t *testing.T) { @@ -51,7 +52,7 @@ func TestRouteSourceMetadataIsSet(t *testing.T) { rh, c, done := setup(t, setRouteSourceMetadata) defer done() - s1 := fixture.NewService("kuard").WithPorts(v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) + s1 := fixture.NewService("kuard").WithPorts(core_v1.ServicePort{Name: "http", Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) // Test an Ingress route gets it source metadata set correctly. @@ -77,14 +78,14 @@ func TestRouteSourceMetadataIsSet(t *testing.T) { } rh.OnAdd(ing) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", - envoy_v3.VirtualHost("ingress.projectcontour.io", &envoy_route_v3.Route{ + envoy_v3.VirtualHost("ingress.projectcontour.io", &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), - Metadata: &envoy_core_v3.Metadata{ + Metadata: &envoy_config_core_v3.Metadata{ FilterMetadata: map[string]*structpb.Struct{ "envoy.access_loggers.file": { Fields: map[string]*structpb.Value{ @@ -105,16 +106,16 @@ func TestRouteSourceMetadataIsSet(t *testing.T) { rh.OnDelete(ing) // Test an HTTPProxy route gets it source metadata set correctly. - httpProxy := &contour_api_v1.HTTPProxy{ + httpProxy := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("default/httpproxy-kuard"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "httpproxy.projectcontour.io", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contour_api_v1.MatchCondition{{Prefix: "/"}}, - Services: []contour_api_v1.Service{{Name: "kuard", Port: 80}}, + Conditions: []contour_v1.MatchCondition{{Prefix: "/"}}, + Services: []contour_v1.Service{{Name: "kuard", Port: 80}}, }, }, }, @@ -122,14 +123,14 @@ func TestRouteSourceMetadataIsSet(t *testing.T) { rh.OnAdd(httpProxy) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("ingress_http", - envoy_v3.VirtualHost("httpproxy.projectcontour.io", &envoy_route_v3.Route{ + envoy_v3.VirtualHost("httpproxy.projectcontour.io", &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), - Metadata: &envoy_core_v3.Metadata{ + Metadata: &envoy_config_core_v3.Metadata{ FilterMetadata: map[string]*structpb.Struct{ "envoy.access_loggers.file": { Fields: map[string]*structpb.Value{ @@ -153,7 +154,7 @@ func TestRouteSourceMetadataIsSet(t *testing.T) { rh.OnAdd(gc) rh.OnAdd(gateway) httpRoute := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute-kuard", Namespace: "default", }, @@ -174,14 +175,14 @@ func TestRouteSourceMetadataIsSet(t *testing.T) { } rh.OnAdd(httpRoute) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: routeResources(t, envoy_v3.RouteConfiguration("http-80", - envoy_v3.VirtualHost("gatewayapi.projectcontour.io", &envoy_route_v3.Route{ + envoy_v3.VirtualHost("gatewayapi.projectcontour.io", &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), - Metadata: &envoy_core_v3.Metadata{ + Metadata: &envoy_config_core_v3.Metadata{ FilterMetadata: map[string]*structpb.Struct{ "envoy.access_loggers.file": { Fields: map[string]*structpb.Value{ diff --git a/internal/featuretests/v3/routeweight_test.go b/internal/featuretests/v3/routeweight_test.go index 0aee2a18a78..98b50f49ef7 100644 --- a/internal/featuretests/v3/routeweight_test.go +++ b/internal/featuretests/v3/routeweight_test.go @@ -17,21 +17,22 @@ package v3 import ( "testing" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" ) func TestHTTPProxy_RouteWithAServiceWeight(t *testing.T) { @@ -39,15 +40,15 @@ func TestHTTPProxy_RouteWithAServiceWeight(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) - proxy1 := &contour_api_v1.HTTPProxy{ + proxy1 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "test2.test.com"}, - Routes: []contour_api_v1.Route{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "test2.test.com"}, + Routes: []contour_v1.Route{{ Conditions: conditions(prefixCondition("/a")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, Weight: 90, // ignored @@ -59,20 +60,20 @@ func TestHTTPProxy_RouteWithAServiceWeight(t *testing.T) { rh.OnAdd(proxy1) assertRDS(t, c, "1", virtualhosts( envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/a"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, ), ), nil) - proxy2 := &contour_api_v1.HTTPProxy{ + proxy2 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "test2.test.com"}, - Routes: []contour_api_v1.Route{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "test2.test.com"}, + Routes: []contour_v1.Route{{ Conditions: conditions(prefixCondition("/a")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "kuard", Port: 80, Weight: 90, @@ -88,7 +89,7 @@ func TestHTTPProxy_RouteWithAServiceWeight(t *testing.T) { rh.OnUpdate(proxy1, proxy2) assertRDS(t, c, "2", virtualhosts( envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/a"), Action: routeWeightedCluster( weightedCluster{"default/kuard/80/da39a3ee5e", 60}, @@ -102,22 +103,22 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { rh, c, done := setup(t) defer done() - rh.OnAdd(fixture.NewService("kuard-1").WithPorts(v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) - rh.OnAdd(fixture.NewService("kuard-2").WithPorts(v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) - rh.OnAdd(fixture.NewService("kuard-3").WithPorts(v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) + rh.OnAdd(fixture.NewService("kuard-1").WithPorts(core_v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) + rh.OnAdd(fixture.NewService("kuard-2").WithPorts(core_v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) + rh.OnAdd(fixture.NewService("kuard-3").WithPorts(core_v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) // proxy1 has a TCPProxy with a single service. - proxy1 := &contour_api_v1.HTTPProxy{ + proxy1 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.test.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{ { Name: "kuard-1", Port: 443, @@ -130,16 +131,16 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { rh.OnAdd(proxy1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("ingress_https", "default/kuard-1/443/da39a3ee5e"), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"tcpproxy.test.com"}, }, }}, @@ -154,7 +155,7 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { }) // check that ingress_http is empty - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -163,17 +164,17 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { // proxy2 has a TCPProxy with multiple services, // each with an explicit weight. - proxy2 := &contour_api_v1.HTTPProxy{ + proxy2 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.test.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{ {Name: "kuard-1", Port: 443, Weight: 7}, {Name: "kuard-2", Port: 443, Weight: 77}, }, @@ -182,12 +183,12 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { } rh.OnUpdate(proxy1, proxy2) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxyWeighted( "ingress_https", @@ -195,7 +196,7 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { clusterWeight{name: "default/kuard-2/443/da39a3ee5e", weight: 77}, ), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"tcpproxy.test.com"}, }, }}, @@ -210,7 +211,7 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { }) // check that ingress_http is empty - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -219,17 +220,17 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { // proxy3 has a TCPProxy with multiple services, // each with no weight specified. - proxy3 := &contour_api_v1.HTTPProxy{ + proxy3 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.test.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{ {Name: "kuard-1", Port: 443}, {Name: "kuard-2", Port: 443}, }, @@ -238,12 +239,12 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { } rh.OnUpdate(proxy2, proxy3) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxyWeighted( "ingress_https", @@ -251,7 +252,7 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { clusterWeight{name: "default/kuard-2/443/da39a3ee5e", weight: 1}, ), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"tcpproxy.test.com"}, }, }}, @@ -266,7 +267,7 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { }) // check that ingress_http is empty - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -275,17 +276,17 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { // proxy4 has a TCPProxy with multiple services, // some with weights specified and some without. - proxy4 := &contour_api_v1.HTTPProxy{ + proxy4 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.test.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{ {Name: "kuard-1", Port: 443, Weight: 77}, {Name: "kuard-2", Port: 443}, {Name: "kuard-3", Port: 443, Weight: 7}, @@ -295,12 +296,12 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { } rh.OnUpdate(proxy3, proxy4) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxyWeighted( "ingress_https", @@ -308,7 +309,7 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { clusterWeight{name: "default/kuard-3/443/da39a3ee5e", weight: 7}, ), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"tcpproxy.test.com"}, }, }}, @@ -323,7 +324,7 @@ func TestHTTPProxy_TCPProxyWithAServiceWeight(t *testing.T) { }) // check that ingress_http is empty - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -336,29 +337,29 @@ func TestHTTPRoute_RouteWithAServiceWeight(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(fixture.NewService("svc2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, + TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, }) rh.OnAdd(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -399,9 +400,9 @@ func TestHTTPRoute_RouteWithAServiceWeight(t *testing.T) { rh.OnAdd(route1) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("http-80", envoy_v3.VirtualHost("test.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routeSegmentPrefix("/blog"), Action: routecluster("default/svc1/80/da39a3ee5e"), }, @@ -435,9 +436,9 @@ func TestHTTPRoute_RouteWithAServiceWeight(t *testing.T) { rh.OnUpdate(route1, route2) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("http-80", envoy_v3.VirtualHost("test.projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routeSegmentPrefix("/blog"), Action: routeWeightedCluster( weightedCluster{"default/svc1/80/da39a3ee5e", 60}, @@ -453,29 +454,29 @@ func TestTLSRoute_RouteWithAServiceWeight(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) + WithPorts(core_v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) rh.OnAdd(fixture.NewService("svc2"). - WithPorts(v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) + WithPorts(core_v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, + TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, }) rh.OnAdd(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -516,16 +517,16 @@ func TestTLSRoute_RouteWithAServiceWeight(t *testing.T) { rh.OnAdd(route1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-443", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("https-443", "default/svc1/443/da39a3ee5e"), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"test.projectcontour.io"}, }, }}, @@ -566,12 +567,12 @@ func TestTLSRoute_RouteWithAServiceWeight(t *testing.T) { rh.OnUpdate(route1, route2) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-443", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxyWeighted( "https-443", @@ -579,7 +580,7 @@ func TestTLSRoute_RouteWithAServiceWeight(t *testing.T) { clusterWeight{name: "default/svc2/443/da39a3ee5e", weight: 7}, ), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"test.projectcontour.io"}, }, }}, diff --git a/internal/featuretests/v3/secrets_test.go b/internal/featuretests/v3/secrets_test.go index c77b5f4000b..37b5ad84137 100644 --- a/internal/featuretests/v3/secrets_test.go +++ b/internal/featuretests/v3/secrets_test.go @@ -16,16 +16,17 @@ package v3 import ( "testing" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + "github.com/stretchr/testify/assert" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - "github.com/stretchr/testify/assert" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestSDSVisibility(t *testing.T) { @@ -37,7 +38,7 @@ func TestSDSVisibility(t *testing.T) { // assert that the secret is _not_ visible as it is // not referenced by any ingress/httpproxy - c.Request(secretType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(secretType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "0", Resources: nil, TypeUrl: secretType, @@ -46,7 +47,7 @@ func TestSDSVisibility(t *testing.T) { // i1 is a tls ingress i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -75,7 +76,7 @@ func TestSDSVisibility(t *testing.T) { rh.OnAdd(i1) // i1 has a default route to backend:80, but there is no matching service. - c.Request(secretType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(secretType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: nil, TypeUrl: secretType, @@ -94,14 +95,14 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { } svc1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) rh.OnAdd(s1) // i1 is a tls ingress i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -127,7 +128,7 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { rh.OnAdd(svc1) res := c.Request(secretType) - res.Equals(&envoy_discovery_v3.DiscoveryResponse{ + res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, secret(s1)), }) // Equals(...) only checks resources, so explicitly @@ -137,14 +138,14 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { // verify that requesting the same resource without change // does not bump the current version_info. res = c.Request(secretType) - res.Equals(&envoy_discovery_v3.DiscoveryResponse{ + res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, secret(s1)), }) assertEqualVersion(t, "2", res) // s2 is not referenced by any active ingress object. - s2 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + s2 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "unrelated", Namespace: "default", }, @@ -154,7 +155,7 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { rh.OnAdd(s2) res = c.Request(secretType) - res.Equals(&envoy_discovery_v3.DiscoveryResponse{ + res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, secret(s1)), }) assertEqualVersion(t, "2", res) @@ -163,7 +164,7 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { // bump the current version_info. rh.OnDelete(s2) res = c.Request(secretType) - res.Equals(&envoy_discovery_v3.DiscoveryResponse{ + res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, secret(s1)), }) assertEqualVersion(t, "2", res) @@ -172,7 +173,7 @@ func TestSDSShouldNotIncrementVersionNumberForUnrelatedSecret(t *testing.T) { // bump the current version_info. rh.OnDelete(s1) res = c.Request(secretType) - res.Equals(&envoy_discovery_v3.DiscoveryResponse{}) + res.Equals(&envoy_service_discovery_v3.DiscoveryResponse{}) assertEqualVersion(t, "3", res) } @@ -183,8 +184,8 @@ func TestSDSshouldNotPublishInvalidSecret(t *testing.T) { defer done() // s1 is NOT a tls secret - s1 := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + s1 := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid", Namespace: "default", }, @@ -198,7 +199,7 @@ func TestSDSshouldNotPublishInvalidSecret(t *testing.T) { // i1 is a tls ingress i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -227,7 +228,7 @@ func TestSDSshouldNotPublishInvalidSecret(t *testing.T) { rh.OnAdd(i1) // SDS should be empty - c.Request(secretType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(secretType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ VersionInfo: "1", Resources: nil, TypeUrl: secretType, @@ -235,7 +236,7 @@ func TestSDSshouldNotPublishInvalidSecret(t *testing.T) { }) } -func secret(sec *v1.Secret) *envoy_tls_v3.Secret { +func secret(sec *core_v1.Secret) *envoy_transport_socket_tls_v3.Secret { return envoy_v3.Secret(&dag.Secret{ Object: sec, }) diff --git a/internal/featuretests/v3/tcpproxy_test.go b/internal/featuretests/v3/tcpproxy_test.go index 2997dcda016..56c83cf3c10 100644 --- a/internal/featuretests/v3/tcpproxy_test.go +++ b/internal/featuretests/v3/tcpproxy_test.go @@ -16,16 +16,17 @@ package v3 import ( "testing" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestTCPProxy(t *testing.T) { @@ -35,20 +36,20 @@ func TestTCPProxy(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc := fixture.NewService("correct-backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) rh.OnAdd(svc) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard-tcp.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: s1.Name, }, }, @@ -56,15 +57,15 @@ func TestTCPProxy(t *testing.T) { // According to HTTPProxy documentation, routes should not be processed if HTTPProxy is in tcpproxy mode. // Consider removing routes from this test case, and create separate tests for tcpproxies with routes. // See also https://github.com/projectcontour/contour/issues/3800 - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "wrong-backend", Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, @@ -72,7 +73,7 @@ func TestTCPProxy(t *testing.T) { }, } rh.OnAdd(hp1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // TODO(tsaarni) // Reference to non-existing backend ("wrong-backend" above) does not anymore prevent processing of routes, since @@ -81,7 +82,7 @@ func TestTCPProxy(t *testing.T) { // However, the reason for HTTP listener should have been HTTPS upgrade redirect for tcpproxy, not routes, // See also https://github.com/projectcontour/contour/issues/3800 defaultHTTPListener(), - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), FilterChains: appendFilterChains( @@ -97,15 +98,15 @@ func TestTCPProxy(t *testing.T) { TypeUrl: listenerType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard-tcp.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -125,39 +126,39 @@ func TestTCPProxyDelegation(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc := fixture.NewService("app/backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) rh.OnAdd(svc) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, }, }, } - hp2 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp2 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "parent", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard-tcp.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: s1.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Include: &contour_api_v1.TCPProxyInclude{ + TCPProxy: &contour_v1.TCPProxy{ + Include: &contour_v1.TCPProxyInclude{ Name: hp1.Name, Namespace: hp1.Namespace, }, @@ -168,9 +169,9 @@ func TestTCPProxyDelegation(t *testing.T) { rh.OnAdd(hp1) rh.OnAdd(hp2) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), FilterChains: appendFilterChains( @@ -187,7 +188,7 @@ func TestTCPProxyDelegation(t *testing.T) { }) // check that ingress_http is empty - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -203,19 +204,19 @@ func TestTCPProxyTLSPassthrough(t *testing.T) { defer done() svc := fixture.NewService("correct-backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard-tcp.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, @@ -223,15 +224,15 @@ func TestTCPProxyTLSPassthrough(t *testing.T) { // According to HTTPProxy documentation, routes should not be processed if HTTPProxy is in tcpproxy mode. // Consider removing routes from this test case, and create separate tests for tcpproxies with routes. // See also https://github.com/projectcontour/contour/issues/3800 - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "wrong-backend", Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, @@ -240,7 +241,7 @@ func TestTCPProxyTLSPassthrough(t *testing.T) { } rh.OnAdd(hp1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // TODO(tsaarni) // Reference to non-existing backend ("wrong-backend" above) does not anymore prevent processing of routes, since @@ -249,14 +250,14 @@ func TestTCPProxyTLSPassthrough(t *testing.T) { // However, the reason for HTTP listener should have been HTTPS upgrade redirect for tcpproxy, not routes, // See also https://github.com/projectcontour/contour/issues/3800 defaultHTTPListener(), - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("ingress_https", "default/correct-backend/80/da39a3ee5e"), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"kuard-tcp.example.com"}, }, }}, @@ -270,15 +271,15 @@ func TestTCPProxyTLSPassthrough(t *testing.T) { TypeUrl: listenerType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard-tcp.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -302,22 +303,22 @@ func TestTCPProxyTLSBackend(t *testing.T) { svc := fixture.NewService("kubernetes"). Annotate("projectcontour.io/upstream-protocol.tls", "https,443"). - WithPorts(v1.ServicePort{Name: "https", Port: 443, TargetPort: intstr.FromInt(6443)}) + WithPorts(core_v1.ServicePort{Name: "https", Port: 443, TargetPort: intstr.FromInt(6443)}) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kubernetesb", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "k8s.run.ubisoft.org", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: s1.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, }}, @@ -329,9 +330,9 @@ func TestTCPProxyTLSBackend(t *testing.T) { rh.OnAdd(svc) rh.OnAdd(hp1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), FilterChains: appendFilterChains( @@ -347,7 +348,7 @@ func TestTCPProxyTLSBackend(t *testing.T) { ), TypeUrl: listenerType, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster(cluster( svc.Namespace+"/"+svc.Name+"/443/4929fca9d4", @@ -359,7 +360,7 @@ func TestTCPProxyTLSBackend(t *testing.T) { }) // check that ingress_http is empty - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), @@ -376,29 +377,29 @@ func TestTCPProxyAndHTTPService(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard-tcp.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: s1.Name, }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, @@ -409,7 +410,7 @@ func TestTCPProxyAndHTTPService(t *testing.T) { rh.OnAdd(svc) rh.OnAdd(hp1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // ingress_http is present for // http://kuard-tcp.example.com/ -> default/backend:80 @@ -417,7 +418,7 @@ func TestTCPProxyAndHTTPService(t *testing.T) { // ingress_https is present for // kuard-tcp.example.com:443 terminated at envoy then forwarded to default/backend:80 - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), FilterChains: appendFilterChains( @@ -437,7 +438,7 @@ func TestTCPProxyAndHTTPService(t *testing.T) { // There should be an unconditional 301 HTTPS upgrade for http://kuard-tcp.example.com/. // ingress_https should be empty, no route should be present as kuard-tcp.example.com:443 // is in tcpproxy mode. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard-tcp.example.com", @@ -458,30 +459,30 @@ func TestTCPProxyAndHTTPServicePermitInsecure(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard-tcp.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: s1.Name, }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), PermitInsecure: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, @@ -492,7 +493,7 @@ func TestTCPProxyAndHTTPServicePermitInsecure(t *testing.T) { rh.OnAdd(svc) rh.OnAdd(hp1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // ingress_http is present for // http://kuard-tcp.example.com/ -> default/backend:80 @@ -500,7 +501,7 @@ func TestTCPProxyAndHTTPServicePermitInsecure(t *testing.T) { // ingress_https is present for // kuard-tcp.example.com:443 terminated at envoy then tcpproxied to default/backend:80 - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), FilterChains: appendFilterChains( @@ -519,11 +520,11 @@ func TestTCPProxyAndHTTPServicePermitInsecure(t *testing.T) { // check that routes exist on port 80 (ingress_http) only. // ingress_https should be empty, no route should be present as kuard-tcp.example.com:443 // is in tcpproxy mode. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard-tcp.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), // this is a regular route cluster, not a 301 upgrade as // permitInsecure: true was set. @@ -543,29 +544,29 @@ func TestTCPProxyTLSPassthroughAndHTTPService(t *testing.T) { defer done() svc := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard-tcp.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, @@ -575,7 +576,7 @@ func TestTCPProxyTLSPassthroughAndHTTPService(t *testing.T) { rh.OnAdd(svc) rh.OnAdd(hp1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // ingress_http is present for // http://kuard-tcp.example.com/ -> default/backend:80 @@ -583,14 +584,14 @@ func TestTCPProxyTLSPassthroughAndHTTPService(t *testing.T) { // ingress_https is present for // kuard-tcp.example.com:443 direct to default/backend:80 - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("ingress_https", "default/backend/80/da39a3ee5e"), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"kuard-tcp.example.com"}, }, }}, @@ -605,7 +606,7 @@ func TestTCPProxyTLSPassthroughAndHTTPService(t *testing.T) { }) // check port 80 is open and the route is a 301 upgrade. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", // 301 upgrade because permitInsecure is false, thus @@ -629,30 +630,30 @@ func TestTCPProxyTLSPassthroughAndHTTPServicePermitInsecure(t *testing.T) { defer done() svc := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard-tcp.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ Passthrough: true, }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), PermitInsecure: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, @@ -662,7 +663,7 @@ func TestTCPProxyTLSPassthroughAndHTTPServicePermitInsecure(t *testing.T) { rh.OnAdd(svc) rh.OnAdd(hp1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // ingress_http is present for // http://kuard-tcp.example.com/ -> default/backend:80, this is not 301 upgraded @@ -672,14 +673,14 @@ func TestTCPProxyTLSPassthroughAndHTTPServicePermitInsecure(t *testing.T) { // ingress_https is present for // kuard-tcp.example.com:443 direct to default/backend:80, envoy does not handle // the TLS handshake beyond SNI demux because passthrough: true is in use. - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("ingress_https", "default/backend/80/da39a3ee5e"), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"kuard-tcp.example.com"}, }, }}, @@ -696,11 +697,11 @@ func TestTCPProxyTLSPassthroughAndHTTPServicePermitInsecure(t *testing.T) { // check that routes exist on port 80 (ingress_http) only. // ingress_https should be empty, no route should be present as kuard-tcp.example.com:443 // is in tcpproxy mode. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("kuard-tcp.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), // not a 301 upgrade because permitInsecure: true is in use. Action: routeCluster("default/backend/80/da39a3ee5e"), @@ -722,27 +723,27 @@ func TestTCPProxyMissingTLS(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: svc.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", // missing TLS: }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, @@ -753,7 +754,7 @@ func TestTCPProxyMissingTLS(t *testing.T) { rh.OnAdd(svc) rh.OnAdd(hp1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // ingress_http and ingress_https should be missing // as hp1 is not valid. @@ -762,7 +763,7 @@ func TestTCPProxyMissingTLS(t *testing.T) { TypeUrl: listenerType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // ingress_http and ingress_https should be empty // as hp1 is not valid. @@ -771,26 +772,26 @@ func TestTCPProxyMissingTLS(t *testing.T) { TypeUrl: routeType, }) - hp2 := &contour_api_v1.HTTPProxy{ + hp2 := &contour_v1.HTTPProxy{ ObjectMeta: hp1.ObjectMeta, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcpproxy.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ // invalid, one of Passthrough or SecretName must be provided. Passthrough: false, SecretName: "", }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, }}, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, @@ -799,7 +800,7 @@ func TestTCPProxyMissingTLS(t *testing.T) { } rh.OnUpdate(hp1, hp2) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // ingress_http and ingress_https should be missing // as hp2 is not valid. @@ -808,7 +809,7 @@ func TestTCPProxyMissingTLS(t *testing.T) { TypeUrl: listenerType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, // ingress_http and ingress_https should be empty // as hp2 is not valid. @@ -826,29 +827,29 @@ func TestTCPProxyInvalidLoadBalancerPolicy(t *testing.T) { s1 := featuretests.TLSSecret(t, "secret", &featuretests.ServerCertificate) svc := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) rh.OnAdd(svc) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard-tcp.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: s1.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "Cookie", }, }, @@ -858,7 +859,7 @@ func TestTCPProxyInvalidLoadBalancerPolicy(t *testing.T) { // Check that a basic cluster is produced with the default load balancer // policy. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster( svc.Namespace+"/"+svc.Name+"/80/da39a3ee5e", @@ -869,24 +870,24 @@ func TestTCPProxyInvalidLoadBalancerPolicy(t *testing.T) { TypeUrl: clusterType, }) - rh.OnUpdate(hp1, &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + rh.OnUpdate(hp1, &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard-tcp.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: s1.Name, }, }, - TCPProxy: &contour_api_v1.TCPProxy{ - Services: []contour_api_v1.Service{{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 80, }}, - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", }, }, @@ -895,7 +896,7 @@ func TestTCPProxyInvalidLoadBalancerPolicy(t *testing.T) { // Check that a basic cluster is produced with the default load balancer // policy. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, cluster( svc.Namespace+"/"+svc.Name+"/80/da39a3ee5e", diff --git a/internal/featuretests/v3/tcproute_test.go b/internal/featuretests/v3/tcproute_test.go index 8071ca4daa4..63111d6ee00 100644 --- a/internal/featuretests/v3/tcproute_test.go +++ b/internal/featuretests/v3/tcproute_test.go @@ -16,11 +16,11 @@ package v3 import ( "testing" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" @@ -38,25 +38,25 @@ func TestTCPRoute(t *testing.T) { defer done() svc1 := fixture.NewService("backend-1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) svc2 := fixture.NewService("backend-2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc1) rh.OnAdd(svc2) rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, + TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -98,13 +98,13 @@ func TestTCPRoute(t *testing.T) { } rh.OnAdd(route1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "tcp-10000", Address: envoy_v3.SocketAddress("0.0.0.0", 18000), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("tcp-10000", "default/backend-1/80/da39a3ee5e"), ), @@ -149,23 +149,23 @@ func TestTCPRoute(t *testing.T) { } rh.OnAdd(route2) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "tcp-10000", Address: envoy_v3.SocketAddress("0.0.0.0", 18000), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("tcp-10000", "default/backend-1/80/da39a3ee5e"), ), }}, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "tcp-10001", Address: envoy_v3.SocketAddress("0.0.0.0", 18001), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("tcp-10001", "default/backend-2/80/da39a3ee5e"), ), @@ -185,7 +185,7 @@ func TestTCPRoute_TLSTermination(t *testing.T) { defer done() svc1 := fixture.NewService("backend-1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc1) @@ -193,16 +193,16 @@ func TestTCPRoute_TLSTermination(t *testing.T) { rh.OnAdd(sec1) rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, + TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -252,9 +252,9 @@ func TestTCPRoute_TLSTermination(t *testing.T) { } rh.OnAdd(route1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-5000", Address: envoy_v3.SocketAddress("0.0.0.0", 13000), ListenerFilters: envoy_v3.ListenerFilters( diff --git a/internal/featuretests/v3/timeoutpolicy_test.go b/internal/featuretests/v3/timeoutpolicy_test.go index 422ef376099..30406748d5d 100644 --- a/internal/featuretests/v3/timeoutpolicy_test.go +++ b/internal/featuretests/v3/timeoutpolicy_test.go @@ -17,16 +17,17 @@ import ( "testing" "time" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/contour" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestTimeoutPolicyRequestTimeout(t *testing.T) { @@ -34,7 +35,7 @@ func TestTimeoutPolicyRequestTimeout(t *testing.T) { defer done() svc := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) i1 := &networking_v1.Ingress{ @@ -48,11 +49,11 @@ func TestTimeoutPolicyRequestTimeout(t *testing.T) { rh.OnAdd(i1) // check annotation with explicit timeout is propagated - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withResponseTimeout(routeCluster("default/kuard/8080/da39a3ee5e"), 80*time.Second), }, @@ -71,11 +72,11 @@ func TestTimeoutPolicyRequestTimeout(t *testing.T) { rh.OnUpdate(i1, i2) // check annotation with infinite timeout is propagated - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withResponseTimeout(routeCluster("default/kuard/8080/da39a3ee5e"), 0), // zero means infinity }, @@ -94,11 +95,11 @@ func TestTimeoutPolicyRequestTimeout(t *testing.T) { rh.OnUpdate(i2, i3) // check annotation with malformed timeout is not propagated - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/kuard/8080/da39a3ee5e"), }, @@ -118,11 +119,11 @@ func TestTimeoutPolicyRequestTimeout(t *testing.T) { rh.OnUpdate(i3, i4) // assert that projectcontour.io/response-timeout takes priority. - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withResponseTimeout(routeCluster("default/kuard/8080/da39a3ee5e"), 99*time.Second), }, @@ -133,26 +134,26 @@ func TestTimeoutPolicyRequestTimeout(t *testing.T) { }) rh.OnDelete(i4) - p1 := httpProxyWithTimoutPolicy(svc, &contour_api_v1.TimeoutPolicy{Response: "600"}) // not 600s + p1 := httpProxyWithTimoutPolicy(svc, &contour_v1.TimeoutPolicy{Response: "600"}) // not 600s rh.OnAdd(p1) // check timeout policy with malformed response timeout is not propagated - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), TypeUrl: routeType, }) - p2 := httpProxyWithTimoutPolicy(svc, &contour_api_v1.TimeoutPolicy{Response: "3m"}) + p2 := httpProxyWithTimoutPolicy(svc, &contour_v1.TimeoutPolicy{Response: "3m"}) rh.OnUpdate(p1, p2) // check timeout policy with response timeout is propagated correctly - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withResponseTimeout(routeCluster("default/kuard/8080/da39a3ee5e"), 180*time.Second), }, @@ -162,15 +163,15 @@ func TestTimeoutPolicyRequestTimeout(t *testing.T) { TypeUrl: routeType, }) - p3 := httpProxyWithTimoutPolicy(svc, &contour_api_v1.TimeoutPolicy{Response: "infinity"}) + p3 := httpProxyWithTimoutPolicy(svc, &contour_v1.TimeoutPolicy{Response: "infinity"}) rh.OnUpdate(p2, p3) // check timeout policy with explicit infine response timeout is propagated as infinity - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withResponseTimeout(routeCluster("default/kuard/8080/da39a3ee5e"), 0), // zero means infinity }, @@ -186,28 +187,28 @@ func TestTimeoutPolicyIdleStreamTimeout(t *testing.T) { defer done() svc := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) - p1 := httpProxyWithTimoutPolicy(svc, &contour_api_v1.TimeoutPolicy{Idle: "600"}) // not 600s + p1 := httpProxyWithTimoutPolicy(svc, &contour_v1.TimeoutPolicy{Idle: "600"}) // not 600s rh.OnAdd(p1) // check timeout policy with malformed response timeout is not propagated - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http"), ), TypeUrl: routeType, }) - p2 := httpProxyWithTimoutPolicy(svc, &contour_api_v1.TimeoutPolicy{Idle: "3m"}) + p2 := httpProxyWithTimoutPolicy(svc, &contour_v1.TimeoutPolicy{Idle: "3m"}) rh.OnUpdate(p1, p2) // check timeout policy with response timeout is propagated correctly - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withIdleTimeout(routeCluster("default/kuard/8080/da39a3ee5e"), 180*time.Second), }, @@ -217,15 +218,15 @@ func TestTimeoutPolicyIdleStreamTimeout(t *testing.T) { TypeUrl: routeType, }) - p3 := httpProxyWithTimoutPolicy(svc, &contour_api_v1.TimeoutPolicy{Idle: "infinity"}) + p3 := httpProxyWithTimoutPolicy(svc, &contour_v1.TimeoutPolicy{Idle: "infinity"}) rh.OnUpdate(p2, p3) // check timeout policy with explicit infine response timeout is propagated as infinity - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("test2.test.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withIdleTimeout(routeCluster("default/kuard/8080/da39a3ee5e"), 0), // zero means infinity }, @@ -240,46 +241,46 @@ func TestTimeoutPolicyIdleConnectionTimeout(t *testing.T) { rh, c, done := setup(t, func(reh *contour.EventHandler) {}) defer done() - svc := fixture.NewService("kuard").WithPorts(v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) + svc := fixture.NewService("kuard").WithPorts(core_v1.ServicePort{Port: 8080, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) - p1 := httpProxyWithTimoutPolicy(svc, &contour_api_v1.TimeoutPolicy{IdleConnection: "invalid"}) + p1 := httpProxyWithTimoutPolicy(svc, &contour_v1.TimeoutPolicy{IdleConnection: "invalid"}) rh.OnAdd(p1) // Check that cluster was not created with invalid input. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: nil, TypeUrl: clusterType, }) - p2 := httpProxyWithTimoutPolicy(svc, &contour_api_v1.TimeoutPolicy{IdleConnection: "3m"}) + p2 := httpProxyWithTimoutPolicy(svc, &contour_v1.TimeoutPolicy{IdleConnection: "3m"}) rh.OnUpdate(p1, p2) // Check that cluster has connection timeout set. - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, withConnectionTimeout(cluster("default/kuard/8080/b7427dbbf9", "default/kuard", "default_kuard_8080"), 3*time.Minute, envoy_v3.HTTPVersion1)), TypeUrl: clusterType, }) - p3 := httpProxyWithTimoutPolicy(svc, &contour_api_v1.TimeoutPolicy{IdleConnection: "infinite"}) + p3 := httpProxyWithTimoutPolicy(svc, &contour_v1.TimeoutPolicy{IdleConnection: "infinite"}) rh.OnUpdate(p2, p3) // Check that cluster has connection timeout set to zero (infinite). - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, withConnectionTimeout(cluster("default/kuard/8080/97705cb30a", "default/kuard", "default_kuard_8080"), 0, envoy_v3.HTTPVersion1)), TypeUrl: clusterType, }) } -func httpProxyWithTimoutPolicy(svc *v1.Service, tp *contour_api_v1.TimeoutPolicy) *contour_api_v1.HTTPProxy { - return &contour_api_v1.HTTPProxy{ +func httpProxyWithTimoutPolicy(svc *core_v1.Service, tp *contour_v1.TimeoutPolicy) *contour_v1.HTTPProxy { + return &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "test2.test.com"}, - Routes: []contour_api_v1.Route{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "test2.test.com"}, + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), TimeoutPolicy: tp, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 8080, }}, diff --git a/internal/featuretests/v3/timeouts_test.go b/internal/featuretests/v3/timeouts_test.go index f342c4c3ec4..56ec2c576d0 100644 --- a/internal/featuretests/v3/timeouts_test.go +++ b/internal/featuretests/v3/timeouts_test.go @@ -17,16 +17,17 @@ import ( "testing" "time" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/contourconfig" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/timeout" xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestTimeoutsNotSpecified(t *testing.T) { @@ -35,21 +36,21 @@ func TestTimeoutsNotSpecified(t *testing.T) { defer done() s1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(s1) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -63,13 +64,13 @@ func TestTimeoutsNotSpecified(t *testing.T) { envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(xdscache_v3.ENVOY_HTTP_LISTENER). MetricsPrefix(xdscache_v3.ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). Get(), ) c.Request(listenerType, xdscache_v3.ENVOY_HTTP_LISTENER).Equals( - &envoy_discovery_v3.DiscoveryResponse{ + &envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, httpListener), }, @@ -90,21 +91,21 @@ func TestNonZeroTimeoutsSpecified(t *testing.T) { defer done() s1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(s1) - hp1 := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + hp1 := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: s1.Namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -117,7 +118,7 @@ func TestNonZeroTimeoutsSpecified(t *testing.T) { httpListener.FilterChains = envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(xdscache_v3.ENVOY_HTTP_LISTENER). MetricsPrefix(xdscache_v3.ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). ConnectionIdleTimeout(timeout.DurationSetting(7 * time.Second)). StreamIdleTimeout(timeout.DurationSetting(70 * time.Second)). @@ -126,7 +127,7 @@ func TestNonZeroTimeoutsSpecified(t *testing.T) { Get(), ) - c.Request(listenerType, xdscache_v3.ENVOY_HTTP_LISTENER).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, xdscache_v3.ENVOY_HTTP_LISTENER).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, httpListener), }) diff --git a/internal/featuretests/v3/tlscertificatedelegation_test.go b/internal/featuretests/v3/tlscertificatedelegation_test.go index 8c6ddc23f4e..6c9200eaa46 100644 --- a/internal/featuretests/v3/tlscertificatedelegation_test.go +++ b/internal/featuretests/v3/tlscertificatedelegation_test.go @@ -16,14 +16,15 @@ package v3 import ( "testing" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" ) func TestTLSCertificateDelegation(t *testing.T) { @@ -31,7 +32,7 @@ func TestTLSCertificateDelegation(t *testing.T) { defer done() // assert that there is only a static listener - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -42,24 +43,24 @@ func TestTLSCertificateDelegation(t *testing.T) { rh.OnAdd(sec1) s1 := fixture.NewService("kuard"). - WithPorts(v1.ServicePort{Port: 8080}) + WithPorts(core_v1.ServicePort{Port: 8080}) rh.OnAdd(s1) // add an httpproxy in a different namespace mentioning secret/wildcard. - p1 := &contour_api_v1.HTTPProxy{ + p1 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Namespace + "/" + sec1.Name, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -69,7 +70,7 @@ func TestTLSCertificateDelegation(t *testing.T) { rh.OnAdd(p1) // assert there are no listeners - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -77,10 +78,10 @@ func TestTLSCertificateDelegation(t *testing.T) { }) // t1 is a TLSCertificateDelegation that permits default to access secret/wildcard - t1 := &contour_api_v1.TLSCertificateDelegation{ + t1 := &contour_v1.TLSCertificateDelegation{ ObjectMeta: fixture.ObjectMeta("secret/delegation"), - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: sec1.Name, TargetNamespaces: []string{ s1.Namespace, @@ -90,7 +91,7 @@ func TestTLSCertificateDelegation(t *testing.T) { } rh.OnAdd(t1) - ingressHTTPS := &envoy_listener_v3.Listener{ + ingressHTTPS := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -104,7 +105,7 @@ func TestTLSCertificateDelegation(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPS, @@ -114,10 +115,10 @@ func TestTLSCertificateDelegation(t *testing.T) { }) // t2 is a TLSCertificateDelegation that permits access to secret/wildcard from all namespaces. - t2 := &contour_api_v1.TLSCertificateDelegation{ + t2 := &contour_v1.TLSCertificateDelegation{ ObjectMeta: fixture.ObjectMeta("secret/delegation"), - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: sec1.Name, TargetNamespaces: []string{ "*", @@ -127,7 +128,7 @@ func TestTLSCertificateDelegation(t *testing.T) { } rh.OnUpdate(t1, t2) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPS, @@ -137,10 +138,10 @@ func TestTLSCertificateDelegation(t *testing.T) { }) // t3 is a TLSCertificateDelegation that permits access to secret/different all namespaces. - t3 := &contour_api_v1.TLSCertificateDelegation{ + t3 := &contour_v1.TLSCertificateDelegation{ ObjectMeta: fixture.ObjectMeta("secret/delegation"), - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: "different", TargetNamespaces: []string{ "*", @@ -150,7 +151,7 @@ func TestTLSCertificateDelegation(t *testing.T) { } rh.OnUpdate(t2, t3) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -158,10 +159,10 @@ func TestTLSCertificateDelegation(t *testing.T) { }) // t4 is a TLSCertificateDelegation that permits access to secret/wildcard from the kube-secret namespace. - t4 := &contour_api_v1.TLSCertificateDelegation{ + t4 := &contour_v1.TLSCertificateDelegation{ ObjectMeta: fixture.ObjectMeta("secret/delegation"), - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: sec1.Name, TargetNamespaces: []string{ "kube-secret", @@ -171,7 +172,7 @@ func TestTLSCertificateDelegation(t *testing.T) { } rh.OnUpdate(t3, t4) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -182,18 +183,18 @@ func TestTLSCertificateDelegation(t *testing.T) { rh.OnDelete(t4) // add a httpproxy in a different namespace mentioning secret/wildcard. - hp1 := &contour_api_v1.HTTPProxy{ + hp1 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Namespace + "/" + sec1.Name, }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 8080, }}, @@ -203,17 +204,17 @@ func TestTLSCertificateDelegation(t *testing.T) { rh.OnAdd(hp1) // assert there are no listeners - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), TypeUrl: listenerType, }) - t5 := &contour_api_v1.TLSCertificateDelegation{ + t5 := &contour_v1.TLSCertificateDelegation{ ObjectMeta: fixture.ObjectMeta("secret/delegation"), - Spec: contour_api_v1.TLSCertificateDelegationSpec{ - Delegations: []contour_api_v1.CertificateDelegation{{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{{ SecretName: sec1.Name, TargetNamespaces: []string{ s1.Namespace, @@ -223,7 +224,7 @@ func TestTLSCertificateDelegation(t *testing.T) { } rh.OnAdd(t5) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPS, @@ -234,7 +235,7 @@ func TestTLSCertificateDelegation(t *testing.T) { rh.OnDelete(hp1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, statsListener(), ), @@ -272,7 +273,7 @@ func TestTLSCertificateDelegation(t *testing.T) { } rh.OnAdd(i1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), ingressHTTPS, diff --git a/internal/featuretests/v3/tlsprotocolversion_test.go b/internal/featuretests/v3/tlsprotocolversion_test.go index 4673f025f6c..6c3ab8ee0e1 100644 --- a/internal/featuretests/v3/tlsprotocolversion_test.go +++ b/internal/featuretests/v3/tlsprotocolversion_test.go @@ -16,16 +16,17 @@ package v3 import ( "testing" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" ) func TestTLSProtocolVersion(t *testing.T) { @@ -36,7 +37,7 @@ func TestTLSProtocolVersion(t *testing.T) { rh.OnAdd(sec1) s1 := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 80}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 80}) rh.OnAdd(s1) i1 := &networking_v1.Ingress{ @@ -60,9 +61,9 @@ func TestTLSProtocolVersion(t *testing.T) { } rh.OnAdd(i1) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -107,7 +108,7 @@ func TestTLSProtocolVersion(t *testing.T) { i2 := makeIngress("1.3", "1.2") rh.OnUpdate(i1, i2) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: nil, TypeUrl: listenerType, }) @@ -115,19 +116,19 @@ func TestTLSProtocolVersion(t *testing.T) { i3 := makeIngress("1.3", "1.3") rh.OnUpdate(i1, i3) - l1 := &envoy_listener_v3.Listener{ + l1 := &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ envoy_v3.FilterChainTLS( "kuard.example.com", envoy_v3.DownstreamTLSContext( &dag.Secret{Object: sec1}, - envoy_tls_v3.TlsParameters_TLSv1_3, - envoy_tls_v3.TlsParameters_TLSv1_3, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, + envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, nil, "h2", "http/1.1"), @@ -137,7 +138,7 @@ func TestTLSProtocolVersion(t *testing.T) { SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), } - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, l1, ), @@ -147,21 +148,21 @@ func TestTLSProtocolVersion(t *testing.T) { rh.OnDelete(i2) rh.OnDelete(i3) - makeHTTPProxy := func(minVer, maxVer string) *contour_api_v1.HTTPProxy { - return &contour_api_v1.HTTPProxy{ + makeHTTPProxy := func(minVer, maxVer string) *contour_v1.HTTPProxy { + return &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "kuard.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: sec1.Namespace + "/" + sec1.Name, MinimumProtocolVersion: minVer, MaximumProtocolVersion: maxVer, }, }, - Routes: []contour_api_v1.Route{{ + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -171,14 +172,14 @@ func TestTLSProtocolVersion(t *testing.T) { } hp1 := makeHTTPProxy("1.3", "1.3") rh.OnAdd(hp1) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, l1), TypeUrl: listenerType, }) hp2 := makeHTTPProxy("1.3", "1.2") rh.OnUpdate(hp1, hp2) - c.Request(listenerType, "ingress_https").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "ingress_https").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: nil, TypeUrl: listenerType, }) diff --git a/internal/featuretests/v3/tlsroute_test.go b/internal/featuretests/v3/tlsroute_test.go index 4d3cb638b9f..4cd9bcfe55b 100644 --- a/internal/featuretests/v3/tlsroute_test.go +++ b/internal/featuretests/v3/tlsroute_test.go @@ -16,21 +16,21 @@ package v3 import ( "testing" - "github.com/projectcontour/contour/internal/featuretests" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" "github.com/stretchr/testify/require" - - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/featuretests" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" ) func TestTLSRoute_TLSPassthrough(t *testing.T) { @@ -38,25 +38,25 @@ func TestTLSRoute_TLSPassthrough(t *testing.T) { defer done() svc := fixture.NewService("correct-backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) svcAnother := fixture.NewService("another-backend"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) rh.OnAdd(svcAnother) rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, + TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -99,16 +99,16 @@ func TestTLSRoute_TLSPassthrough(t *testing.T) { rh.OnAdd(route1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-443", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("https-443", "default/correct-backend/80/da39a3ee5e"), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"tcp.projectcontour.io"}, }, }}, @@ -142,16 +142,16 @@ func TestTLSRoute_TLSPassthrough(t *testing.T) { rh.OnUpdate(route1, route2) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-443", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("https-443", "default/correct-backend/80/da39a3ee5e"), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, }}, @@ -202,23 +202,23 @@ func TestTLSRoute_TLSPassthrough(t *testing.T) { // Validate that we have a TCP match against 'tcp.projectcontour.io' routing to 'correct-backend` // as well as a wildcard TCP match routing to 'another-service'. - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-443", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ Filters: envoy_v3.Filters( tcpproxy("https-443", "default/correct-backend/80/da39a3ee5e"), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"tcp.projectcontour.io"}, }, }, { Filters: envoy_v3.Filters( tcpproxy("https-443", "default/another-backend/80/da39a3ee5e"), ), - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, }}, @@ -246,11 +246,11 @@ func TestTLSRoute_TLSTermination(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("svc1"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) rh.OnAdd(fixture.NewService("svc2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}), ) sec1 := featuretests.TLSSecret(t, "projectcontour/tlscert", &featuretests.ServerCertificate) @@ -259,7 +259,7 @@ func TestTLSRoute_TLSTermination(t *testing.T) { rh.OnAdd(gc) gateway := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, @@ -290,7 +290,7 @@ func TestTLSRoute_TLSTermination(t *testing.T) { rh.OnAdd(gateway) rh.OnAdd(&gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, @@ -309,10 +309,10 @@ func TestTLSRoute_TLSTermination(t *testing.T) { }, }) - c.Request(listenerType, "https-5000").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "https-5000").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-5000", Address: envoy_v3.SocketAddress("0.0.0.0", 13000), ListenerFilters: envoy_v3.ListenerFilters( @@ -327,7 +327,7 @@ func TestTLSRoute_TLSTermination(t *testing.T) { }) rh.OnAdd(&gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "basic-2", Namespace: "default", }, @@ -346,10 +346,10 @@ func TestTLSRoute_TLSTermination(t *testing.T) { }, }) - c.Request(listenerType, "https-5000").Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, "https-5000").Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "https-5000", Address: envoy_v3.SocketAddress("0.0.0.0", 13000), ListenerFilters: envoy_v3.ListenerFilters( diff --git a/internal/featuretests/v3/tracing_test.go b/internal/featuretests/v3/tracing_test.go index 3af7b807ad3..47565ab9047 100644 --- a/internal/featuretests/v3/tracing_test.go +++ b/internal/featuretests/v3/tracing_test.go @@ -16,9 +16,12 @@ package v3 import ( "testing" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" @@ -26,8 +29,6 @@ import ( "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" xdscache_v3 "github.com/projectcontour/contour/internal/xdscache/v3" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func TestTracing(t *testing.T) { @@ -61,46 +62,46 @@ func TestTracing(t *testing.T) { defer done() rh.OnAdd(fixture.NewService("projectcontour/otel-collector"). - WithPorts(corev1.ServicePort{Port: 4317})) + WithPorts(core_v1.ServicePort{Port: 4317})) - rh.OnAdd(featuretests.Endpoints("projectcontour", "otel-collector", corev1.EndpointSubset{ + rh.OnAdd(featuretests.Endpoints("projectcontour", "otel-collector", core_v1.EndpointSubset{ Addresses: featuretests.Addresses("10.244.41.241"), Ports: featuretests.Ports(featuretests.Port("", 4317)), })) - rh.OnAdd(&v1alpha1.ExtensionService{ + rh.OnAdd(&contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("projectcontour/otel-collector"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "otel-collector", Port: 4317}, }, Protocol: ref.To("h2c"), - TimeoutPolicy: &contour_api_v1.TimeoutPolicy{ + TimeoutPolicy: &contour_v1.TimeoutPolicy{ Response: defaultResponseTimeout.String(), }, }, }) rh.OnAdd(fixture.NewService("projectcontour/app-server"). - WithPorts(corev1.ServicePort{Port: 80})) + WithPorts(core_v1.ServicePort{Port: 80})) - rh.OnAdd(featuretests.Endpoints("projectcontour", "app-server", corev1.EndpointSubset{ + rh.OnAdd(featuretests.Endpoints("projectcontour", "app-server", core_v1.EndpointSubset{ Addresses: featuretests.Addresses("10.244.184.102"), Ports: featuretests.Ports(featuretests.Port("", 80)), })) - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "app-server", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "foo.com", }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "app-server", Port: 80, @@ -116,7 +117,7 @@ func TestTracing(t *testing.T) { httpListener.FilterChains = envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(xdscache_v3.ENVOY_HTTP_LISTENER). MetricsPrefix(xdscache_v3.ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(xdscache_v3.DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). Tracing(envoy_v3.TracingConfig(&envoy_v3.EnvoyTracingConfig{ ExtensionService: tracingConfig.ExtensionService, @@ -142,12 +143,12 @@ func TestTracing(t *testing.T) { Get(), ) - c.Request(listenerType, xdscache_v3.ENVOY_HTTP_LISTENER).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType, xdscache_v3.ENVOY_HTTP_LISTENER).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: listenerType, Resources: resources(t, httpListener), }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( diff --git a/internal/featuretests/v3/upstreamprotocol_test.go b/internal/featuretests/v3/upstreamprotocol_test.go index 878b63b6e01..e33e572dad1 100644 --- a/internal/featuretests/v3/upstreamprotocol_test.go +++ b/internal/featuretests/v3/upstreamprotocol_test.go @@ -16,13 +16,14 @@ package v3 import ( "testing" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - "github.com/projectcontour/contour/internal/featuretests" - "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + + "github.com/projectcontour/contour/internal/featuretests" + "github.com/projectcontour/contour/internal/fixture" ) // Test that contour correctly recognizes the upstream-protocol.tls @@ -33,11 +34,11 @@ func TestUpstreamProtocolTLS(t *testing.T) { s1 := fixture.NewService("kuard"). Annotate("projectcontour.io/upstream-protocol.tls", "securebackend"). - WithPorts(v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) + WithPorts(core_v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) rh.OnAdd(s1) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -47,7 +48,7 @@ func TestUpstreamProtocolTLS(t *testing.T) { } rh.OnAdd(i1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster(cluster("default/kuard/443/4929fca9d4", "default/kuard/securebackend", "default_kuard_443"), nil, "", "", nil, nil), ), @@ -56,10 +57,10 @@ func TestUpstreamProtocolTLS(t *testing.T) { s2 := fixture.NewService("kuard"). Annotate("projectcontour.io/upstream-protocol.tls", "securebackend"). - WithPorts(v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) + WithPorts(core_v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) rh.OnUpdate(s1, s2) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster(cluster("default/kuard/443/4929fca9d4", "default/kuard/securebackend", "default_kuard_443"), nil, "", "", nil, nil), ), @@ -75,11 +76,11 @@ func TestUpstreamProtocolH2C(t *testing.T) { s1 := fixture.NewService("kuard"). Annotate("projectcontour.io/upstream-protocol.h2c", "securebackend"). - WithPorts(v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) + WithPorts(core_v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) rh.OnAdd(s1) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -89,7 +90,7 @@ func TestUpstreamProtocolH2C(t *testing.T) { } rh.OnAdd(i1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, h2cCluster(cluster("default/kuard/443/f4f94965ec", "default/kuard/securebackend", "default_kuard_443")), ), @@ -98,10 +99,10 @@ func TestUpstreamProtocolH2C(t *testing.T) { s2 := fixture.NewService("kuard"). Annotate("projectcontour.io/upstream-protocol.h2c", "securebackend"). - WithPorts(v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) + WithPorts(core_v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) rh.OnUpdate(s1, s2) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, h2cCluster(cluster("default/kuard/443/f4f94965ec", "default/kuard/securebackend", "default_kuard_443")), ), @@ -117,11 +118,11 @@ func TestUpstreamProtocolH2(t *testing.T) { s1 := fixture.NewService("kuard"). Annotate("projectcontour.io/upstream-protocol.h2", "securebackend"). - WithPorts(v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) + WithPorts(core_v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) rh.OnAdd(s1) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -131,7 +132,7 @@ func TestUpstreamProtocolH2(t *testing.T) { } rh.OnAdd(i1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, h2cCluster(tlsCluster(cluster("default/kuard/443/bf1c365741", "default/kuard/securebackend", "default_kuard_443"), nil, "", "", nil, nil, "h2")), ), @@ -140,10 +141,10 @@ func TestUpstreamProtocolH2(t *testing.T) { s2 := fixture.NewService("kuard"). Annotate("projectcontour.io/upstream-protocol.h2", "securebackend"). - WithPorts(v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) + WithPorts(core_v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) rh.OnUpdate(s1, s2) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, h2cCluster(tlsCluster(cluster("default/kuard/443/bf1c365741", "default/kuard/securebackend", "default_kuard_443"), nil, "", "", nil, nil, "h2")), ), diff --git a/internal/featuretests/v3/upstreamtls_test.go b/internal/featuretests/v3/upstreamtls_test.go index 09a89a3343f..0865ab5f82a 100644 --- a/internal/featuretests/v3/upstreamtls_test.go +++ b/internal/featuretests/v3/upstreamtls_test.go @@ -16,28 +16,27 @@ package v3 import ( "testing" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_v3_tls "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - projcontour "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/ref" - corev1 "k8s.io/api/core/v1" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) func TestUpstreamTLSWithHTTPProxy(t *testing.T) { @@ -59,20 +58,20 @@ func TestUpstreamTLSWithHTTPProxy(t *testing.T) { rh.OnAdd(caSecret) svc := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 443}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 443}) rh.OnAdd(svc) proxy := fixture.NewProxy("authenticated").WithSpec( - projcontour.HTTPProxySpec{ - VirtualHost: &projcontour.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []projcontour.Route{{ - Services: []projcontour.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: svc.Name, Port: 443, Protocol: ref.To("tls"), - UpstreamValidation: &projcontour.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: caSecret.Name, SubjectName: "subjname", }, @@ -81,7 +80,7 @@ func TestUpstreamTLSWithHTTPProxy(t *testing.T) { }) rh.OnAdd(proxy) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster( cluster("default/backend/443/950c17581f", "default/backend/http", "default_backend_443"), @@ -113,11 +112,11 @@ func TestUpstreamTLSWithIngress(t *testing.T) { s1 := fixture.NewService("kuard"). Annotate("projectcontour.io/upstream-protocol.tls", "securebackend"). - WithPorts(v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) + WithPorts(core_v1.ServicePort{Name: "securebackend", Port: 443, TargetPort: intstr.FromInt(8888)}) rh.OnAdd(s1) i1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -127,7 +126,7 @@ func TestUpstreamTLSWithIngress(t *testing.T) { } rh.OnAdd(i1) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster( cluster("default/kuard/443/4929fca9d4", "default/kuard/securebackend", "default_kuard_443"), @@ -162,20 +161,20 @@ func TestUpstreamTLSWithExtensionService(t *testing.T) { rh.OnAdd(featuretests.CASecret(t, "ns/cacert", &featuretests.CACertificate)) - rh.OnAdd(fixture.NewService("ns/svc1").WithPorts(corev1.ServicePort{Port: 8081})) + rh.OnAdd(fixture.NewService("ns/svc1").WithPorts(core_v1.ServicePort{Port: 8081})) - rh.OnAdd(featuretests.Endpoints("ns", "svc1", corev1.EndpointSubset{ + rh.OnAdd(featuretests.Endpoints("ns", "svc1", core_v1.EndpointSubset{ Addresses: featuretests.Addresses("192.168.183.20"), Ports: featuretests.Ports(featuretests.Port("", 8081)), })) - ext := &v1alpha1.ExtensionService{ + ext := &contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("ns/ext"), - Spec: v1alpha1.ExtensionServiceSpec{ - Services: []v1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "svc1", Port: 8081}, }, - UpstreamValidation: &contour_api_v1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "cacert", SubjectName: "ext.projectcontour.io", }, @@ -186,26 +185,26 @@ func TestUpstreamTLSWithExtensionService(t *testing.T) { // Enabling validation add SNI as well as CA and server altname validation. tlsSocket := envoy_v3.UpstreamTLSTransportSocket( - &envoy_v3_tls.UpstreamTlsContext{ + &envoy_transport_socket_tls_v3.UpstreamTlsContext{ Sni: "ext.projectcontour.io", - CommonTlsContext: &envoy_v3_tls.CommonTlsContext{ - TlsParams: &envoy_v3_tls.TlsParameters{ - TlsMinimumProtocolVersion: envoy_v3_tls.TlsParameters_TLSv1_2, - TlsMaximumProtocolVersion: envoy_v3_tls.TlsParameters_TLSv1_2, + CommonTlsContext: &envoy_transport_socket_tls_v3.CommonTlsContext{ + TlsParams: &envoy_transport_socket_tls_v3.TlsParameters{ + TlsMinimumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, + TlsMaximumProtocolVersion: envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, }, AlpnProtocols: []string{"h2"}, - ValidationContextType: &envoy_v3_tls.CommonTlsContext_ValidationContext{ - ValidationContext: &envoy_v3_tls.CertificateValidationContext{ - TrustedCa: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ + ValidationContextType: &envoy_transport_socket_tls_v3.CommonTlsContext_ValidationContext{ + ValidationContext: &envoy_transport_socket_tls_v3.CertificateValidationContext{ + TrustedCa: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ InlineBytes: featuretests.PEMBytes(t, &featuretests.CACertificate), }, }, - MatchTypedSubjectAltNames: []*envoy_v3_tls.SubjectAltNameMatcher{ + MatchTypedSubjectAltNames: []*envoy_transport_socket_tls_v3.SubjectAltNameMatcher{ { - SanType: envoy_v3_tls.SubjectAltNameMatcher_DNS, - Matcher: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_Exact{ + SanType: envoy_transport_socket_tls_v3.SubjectAltNameMatcher_DNS, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "ext.projectcontour.io", }, }, @@ -217,12 +216,12 @@ func TestUpstreamTLSWithExtensionService(t *testing.T) { }, ) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ TypeUrl: clusterType, Resources: resources(t, DefaultCluster( h2cCluster(cluster("extension/ns/ext", "extension/ns/ext", "extension_ns_ext")), - &envoy_cluster_v3.Cluster{TransportSocket: tlsSocket}, + &envoy_config_cluster_v3.Cluster{TransportSocket: tlsSocket}, ), ), }) @@ -247,16 +246,16 @@ func TestUpstreamTLSWithHTTPRoute(t *testing.T) { rh.OnAdd(sec2) rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ - TypeMeta: metav1.TypeMeta{}, + TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, Status: gatewayapi_v1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -280,11 +279,11 @@ func TestUpstreamTLSWithHTTPRoute(t *testing.T) { rh.OnAdd(gateway) svc := fixture.NewService("backend"). - WithPorts(v1.ServicePort{Name: "http", Port: 443}) + WithPorts(core_v1.ServicePort{Name: "http", Port: 443}) rh.OnAdd(svc) rh.OnAdd(&gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "authenticated", Namespace: "default", }, @@ -305,7 +304,7 @@ func TestUpstreamTLSWithHTTPRoute(t *testing.T) { }) rh.OnAdd(&gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "authenticated", Namespace: "default", }, @@ -326,7 +325,7 @@ func TestUpstreamTLSWithHTTPRoute(t *testing.T) { }, }) - c.Request(clusterType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(clusterType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, tlsCluster( cluster("default/backend/443/867941ed65", "default/backend/http", "default_backend_443"), diff --git a/internal/featuretests/v3/websockets_test.go b/internal/featuretests/v3/websockets_test.go index 000a9b2a5cd..a0e385ae161 100644 --- a/internal/featuretests/v3/websockets_test.go +++ b/internal/featuretests/v3/websockets_test.go @@ -16,15 +16,16 @@ package v3 import ( "testing" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) func TestWebsocketsIngress(t *testing.T) { @@ -32,7 +33,7 @@ func TestWebsocketsIngress(t *testing.T) { defer done() s1 := fixture.NewService("ws"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) i1 := &networking_v1.Ingress{ @@ -56,11 +57,11 @@ func TestWebsocketsIngress(t *testing.T) { rh.OnAdd(i1) // check websocket annotation - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("websocket.hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/ws2"), Action: withWebsocket(routeCluster("default/ws/80/da39a3ee5e")), }, @@ -76,34 +77,34 @@ func TestWebsocketHTTPProxy(t *testing.T) { defer done() s1 := fixture.NewService("ws"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s1) s2 := fixture.NewService("ws2"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(s2) - hp1 := &contour_api_v1.HTTPProxy{ + hp1 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "websocket.hello.world"}, - Routes: []contour_api_v1.Route{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "websocket.hello.world"}, + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, }, { Conditions: matchconditions(prefixMatchCondition("/ws-1")), EnableWebsockets: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, }, { Conditions: matchconditions(prefixMatchCondition("/ws-2")), EnableWebsockets: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -112,19 +113,19 @@ func TestWebsocketHTTPProxy(t *testing.T) { } rh.OnAdd(hp1) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("websocket.hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/ws-2"), Action: withWebsocket(routeCluster("default/ws/80/da39a3ee5e")), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/ws-1"), Action: withWebsocket(routeCluster("default/ws/80/da39a3ee5e")), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/ws/80/da39a3ee5e"), }, @@ -134,20 +135,20 @@ func TestWebsocketHTTPProxy(t *testing.T) { TypeUrl: routeType, }) - hp2 := &contour_api_v1.HTTPProxy{ + hp2 := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("simple"), - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{Fqdn: "websocket.hello.world"}, - Routes: []contour_api_v1.Route{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{Fqdn: "websocket.hello.world"}, + Routes: []contour_v1.Route{{ Conditions: matchconditions(prefixMatchCondition("/")), - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, }, { Conditions: matchconditions(prefixMatchCondition("/ws-1")), EnableWebsockets: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }, { @@ -157,7 +158,7 @@ func TestWebsocketHTTPProxy(t *testing.T) { }, { Conditions: matchconditions(prefixMatchCondition("/ws-2")), EnableWebsockets: true, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: s1.Name, Port: 80, }}, @@ -166,22 +167,22 @@ func TestWebsocketHTTPProxy(t *testing.T) { } rh.OnUpdate(hp1, hp2) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("websocket.hello.world", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/ws-2"), Action: withWebsocket(routeCluster("default/ws/80/da39a3ee5e")), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/ws-1"), Action: withWebsocket(routeWeightedCluster( weightedCluster{"default/ws/80/da39a3ee5e", 1}, weightedCluster{"default/ws2/80/da39a3ee5e", 1}, )), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeCluster("default/ws/80/da39a3ee5e"), }, diff --git a/internal/featuretests/v3/wildcardhost_test.go b/internal/featuretests/v3/wildcardhost_test.go index c3dd43d3cd5..a3bdd0c3f12 100644 --- a/internal/featuretests/v3/wildcardhost_test.go +++ b/internal/featuretests/v3/wildcardhost_test.go @@ -16,19 +16,19 @@ package v3 import ( "testing" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" "github.com/projectcontour/contour/internal/fixture" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) // Test that Ingress without TLS secrets generate the @@ -38,14 +38,14 @@ func TestIngressWildcardHostHTTP(t *testing.T) { defer done() svc := fixture.NewService("svc"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) defaultBackend := fixture.NewService("default"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(defaultBackend) wildcardIngressV1 := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "wildcard-v1", Namespace: "default", }, @@ -66,7 +66,7 @@ func TestIngressWildcardHostHTTP(t *testing.T) { } rh.OnAdd(wildcardIngressV1) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), statsListener(), @@ -74,25 +74,25 @@ func TestIngressWildcardHostHTTP(t *testing.T) { TypeUrl: listenerType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", - envoy_v3.VirtualHost("*", &envoy_route_v3.Route{ + envoy_v3.VirtualHost("*", &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/default/80/da39a3ee5e"), }), envoy_v3.VirtualHost("*.foo.com", - &envoy_route_v3.Route{ - Match: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ + &envoy_config_route_v3.Route{ + Match: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{ Prefix: "/", }, - Headers: []*envoy_route_v3.HeaderMatcher{{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: ":authority", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_SafeRegex{ - SafeRegex: &matcher.RegexMatcher{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: &envoy_matcher_v3.RegexMatcher{ Regex: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?\\.foo\\.com(:[0-9]+)?", }, }, @@ -116,15 +116,15 @@ func TestHTTPProxyWildcardFQDN(t *testing.T) { defer done() svc := fixture.NewService("svc"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) rh.OnAdd(fixture.NewProxy("wildcard").WithSpec( - contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "*.projectcontour.io", - }, Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + }, Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "svc", Port: 80, }}, @@ -132,7 +132,7 @@ func TestHTTPProxyWildcardFQDN(t *testing.T) { }), ) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), statsListener(), @@ -140,20 +140,20 @@ func TestHTTPProxyWildcardFQDN(t *testing.T) { TypeUrl: listenerType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("ingress_http", - envoy_v3.VirtualHost("*.projectcontour.io", &envoy_route_v3.Route{ - Match: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ + envoy_v3.VirtualHost("*.projectcontour.io", &envoy_config_route_v3.Route{ + Match: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{ Prefix: "/", }, - Headers: []*envoy_route_v3.HeaderMatcher{{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: ":authority", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_SafeRegex{ - SafeRegex: &matcher.RegexMatcher{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: &envoy_matcher_v3.RegexMatcher{ Regex: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?\\.projectcontour\\.io(:[0-9]+)?", }, }, @@ -179,14 +179,14 @@ func TestIngressWildcardHostHTTPSWildcardSecret(t *testing.T) { rh.OnAdd(sec) svc := fixture.NewService("svc"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(svc) defaultBackend := fixture.NewService("default"). - WithPorts(v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) + WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)}) rh.OnAdd(defaultBackend) wildcardIngressTLS := &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "wildcard-tls", Namespace: "default", }, @@ -211,15 +211,15 @@ func TestIngressWildcardHostHTTPSWildcardSecret(t *testing.T) { } rh.OnAdd(wildcardIngressTLS) - c.Request(secretType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(secretType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, secret(sec)), TypeUrl: secretType, }) - c.Request(listenerType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(listenerType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, defaultHTTPListener(), - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: "ingress_https", Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( @@ -237,21 +237,21 @@ func TestIngressWildcardHostHTTPSWildcardSecret(t *testing.T) { TypeUrl: listenerType, }) - c.Request(routeType).Equals(&envoy_discovery_v3.DiscoveryResponse{ + c.Request(routeType).Equals(&envoy_service_discovery_v3.DiscoveryResponse{ Resources: resources(t, envoy_v3.RouteConfiguration("https/*.foo-tls.com", envoy_v3.VirtualHost("*.foo-tls.com", - &envoy_route_v3.Route{ - Match: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ + &envoy_config_route_v3.Route{ + Match: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{ Prefix: "/", }, - Headers: []*envoy_route_v3.HeaderMatcher{{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: ":authority", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_SafeRegex{ - SafeRegex: &matcher.RegexMatcher{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: &envoy_matcher_v3.RegexMatcher{ Regex: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?\\.foo-tls\\.com(:[0-9]+)?", }, }, @@ -264,22 +264,22 @@ func TestIngressWildcardHostHTTPSWildcardSecret(t *testing.T) { ), ), envoy_v3.RouteConfiguration("ingress_http", - envoy_v3.VirtualHost("*", &envoy_route_v3.Route{ + envoy_v3.VirtualHost("*", &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/default/80/da39a3ee5e"), }), envoy_v3.VirtualHost("*.foo-tls.com", - &envoy_route_v3.Route{ - Match: &envoy_route_v3.RouteMatch{ - PathSpecifier: &envoy_route_v3.RouteMatch_Prefix{ + &envoy_config_route_v3.Route{ + Match: &envoy_config_route_v3.RouteMatch{ + PathSpecifier: &envoy_config_route_v3.RouteMatch_Prefix{ Prefix: "/", }, - Headers: []*envoy_route_v3.HeaderMatcher{{ + Headers: []*envoy_config_route_v3.HeaderMatcher{{ Name: ":authority", - HeaderMatchSpecifier: &envoy_route_v3.HeaderMatcher_StringMatch{ - StringMatch: &matcher.StringMatcher{ - MatchPattern: &matcher.StringMatcher_SafeRegex{ - SafeRegex: &matcher.RegexMatcher{ + HeaderMatchSpecifier: &envoy_config_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: &envoy_matcher_v3.RegexMatcher{ Regex: "^[a-z0-9]([-a-z0-9]*[a-z0-9])?\\.foo-tls\\.com(:[0-9]+)?", }, }, diff --git a/internal/fixture/detailedcondition.go b/internal/fixture/detailedcondition.go index 8cbe5fdcf57..a211f827251 100644 --- a/internal/fixture/detailedcondition.go +++ b/internal/fixture/detailedcondition.go @@ -14,17 +14,17 @@ package fixture import ( - v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) // DetailedConditionBuilder is a builder object to make creating HTTPProxy fixtures more succinct. -type DetailedConditionBuilder v1.DetailedCondition +type DetailedConditionBuilder contour_v1.DetailedCondition // NewValidCondition creates a new DetailedConditionBuilder. func NewValidCondition() *DetailedConditionBuilder { b := &DetailedConditionBuilder{ - Condition: v1.Condition{ - Type: v1.ValidConditionType, + Condition: contour_v1.Condition{ + Type: contour_v1.ValidConditionType, }, } @@ -36,45 +36,45 @@ func (dcb *DetailedConditionBuilder) WithGeneration(gen int64) *DetailedConditio return dcb } -func (dcb *DetailedConditionBuilder) Valid() v1.DetailedCondition { - dc := (*v1.DetailedCondition)(dcb) - dc.Status = v1.ConditionTrue +func (dcb *DetailedConditionBuilder) Valid() contour_v1.DetailedCondition { + dc := (*contour_v1.DetailedCondition)(dcb) + dc.Status = contour_v1.ConditionTrue dc.Reason = "Valid" dc.Message = "Valid HTTPProxy" return *dc } -func (dcb *DetailedConditionBuilder) Orphaned() v1.DetailedCondition { - dc := (*v1.DetailedCondition)(dcb) - dc.AddError(v1.ConditionTypeOrphanedError, "Orphaned", "this HTTPProxy is not part of a delegation chain from a root HTTPProxy") +func (dcb *DetailedConditionBuilder) Orphaned() contour_v1.DetailedCondition { + dc := (*contour_v1.DetailedCondition)(dcb) + dc.AddError(contour_v1.ConditionTypeOrphanedError, "Orphaned", "this HTTPProxy is not part of a delegation chain from a root HTTPProxy") return *dc } -func (dcb *DetailedConditionBuilder) WithError(errorType, reason, message string) v1.DetailedCondition { - dc := (*v1.DetailedCondition)(dcb) +func (dcb *DetailedConditionBuilder) WithError(errorType, reason, message string) contour_v1.DetailedCondition { + dc := (*contour_v1.DetailedCondition)(dcb) dc.AddError(errorType, reason, message) return *dc } -func (dcb *DetailedConditionBuilder) WithErrorf(errorType, reason, formatmsg string, args ...any) v1.DetailedCondition { - dc := (*v1.DetailedCondition)(dcb) +func (dcb *DetailedConditionBuilder) WithErrorf(errorType, reason, formatmsg string, args ...any) contour_v1.DetailedCondition { + dc := (*contour_v1.DetailedCondition)(dcb) dc.AddErrorf(errorType, reason, formatmsg, args...) return *dc } -func (dcb *DetailedConditionBuilder) WithWarning(errorType, reason, message string) v1.DetailedCondition { - dc := (*v1.DetailedCondition)(dcb) +func (dcb *DetailedConditionBuilder) WithWarning(errorType, reason, message string) contour_v1.DetailedCondition { + dc := (*contour_v1.DetailedCondition)(dcb) dc.AddWarning(errorType, reason, message) return *dc } -func (dcb *DetailedConditionBuilder) WithWarningf(warnType, reason, formatmsg string, args ...any) v1.DetailedCondition { - dc := (*v1.DetailedCondition)(dcb) +func (dcb *DetailedConditionBuilder) WithWarningf(warnType, reason, formatmsg string, args ...any) contour_v1.DetailedCondition { + dc := (*contour_v1.DetailedCondition)(dcb) dc.AddWarningf(warnType, reason, formatmsg, args...) return *dc diff --git a/internal/fixture/httpproxy.go b/internal/fixture/httpproxy.go index a1cebd1a681..4f392e4de20 100644 --- a/internal/fixture/httpproxy.go +++ b/internal/fixture/httpproxy.go @@ -14,11 +14,11 @@ package fixture import ( - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) // ProxyBuilder is a builder object to make creating HTTPProxy fixtures more succinct. -type ProxyBuilder contour_api_v1.HTTPProxy +type ProxyBuilder contour_v1.HTTPProxy // NewProxy creates a new ProxyBuilder with the specified object name. func NewProxy(name string) *ProxyBuilder { @@ -34,14 +34,14 @@ func NewProxy(name string) *ProxyBuilder { func (b *ProxyBuilder) ensureVirtualHost() { if b.Spec.VirtualHost == nil { - b.Spec.VirtualHost = &contour_api_v1.VirtualHost{} + b.Spec.VirtualHost = &contour_v1.VirtualHost{} } } func (b *ProxyBuilder) ensureTLS() { b.ensureVirtualHost() if b.Spec.VirtualHost.TLS == nil { - b.Spec.VirtualHost.TLS = &contour_api_v1.TLS{} + b.Spec.VirtualHost.TLS = &contour_v1.TLS{} } } @@ -58,7 +58,7 @@ func (b *ProxyBuilder) Label(k, v string) *ProxyBuilder { } // WithSpec updates the builder's Spec field, returning the build proxy. -func (b *ProxyBuilder) WithSpec(spec contour_api_v1.HTTPProxySpec) *contour_api_v1.HTTPProxy { +func (b *ProxyBuilder) WithSpec(spec contour_v1.HTTPProxySpec) *contour_v1.HTTPProxy { oldSpec := b.Spec b.Spec = spec @@ -69,7 +69,7 @@ func (b *ProxyBuilder) WithSpec(spec contour_api_v1.HTTPProxySpec) *contour_api_ b.Spec.VirtualHost = oldSpec.VirtualHost } - return (*contour_api_v1.HTTPProxy)(b) + return (*contour_v1.HTTPProxy)(b) } func (b *ProxyBuilder) WithFQDN(fqdn string) *ProxyBuilder { @@ -84,7 +84,7 @@ func (b *ProxyBuilder) WithCertificate(secretName string) *ProxyBuilder { return b } -func (b *ProxyBuilder) WithAuthServer(auth contour_api_v1.AuthorizationServer) *ProxyBuilder { +func (b *ProxyBuilder) WithAuthServer(auth contour_v1.AuthorizationServer) *ProxyBuilder { b.ensureTLS() b.Spec.VirtualHost.Authorization = &auth return b diff --git a/internal/fixture/meta.go b/internal/fixture/meta.go index 13ac402eba8..a7fdb8ada27 100644 --- a/internal/fixture/meta.go +++ b/internal/fixture/meta.go @@ -18,15 +18,15 @@ import ( "strings" "sync/atomic" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var generation int64 // ObjectMeta cracks a Kubernetes object name string of the form -// "namespace/name" into a metav1.ObjectMeta struct. If the namespace +// "namespace/name" into a meta_v1.ObjectMeta struct. If the namespace // portion is omitted, then the default namespace is filled in. -func ObjectMeta(nameStr string) metav1.ObjectMeta { +func ObjectMeta(nameStr string) meta_v1.ObjectMeta { // NOTE: We don't use k8s.NamespacedNameFrom here, because that // would generate an import cycle. @@ -37,13 +37,13 @@ func ObjectMeta(nameStr string) metav1.ObjectMeta { switch len(v) { case 1: // No '/' separator. - return *UpdateObjectVersion(&metav1.ObjectMeta{ + return *UpdateObjectVersion(&meta_v1.ObjectMeta{ Name: v[0], - Namespace: metav1.NamespaceDefault, + Namespace: meta_v1.NamespaceDefault, Annotations: map[string]string{}, }) default: - return *UpdateObjectVersion(&metav1.ObjectMeta{ + return *UpdateObjectVersion(&meta_v1.ObjectMeta{ Name: v[1], Namespace: v[0], Annotations: map[string]string{}, @@ -52,13 +52,13 @@ func ObjectMeta(nameStr string) metav1.ObjectMeta { } // ObjectMetaWithAnnotations returns an ObjectMeta with the given annotations. -func ObjectMetaWithAnnotations(nameStr string, annotations map[string]string) metav1.ObjectMeta { +func ObjectMetaWithAnnotations(nameStr string, annotations map[string]string) meta_v1.ObjectMeta { meta := ObjectMeta(nameStr) meta.Annotations = annotations return meta } -func UpdateObjectVersion(meta *metav1.ObjectMeta) *metav1.ObjectMeta { +func UpdateObjectVersion(meta *meta_v1.ObjectMeta) *meta_v1.ObjectMeta { meta.Generation = nextGeneration() meta.ResourceVersion = strconv.FormatInt(meta.Generation, 10) return meta diff --git a/internal/fixture/secret_fixtures.go b/internal/fixture/secret_fixtures.go index 66067577470..f02595f838c 100644 --- a/internal/fixture/secret_fixtures.go +++ b/internal/fixture/secret_fixtures.go @@ -14,29 +14,29 @@ package fixture import ( - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" ) -var SecretRootsCert = &v1.Secret{ +var SecretRootsCert = &core_v1.Secret{ ObjectMeta: ObjectMeta("roots/ssl-cert"), - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{ - v1.TLSCertKey: []byte(CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(RSA_PRIVATE_KEY), + core_v1.TLSCertKey: []byte(CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(RSA_PRIVATE_KEY), }, } -var SecretProjectContourCert = &v1.Secret{ +var SecretProjectContourCert = &core_v1.Secret{ ObjectMeta: ObjectMeta("projectcontour/default-ssl-cert"), - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: SecretRootsCert.Data, } -var SecretRootsFallback = &v1.Secret{ +var SecretRootsFallback = &core_v1.Secret{ ObjectMeta: ObjectMeta("roots/fallbacksecret"), - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{ - v1.TLSCertKey: []byte(CERTIFICATE), - v1.TLSPrivateKeyKey: []byte(RSA_PRIVATE_KEY), + core_v1.TLSCertKey: []byte(CERTIFICATE), + core_v1.TLSPrivateKeyKey: []byte(RSA_PRIVATE_KEY), }, } diff --git a/internal/fixture/service.go b/internal/fixture/service.go index dbc5932cae6..225dd3c371b 100644 --- a/internal/fixture/service.go +++ b/internal/fixture/service.go @@ -14,16 +14,16 @@ package fixture import ( - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" ) -type ServiceBuilder v1.Service +type ServiceBuilder core_v1.Service // NewService creates a new ServiceBuilder with the given resource name. func NewService(name string) *ServiceBuilder { s := &ServiceBuilder{ ObjectMeta: ObjectMeta(name), - Spec: v1.ServiceSpec{}, + Spec: core_v1.ServiceSpec{}, } return s @@ -36,8 +36,8 @@ func (s *ServiceBuilder) Annotate(k, v string) *ServiceBuilder { } // WithPorts specifies the ports for the .Spec.Ports field. -func (s *ServiceBuilder) WithPorts(ports ...v1.ServicePort) *v1.Service { - s.Spec.Ports = make([]v1.ServicePort, len(ports)) +func (s *ServiceBuilder) WithPorts(ports ...core_v1.ServicePort) *core_v1.Service { + s.Spec.Ports = make([]core_v1.ServicePort, len(ports)) copy(s.Spec.Ports, ports) @@ -47,11 +47,11 @@ func (s *ServiceBuilder) WithPorts(ports ...v1.ServicePort) *v1.Service { } } - return (*v1.Service)(s) + return (*core_v1.Service)(s) } // WithSpec specifies the .Spec field. -func (s *ServiceBuilder) WithSpec(spec v1.ServiceSpec) *v1.Service { +func (s *ServiceBuilder) WithSpec(spec core_v1.ServiceSpec) *core_v1.Service { s.Spec = spec for _, p := range s.Spec.Ports { @@ -60,5 +60,5 @@ func (s *ServiceBuilder) WithSpec(spec v1.ServiceSpec) *v1.Service { } } - return (*v1.Service)(s) + return (*core_v1.Service)(s) } diff --git a/internal/fixture/service_fixtures.go b/internal/fixture/service_fixtures.go index 827451543b5..77804bd0520 100644 --- a/internal/fixture/service_fixtures.go +++ b/internal/fixture/service_fixtures.go @@ -14,14 +14,14 @@ package fixture import ( - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/util/intstr" ) -var ServiceRootsKuard = &v1.Service{ +var ServiceRootsKuard = &core_v1.Service{ ObjectMeta: ObjectMeta("roots/kuard"), - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, @@ -30,10 +30,10 @@ var ServiceRootsKuard = &v1.Service{ }, } -var ServiceRootsHome = &v1.Service{ +var ServiceRootsHome = &core_v1.Service{ ObjectMeta: ObjectMeta("roots/home"), - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, @@ -41,10 +41,10 @@ var ServiceRootsHome = &v1.Service{ }, } -var ServiceRootsFoo1 = &v1.Service{ +var ServiceRootsFoo1 = &core_v1.Service{ ObjectMeta: ObjectMeta("roots/foo1"), - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, @@ -52,10 +52,10 @@ var ServiceRootsFoo1 = &v1.Service{ }, } -var ServiceRootsFoo2 = &v1.Service{ +var ServiceRootsFoo2 = &core_v1.Service{ ObjectMeta: ObjectMeta("roots/foo2"), - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, @@ -63,10 +63,10 @@ var ServiceRootsFoo2 = &v1.Service{ }, } -var ServiceRootsFoo3InvalidPort = &v1.Service{ +var ServiceRootsFoo3InvalidPort = &core_v1.Service{ ObjectMeta: ObjectMeta("roots/foo3"), - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 12345678, @@ -74,10 +74,10 @@ var ServiceRootsFoo3InvalidPort = &v1.Service{ }, } -var ServiceMarketingGreen = &v1.Service{ +var ServiceMarketingGreen = &core_v1.Service{ ObjectMeta: ObjectMeta("marketing/green"), - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 80, @@ -85,20 +85,20 @@ var ServiceMarketingGreen = &v1.Service{ }, } -var ServiceRootsNginx = &v1.Service{ +var ServiceRootsNginx = &core_v1.Service{ ObjectMeta: ObjectMeta("roots/nginx"), - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, }}, }, } -var ServiceTeamAKuard = &v1.Service{ +var ServiceTeamAKuard = &core_v1.Service{ ObjectMeta: ObjectMeta("teama/kuard"), - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, @@ -107,10 +107,10 @@ var ServiceTeamAKuard = &v1.Service{ }, } -var ServiceTeamBKuard = &v1.Service{ +var ServiceTeamBKuard = &core_v1.Service{ ObjectMeta: ObjectMeta("teamb/kuard"), - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index a5366ccd0bd..2e54b303939 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -14,11 +14,12 @@ package gatewayapi import ( - "github.com/projectcontour/contour/internal/ref" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/ref" ) func CertificateRef(name, namespace string) gatewayapi_v1beta1.SecretObjectReference { diff --git a/internal/gatewayapi/listeners.go b/internal/gatewayapi/listeners.go index 26077c1be9c..e4355b0f0c2 100644 --- a/internal/gatewayapi/listeners.go +++ b/internal/gatewayapi/listeners.go @@ -18,12 +18,13 @@ import ( "net" "strings" - "github.com/projectcontour/contour/internal/ref" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/ref" ) // ContourHTTPSProtocolType is the protocol for an HTTPS Listener @@ -44,7 +45,7 @@ type ValidateListenersResult struct { // InvalidListenerConditions is a map from Gateway Listener name // to a condition to set, if the Listener is invalid. - InvalidListenerConditions map[gatewayapi_v1beta1.SectionName]metav1.Condition + InvalidListenerConditions map[gatewayapi_v1beta1.SectionName]meta_v1.Condition } type ListenerPort struct { @@ -54,10 +55,10 @@ type ListenerPort struct { Protocol string } -func conflictedCondition(reason gatewayapi_v1.ListenerConditionReason, msg string) metav1.Condition { - return metav1.Condition{ +func conflictedCondition(reason gatewayapi_v1.ListenerConditionReason, msg string) meta_v1.Condition { + return meta_v1.Condition{ Type: string(gatewayapi_v1.ListenerConditionConflicted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(reason), Message: msg, } @@ -83,16 +84,16 @@ func ValidateListeners(listeners []gatewayapi_v1beta1.Listener) ValidateListener result := ValidateListenersResult{ ListenerNames: map[string]string{}, - InvalidListenerConditions: map[gatewayapi_v1beta1.SectionName]metav1.Condition{}, + InvalidListenerConditions: map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{}, } for i, listener := range listeners { // Check for a valid hostname. if hostname := ref.Val(listener.Hostname, ""); len(hostname) > 0 { if err := IsValidHostname(string(hostname)); err != nil { - result.InvalidListenerConditions[listener.Name] = metav1.Condition{ + result.InvalidListenerConditions[listener.Name] = meta_v1.Condition{ Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalid), Message: err.Error(), } @@ -104,9 +105,9 @@ func ValidateListeners(listeners []gatewayapi_v1beta1.Listener) ValidateListener switch listener.Protocol { case gatewayapi_v1.HTTPProtocolType, gatewayapi_v1.HTTPSProtocolType, gatewayapi_v1.TLSProtocolType, gatewayapi_v1.TCPProtocolType, ContourHTTPSProtocolType: default: - result.InvalidListenerConditions[listener.Name] = metav1.Condition{ + result.InvalidListenerConditions[listener.Name] = meta_v1.Condition{ Type: string(gatewayapi_v1.ListenerConditionAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonUnsupportedProtocol), Message: fmt.Sprintf("Listener protocol %q is unsupported, must be one of HTTP, HTTPS, TLS, TCP or projectcontour.io/https", listener.Protocol), } @@ -126,9 +127,9 @@ func ValidateListeners(listeners []gatewayapi_v1beta1.Listener) ValidateListener // 1024-2046, since we can't listen on ports 1-1023 in the Envoy container. // If there are conflicting container ports, the listener can't be accepted. if toContainerPort(listener.Port) == toContainerPort(otherListener.Port) { - result.InvalidListenerConditions[listener.Name] = metav1.Condition{ + result.InvalidListenerConditions[listener.Name] = meta_v1.Condition{ Type: string(gatewayapi_v1.ListenerConditionAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonPortUnavailable), Message: "Listener port conflicts with a previous Listener's port", } diff --git a/internal/gatewayapi/listeners_test.go b/internal/gatewayapi/listeners_test.go index 405248aed94..2fe5c6ce8df 100644 --- a/internal/gatewayapi/listeners_test.go +++ b/internal/gatewayapi/listeners_test.go @@ -16,11 +16,12 @@ package gatewayapi import ( "testing" - "github.com/projectcontour/contour/internal/ref" "github.com/stretchr/testify/assert" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/ref" ) func TestValidateListeners(t *testing.T) { @@ -152,10 +153,10 @@ func TestValidateListeners(t *testing.T) { {Name: "http-8080", Port: 8080, ContainerPort: 16080, Protocol: "http"}, {Name: "https-443", Port: 443, ContainerPort: 8443, Protocol: "https"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]metav1.Condition{ + assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ "listener-3": { Type: string(gatewayapi_v1.ListenerConditionConflicted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonHostnameConflict), Message: "All Listener hostnames for a given port must be unique", }, @@ -290,10 +291,10 @@ func TestValidateListeners(t *testing.T) { {Name: "https-443", Port: 443, ContainerPort: 8443, Protocol: "https"}, {Name: "https-8443", Port: 8443, ContainerPort: 16443, Protocol: "https"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]metav1.Condition{ + assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ "listener-3": { Type: string(gatewayapi_v1.ListenerConditionConflicted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonHostnameConflict), Message: "All Listener hostnames for a given port must be unique", }, @@ -324,22 +325,22 @@ func TestValidateListeners(t *testing.T) { res := ValidateListeners(listeners) assert.Empty(t, res.Ports) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]metav1.Condition{ + assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ "listener-1": { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalid), Message: "invalid hostname \"192.168.1.1\": must be a DNS name, not an IP address", }, "listener-2": { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalid), Message: "invalid hostname \"*.*.projectcontour.io\": [a wildcard DNS-1123 subdomain must start with '*.', followed by a valid DNS subdomain, which must consist of lower case alphanumeric characters, '-' or '.' and end with an alphanumeric character (e.g. '*.example.com', regex used for validation is '\\*\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]", }, "listener-3": { Type: string(gatewayapi_v1.ListenerConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonInvalid), Message: "invalid hostname \".invalid.$.\": [a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')]", }, @@ -416,22 +417,22 @@ func TestValidateListeners(t *testing.T) { {Name: "http-9999", Port: 9999, ContainerPort: 17999, Protocol: "http"}, {Name: "tcp-11111", Port: 11111, ContainerPort: 19111, Protocol: "tcp"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]metav1.Condition{ + assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ "https": { Type: string(gatewayapi_v1.ListenerConditionConflicted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonProtocolConflict), Message: "All Listener protocols for a given port must be compatible", }, "projectcontour-io-https": { Type: string(gatewayapi_v1.ListenerConditionConflicted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonProtocolConflict), Message: "All Listener protocols for a given port must be compatible", }, "tls-1": { Type: string(gatewayapi_v1.ListenerConditionConflicted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonProtocolConflict), Message: "All Listener protocols for a given port must be compatible", }, @@ -480,22 +481,22 @@ func TestValidateListeners(t *testing.T) { {Name: "https-9999", Port: 9999, ContainerPort: 17999, Protocol: "https"}, {Name: "https-11111", Port: 11111, ContainerPort: 19111, Protocol: "https"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]metav1.Condition{ + assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ "http": { Type: string(gatewayapi_v1.ListenerConditionConflicted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonProtocolConflict), Message: "All Listener protocols for a given port must be compatible", }, "http-2": { Type: string(gatewayapi_v1.ListenerConditionConflicted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonProtocolConflict), Message: "All Listener protocols for a given port must be compatible", }, "tcp-1": { Type: string(gatewayapi_v1.ListenerConditionConflicted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.ListenerReasonProtocolConflict), Message: "All Listener protocols for a given port must be compatible", }, @@ -572,10 +573,10 @@ func TestValidateListeners(t *testing.T) { assert.ElementsMatch(t, res.Ports, []ListenerPort{ {Name: "http-58000", Port: 58000, ContainerPort: 1488, Protocol: "http"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]metav1.Condition{ + assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ "http-2": { Type: string(gatewayapi_v1.ListenerConditionAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonPortUnavailable), Message: "Listener port conflicts with a previous Listener's port", }, @@ -600,10 +601,10 @@ func TestValidateListeners(t *testing.T) { assert.ElementsMatch(t, res.Ports, []ListenerPort{ {Name: "http-59000", Port: 59000, ContainerPort: 1465, Protocol: "http"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]metav1.Condition{ + assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ "http-2": { Type: string(gatewayapi_v1.ListenerConditionAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.ListenerReasonPortUnavailable), Message: "Listener port conflicts with a previous Listener's port", }, diff --git a/internal/httpsvc/http_test.go b/internal/httpsvc/http_test.go index c5b2c02795b..8a7241316a2 100644 --- a/internal/httpsvc/http_test.go +++ b/internal/httpsvc/http_test.go @@ -24,12 +24,13 @@ import ( "testing" "time" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/httpsvc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/tsaarni/certyaml" "sigs.k8s.io/controller-runtime/pkg/manager" + + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/httpsvc" ) func TestHTTPService(t *testing.T) { diff --git a/internal/ingressclass/ingressclass.go b/internal/ingressclass/ingressclass.go index cd13aa197f8..4bf4d8f96e0 100644 --- a/internal/ingressclass/ingressclass.go +++ b/internal/ingressclass/ingressclass.go @@ -14,10 +14,11 @@ package ingressclass import ( + networking_v1 "k8s.io/api/networking/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/annotation" "github.com/projectcontour/contour/internal/ref" - networking_v1 "k8s.io/api/networking/v1" ) // DefaultClassName is the default IngressClass name that Contour will match diff --git a/internal/ingressclass/ingressclass_test.go b/internal/ingressclass/ingressclass_test.go index 7a24c1edb41..ab6ccf0edfe 100644 --- a/internal/ingressclass/ingressclass_test.go +++ b/internal/ingressclass/ingressclass_test.go @@ -16,11 +16,12 @@ package ingressclass import ( "testing" - contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" "github.com/stretchr/testify/assert" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/ref" ) func TestMatchesIngress(t *testing.T) { @@ -28,7 +29,7 @@ func TestMatchesIngress(t *testing.T) { assert.True(t, MatchesIngress(&networking_v1.Ingress{}, nil)) // Annotation set to default, no spec field set, class not configured assert.True(t, MatchesIngress(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "contour", }, @@ -42,7 +43,7 @@ func TestMatchesIngress(t *testing.T) { }, nil)) // Annotation set, no spec field set, class not configured assert.False(t, MatchesIngress(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "foo", }, @@ -58,7 +59,7 @@ func TestMatchesIngress(t *testing.T) { assert.False(t, MatchesIngress(&networking_v1.Ingress{}, []string{"something"})) // Annotation set, no spec field set, class configured assert.True(t, MatchesIngress(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "something", }, @@ -72,7 +73,7 @@ func TestMatchesIngress(t *testing.T) { }, []string{"something"})) // Annotation set, no spec field set, class configured assert.False(t, MatchesIngress(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "foo", }, @@ -86,7 +87,7 @@ func TestMatchesIngress(t *testing.T) { }, []string{"something"})) // Annotation set, spec field set, class configured assert.True(t, MatchesIngress(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "something", }, @@ -97,7 +98,7 @@ func TestMatchesIngress(t *testing.T) { }, []string{"something"})) // Annotation set, spec field set, class configured assert.False(t, MatchesIngress(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "foo", }, @@ -108,7 +109,7 @@ func TestMatchesIngress(t *testing.T) { }, []string{"something"})) // Multiple classes: Annotation set, no spec field set, class configured assert.False(t, MatchesIngress(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "foo", }, @@ -122,7 +123,7 @@ func TestMatchesIngress(t *testing.T) { }, []string{"something", "somethingelse"})) // Multiple classes: Annotation set, spec field set, class configured assert.True(t, MatchesIngress(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "something", }, @@ -133,7 +134,7 @@ func TestMatchesIngress(t *testing.T) { }, []string{"somethingelse", "something"})) // Multiple classes: Annotation set, spec field set, class configured assert.False(t, MatchesIngress(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "foo", }, @@ -149,7 +150,7 @@ func TestMatchesHTTPProxy(t *testing.T) { assert.True(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{}, nil)) // Annotation set to default, no spec field set, class not configured assert.True(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "contour", }, @@ -163,7 +164,7 @@ func TestMatchesHTTPProxy(t *testing.T) { }, nil)) // Annotation set, no spec field set, class not configured assert.False(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "foo", }, @@ -179,7 +180,7 @@ func TestMatchesHTTPProxy(t *testing.T) { assert.False(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{}, []string{"something"})) // Annotation set, no spec field set, class configured assert.True(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "something", }, @@ -193,7 +194,7 @@ func TestMatchesHTTPProxy(t *testing.T) { }, []string{"something"})) // Annotation set, no spec field set, class configured assert.False(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "foo", }, @@ -207,7 +208,7 @@ func TestMatchesHTTPProxy(t *testing.T) { }, []string{"something"})) // Annotation set, spec field set, class configured assert.True(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "something", }, @@ -218,7 +219,7 @@ func TestMatchesHTTPProxy(t *testing.T) { }, []string{"something"})) // Annotation set, spec field set, class configured assert.False(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "foo", }, @@ -229,7 +230,7 @@ func TestMatchesHTTPProxy(t *testing.T) { }, []string{"something"})) // Multiple classes: Annotation set, no spec field set, class configured assert.True(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "something", }, @@ -243,7 +244,7 @@ func TestMatchesHTTPProxy(t *testing.T) { }, []string{"athing", "something", "somethingelse"})) // Multiple classes: Annotation set, no spec field set, class configured assert.False(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "foo", }, @@ -257,7 +258,7 @@ func TestMatchesHTTPProxy(t *testing.T) { }, []string{"somethingelse", "something"})) // Multiple classes: Annotation set, spec field set, class configured assert.True(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "something", }, @@ -268,7 +269,7 @@ func TestMatchesHTTPProxy(t *testing.T) { }, []string{"somethingelse", "something"})) // Multiple classes: Annotation set, spec field set, class configured assert.False(t, MatchesHTTPProxy(&contour_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Annotations: map[string]string{ "kubernetes.io/ingress.class": "foo", }, diff --git a/internal/k8s/filter.go b/internal/k8s/filter.go index 2cc3c5a8ee5..f3208ca0433 100644 --- a/internal/k8s/filter.go +++ b/internal/k8s/filter.go @@ -14,7 +14,7 @@ package k8s import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/tools/cache" ) @@ -44,7 +44,7 @@ func NewNamespaceFilter( } func (e *namespaceFilter) allowed(obj any) bool { - if obj, ok := obj.(metav1.Object); ok { + if obj, ok := obj.(meta_v1.Object); ok { _, ok := e.index[obj.GetNamespace()] return ok } diff --git a/internal/k8s/filter_test.go b/internal/k8s/filter_test.go index 573d1e87295..09b3a873c22 100644 --- a/internal/k8s/filter_test.go +++ b/internal/k8s/filter_test.go @@ -16,9 +16,10 @@ package k8s import ( "testing" - "github.com/projectcontour/contour/internal/fixture" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + + "github.com/projectcontour/contour/internal/fixture" ) type countHandler struct { diff --git a/internal/k8s/helpers.go b/internal/k8s/helpers.go index 959b46d35d7..5439e90a45b 100644 --- a/internal/k8s/helpers.go +++ b/internal/k8s/helpers.go @@ -19,15 +19,16 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) // isStatusEqual checks that two objects of supported Kubernetes types @@ -40,49 +41,49 @@ func isStatusEqual(objA, objB any) bool { return true } } - case *contour_api_v1.HTTPProxy: - if b, ok := objB.(*contour_api_v1.HTTPProxy); ok { + case *contour_v1.HTTPProxy: + if b, ok := objB.(*contour_v1.HTTPProxy); ok { // Compare the status of the object ignoring the LastTransitionTime which is always // updated on each DAG rebuild regardless if the status of object changed or not. // Not ignoring this causes each status to be updated each time since the objects // are always different for each DAG rebuild (Issue #2979). if cmp.Equal(a.Status, b.Status, - cmpopts.IgnoreFields(contour_api_v1.Condition{}, "LastTransitionTime")) { + cmpopts.IgnoreFields(contour_v1.Condition{}, "LastTransitionTime")) { return true } } - case *contour_api_v1alpha1.ExtensionService: - if b, ok := objB.(*contour_api_v1alpha1.ExtensionService); ok { + case *contour_v1alpha1.ExtensionService: + if b, ok := objB.(*contour_v1alpha1.ExtensionService); ok { if cmp.Equal(a.Status, b.Status, - cmpopts.IgnoreFields(contour_api_v1.Condition{}, "LastTransitionTime")) { + cmpopts.IgnoreFields(contour_v1.Condition{}, "LastTransitionTime")) { return true } } case *gatewayapi_v1beta1.GatewayClass: if b, ok := objB.(*gatewayapi_v1beta1.GatewayClass); ok { if cmp.Equal(a.Status, b.Status, - cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime")) { + cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime")) { return true } } case *gatewayapi_v1beta1.Gateway: if b, ok := objB.(*gatewayapi_v1beta1.Gateway); ok { if cmp.Equal(a.Status, b.Status, - cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime")) { + cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime")) { return true } } case *gatewayapi_v1beta1.HTTPRoute: if b, ok := objB.(*gatewayapi_v1beta1.HTTPRoute); ok { if cmp.Equal(a.Status, b.Status, - cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime")) { + cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime")) { return true } } case *gatewayapi_v1alpha2.TLSRoute: if b, ok := objB.(*gatewayapi_v1alpha2.TLSRoute); ok { if cmp.Equal(a.Status, b.Status, - cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime")) { + cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime")) { return true } } @@ -106,8 +107,8 @@ func IsObjectEqual(oldObj, newObj client.Object) (bool, error) { // Fast path for objects that implement Generation and where only spec changes matter. // Status/annotations/labels changes are ignored. // Generation is implemented in CRDs, Ingress and IngressClass. - case *contour_api_v1alpha1.ExtensionService, - *contour_api_v1.TLSCertificateDelegation: + case *contour_v1alpha1.ExtensionService, + *contour_v1.TLSCertificateDelegation: return isGenerationEqual(oldObj, newObj), nil case *gatewayapi_v1beta1.GatewayClass, @@ -121,30 +122,30 @@ func IsObjectEqual(oldObj, newObj client.Object) (bool, error) { return isGenerationEqual(oldObj, newObj), nil // Slow path: compare the content of the objects. - case *contour_api_v1.HTTPProxy, + case *contour_v1.HTTPProxy, *networking_v1.Ingress: return isGenerationEqual(oldObj, newObj) && apiequality.Semantic.DeepEqual(oldObj.GetAnnotations(), newObj.GetAnnotations()), nil - case *v1.Secret: - if newObj, ok := newObj.(*v1.Secret); ok { + case *core_v1.Secret: + if newObj, ok := newObj.(*core_v1.Secret); ok { return reflect.DeepEqual(oldObj.Data, newObj.Data), nil } - case *v1.ConfigMap: - if newObj, ok := newObj.(*v1.ConfigMap); ok { + case *core_v1.ConfigMap: + if newObj, ok := newObj.(*core_v1.ConfigMap); ok { return reflect.DeepEqual(oldObj.Data, newObj.Data), nil } - case *v1.Service: - if newObj, ok := newObj.(*v1.Service); ok { + case *core_v1.Service: + if newObj, ok := newObj.(*core_v1.Service); ok { return apiequality.Semantic.DeepEqual(oldObj.Spec, newObj.Spec) && apiequality.Semantic.DeepEqual(oldObj.Status, newObj.Status) && apiequality.Semantic.DeepEqual(oldObj.GetAnnotations(), newObj.GetAnnotations()), nil } - case *v1.Endpoints: - if newObj, ok := newObj.(*v1.Endpoints); ok { + case *core_v1.Endpoints: + if newObj, ok := newObj.(*core_v1.Endpoints); ok { return apiequality.Semantic.DeepEqual(oldObj.Subsets, newObj.Subsets), nil } - case *v1.Namespace: - if newObj, ok := newObj.(*v1.Namespace); ok { + case *core_v1.Namespace: + if newObj, ok := newObj.(*core_v1.Namespace); ok { return apiequality.Semantic.DeepEqual(oldObj.Labels, newObj.Labels), nil } } diff --git a/internal/k8s/helpers_test.go b/internal/k8s/helpers_test.go index 2f1d042c612..9cabc99208e 100644 --- a/internal/k8s/helpers_test.go +++ b/internal/k8s/helpers_test.go @@ -18,18 +18,19 @@ import ( "strings" "testing" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) func TestIsObjectEqual(t *testing.T) { @@ -91,9 +92,9 @@ func TestIsObjectEqual(t *testing.T) { } scheme := runtime.NewScheme() - _ = v1.AddToScheme(scheme) + _ = core_v1.AddToScheme(scheme) _ = networking_v1.AddToScheme(scheme) - _ = contour_api_v1.AddKnownTypes(scheme) + _ = contour_v1.AddKnownTypes(scheme) deserializer := serializer.NewCodecFactory(scheme).UniversalDeserializer() @@ -120,8 +121,8 @@ func TestIsObjectEqual(t *testing.T) { } func TestIsEqualForResourceVersion(t *testing.T) { - oldS := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + oldS := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "default", ResourceVersion: "123", @@ -147,13 +148,13 @@ func TestIsEqualForResourceVersion(t *testing.T) { // TestIsEqualFallback compares with ServiceAccount objects, which are not supported. func TestIsEqualFallback(t *testing.T) { - oldObj := &v1.ServiceAccount{ - ObjectMeta: metav1.ObjectMeta{ + oldObj := &core_v1.ServiceAccount{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "default", ResourceVersion: "123", }, - Secrets: []v1.ObjectReference{ + Secrets: []core_v1.ObjectReference{ { Kind: "Secret", Name: "test", @@ -198,9 +199,9 @@ func TestIsEqualForGeneration(t *testing.T) { } run(t, &networking_v1.Ingress{}) - run(t, &contour_api_v1.HTTPProxy{}) - run(t, &contour_api_v1alpha1.ExtensionService{}) - run(t, &contour_api_v1.TLSCertificateDelegation{}) + run(t, &contour_v1.HTTPProxy{}) + run(t, &contour_v1alpha1.ExtensionService{}) + run(t, &contour_v1.TLSCertificateDelegation{}) run(t, &gatewayapi_v1beta1.GatewayClass{}) run(t, &gatewayapi_v1beta1.Gateway{}) run(t, &gatewayapi_v1beta1.HTTPRoute{}) diff --git a/internal/k8s/kind.go b/internal/k8s/kind.go index 692d294d94f..9142879b7be 100644 --- a/internal/k8s/kind.go +++ b/internal/k8s/kind.go @@ -14,20 +14,21 @@ package k8s import ( - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/scheme" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) // KindOf returns the kind string for the given Kubernetes object. // -// The API machinery doesn't populate the metav1.TypeMeta field for +// The API machinery doesn't populate the meta_v1.TypeMeta field for // objects, so we have to use a type assertion to detect kinds that // we care about. func KindOf(obj any) string { @@ -38,15 +39,15 @@ func KindOf(obj any) string { gvk, _, err := scheme.Scheme.ObjectKinds(object) if err != nil { switch obj := obj.(type) { - case *v1.Secret: + case *core_v1.Secret: return "Secret" - case *v1.Service: + case *core_v1.Service: return "Service" - case *v1.Endpoints: + case *core_v1.Endpoints: return "Endpoints" case *networking_v1.Ingress: return "Ingress" - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: return "HTTPProxy" case *gatewayapi_v1beta1.HTTPRoute: return "HTTPRoute" @@ -62,15 +63,15 @@ func KindOf(obj any) string { return "GatewayClass" case *gatewayapi_v1beta1.ReferenceGrant: return "ReferenceGrant" - case *contour_api_v1.TLSCertificateDelegation: + case *contour_v1.TLSCertificateDelegation: return "TLSCertificateDelegation" - case *v1alpha1.ExtensionService: + case *contour_v1alpha1.ExtensionService: return "ExtensionService" - case *v1alpha1.ContourConfiguration: + case *contour_v1alpha1.ContourConfiguration: return "ContourConfiguration" - case *v1alpha1.ContourDeployment: + case *contour_v1alpha1.ContourDeployment: return "ContourDeployment" - case *v1.Namespace: + case *core_v1.Namespace: return "Namespace" case *unstructured.Unstructured: return obj.GetKind() @@ -90,14 +91,14 @@ func VersionOf(obj any) string { gvk, _, err := scheme.Scheme.ObjectKinds(obj.(runtime.Object)) if err != nil { switch obj := obj.(type) { - case *v1.Secret, *v1.Service, *v1.Endpoints: - return v1.SchemeGroupVersion.String() + case *core_v1.Secret, *core_v1.Service, *core_v1.Endpoints: + return core_v1.SchemeGroupVersion.String() case *networking_v1.Ingress: return networking_v1.SchemeGroupVersion.String() - case *contour_api_v1.HTTPProxy, *contour_api_v1.TLSCertificateDelegation: - return contour_api_v1.GroupVersion.String() - case *v1alpha1.ExtensionService: - return v1alpha1.GroupVersion.String() + case *contour_v1.HTTPProxy, *contour_v1.TLSCertificateDelegation: + return contour_v1.GroupVersion.String() + case *contour_v1alpha1.ExtensionService: + return contour_v1alpha1.GroupVersion.String() case *unstructured.Unstructured: return obj.GetAPIVersion() default: diff --git a/internal/k8s/kind_test.go b/internal/k8s/kind_test.go index 027aa370bc0..f97d1200e92 100644 --- a/internal/k8s/kind_test.go +++ b/internal/k8s/kind_test.go @@ -16,14 +16,15 @@ package k8s import ( "testing" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/stretchr/testify/assert" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) func TestKindOf(t *testing.T) { @@ -31,17 +32,17 @@ func TestKindOf(t *testing.T) { Kind string Obj any }{ - {"Secret", &v1.Secret{}}, - {"Service", &v1.Service{}}, - {"Namespace", &v1.Namespace{}}, - {"Endpoints", &v1.Endpoints{}}, - {"Pod", &v1.Pod{}}, + {"Secret", &core_v1.Secret{}}, + {"Service", &core_v1.Service{}}, + {"Namespace", &core_v1.Namespace{}}, + {"Endpoints", &core_v1.Endpoints{}}, + {"Pod", &core_v1.Pod{}}, {"Ingress", &networking_v1.Ingress{}}, - {"HTTPProxy", &contour_api_v1.HTTPProxy{}}, - {"TLSCertificateDelegation", &contour_api_v1.TLSCertificateDelegation{}}, - {"ExtensionService", &v1alpha1.ExtensionService{}}, - {"ContourConfiguration", &v1alpha1.ContourConfiguration{}}, - {"ContourDeployment", &v1alpha1.ContourDeployment{}}, + {"HTTPProxy", &contour_v1.HTTPProxy{}}, + {"TLSCertificateDelegation", &contour_v1.TLSCertificateDelegation{}}, + {"ExtensionService", &contour_v1alpha1.ExtensionService{}}, + {"ContourConfiguration", &contour_v1alpha1.ContourConfiguration{}}, + {"ContourDeployment", &contour_v1alpha1.ContourDeployment{}}, {"GRPCRoute", &gatewayapi_v1alpha2.GRPCRoute{}}, {"HTTPRoute", &gatewayapi_v1beta1.HTTPRoute{}}, {"TLSRoute", &gatewayapi_v1alpha2.TLSRoute{}}, @@ -69,13 +70,13 @@ func TestVersionOf(t *testing.T) { Version string Obj any }{ - {"v1", &v1.Secret{}}, - {"v1", &v1.Service{}}, - {"v1", &v1.Endpoints{}}, + {"v1", &core_v1.Secret{}}, + {"v1", &core_v1.Service{}}, + {"v1", &core_v1.Endpoints{}}, {"networking.k8s.io/v1", &networking_v1.Ingress{}}, - {"projectcontour.io/v1", &contour_api_v1.HTTPProxy{}}, - {"projectcontour.io/v1", &contour_api_v1.TLSCertificateDelegation{}}, - {"projectcontour.io/v1alpha1", &v1alpha1.ExtensionService{}}, + {"projectcontour.io/v1", &contour_v1.HTTPProxy{}}, + {"projectcontour.io/v1", &contour_v1.TLSCertificateDelegation{}}, + {"projectcontour.io/v1alpha1", &contour_v1alpha1.ExtensionService{}}, { "test.projectcontour.io/v1", &unstructured.Unstructured{ Object: map[string]any{ diff --git a/internal/k8s/objectmeta.go b/internal/k8s/objectmeta.go index b4cfb10380f..612b1460e68 100644 --- a/internal/k8s/objectmeta.go +++ b/internal/k8s/objectmeta.go @@ -16,21 +16,22 @@ package k8s import ( "strings" - "github.com/projectcontour/contour/internal/annotation" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + + "github.com/projectcontour/contour/internal/annotation" ) // NamespacedNameOf returns the NamespacedName of any given Kubernetes object. -func NamespacedNameOf(obj metav1.Object) types.NamespacedName { +func NamespacedNameOf(obj meta_v1.Object) types.NamespacedName { name := types.NamespacedName{ Name: obj.GetName(), Namespace: obj.GetNamespace(), } if name.Namespace == "" { - name.Namespace = metav1.NamespaceDefault + name.Namespace = meta_v1.NamespaceDefault } return name @@ -81,7 +82,7 @@ func NamespacedNameFrom(nameStr string, opts ...func(*types.NamespacedName)) typ } if name.Namespace == "" { - name.Namespace = metav1.NamespaceDefault + name.Namespace = meta_v1.NamespaceDefault } return name diff --git a/internal/k8s/scheme.go b/internal/k8s/scheme.go index f4915f4e3ab..1035ed26d0c 100644 --- a/internal/k8s/scheme.go +++ b/internal/k8s/scheme.go @@ -14,12 +14,13 @@ package k8s import ( - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/scheme" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) // NewContourScheme returns a scheme that includes all the API types @@ -28,8 +29,8 @@ import ( func NewContourScheme() (*runtime.Scheme, error) { s := runtime.NewScheme() b := runtime.SchemeBuilder{ - contour_api_v1.AddToScheme, - contour_api_v1alpha1.AddToScheme, + contour_v1.AddToScheme, + contour_v1alpha1.AddToScheme, scheme.AddToScheme, gatewayapi_v1alpha2.AddToScheme, gatewayapi_v1beta1.AddToScheme, diff --git a/internal/k8s/status_test.go b/internal/k8s/status_test.go index b8dbe4ba5bf..620b4c691bf 100644 --- a/internal/k8s/status_test.go +++ b/internal/k8s/status_test.go @@ -16,15 +16,16 @@ package k8s import ( "testing" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/k8s/mocks" "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" networking_v1 "k8s.io/api/networking/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/manager" + + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/k8s/mocks" ) func TestStatusUpdateHandlerRequiresLeaderElection(t *testing.T) { @@ -34,7 +35,7 @@ func TestStatusUpdateHandlerRequiresLeaderElection(t *testing.T) { func TestStatusUpdateHandlerApplyOutputsMetrics(t *testing.T) { fooIngress := &networking_v1.Ingress{ - ObjectMeta: v1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "foo", Namespace: "somens", }, diff --git a/internal/k8s/statusaddress.go b/internal/k8s/statusaddress.go index f06b9e5c69b..24f17ab34e1 100644 --- a/internal/k8s/statusaddress.go +++ b/internal/k8s/statusaddress.go @@ -18,19 +18,20 @@ import ( "fmt" "sync" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/annotation" - "github.com/projectcontour/contour/internal/ingressclass" - "github.com/projectcontour/contour/internal/ref" "github.com/sirupsen/logrus" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/annotation" + "github.com/projectcontour/contour/internal/ingressclass" + "github.com/projectcontour/contour/internal/ref" ) // StatusAddressUpdater observes informer OnAdd and OnUpdate events and @@ -41,7 +42,7 @@ import ( type StatusAddressUpdater struct { Logger logrus.FieldLogger Cache cache.Cache - LBStatus v1.LoadBalancerStatus + LBStatus core_v1.LoadBalancerStatus IngressClassNames []string GatewayControllerName string GatewayRef *types.NamespacedName @@ -52,7 +53,7 @@ type StatusAddressUpdater struct { } // Set updates the LBStatus field. -func (s *StatusAddressUpdater) Set(status v1.LoadBalancerStatus) { +func (s *StatusAddressUpdater) Set(status core_v1.LoadBalancerStatus) { s.mu.Lock() defer s.mu.Unlock() @@ -74,7 +75,7 @@ func (s *StatusAddressUpdater) OnAdd(obj any, _ bool) { return } - logNoMatch := func(logger logrus.FieldLogger, obj metav1.Object) { + logNoMatch := func(logger logrus.FieldLogger, obj meta_v1.Object) { logger.WithField("name", obj.GetName()). WithField("namespace", obj.GetNamespace()). WithField("ingress-class-annotation", annotation.IngressClass(obj)). @@ -108,7 +109,7 @@ func (s *StatusAddressUpdater) OnAdd(obj any, _ bool) { }), )) - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: if !ingressclass.MatchesHTTPProxy(o, s.IngressClassNames) { logNoMatch(s.Logger, o) return @@ -117,9 +118,9 @@ func (s *StatusAddressUpdater) OnAdd(obj any, _ bool) { s.StatusUpdater.Send(NewStatusUpdate( o.Name, o.Namespace, - &contour_api_v1.HTTPProxy{}, + &contour_v1.HTTPProxy{}, StatusMutatorFunc(func(obj client.Object) client.Object { - proxy, ok := obj.(*contour_api_v1.HTTPProxy) + proxy, ok := obj.(*contour_v1.HTTPProxy) if !ok { panic(fmt.Sprintf("Unsupported object %s/%s in status Address mutator", obj.GetName(), obj.GetNamespace(), @@ -209,12 +210,12 @@ func (s *StatusAddressUpdater) OnDelete(_ any) { // is desirable to clear the status. type ServiceStatusLoadBalancerWatcher struct { ServiceName string - LBStatus chan v1.LoadBalancerStatus + LBStatus chan core_v1.LoadBalancerStatus Log logrus.FieldLogger } func (s *ServiceStatusLoadBalancerWatcher) OnAdd(obj any, _ bool) { - svc, ok := obj.(*v1.Service) + svc, ok := obj.(*core_v1.Service) if !ok { // not a service return @@ -230,7 +231,7 @@ func (s *ServiceStatusLoadBalancerWatcher) OnAdd(obj any, _ bool) { } func (s *ServiceStatusLoadBalancerWatcher) OnUpdate(_, newObj any) { - svc, ok := newObj.(*v1.Service) + svc, ok := newObj.(*core_v1.Service) if !ok { // not a service return @@ -246,7 +247,7 @@ func (s *ServiceStatusLoadBalancerWatcher) OnUpdate(_, newObj any) { } func (s *ServiceStatusLoadBalancerWatcher) OnDelete(obj any) { - svc, ok := obj.(*v1.Service) + svc, ok := obj.(*core_v1.Service) if !ok { // not a service return @@ -254,16 +255,16 @@ func (s *ServiceStatusLoadBalancerWatcher) OnDelete(obj any) { if svc.Name != s.ServiceName { return } - s.notify(v1.LoadBalancerStatus{ + s.notify(core_v1.LoadBalancerStatus{ Ingress: nil, }) } -func (s *ServiceStatusLoadBalancerWatcher) notify(lbstatus v1.LoadBalancerStatus) { +func (s *ServiceStatusLoadBalancerWatcher) notify(lbstatus core_v1.LoadBalancerStatus) { s.LBStatus <- lbstatus } -func coreToNetworkingLBStatus(lbs v1.LoadBalancerStatus) networking_v1.IngressLoadBalancerStatus { +func coreToNetworkingLBStatus(lbs core_v1.LoadBalancerStatus) networking_v1.IngressLoadBalancerStatus { ingress := make([]networking_v1.IngressLoadBalancerIngress, len(lbs.Ingress)) for i, ing := range lbs.Ingress { ports := make([]networking_v1.IngressPortStatus, len(ing.Ports)) @@ -285,7 +286,7 @@ func coreToNetworkingLBStatus(lbs v1.LoadBalancerStatus) networking_v1.IngressLo } } -func lbStatusToGatewayAddresses(lbs v1.LoadBalancerStatus) []gatewayapi_v1.GatewayStatusAddress { +func lbStatusToGatewayAddresses(lbs core_v1.LoadBalancerStatus) []gatewayapi_v1.GatewayStatusAddress { addrs := []gatewayapi_v1.GatewayStatusAddress{} for _, lbi := range lbs.Ingress { diff --git a/internal/k8s/statusaddress_test.go b/internal/k8s/statusaddress_test.go index 838bbbc5553..6564a2d727f 100644 --- a/internal/k8s/statusaddress_test.go +++ b/internal/k8s/statusaddress_test.go @@ -16,49 +16,50 @@ package k8s import ( "testing" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/ingressclass" - "github.com/projectcontour/contour/internal/k8s/mocks" - "github.com/projectcontour/contour/internal/ref" "github.com/sirupsen/logrus" "github.com/stretchr/testify/assert" mock "github.com/stretchr/testify/mock" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/ingressclass" + "github.com/projectcontour/contour/internal/k8s/mocks" + "github.com/projectcontour/contour/internal/ref" ) func TestServiceStatusLoadBalancerWatcherOnAdd(t *testing.T) { - lbstatus := make(chan v1.LoadBalancerStatus, 1) + lbstatus := make(chan core_v1.LoadBalancerStatus, 1) sw := ServiceStatusLoadBalancerWatcher{ ServiceName: "envoy", LBStatus: lbstatus, Log: fixture.NewTestLogger(t), } - recv := func() (v1.LoadBalancerStatus, bool) { + recv := func() (core_v1.LoadBalancerStatus, bool) { select { case lbs := <-sw.LBStatus: return lbs, true default: - return v1.LoadBalancerStatus{}, false + return core_v1.LoadBalancerStatus{}, false } } // assert adding something other than a service generates no notification. - sw.OnAdd(&v1.Pod{}, false) + sw.OnAdd(&core_v1.Pod{}, false) _, ok := recv() if ok { t.Fatalf("expected no result when adding") } // assert adding a service with an different name generates no notification - var svc v1.Service + var svc core_v1.Service svc.Name = "potato" sw.OnAdd(&svc, false) _, ok = recv() @@ -68,20 +69,20 @@ func TestServiceStatusLoadBalancerWatcherOnAdd(t *testing.T) { // assert adding a service with the correct name generates a notification svc.Name = sw.ServiceName - svc.Status.LoadBalancer.Ingress = []v1.LoadBalancerIngress{{Hostname: "projectcontour.io"}} + svc.Status.LoadBalancer.Ingress = []core_v1.LoadBalancerIngress{{Hostname: "projectcontour.io"}} sw.OnAdd(&svc, false) got, ok := recv() if !ok { t.Fatalf("expected result when adding a service with the correct name") } - want := v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{{Hostname: "projectcontour.io"}}, + want := core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{{Hostname: "projectcontour.io"}}, } assert.Equal(t, want, got) } func TestServiceStatusLoadBalancerWatcherOnUpdate(t *testing.T) { - lbstatus := make(chan v1.LoadBalancerStatus, 1) + lbstatus := make(chan core_v1.LoadBalancerStatus, 1) sw := ServiceStatusLoadBalancerWatcher{ ServiceName: "envoy", @@ -89,24 +90,24 @@ func TestServiceStatusLoadBalancerWatcherOnUpdate(t *testing.T) { Log: fixture.NewTestLogger(t), } - recv := func() (v1.LoadBalancerStatus, bool) { + recv := func() (core_v1.LoadBalancerStatus, bool) { select { case lbs := <-sw.LBStatus: return lbs, true default: - return v1.LoadBalancerStatus{}, false + return core_v1.LoadBalancerStatus{}, false } } // assert updating something other than a service generates no notification. - sw.OnUpdate(&v1.Pod{}, &v1.Pod{}) + sw.OnUpdate(&core_v1.Pod{}, &core_v1.Pod{}) _, ok := recv() if ok { t.Fatalf("expected no result when updating") } // assert updating a service with an different name generates no notification - var oldSvc, newSvc v1.Service + var oldSvc, newSvc core_v1.Service oldSvc.Name = "potato" newSvc.Name = "elephant" sw.OnUpdate(&oldSvc, &newSvc) @@ -116,22 +117,22 @@ func TestServiceStatusLoadBalancerWatcherOnUpdate(t *testing.T) { } // assert updating a service with the correct name generates a notification - var svc v1.Service + var svc core_v1.Service svc.Name = sw.ServiceName - svc.Status.LoadBalancer.Ingress = []v1.LoadBalancerIngress{{Hostname: "projectcontour.io"}} + svc.Status.LoadBalancer.Ingress = []core_v1.LoadBalancerIngress{{Hostname: "projectcontour.io"}} sw.OnUpdate(&oldSvc, &svc) got, ok := recv() if !ok { t.Fatalf("expected result when updating a service with the correct name") } - want := v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{{Hostname: "projectcontour.io"}}, + want := core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{{Hostname: "projectcontour.io"}}, } assert.Equal(t, want, got) } func TestServiceStatusLoadBalancerWatcherOnDelete(t *testing.T) { - lbstatus := make(chan v1.LoadBalancerStatus, 1) + lbstatus := make(chan core_v1.LoadBalancerStatus, 1) sw := ServiceStatusLoadBalancerWatcher{ ServiceName: "envoy", @@ -139,24 +140,24 @@ func TestServiceStatusLoadBalancerWatcherOnDelete(t *testing.T) { Log: fixture.NewTestLogger(t), } - recv := func() (v1.LoadBalancerStatus, bool) { + recv := func() (core_v1.LoadBalancerStatus, bool) { select { case lbs := <-sw.LBStatus: return lbs, true default: - return v1.LoadBalancerStatus{}, false + return core_v1.LoadBalancerStatus{}, false } } // assert deleting something other than a service generates no notification. - sw.OnDelete(&v1.Pod{}) + sw.OnDelete(&core_v1.Pod{}) _, ok := recv() if ok { t.Fatalf("expected no result when deleting") } // assert adding a service with an different name generates no notification - var svc v1.Service + var svc core_v1.Service svc.Name = "potato" sw.OnDelete(&svc) _, ok = recv() @@ -166,13 +167,13 @@ func TestServiceStatusLoadBalancerWatcherOnDelete(t *testing.T) { // assert deleting a service with the correct name generates a blank notification svc.Name = sw.ServiceName - svc.Status.LoadBalancer.Ingress = []v1.LoadBalancerIngress{{Hostname: "projectcontour.io"}} + svc.Status.LoadBalancer.Ingress = []core_v1.LoadBalancerIngress{{Hostname: "projectcontour.io"}} sw.OnDelete(&svc) got, ok := recv() if !ok { t.Fatalf("expected result when deleting a service with the correct name") } - want := v1.LoadBalancerStatus{ + want := core_v1.LoadBalancerStatus{ Ingress: nil, } assert.Equal(t, want, got) @@ -183,10 +184,10 @@ func TestStatusAddressUpdater(t *testing.T) { log := fixture.NewTestLogger(t) log.SetLevel(logrus.DebugLevel) - emptyLBStatus := v1.LoadBalancerStatus{} + emptyLBStatus := core_v1.LoadBalancerStatus{} - ipLBStatus := v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + ipLBStatus := core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { IP: "127.0.0.1", }, @@ -194,7 +195,7 @@ func TestStatusAddressUpdater(t *testing.T) { } testCases := map[string]struct { - status v1.LoadBalancerStatus + status core_v1.LoadBalancerStatus ingressClassName string preop client.Object postop client.Object @@ -354,8 +355,8 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { log := fixture.NewTestLogger(t) log.SetLevel(logrus.DebugLevel) - ipLBStatus := v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + ipLBStatus := core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { IP: "127.0.0.1", }, @@ -365,8 +366,8 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, } - hostnameLBStatus := v1.LoadBalancerStatus{ - Ingress: []v1.LoadBalancerIngress{ + hostnameLBStatus := core_v1.LoadBalancerStatus{ + Ingress: []core_v1.LoadBalancerIngress{ { Hostname: "ingress.projectcontour.io", }, @@ -374,7 +375,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { } testCases := map[string]struct { - status v1.LoadBalancerStatus + status core_v1.LoadBalancerStatus gatewayClassControllerName string gatewayRef *types.NamespacedName preop *gatewayapi_v1beta1.Gateway @@ -384,7 +385,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { status: ipLBStatus, gatewayClassControllerName: "projectcontour.io/contour", preop: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, @@ -392,16 +393,16 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), }, Status: gatewayapi_v1beta1.GatewayStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, }, postop: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, @@ -409,10 +410,10 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), }, Status: gatewayapi_v1beta1.GatewayStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, Addresses: []gatewayapi_v1.GatewayStatusAddress{ @@ -432,7 +433,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { status: hostnameLBStatus, gatewayClassControllerName: "projectcontour.io/contour", preop: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, @@ -440,16 +441,16 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), }, Status: gatewayapi_v1beta1.GatewayStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, }, postop: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, @@ -457,10 +458,10 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), }, Status: gatewayapi_v1beta1.GatewayStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, Addresses: []gatewayapi_v1.GatewayStatusAddress{ @@ -476,7 +477,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { status: ipLBStatus, gatewayClassControllerName: "projectcontour.io/some-other-controller", preop: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, @@ -484,16 +485,16 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), }, Status: gatewayapi_v1beta1.GatewayStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, }, postop: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, @@ -501,10 +502,10 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), }, Status: gatewayapi_v1beta1.GatewayStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -514,7 +515,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { status: ipLBStatus, gatewayRef: &types.NamespacedName{Namespace: "projectcontour", Name: "contour-gateway"}, preop: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "some-other-gateway", }, @@ -522,16 +523,16 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), }, Status: gatewayapi_v1beta1.GatewayStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, }, postop: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "some-other-gateway", }, @@ -539,10 +540,10 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), }, Status: gatewayapi_v1beta1.GatewayStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, @@ -552,7 +553,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { status: ipLBStatus, gatewayRef: &types.NamespacedName{Namespace: "projectcontour", Name: "contour-gateway"}, preop: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, @@ -560,16 +561,16 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), }, Status: gatewayapi_v1beta1.GatewayStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, }, postop: &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, @@ -577,10 +578,10 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), }, Status: gatewayapi_v1beta1.GatewayStatus{ - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, Addresses: []gatewayapi_v1.GatewayStatusAddress{ @@ -663,7 +664,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { } } -func simpleIngressGenerator(name, ingressClassAnnotation, ingressClassSpec string, lbstatus v1.LoadBalancerStatus) *networking_v1.Ingress { +func simpleIngressGenerator(name, ingressClassAnnotation, ingressClassSpec string, lbstatus core_v1.LoadBalancerStatus) *networking_v1.Ingress { annotations := make(map[string]string) if ingressClassAnnotation != "" { annotations["kubernetes.io/ingress.class"] = ingressClassAnnotation @@ -673,11 +674,11 @@ func simpleIngressGenerator(name, ingressClassAnnotation, ingressClassSpec strin ingressClassName = ref.To(ingressClassSpec) } return &networking_v1.Ingress{ - TypeMeta: metav1.TypeMeta{ + TypeMeta: meta_v1.TypeMeta{ Kind: "ingress", APIVersion: "networking.k8s.io/v1", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: name, Annotations: annotations, @@ -691,20 +692,20 @@ func simpleIngressGenerator(name, ingressClassAnnotation, ingressClassSpec strin } } -func simpleProxyGenerator(name, ingressClass string, lbstatus v1.LoadBalancerStatus) *contour_api_v1.HTTPProxy { - return &contour_api_v1.HTTPProxy{ - TypeMeta: metav1.TypeMeta{ +func simpleProxyGenerator(name, ingressClass string, lbstatus core_v1.LoadBalancerStatus) *contour_v1.HTTPProxy { + return &contour_v1.HTTPProxy{ + TypeMeta: meta_v1.TypeMeta{ Kind: "httpproxy", APIVersion: "projectcontour.io/v1", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: name, Annotations: map[string]string{ "kubernetes.io/ingress.class": ingressClass, }, }, - Status: contour_api_v1.HTTPProxyStatus{ + Status: contour_v1.HTTPProxyStatus{ LoadBalancer: lbstatus, }, } diff --git a/internal/k8s/statuscache.go b/internal/k8s/statuscache.go index 1272c9899f7..d51a7158d47 100644 --- a/internal/k8s/statuscache.go +++ b/internal/k8s/statuscache.go @@ -16,8 +16,9 @@ package k8s import ( "fmt" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) // StatusUpdateCacher takes status updates and applies them to a cache, to be used for testing. @@ -29,7 +30,7 @@ type StatusUpdateCacher struct { // the status cache. func (suc *StatusUpdateCacher) IsCacheable(obj any) bool { switch obj.(type) { - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: return true default: return false @@ -40,7 +41,7 @@ func (suc *StatusUpdateCacher) IsCacheable(obj any) bool { func (suc *StatusUpdateCacher) OnDelete(obj any) { if suc.objectCache != nil { switch o := obj.(type) { - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: delete(suc.objectCache, suc.objKey(o.Name, o.Namespace)) default: panic(fmt.Sprintf("status caching not supported for object type %T", obj)) @@ -55,7 +56,7 @@ func (suc *StatusUpdateCacher) OnAdd(obj any) { } switch o := obj.(type) { - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: suc.objectCache[suc.objKey(o.Name, o.Namespace)] = o default: panic(fmt.Sprintf("status caching not supported for object type %T", obj)) @@ -91,13 +92,13 @@ func (suc *StatusUpdateCacher) Add(name, namespace string, obj client.Object) bo return true } -func (suc *StatusUpdateCacher) GetStatus(obj any) (*contour_api_v1.HTTPProxyStatus, error) { +func (suc *StatusUpdateCacher) GetStatus(obj any) (*contour_v1.HTTPProxyStatus, error) { switch o := obj.(type) { - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: objectKey := suc.objKey(o.Name, o.Namespace) cachedObj, ok := suc.objectCache[objectKey] if ok { - if c, ok := cachedObj.(*contour_api_v1.HTTPProxy); ok { + if c, ok := cachedObj.(*contour_v1.HTTPProxy); ok { return &c.Status, nil } } diff --git a/internal/leadership/notifier_test.go b/internal/leadership/notifier_test.go index ba413a70b16..d1830199b04 100644 --- a/internal/leadership/notifier_test.go +++ b/internal/leadership/notifier_test.go @@ -19,10 +19,11 @@ import ( "testing" "time" - "github.com/projectcontour/contour/internal/leadership" - "github.com/projectcontour/contour/internal/leadership/mocks" "github.com/stretchr/testify/require" "sigs.k8s.io/controller-runtime/pkg/manager" + + "github.com/projectcontour/contour/internal/leadership" + "github.com/projectcontour/contour/internal/leadership/mocks" ) func TestNotifier(t *testing.T) { diff --git a/internal/metrics/metrics.go b/internal/metrics/metrics.go index eb2d2a97baf..0f740e17922 100644 --- a/internal/metrics/metrics.go +++ b/internal/metrics/metrics.go @@ -18,9 +18,10 @@ import ( "net/http" "time" - "github.com/projectcontour/contour/internal/build" "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promhttp" + + "github.com/projectcontour/contour/internal/build" ) // Metrics provide Prometheus metrics for the app diff --git a/internal/metrics/metrics_test.go b/internal/metrics/metrics_test.go index 5fbef77e96f..f0d158dd4a4 100644 --- a/internal/metrics/metrics_test.go +++ b/internal/metrics/metrics_test.go @@ -17,10 +17,11 @@ import ( "testing" "time" - "github.com/projectcontour/contour/internal/ref" "github.com/prometheus/client_golang/prometheus" io_prometheus_client "github.com/prometheus/client_model/go" "github.com/stretchr/testify/assert" + + "github.com/projectcontour/contour/internal/ref" ) type testMetric struct { diff --git a/internal/provisioner/controller/gateway.go b/internal/provisioner/controller/gateway.go index c258fab9a44..14fa1f4a2d6 100644 --- a/internal/provisioner/controller/gateway.go +++ b/internal/provisioner/controller/gateway.go @@ -17,20 +17,9 @@ import ( "context" "fmt" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/provisioner/model" - "github.com/projectcontour/contour/internal/provisioner/objects/contourconfig" - "github.com/projectcontour/contour/internal/provisioner/objects/dataplane" - "github.com/projectcontour/contour/internal/provisioner/objects/deployment" - "github.com/projectcontour/contour/internal/provisioner/objects/rbac" - "github.com/projectcontour/contour/internal/provisioner/objects/secret" - "github.com/projectcontour/contour/internal/provisioner/objects/service" - retryable "github.com/projectcontour/contour/internal/provisioner/retryableerror" - "github.com/go-logr/logr" "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" utilerrors "k8s.io/apimachinery/pkg/util/errors" ctrl "sigs.k8s.io/controller-runtime" @@ -43,6 +32,17 @@ import ( "sigs.k8s.io/controller-runtime/pkg/source" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/provisioner/model" + "github.com/projectcontour/contour/internal/provisioner/objects/contourconfig" + "github.com/projectcontour/contour/internal/provisioner/objects/dataplane" + "github.com/projectcontour/contour/internal/provisioner/objects/deployment" + "github.com/projectcontour/contour/internal/provisioner/objects/rbac" + "github.com/projectcontour/contour/internal/provisioner/objects/secret" + "github.com/projectcontour/contour/internal/provisioner/objects/service" + retryable "github.com/projectcontour/contour/internal/provisioner/retryableerror" ) // gatewayReconciler reconciles Gateway objects. @@ -123,7 +123,7 @@ func (r *gatewayReconciler) isGatewayClassReconcilable(obj client.Object) bool { var accepted bool for _, cond := range gatewayClass.Status.Conditions { if cond.Type == string(gatewayapi_v1.GatewayClassConditionStatusAccepted) { - if cond.Status == metav1.ConditionTrue { + if cond.Status == meta_v1.ConditionTrue { accepted = true } break @@ -164,7 +164,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct log.Info("deleting gateway resources") contour := &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: req.Namespace, Name: req.Name, }, @@ -286,7 +286,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct } // Deployment replicas - if envoyParams.WorkloadType == contour_api_v1alpha1.WorkloadTypeDeployment { + if envoyParams.WorkloadType == contour_v1alpha1.WorkloadTypeDeployment { if envoyParams.Replicas > 0 { // nolint:staticcheck contourModel.Spec.EnvoyReplicas = envoyParams.Replicas // nolint:staticcheck } @@ -304,7 +304,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct contourModel.Spec.NetworkPublishing.Envoy.Type = networkPublishing.Type } - if networkPublishing.Type == contour_api_v1alpha1.NodePortServicePublishingType { + if networkPublishing.Type == contour_v1alpha1.NodePortServicePublishingType { // when the NetworkPublishingType is 'NodePortServicePublishingType', // the gateway.Spec.Listeners' port will be used to set 'NodePort' in addition to 'ServicePort' for i := range contourModel.Spec.NetworkPublishing.Envoy.Ports { @@ -351,13 +351,13 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct contourModel.Spec.EnvoyLogLevel = envoyParams.LogLevel } - if envoyParams.WorkloadType == contour_api_v1alpha1.WorkloadTypeDeployment && + if envoyParams.WorkloadType == contour_v1alpha1.WorkloadTypeDeployment && envoyParams.Deployment != nil && envoyParams.Deployment.Strategy != nil { contourModel.Spec.EnvoyDeploymentStrategy = *envoyParams.Deployment.Strategy } - if envoyParams.WorkloadType == contour_api_v1alpha1.WorkloadTypeDaemonSet && + if envoyParams.WorkloadType == contour_v1alpha1.WorkloadTypeDaemonSet && envoyParams.DaemonSet != nil && envoyParams.DaemonSet.UpdateStrategy != nil { contourModel.Spec.EnvoyDaemonSetUpdateStrategy = *envoyParams.DaemonSet.UpdateStrategy @@ -388,10 +388,10 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct return ctrl.Result{}, fmt.Errorf("failed to ensure resources for gateway: %w", retryable.NewMaybeRetryableAggregate(errs)) } - var newConds []metav1.Condition + var newConds []meta_v1.Condition for _, cond := range gateway.Status.Conditions { if cond.Type == string(gatewayapi_v1.GatewayConditionAccepted) { - if cond.Status == metav1.ConditionTrue { + if cond.Status == meta_v1.ConditionTrue { return ctrl.Result{}, nil } @@ -404,11 +404,11 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct log.Info("setting gateway's Accepted condition to true") // nolint:gocritic - gateway.Status.Conditions = append(newConds, metav1.Condition{ + gateway.Status.Conditions = append(newConds, meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayConditionAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, ObservedGeneration: gateway.Generation, - LastTransitionTime: metav1.Now(), + LastTransitionTime: meta_v1.Now(), Reason: string(gatewayapi_v1.GatewayReasonAccepted), Message: "Gateway is accepted", }) @@ -473,7 +473,7 @@ func (r *gatewayReconciler) ensureContourDeleted(ctx context.Context, contour *m return errs } -func (r *gatewayReconciler) getGatewayClassParams(ctx context.Context, gatewayClass *gatewayapi_v1beta1.GatewayClass) (*contour_api_v1alpha1.ContourDeployment, error) { +func (r *gatewayReconciler) getGatewayClassParams(ctx context.Context, gatewayClass *gatewayapi_v1beta1.GatewayClass) (*contour_v1alpha1.ContourDeployment, error) { // Check if there is a parametersRef to ContourDeployment with // a namespace specified. Theoretically, we should only be reconciling // Gateways for GatewayClasses that have valid parameter refs (or no refs), @@ -487,7 +487,7 @@ func (r *gatewayReconciler) getGatewayClassParams(ctx context.Context, gatewayCl return nil, nil } - gcParams := &contour_api_v1alpha1.ContourDeployment{} + gcParams := &contour_v1alpha1.ContourDeployment{} key := client.ObjectKey{ Namespace: string(*gatewayClass.Spec.ParametersRef.Namespace), Name: gatewayClass.Spec.ParametersRef.Name, diff --git a/internal/provisioner/controller/gateway_test.go b/internal/provisioner/controller/gateway_test.go index d786789e867..b099064e147 100644 --- a/internal/provisioner/controller/gateway_test.go +++ b/internal/provisioner/controller/gateway_test.go @@ -17,44 +17,44 @@ import ( "context" "testing" - contourv1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/provisioner" - "github.com/projectcontour/contour/internal/provisioner/model" - "github.com/projectcontour/contour/internal/ref" - "github.com/go-logr/logr" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + rbac_v1 "k8s.io/api/rbac/v1" "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/provisioner" + "github.com/projectcontour/contour/internal/provisioner/model" + "github.com/projectcontour/contour/internal/ref" ) func TestGatewayReconcile(t *testing.T) { const controller = "projectcontour.io/gateway-controller" - reconcilableGatewayClass := func(name, controller string) *gatewayv1beta1.GatewayClass { - return &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + reconcilableGatewayClass := func(name, controller string) *gatewayapi_v1beta1.GatewayClass { + return &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, }, - Spec: gatewayv1beta1.GatewayClassSpec{ - ControllerName: gatewayv1beta1.GatewayController(controller), + Spec: gatewayapi_v1beta1.GatewayClassSpec{ + ControllerName: gatewayapi_v1beta1.GatewayController(controller), }, // the fake client lets us create resources with a status set - Status: gatewayv1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Status: gatewayapi_v1beta1.GatewayClassStatus{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), }, }, @@ -62,74 +62,74 @@ func TestGatewayReconcile(t *testing.T) { } } - reconcilableGatewayClassWithParams := func(name, controller string) *gatewayv1beta1.GatewayClass { + reconcilableGatewayClassWithParams := func(name, controller string) *gatewayapi_v1beta1.GatewayClass { gc := reconcilableGatewayClass(name, controller) - gc.Spec.ParametersRef = &gatewayv1beta1.ParametersReference{ - Group: gatewayv1beta1.Group(contourv1alpha1.GroupVersion.Group), + gc.Spec.ParametersRef = &gatewayapi_v1beta1.ParametersReference{ + Group: gatewayapi_v1beta1.Group(contour_v1alpha1.GroupVersion.Group), Kind: "ContourDeployment", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), Name: name + "-params", } return gc } - reconcilableGatewayClassWithInvalidParams := func(name, controller string) *gatewayv1beta1.GatewayClass { + reconcilableGatewayClassWithInvalidParams := func(name, controller string) *gatewayapi_v1beta1.GatewayClass { gc := reconcilableGatewayClass(name, controller) - gc.Spec.ParametersRef = &gatewayv1beta1.ParametersReference{ - Group: gatewayv1beta1.Group(contourv1alpha1.GroupVersion.Group), + gc.Spec.ParametersRef = &gatewayapi_v1beta1.ParametersReference{ + Group: gatewayapi_v1beta1.Group(contour_v1alpha1.GroupVersion.Group), Kind: "InvalidKind", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), Name: name + "-params", } return gc } - makeGateway := func() *gatewayv1beta1.Gateway { - return &gatewayv1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + makeGateway := func() *gatewayapi_v1beta1.Gateway { + return &gatewayapi_v1beta1.Gateway{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "gateway-1", }, - Spec: gatewayv1beta1.GatewaySpec{ - GatewayClassName: gatewayv1beta1.ObjectName("gatewayclass-1"), + Spec: gatewayapi_v1beta1.GatewaySpec{ + GatewayClassName: gatewayapi_v1beta1.ObjectName("gatewayclass-1"), }, } } - makeGatewayWithAddrs := func(addrs []gatewayv1beta1.GatewayAddress) *gatewayv1beta1.Gateway { + makeGatewayWithAddrs := func(addrs []gatewayapi_v1beta1.GatewayAddress) *gatewayapi_v1beta1.Gateway { gtw := makeGateway() gtw.Spec.Addresses = addrs return gtw } - makeGatewayWithListeners := func(listeners []gatewayv1beta1.Listener) *gatewayv1beta1.Gateway { + makeGatewayWithListeners := func(listeners []gatewayapi_v1beta1.Listener) *gatewayapi_v1beta1.Gateway { gtw := makeGateway() gtw.Spec.Listeners = listeners return gtw } tests := map[string]struct { - gatewayClass *gatewayv1beta1.GatewayClass - gatewayClassParams *contourv1alpha1.ContourDeployment - gateway *gatewayv1beta1.Gateway + gatewayClass *gatewayapi_v1beta1.GatewayClass + gatewayClassParams *contour_v1alpha1.ContourDeployment + gateway *gatewayapi_v1beta1.Gateway req *reconcile.Request - assertions func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) + assertions func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) }{ "A gateway for a reconcilable gatewayclass is reconciled": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the Contour deployment has been created - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contour-gateway-1", }, @@ -138,25 +138,25 @@ func TestGatewayReconcile(t *testing.T) { }, }, "A gateway for a non-reconcilable gatewayclass (not accepted) is not reconciled": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ - ControllerName: gatewayv1beta1.GatewayController(controller), + Spec: gatewayapi_v1beta1.GatewayClassSpec{ + ControllerName: gatewayapi_v1beta1.GatewayController(controller), }, - Status: gatewayv1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Status: gatewayapi_v1beta1.GatewayClassStatus{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, }, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify that the Gateway has not had a "Accepted: true" condition set @@ -164,8 +164,8 @@ func TestGatewayReconcile(t *testing.T) { require.Empty(t, gw.Status.Conditions, 0) // Verify the Contour deployment has not been created - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contour-gateway-1", }, @@ -175,25 +175,25 @@ func TestGatewayReconcile(t *testing.T) { }, }, "A gateway for a non-reconcilable gatewayclass (non-matching controller) is not reconciled": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "someothercontroller.io/controller", }, - Status: gatewayv1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Status: gatewayapi_v1beta1.GatewayClassStatus{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), }, }, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify that the Gateway has not had a "Accepted: true" condition set @@ -201,8 +201,8 @@ func TestGatewayReconcile(t *testing.T) { require.Empty(t, gw.Status.Conditions, 0) // Verify the Contour deployment has not been created - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contour-gateway-1", }, @@ -214,100 +214,100 @@ func TestGatewayReconcile(t *testing.T) { "A gateway with no addresses results in an Envoy service with no loadBalancerIP": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "") }, }, "A gateway with one IP address results in an Envoy service with loadBalancerIP set to that IP address": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithAddrs([]gatewayv1beta1.GatewayAddress{ + gateway: makeGatewayWithAddrs([]gatewayapi_v1beta1.GatewayAddress{ { - Type: ref.To(gatewayv1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1beta1.IPAddressType), Value: "172.18.255.207", }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "172.18.255.207") }, }, "A gateway with two IP addresses results in an Envoy service with loadBalancerIP set to the first IP address": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithAddrs([]gatewayv1beta1.GatewayAddress{ + gateway: makeGatewayWithAddrs([]gatewayapi_v1beta1.GatewayAddress{ { - Type: ref.To(gatewayv1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1beta1.IPAddressType), Value: "172.18.255.207", }, { - Type: ref.To(gatewayv1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1beta1.IPAddressType), Value: "172.18.255.999", }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "172.18.255.207") }, }, "A gateway with one Hostname address results in an Envoy service with loadBalancerIP set to that hostname": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithAddrs([]gatewayv1beta1.GatewayAddress{ + gateway: makeGatewayWithAddrs([]gatewayapi_v1beta1.GatewayAddress{ { - Type: ref.To(gatewayv1beta1.HostnameAddressType), + Type: ref.To(gatewayapi_v1beta1.HostnameAddressType), Value: "projectcontour.io", }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "projectcontour.io") }, }, "A gateway with two Hostname addresses results in an Envoy service with loadBalancerIP set to the first hostname": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithAddrs([]gatewayv1beta1.GatewayAddress{ + gateway: makeGatewayWithAddrs([]gatewayapi_v1beta1.GatewayAddress{ { - Type: ref.To(gatewayv1beta1.HostnameAddressType), + Type: ref.To(gatewayapi_v1beta1.HostnameAddressType), Value: "projectcontour.io", }, { - Type: ref.To(gatewayv1beta1.HostnameAddressType), + Type: ref.To(gatewayapi_v1beta1.HostnameAddressType), Value: "anotherhost.io", }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "projectcontour.io") }, }, "A gateway with one custom address type results in an Envoy service with no loadBalancerIP": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithAddrs([]gatewayv1beta1.GatewayAddress{ + gateway: makeGatewayWithAddrs([]gatewayapi_v1beta1.GatewayAddress{ { - Type: ref.To(gatewayv1beta1.AddressType("acme.io/CustomAddressType")), + Type: ref.To(gatewayapi_v1beta1.AddressType("acme.io/CustomAddressType")), Value: "custom-address-types-are-not-supported", }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "") }, }, "Config from the Gateway's GatewayClass params is applied to the provisioned ContourConfiguration": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - RuntimeSettings: &contourv1alpha1.ContourConfigurationSpec{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + RuntimeSettings: &contour_v1alpha1.ContourConfigurationSpec{ EnableExternalNameService: ref.To(true), - Envoy: &contourv1alpha1.EnvoyConfig{ - Listener: &contourv1alpha1.EnvoyListenerConfig{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Listener: &contour_v1alpha1.EnvoyListenerConfig{ DisableMergeSlashes: ref.To(true), }, - Metrics: &contourv1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Port: 8003, }, }, @@ -315,41 +315,41 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the ContourConfiguration has been created - contourConfig := &contourv1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + contourConfig := &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contourconfig-gateway-1", }, } require.NoError(t, r.client.Get(context.Background(), keyFor(contourConfig), contourConfig)) - want := contourv1alpha1.ContourConfigurationSpec{ + want := contour_v1alpha1.ContourConfigurationSpec{ EnableExternalNameService: ref.To(true), - Gateway: &contourv1alpha1.GatewayConfig{ - GatewayRef: &contourv1alpha1.NamespacedName{ + Gateway: &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: gw.Name, Name: gw.Name, }, }, - Envoy: &contourv1alpha1.EnvoyConfig{ - Listener: &contourv1alpha1.EnvoyListenerConfig{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Listener: &contour_v1alpha1.EnvoyListenerConfig{ DisableMergeSlashes: ref.To(true), }, - Service: &contourv1alpha1.NamespacedName{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: gw.Namespace, Name: "envoy-" + gw.Name, }, - Metrics: &contourv1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Port: 8003, }, }, @@ -360,22 +360,22 @@ func TestGatewayReconcile(t *testing.T) { }, "Gateway-related config from the Gateway's GatewayClass params is overridden": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - RuntimeSettings: &contourv1alpha1.ContourConfigurationSpec{ - Gateway: &contourv1alpha1.GatewayConfig{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + RuntimeSettings: &contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{ ControllerName: "some-controller", - GatewayRef: &contourv1alpha1.NamespacedName{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: "some-other-namespace", Name: "some-other-gateway", }, }, - Envoy: &contourv1alpha1.EnvoyConfig{ - Service: &contourv1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: "some-other-namespace", Name: "some-other-service", }, @@ -384,33 +384,33 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the ContourConfiguration has been created - contourConfig := &contourv1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + contourConfig := &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contourconfig-gateway-1", }, } require.NoError(t, r.client.Get(context.Background(), keyFor(contourConfig), contourConfig)) - want := contourv1alpha1.ContourConfigurationSpec{ - Gateway: &contourv1alpha1.GatewayConfig{ - GatewayRef: &contourv1alpha1.NamespacedName{ + want := contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: gw.Name, Name: gw.Name, }, }, - Envoy: &contourv1alpha1.EnvoyConfig{ - Service: &contourv1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: gw.Namespace, Name: "envoy-" + gw.Name, }, @@ -422,16 +422,16 @@ func TestGatewayReconcile(t *testing.T) { }, "If the Gateway's GatewayClass parametersRef is invalid it's ignored and the Gateway gets a default ContourConfiguration": { gatewayClass: reconcilableGatewayClassWithInvalidParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - RuntimeSettings: &contourv1alpha1.ContourConfigurationSpec{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + RuntimeSettings: &contour_v1alpha1.ContourConfigurationSpec{ EnableExternalNameService: ref.To(true), - Envoy: &contourv1alpha1.EnvoyConfig{ - Listener: &contourv1alpha1.EnvoyListenerConfig{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Listener: &contour_v1alpha1.EnvoyListenerConfig{ DisableMergeSlashes: ref.To(true), }, }, @@ -439,33 +439,33 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the ContourConfiguration has been created - contourConfig := &contourv1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + contourConfig := &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contourconfig-gateway-1", }, } require.NoError(t, r.client.Get(context.Background(), keyFor(contourConfig), contourConfig)) - want := contourv1alpha1.ContourConfigurationSpec{ - Gateway: &contourv1alpha1.GatewayConfig{ - GatewayRef: &contourv1alpha1.NamespacedName{ + want := contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: gw.Name, Name: gw.Name, }, }, - Envoy: &contourv1alpha1.EnvoyConfig{ - Service: &contourv1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: gw.Namespace, Name: "envoy-" + gw.Name, }, @@ -477,7 +477,7 @@ func TestGatewayReconcile(t *testing.T) { }, "The Envoy service's ports are derived from the Gateway's listeners (http & https)": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithListeners([]gatewayv1beta1.Listener{ + gateway: makeGatewayWithListeners([]gatewayapi_v1beta1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -487,7 +487,7 @@ func TestGatewayReconcile(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayv1beta1.Hostname("foo.bar")), + Hostname: ref.To(gatewayapi_v1beta1.Hostname("foo.bar")), }, { Name: "listener-3", @@ -509,21 +509,21 @@ func TestGatewayReconcile(t *testing.T) { Name: "listener-6", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayv1beta1.Hostname("foo.bar")), + Hostname: ref.To(gatewayapi_v1beta1.Hostname("foo.bar")), }, { Name: "listener-7", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 8443, - Hostname: ref.To(gatewayv1beta1.Hostname("foo.baz")), + Hostname: ref.To(gatewayapi_v1beta1.Hostname("foo.baz")), }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Get the expected Envoy service from the client. - envoyService := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + envoyService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: gw.Namespace, Name: "envoy-" + gw.Name, }, @@ -531,27 +531,27 @@ func TestGatewayReconcile(t *testing.T) { require.NoError(t, r.client.Get(context.Background(), keyFor(envoyService), envoyService)) require.Len(t, envoyService.Spec.Ports, 4) - assert.Contains(t, envoyService.Spec.Ports, corev1.ServicePort{ + assert.Contains(t, envoyService.Spec.Ports, core_v1.ServicePort{ Name: "http-80", - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, Port: 80, TargetPort: intstr.IntOrString{IntVal: 8080}, }) - assert.Contains(t, envoyService.Spec.Ports, corev1.ServicePort{ + assert.Contains(t, envoyService.Spec.Ports, core_v1.ServicePort{ Name: "http-81", - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, Port: 81, TargetPort: intstr.IntOrString{IntVal: 8081}, }) - assert.Contains(t, envoyService.Spec.Ports, corev1.ServicePort{ + assert.Contains(t, envoyService.Spec.Ports, core_v1.ServicePort{ Name: "https-443", - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, Port: 443, TargetPort: intstr.IntOrString{IntVal: 8443}, }) - assert.Contains(t, envoyService.Spec.Ports, corev1.ServicePort{ + assert.Contains(t, envoyService.Spec.Ports, core_v1.ServicePort{ Name: "https-8443", - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, Port: 8443, TargetPort: intstr.IntOrString{IntVal: 16443}, }) @@ -559,7 +559,7 @@ func TestGatewayReconcile(t *testing.T) { }, "The Envoy service's ports are derived from the Gateway's listeners (http only)": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithListeners([]gatewayv1beta1.Listener{ + gateway: makeGatewayWithListeners([]gatewayapi_v1beta1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -569,7 +569,7 @@ func TestGatewayReconcile(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayv1beta1.Hostname("foo.bar")), + Hostname: ref.To(gatewayapi_v1beta1.Hostname("foo.bar")), }, { Name: "listener-3", @@ -583,11 +583,11 @@ func TestGatewayReconcile(t *testing.T) { Port: 82, }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Get the expected Envoy service from the client. - envoyService := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + envoyService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: gw.Namespace, Name: "envoy-" + gw.Name, }, @@ -595,15 +595,15 @@ func TestGatewayReconcile(t *testing.T) { require.NoError(t, r.client.Get(context.Background(), keyFor(envoyService), envoyService)) require.Len(t, envoyService.Spec.Ports, 2) - assert.Contains(t, envoyService.Spec.Ports, corev1.ServicePort{ + assert.Contains(t, envoyService.Spec.Ports, core_v1.ServicePort{ Name: "http-80", - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, Port: 80, TargetPort: intstr.IntOrString{IntVal: 8080}, }) - assert.Contains(t, envoyService.Spec.Ports, corev1.ServicePort{ + assert.Contains(t, envoyService.Spec.Ports, core_v1.ServicePort{ Name: "http-8080", - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, Port: 8080, TargetPort: intstr.IntOrString{IntVal: 16080}, }) @@ -611,26 +611,26 @@ func TestGatewayReconcile(t *testing.T) { }, "If ContourDeployment.Spec.Contour.Replicas is not specified, the Contour deployment defaults to 2 replicas": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{}, + Spec: contour_v1alpha1.ContourDeploymentSpec{}, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the Deployment has been created - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contour-gateway-1", }, @@ -643,36 +643,36 @@ func TestGatewayReconcile(t *testing.T) { }, "If ContourDeployment.Spec.Contour.Deployment is specified, the Contour deployment gets that settings": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Contour: &contourv1alpha1.ContourSettings{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Contour: &contour_v1alpha1.ContourSettings{ Replicas: 3, - Deployment: &contourv1alpha1.DeploymentSettings{ + Deployment: &contour_v1alpha1.DeploymentSettings{ Replicas: 4, - Strategy: &appsv1.DeploymentStrategy{ - Type: appsv1.RecreateDeploymentStrategyType, + Strategy: &apps_v1.DeploymentStrategy{ + Type: apps_v1.RecreateDeploymentStrategyType, }, }, }, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the Deployment has been created - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contour-gateway-1", }, @@ -682,33 +682,33 @@ func TestGatewayReconcile(t *testing.T) { require.NotNil(t, deploy.Spec.Replicas) assert.EqualValues(t, 4, *deploy.Spec.Replicas) require.NotNil(t, deploy.Spec.Strategy) - assert.EqualValues(t, appsv1.RecreateDeploymentStrategyType, deploy.Spec.Strategy.Type) + assert.EqualValues(t, apps_v1.RecreateDeploymentStrategyType, deploy.Spec.Strategy.Type) }, }, "If ContourDeployment.Spec.Contour.NodePlacement is not specified, the Contour deployment has no node selector or tolerations set": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Contour: &contourv1alpha1.ContourSettings{}, + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Contour: &contour_v1alpha1.ContourSettings{}, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the deployment has been created - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contour-gateway-1", }, @@ -721,19 +721,19 @@ func TestGatewayReconcile(t *testing.T) { }, "If ContourDeployment.Spec.Contour.NodePlacement is specified, it is used for the Contour deployment": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Contour: &contourv1alpha1.ContourSettings{ - NodePlacement: &contourv1alpha1.NodePlacement{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Contour: &contour_v1alpha1.ContourSettings{ + NodePlacement: &contour_v1alpha1.NodePlacement{ NodeSelector: map[string]string{"foo": "bar"}, - Tolerations: []corev1.Toleration{ + Tolerations: []core_v1.Toleration{ { Key: "toleration-key-1", - Operator: corev1.TolerationOpEqual, + Operator: core_v1.TolerationOpEqual, Value: "toleration-value-1", }, }, @@ -742,18 +742,18 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the deployment has been created - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contour-gateway-1", }, @@ -761,10 +761,10 @@ func TestGatewayReconcile(t *testing.T) { require.NoError(t, r.client.Get(context.Background(), keyFor(deploy), deploy)) assert.Equal(t, map[string]string{"foo": "bar"}, deploy.Spec.Template.Spec.NodeSelector) - assert.Equal(t, []corev1.Toleration{ + assert.Equal(t, []core_v1.Toleration{ { Key: "toleration-key-1", - Operator: corev1.TolerationOpEqual, + Operator: core_v1.TolerationOpEqual, Value: "toleration-value-1", }, }, deploy.Spec.Template.Spec.Tolerations) @@ -772,28 +772,28 @@ func TestGatewayReconcile(t *testing.T) { }, "If ContourDeployment.Spec.Envoy.NodePlacement is not specified, the Envoy workload has no node selector or tolerations set": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{}, + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{}, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the daemonset has been created - daemonset := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + daemonset := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -806,19 +806,19 @@ func TestGatewayReconcile(t *testing.T) { }, "If ContourDeployment.Spec.Envoy.NodePlacement is specified, it is used for the Envoy workload": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ - NodePlacement: &contourv1alpha1.NodePlacement{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ + NodePlacement: &contour_v1alpha1.NodePlacement{ NodeSelector: map[string]string{"foo": "bar"}, - Tolerations: []corev1.Toleration{ + Tolerations: []core_v1.Toleration{ { Key: "toleration-key-1", - Operator: corev1.TolerationOpEqual, + Operator: core_v1.TolerationOpEqual, Value: "toleration-value-1", }, }, @@ -827,18 +827,18 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the daemonset has been created - daemonset := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + daemonset := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -846,10 +846,10 @@ func TestGatewayReconcile(t *testing.T) { require.NoError(t, r.client.Get(context.Background(), keyFor(daemonset), daemonset)) assert.Equal(t, map[string]string{"foo": "bar"}, daemonset.Spec.Template.Spec.NodeSelector) - assert.Equal(t, []corev1.Toleration{ + assert.Equal(t, []core_v1.Toleration{ { Key: "toleration-key-1", - Operator: corev1.TolerationOpEqual, + Operator: core_v1.TolerationOpEqual, Value: "toleration-value-1", }, }, daemonset.Spec.Template.Spec.Tolerations) @@ -857,49 +857,49 @@ func TestGatewayReconcile(t *testing.T) { }, "If ContourDeployment.Spec.Envoy.NetworkPublishing is not specified, the Envoy service defaults to a LoadBalancer with no annotations": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{}, + Spec: contour_v1alpha1.ContourDeploymentSpec{}, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the service has been created - svc := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + svc := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, } require.NoError(t, r.client.Get(context.Background(), keyFor(svc), svc)) - assert.Equal(t, corev1.ServiceTypeLoadBalancer, svc.Spec.Type) + assert.Equal(t, core_v1.ServiceTypeLoadBalancer, svc.Spec.Type) assert.Empty(t, svc.Annotations) }, }, "If ContourDeployment.Spec.Envoy.NetworkPublishing is specified, its settings are used for the Envoy service": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ - NetworkPublishing: &contourv1alpha1.NetworkPublishing{ - Type: contourv1alpha1.NodePortServicePublishingType, - ExternalTrafficPolicy: corev1.ServiceExternalTrafficPolicyTypeCluster, - IPFamilyPolicy: corev1.IPFamilyPolicyPreferDualStack, + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ + NetworkPublishing: &contour_v1alpha1.NetworkPublishing{ + Type: contour_v1alpha1.NodePortServicePublishingType, + ExternalTrafficPolicy: core_v1.ServiceExternalTrafficPolicyTypeCluster, + IPFamilyPolicy: core_v1.IPFamilyPolicyPreferDualStack, ServiceAnnotations: map[string]string{ "key-1": "val-1", "key-2": "val-2", @@ -908,51 +908,51 @@ func TestGatewayReconcile(t *testing.T) { }, }, }, - gateway: makeGatewayWithListeners([]gatewayv1beta1.Listener{ + gateway: makeGatewayWithListeners([]gatewayapi_v1beta1.Listener{ { Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayv1beta1.AllowedRoutes{ - Namespaces: &gatewayv1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ + Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - Name: gatewayv1beta1.SectionName("http"), - Port: gatewayv1beta1.PortNumber(30000), + Name: gatewayapi_v1beta1.SectionName("http"), + Port: gatewayapi_v1beta1.PortNumber(30000), }, { - Name: gatewayv1beta1.SectionName("https"), - Port: gatewayv1beta1.PortNumber(30001), + Name: gatewayapi_v1beta1.SectionName("https"), + Port: gatewayapi_v1beta1.PortNumber(30001), Protocol: gatewayapi_v1.HTTPSProtocolType, - AllowedRoutes: &gatewayv1beta1.AllowedRoutes{ - Namespaces: &gatewayv1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ + Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayv1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), }, }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the service has been created - svc := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + svc := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, } require.NoError(t, r.client.Get(context.Background(), keyFor(svc), svc)) - assert.Equal(t, corev1.ServiceExternalTrafficPolicyTypeCluster, svc.Spec.ExternalTrafficPolicy) - assert.Equal(t, ref.To(corev1.IPFamilyPolicyPreferDualStack), svc.Spec.IPFamilyPolicy) - assert.Equal(t, corev1.ServiceTypeNodePort, svc.Spec.Type) + assert.Equal(t, core_v1.ServiceExternalTrafficPolicyTypeCluster, svc.Spec.ExternalTrafficPolicy) + assert.Equal(t, ref.To(core_v1.IPFamilyPolicyPreferDualStack), svc.Spec.IPFamilyPolicy) + assert.Equal(t, core_v1.ServiceTypeNodePort, svc.Spec.Type) require.Len(t, svc.Annotations, 2) assert.Equal(t, "val-1", svc.Annotations["key-1"]) assert.Equal(t, "val-2", svc.Annotations["key-2"]) @@ -966,31 +966,31 @@ func TestGatewayReconcile(t *testing.T) { }, "If ContourDeployment.Spec.Envoy.WorkloadType is set to Deployment, an Envoy deployment is provisioned with the specified number of replicas": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ - WorkloadType: contourv1alpha1.WorkloadTypeDeployment, + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ + WorkloadType: contour_v1alpha1.WorkloadTypeDeployment, Replicas: 7, }, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the deployment has been created - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -999,8 +999,8 @@ func TestGatewayReconcile(t *testing.T) { assert.EqualValues(t, 7, *deploy.Spec.Replicas) // Verify that a daemonset has *not* been created - ds := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + ds := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -1012,37 +1012,37 @@ func TestGatewayReconcile(t *testing.T) { "If ContourDeployment.Spec.Envoy.WorkloadType is set to Deployment," + "an Envoy deployment is provisioned with the settings come from DeployemntSettings": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ - WorkloadType: contourv1alpha1.WorkloadTypeDeployment, + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ + WorkloadType: contour_v1alpha1.WorkloadTypeDeployment, Replicas: 7, - Deployment: &contourv1alpha1.DeploymentSettings{ + Deployment: &contour_v1alpha1.DeploymentSettings{ Replicas: 6, - Strategy: &appsv1.DeploymentStrategy{ - Type: appsv1.RecreateDeploymentStrategyType, + Strategy: &apps_v1.DeploymentStrategy{ + Type: apps_v1.RecreateDeploymentStrategyType, }, }, }, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has an "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the deployment has been created - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -1053,11 +1053,11 @@ func TestGatewayReconcile(t *testing.T) { assert.EqualValues(t, 6, *deploy.Spec.Replicas) assert.NotNil(t, deploy.Spec.Strategy) - assert.EqualValues(t, appsv1.RecreateDeploymentStrategyType, deploy.Spec.Strategy.Type) + assert.EqualValues(t, apps_v1.RecreateDeploymentStrategyType, deploy.Spec.Strategy.Type) // Verify that a daemonset has *not* been created - ds := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + ds := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -1069,13 +1069,13 @@ func TestGatewayReconcile(t *testing.T) { "If ContourDeployment.Spec.Envoy.PodAnnotations is specified, the Envoy pods' have annotations for prometheus & user-defined": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ PodAnnotations: map[string]string{ "key": "val", }, @@ -1083,18 +1083,18 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the service has been created - ds := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + ds := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -1106,21 +1106,21 @@ func TestGatewayReconcile(t *testing.T) { "If ContourDeployment.Spec.Envoy.BaseID is specified, the Envoy container's arguments contain --base-id": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ BaseID: 1, }, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { - ds := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + ds := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -1132,21 +1132,21 @@ func TestGatewayReconcile(t *testing.T) { "If ContourDeployment.Spec.Envoy.OverloadMaxHeapSize is specified, the envoy-initconfig container's arguments contain --overload-max-heap": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ OverloadMaxHeapSize: 10000000, }, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { - ds := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + ds := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -1158,19 +1158,19 @@ func TestGatewayReconcile(t *testing.T) { "If ContourDeployment.Spec.Envoy.OverloadMaxHeapSize is not specified, the envoy-initconfig container's arguments contain --overload-max-heap=0": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{}, + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{}, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { - ds := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + ds := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -1182,13 +1182,13 @@ func TestGatewayReconcile(t *testing.T) { "If ContourDeployment.Spec.Contour.PodAnnotations is specified, the Contour pods' have annotations for prometheus & user-defined": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Contour: &contourv1alpha1.ContourSettings{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Contour: &contour_v1alpha1.ContourSettings{ PodAnnotations: map[string]string{ "key": "val", }, @@ -1196,18 +1196,18 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the deployment has been created - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "contour-gateway-1", }, @@ -1221,45 +1221,45 @@ func TestGatewayReconcile(t *testing.T) { "If ContourDeployment.Spec.Envoy.WorkloadType is set to DaemonSet," + "an Envoy daemonset is provisioned with the strategy that come from DaemonsetSettings": { gatewayClass: reconcilableGatewayClassWithParams("gatewayclass-1", controller), - gatewayClassParams: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClassParams: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-1-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ - WorkloadType: contourv1alpha1.WorkloadTypeDaemonSet, - DaemonSet: &contourv1alpha1.DaemonSetSettings{ - UpdateStrategy: &appsv1.DaemonSetUpdateStrategy{ - Type: appsv1.OnDeleteDaemonSetStrategyType, + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ + WorkloadType: contour_v1alpha1.WorkloadTypeDaemonSet, + DaemonSet: &contour_v1alpha1.DaemonSetSettings{ + UpdateStrategy: &apps_v1.DaemonSetUpdateStrategy{ + Type: apps_v1.OnDeleteDaemonSetStrategyType, }, }, }, }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has an "Accepted: true" condition require.NoError(t, r.client.Get(context.Background(), keyFor(gw), gw)) require.Len(t, gw.Status.Conditions, 1) assert.Equal(t, string(gatewayapi_v1.GatewayConditionAccepted), gw.Status.Conditions[0].Type) - assert.Equal(t, metav1.ConditionTrue, gw.Status.Conditions[0].Status) + assert.Equal(t, meta_v1.ConditionTrue, gw.Status.Conditions[0].Status) // Verify the daemonset has been created - ds := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + ds := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, } require.NoError(t, r.client.Get(context.Background(), keyFor(ds), ds)) - assert.EqualValues(t, appsv1.OnDeleteDaemonSetStrategyType, ds.Spec.UpdateStrategy.Type) + assert.EqualValues(t, apps_v1.OnDeleteDaemonSetStrategyType, ds.Spec.UpdateStrategy.Type) // Verify that a deployment has *not* been created - deployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployment := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "envoy-gateway-1", }, @@ -1270,13 +1270,13 @@ func TestGatewayReconcile(t *testing.T) { }, "The Gateway's infrastructure labels and annotations are set on all resources": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: &gatewayv1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + gateway: &gatewayapi_v1beta1.Gateway{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "gateway-1", }, - Spec: gatewayv1beta1.GatewaySpec{ - GatewayClassName: gatewayv1beta1.ObjectName("gatewayclass-1"), + Spec: gatewayapi_v1beta1.GatewaySpec{ + GatewayClassName: gatewayapi_v1beta1.ObjectName("gatewayclass-1"), Infrastructure: &gatewayapi_v1.GatewayInfrastructure{ Labels: map[gatewayapi_v1.AnnotationKey]gatewayapi_v1.AnnotationValue{ gatewayapi_v1.AnnotationKey("projectcontour.io/label-1"): gatewayapi_v1.AnnotationValue("label-value-1"), @@ -1289,48 +1289,48 @@ func TestGatewayReconcile(t *testing.T) { }, }, }, - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) for _, obj := range []client.Object{ - &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, + &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, }, - &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, + &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, }, - &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, }, - &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, }, - &contourv1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contourconfig-gateway-1"}, + &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contourconfig-gateway-1"}, }, - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contourcert-gateway-1"}, + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contourcert-gateway-1"}, }, - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "envoycert-gateway-1"}, + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "envoycert-gateway-1"}, }, - &corev1.ServiceAccount{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, + &core_v1.ServiceAccount{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, }, - &corev1.ServiceAccount{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, + &core_v1.ServiceAccount{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, }, - &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: "contour-gateway-1-gateway-1"}, + &rbac_v1.ClusterRole{ + ObjectMeta: meta_v1.ObjectMeta{Name: "contour-gateway-1-gateway-1"}, }, - &rbacv1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{Name: "contour-gateway-1-gateway-1"}, + &rbac_v1.ClusterRoleBinding{ + ObjectMeta: meta_v1.ObjectMeta{Name: "contour-gateway-1-gateway-1"}, }, - &rbacv1.Role{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, + &rbac_v1.Role{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, }, - &rbacv1.RoleBinding{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contour-rolebinding-gateway-1"}, + &rbac_v1.RoleBinding{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contour-rolebinding-gateway-1"}, }, } { require.NoError(t, r.client.Get(context.Background(), keyFor(obj), obj)) @@ -1347,48 +1347,48 @@ func TestGatewayReconcile(t *testing.T) { "Gateway owner labels are set on all resources": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayv1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) for _, obj := range []client.Object{ - &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, + &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, }, - &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, + &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, }, - &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, }, - &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, }, - &contourv1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contourconfig-gateway-1"}, + &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contourconfig-gateway-1"}, }, - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contourcert-gateway-1"}, + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contourcert-gateway-1"}, }, - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "envoycert-gateway-1"}, + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "envoycert-gateway-1"}, }, - &corev1.ServiceAccount{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, + &core_v1.ServiceAccount{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, }, - &corev1.ServiceAccount{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, + &core_v1.ServiceAccount{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "envoy-gateway-1"}, }, - &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{Name: "contour-gateway-1-gateway-1"}, + &rbac_v1.ClusterRole{ + ObjectMeta: meta_v1.ObjectMeta{Name: "contour-gateway-1-gateway-1"}, }, - &rbacv1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{Name: "contour-gateway-1-gateway-1"}, + &rbac_v1.ClusterRoleBinding{ + ObjectMeta: meta_v1.ObjectMeta{Name: "contour-gateway-1-gateway-1"}, }, - &rbacv1.Role{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, + &rbac_v1.Role{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contour-gateway-1"}, }, - &rbacv1.RoleBinding{ - ObjectMeta: metav1.ObjectMeta{Namespace: "gateway-1", Name: "contour-rolebinding-gateway-1"}, + &rbac_v1.RoleBinding{ + ObjectMeta: meta_v1.ObjectMeta{Namespace: "gateway-1", Name: "contour-rolebinding-gateway-1"}, }, } { require.NoError(t, r.client.Get(context.Background(), keyFor(obj), obj)) @@ -1440,10 +1440,10 @@ func TestGatewayReconcile(t *testing.T) { } } -func assertEnvoyServiceLoadBalancerIP(t *testing.T, gateway *gatewayv1beta1.Gateway, client client.Client, want string) { +func assertEnvoyServiceLoadBalancerIP(t *testing.T, gateway *gatewayapi_v1beta1.Gateway, client client.Client, want string) { // Get the expected Envoy service from the client. - envoyService := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + envoyService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: gateway.Namespace, Name: "envoy-" + gateway.Name, }, diff --git a/internal/provisioner/controller/gatewayclass.go b/internal/provisioner/controller/gatewayclass.go index 69b96b131cb..019b226fc9b 100644 --- a/internal/provisioner/controller/gatewayclass.go +++ b/internal/provisioner/controller/gatewayclass.go @@ -18,13 +18,11 @@ import ( "fmt" "strings" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/go-logr/logr" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" apiextensions_v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -36,6 +34,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/source" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) const ( @@ -73,7 +73,7 @@ func NewGatewayClassController(mgr manager.Manager, gatewayController string) (c // Watch ContourDeployments since they can be used as parameters for // GatewayClasses. if err := c.Watch( - source.Kind(mgr.GetCache(), &contour_api_v1alpha1.ContourDeployment{}), + source.Kind(mgr.GetCache(), &contour_v1alpha1.ContourDeployment{}), handler.EnqueueRequestsFromMapFunc(r.mapContourDeploymentToGatewayClasses), ); err != nil { return nil, err @@ -149,7 +149,7 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request // Collect various status conditions here so we can update using // setConditions. - statusConditions := map[string]metav1.Condition{} + statusConditions := map[string]meta_v1.Condition{} statusConditions[string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion)] = r.getSupportedVersionCondition(ctx) @@ -158,9 +158,9 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request return ctrl.Result{}, fmt.Errorf("error checking gateway class's parametersRef: %w", err) } if !ok { - statusConditions[string(gatewayapi_v1.GatewayClassConditionStatusAccepted)] = metav1.Condition{ + statusConditions[string(gatewayapi_v1.GatewayClassConditionStatusAccepted)] = meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), Message: "Invalid ParametersRef, must be a reference to an existing namespaced projectcontour.io/ContourDeployment resource", } @@ -178,7 +178,7 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request if params.Spec.Envoy != nil { switch params.Spec.Envoy.WorkloadType { // valid values, nothing to do - case "", contour_api_v1alpha1.WorkloadTypeDaemonSet, contour_api_v1alpha1.WorkloadTypeDeployment: + case "", contour_v1alpha1.WorkloadTypeDaemonSet, contour_v1alpha1.WorkloadTypeDeployment: // invalid value, set message default: msg := fmt.Sprintf("invalid ContourDeployment spec.envoy.workloadType %q, must be DaemonSet or Deployment", params.Spec.Envoy.WorkloadType) @@ -188,7 +188,7 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request if params.Spec.Envoy.NetworkPublishing != nil { switch params.Spec.Envoy.NetworkPublishing.Type { // valid values, nothing to do - case "", contour_api_v1alpha1.LoadBalancerServicePublishingType, contour_api_v1alpha1.NodePortServicePublishingType, contour_api_v1alpha1.ClusterIPServicePublishingType: + case "", contour_v1alpha1.LoadBalancerServicePublishingType, contour_v1alpha1.NodePortServicePublishingType, contour_v1alpha1.ClusterIPServicePublishingType: // invalid value, set message default: msg := fmt.Sprintf("invalid ContourDeployment spec.envoy.networkPublishing.type %q, must be LoadBalancerService, NoderPortService or ClusterIPService", @@ -197,7 +197,7 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request } switch params.Spec.Envoy.NetworkPublishing.IPFamilyPolicy { - case "", corev1.IPFamilyPolicySingleStack, corev1.IPFamilyPolicyPreferDualStack, corev1.IPFamilyPolicyRequireDualStack: + case "", core_v1.IPFamilyPolicySingleStack, core_v1.IPFamilyPolicyPreferDualStack, core_v1.IPFamilyPolicyRequireDualStack: default: msg := fmt.Sprintf("invalid ContourDeployment spec.envoy.networkPublishing.ipFamilyPolicy %q, must be SingleStack, PreferDualStack or RequireDualStack", params.Spec.Envoy.NetworkPublishing.IPFamilyPolicy) @@ -205,7 +205,7 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request } switch params.Spec.Envoy.NetworkPublishing.ExternalTrafficPolicy { - case "", corev1.ServiceExternalTrafficPolicyTypeCluster, corev1.ServiceExternalTrafficPolicyTypeLocal: + case "", core_v1.ServiceExternalTrafficPolicyTypeCluster, core_v1.ServiceExternalTrafficPolicyTypeLocal: default: msg := fmt.Sprintf("invalid ContourDeployment spec.envoy.networkPublishing.externalTrafficPolicy %q, must be Local or Cluster", params.Spec.Envoy.NetworkPublishing.ExternalTrafficPolicy) @@ -228,8 +228,8 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request switch params.Spec.Envoy.LogLevel { // valid values, nothing to do. - case "", contour_api_v1alpha1.TraceLog, contour_api_v1alpha1.DebugLog, contour_api_v1alpha1.InfoLog, - contour_api_v1alpha1.WarnLog, contour_api_v1alpha1.ErrorLog, contour_api_v1alpha1.CriticalLog, contour_api_v1alpha1.OffLog: + case "", contour_v1alpha1.TraceLog, contour_v1alpha1.DebugLog, contour_v1alpha1.InfoLog, + contour_v1alpha1.WarnLog, contour_v1alpha1.ErrorLog, contour_v1alpha1.CriticalLog, contour_v1alpha1.OffLog: // invalid value, set message. default: msg := fmt.Sprintf("invalid ContourDeployment spec.envoy.logLevel %q, must be trace, debug, info, warn, error, critical or off", @@ -239,9 +239,9 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request } if len(invalidParamsMessages) > 0 { - statusConditions[string(gatewayapi_v1.GatewayClassConditionStatusAccepted)] = metav1.Condition{ + statusConditions[string(gatewayapi_v1.GatewayClassConditionStatusAccepted)] = meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), Message: strings.Join(invalidParamsMessages, "; "), } @@ -253,9 +253,9 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request } } - statusConditions[string(gatewayapi_v1.GatewayClassConditionStatusAccepted)] = metav1.Condition{ + statusConditions[string(gatewayapi_v1.GatewayClassConditionStatusAccepted)] = meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), Message: "GatewayClass has been accepted by the controller", } @@ -266,8 +266,8 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request return ctrl.Result{}, nil } -func (r *gatewayClassReconciler) setConditions(ctx context.Context, gatewayClass *gatewayapi_v1beta1.GatewayClass, newConds map[string]metav1.Condition) error { - var unchangedConds, updatedConds []metav1.Condition +func (r *gatewayClassReconciler) setConditions(ctx context.Context, gatewayClass *gatewayapi_v1beta1.GatewayClass, newConds map[string]meta_v1.Condition) error { + var unchangedConds, updatedConds []meta_v1.Condition for _, existing := range gatewayClass.Status.Conditions { if cond, ok := newConds[existing.Type]; ok { if existing.Status == cond.Status { @@ -283,7 +283,7 @@ func (r *gatewayClassReconciler) setConditions(ctx context.Context, gatewayClass } } - transitionTime := metav1.Now() + transitionTime := meta_v1.Now() for _, c := range newConds { r.log.WithValues("gatewayclass-name", gatewayClass.Name).Info(fmt.Sprintf("setting gateway class's %s condition to %s", c.Type, c.Status)) c.ObservedGeneration = gatewayClass.Generation @@ -300,15 +300,15 @@ func (r *gatewayClassReconciler) setConditions(ctx context.Context, gatewayClass return nil } -func (r *gatewayClassReconciler) getSupportedVersionCondition(ctx context.Context) metav1.Condition { - cond := metav1.Condition{ +func (r *gatewayClassReconciler) getSupportedVersionCondition(ctx context.Context) meta_v1.Condition { + cond := meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), // Assume false until we get to the happy case. - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonUnsupportedVersion), } gatewayClassCRD := &apiextensions_v1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclasses." + gatewayapi_v1.GroupName, }, } @@ -330,7 +330,7 @@ func (r *gatewayClassReconciler) getSupportedVersionCondition(ctx context.Contex } // No errors found, we can return true. - cond.Status = metav1.ConditionTrue + cond.Status = meta_v1.ConditionTrue cond.Reason = string(gatewayapi_v1.GatewayClassReasonSupportedVersion) cond.Message = fmt.Sprintf("Gateway API CRD bundle version %s is supported.", gatewayAPICRDBundleSupportedVersion) return cond @@ -338,7 +338,7 @@ func (r *gatewayClassReconciler) getSupportedVersionCondition(ctx context.Contex // isValidParametersRef returns true if the provided ParametersReference is // to a ContourDeployment resource that exists. -func (r *gatewayClassReconciler) isValidParametersRef(ctx context.Context, ref *gatewayapi_v1beta1.ParametersReference) (bool, *contour_api_v1alpha1.ContourDeployment, error) { +func (r *gatewayClassReconciler) isValidParametersRef(ctx context.Context, ref *gatewayapi_v1beta1.ParametersReference) (bool, *contour_v1alpha1.ContourDeployment, error) { if ref == nil { return true, nil, nil } @@ -352,7 +352,7 @@ func (r *gatewayClassReconciler) isValidParametersRef(ctx context.Context, ref * Name: ref.Name, } - params := &contour_api_v1alpha1.ContourDeployment{} + params := &contour_v1alpha1.ContourDeployment{} if err := r.client.Get(ctx, key, params); err != nil { if errors.IsNotFound(err) { return false, nil, nil @@ -367,7 +367,7 @@ func isContourDeploymentRef(ref *gatewayapi_v1beta1.ParametersReference) bool { if ref == nil { return false } - if string(ref.Group) != contour_api_v1alpha1.GroupVersion.Group { + if string(ref.Group) != contour_v1alpha1.GroupVersion.Group { return false } if string(ref.Kind) != "ContourDeployment" { diff --git a/internal/provisioner/controller/gatewayclass_test.go b/internal/provisioner/controller/gatewayclass_test.go index 596732e84ac..eefa0e5c671 100644 --- a/internal/provisioner/controller/gatewayclass_test.go +++ b/internal/provisioner/controller/gatewayclass_test.go @@ -19,15 +19,11 @@ import ( "testing" "github.com/bombsimon/logrusr/v4" - contourv1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/provisioner" - "github.com/projectcontour/contour/internal/ref" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" apiextensions_v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -35,338 +31,343 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/reconcile" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/provisioner" + "github.com/projectcontour/contour/internal/ref" ) func TestGatewayClassReconcile(t *testing.T) { tests := map[string]struct { - gatewayClass *gatewayv1beta1.GatewayClass + gatewayClass *gatewayapi_v1beta1.GatewayClass gatewayClassCRD *apiextensions_v1.CustomResourceDefinition - params *contourv1alpha1.ContourDeployment + params *contour_v1alpha1.ContourDeployment req *reconcile.Request - wantConditions []*metav1.Condition - assertions func(t *testing.T, r *gatewayClassReconciler, gc *gatewayv1beta1.GatewayClass, reconcileErr error) + wantConditions []*meta_v1.Condition + assertions func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) }{ "reconcile request for non-existent gatewayclass results in no error": { req: &reconcile.Request{ NamespacedName: types.NamespacedName{Name: "nonexistent"}, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayv1beta1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) - gatewayClasses := &gatewayv1beta1.GatewayClassList{} + gatewayClasses := &gatewayapi_v1beta1.GatewayClassList{} require.NoError(t, r.client.List(context.Background(), gatewayClasses)) assert.Empty(t, gatewayClasses.Items) }, }, "gatewayclass not controlled by us does not get conditions set": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ - ControllerName: gatewayv1beta1.GatewayController("someothercontroller.io/controller"), + Spec: gatewayapi_v1beta1.GatewayClassSpec{ + ControllerName: gatewayapi_v1beta1.GatewayController("someothercontroller.io/controller"), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayv1beta1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) - res := &gatewayv1beta1.GatewayClass{} + res := &gatewayapi_v1beta1.GatewayClass{} require.NoError(t, r.client.Get(context.Background(), keyFor(gc), res)) assert.Empty(t, res.Status.Conditions) }, }, "gatewayclass controlled by us with no parameters gets Accepted: true condition and SupportedVersion: true": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with an invalid parametersRef (target does not exist) gets Accepted: false condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), }, }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with an invalid parametersRef (invalid group) gets Accepted: false condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "invalidgroup.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), }, }, }, - params: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-params", }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with an invalid parametersRef (invalid kind) gets Accepted: false condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "projectcontour.io", Kind: "InvalidKind", Name: "gatewayclass-params", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), }, }, }, - params: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-params", }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with an invalid parametersRef (invalid name) gets Accepted: false condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "invalid-name", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), }, }, }, - params: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-params", }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with an invalid parametersRef (invalid namespace) gets Accepted: false condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayv1beta1.Namespace("invalid-namespace")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("invalid-namespace")), }, }, }, - params: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-params", }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with a valid parametersRef gets Accepted: true condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), }, }, }, - params: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-params", }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with a valid parametersRef but invalid parameter values for NetworkPublishing gets Accepted: false condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), }, }, }, - params: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ WorkloadType: "invalid-workload-type", - NetworkPublishing: &contourv1alpha1.NetworkPublishing{ + NetworkPublishing: &contour_v1alpha1.NetworkPublishing{ Type: "invalid-networkpublishing-type", }, }, }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with a valid parametersRef but invalid parameter values for ExtraVolumeMounts gets Accepted: false condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), }, }, }, - params: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ - ExtraVolumeMounts: []corev1.VolumeMount{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ + ExtraVolumeMounts: []core_v1.VolumeMount{ { Name: "volume-a", }, }, - ExtraVolumes: []corev1.Volume{ + ExtraVolumes: []core_v1.Volume{ { Name: "volume-b", }, @@ -374,184 +375,184 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with a valid parametersRef but invalid parameter values for LogLevel gets Accepted: false condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), }, }, }, - params: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ LogLevel: "invalidLevel", }, }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with a valid parametersRef but invalid parameter values for ExternalTrafficPolicy gets Accepted: false condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), }, }, }, - params: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ - NetworkPublishing: &contourv1alpha1.NetworkPublishing{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ + NetworkPublishing: &contour_v1alpha1.NetworkPublishing{ ExternalTrafficPolicy: "invalid-external-traffic-policy", }, }, }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with a valid parametersRef but invalid parameter values for IPFamilyPolicy gets Accepted: false condition": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayv1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1beta1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayv1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), }, }, }, - params: &contourv1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params: &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "gatewayclass-params", }, - Spec: contourv1alpha1.ContourDeploymentSpec{ - Envoy: &contourv1alpha1.EnvoySettings{ - NetworkPublishing: &contourv1alpha1.NetworkPublishing{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ + NetworkPublishing: &contour_v1alpha1.NetworkPublishing{ IPFamilyPolicy: "invalid-external-traffic-policy", }, }, }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonInvalidParameters), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), }, }, }, "gatewayclass controlled by us with gatewayclass CRD with unsupported version sets Accepted: true, SupportedVersion: False": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, }, gatewayClassCRD: &apiextensions_v1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclasses.gateway.networking.k8s.io", Annotations: map[string]string{ "gateway.networking.k8s.io/bundle-version": "v9.9.9", }, }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonUnsupportedVersion), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayv1beta1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) }, }, "gatewayclass controlled by us with gatewayclass CRD fetch failed sets SupportedVersion: false": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, }, gatewayClassCRD: &apiextensions_v1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ // Use the wrong name so we fail to fetch the CRD, // contrived way to cause this scenario. Name: "gatewayclasses-wrong.gateway.networking.k8s.io", @@ -560,97 +561,97 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonUnsupportedVersion), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayv1beta1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) }, }, "gatewayclass controlled by us with gatewayclass CRD without version annotation sets SupportedVersion: false": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, }, gatewayClassCRD: &apiextensions_v1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclasses.gateway.networking.k8s.io", Annotations: map[string]string{ "gateway.networking.k8s.io/bundle-version-wrong": "v1.0.0", }, }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(gatewayapi_v1.GatewayClassReasonUnsupportedVersion), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayv1beta1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) }, }, "gatewayclass with status from previous generation is updated, only conditions we own are changed": { - gatewayClass: &gatewayv1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", Generation: 2, }, - Spec: gatewayv1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1beta1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, - Status: gatewayv1beta1.GatewayClassStatus{ - Conditions: []metav1.Condition{ + Status: gatewayapi_v1beta1.GatewayClassStatus{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), ObservedGeneration: 1, }, { Type: "SomeOtherCondition", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: "FooReason", ObservedGeneration: 1, }, }, }, }, - wantConditions: []*metav1.Condition{ + wantConditions: []*meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), ObservedGeneration: 2, }, { Type: string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonSupportedVersion), ObservedGeneration: 2, }, { Type: "SomeOtherCondition", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: "FooReason", ObservedGeneration: 1, }, @@ -673,7 +674,7 @@ func TestGatewayClassReconcile(t *testing.T) { client.WithObjects(tc.gatewayClassCRD) } else { client.WithObjects(&apiextensions_v1.CustomResourceDefinition{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclasses.gateway.networking.k8s.io", Annotations: map[string]string{ "gateway.networking.k8s.io/bundle-version": "v1.0.0", @@ -705,7 +706,7 @@ func TestGatewayClassReconcile(t *testing.T) { _, err = r.Reconcile(context.Background(), req) if len(tc.wantConditions) > 0 { - res := &gatewayv1beta1.GatewayClass{} + res := &gatewayapi_v1beta1.GatewayClass{} require.NoError(t, r.client.Get(context.Background(), keyFor(tc.gatewayClass), res)) require.Len(t, res.Status.Conditions, len(tc.wantConditions)) diff --git a/internal/provisioner/equality/equality.go b/internal/provisioner/equality/equality.go index 89d890d2dc7..336fb5905b7 100644 --- a/internal/provisioner/equality/equality.go +++ b/internal/provisioner/equality/equality.go @@ -14,15 +14,15 @@ package equality import ( - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + rbac_v1 "k8s.io/api/rbac/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" ) // DaemonsetConfigChanged checks if current and expected DaemonSet match, // and if not, returns the updated DaemonSet resource. -func DaemonsetConfigChanged(current, expected *appsv1.DaemonSet) (*appsv1.DaemonSet, bool) { +func DaemonsetConfigChanged(current, expected *apps_v1.DaemonSet) (*apps_v1.DaemonSet, bool) { changed := false updated := current.DeepCopy() @@ -45,13 +45,13 @@ func DaemonsetConfigChanged(current, expected *appsv1.DaemonSet) (*appsv1.Daemon } // DaemonSetSelectorsDiffer checks if the current and expected DaemonSet selectors differ. -func DaemonSetSelectorsDiffer(current, expected *appsv1.DaemonSet) bool { +func DaemonSetSelectorsDiffer(current, expected *apps_v1.DaemonSet) bool { return !apiequality.Semantic.DeepEqual(current.Spec.Selector, expected.Spec.Selector) } // DeploymentConfigChanged checks if the current and expected Deployment match // and if not, returns true and the expected Deployment. -func DeploymentConfigChanged(current, expected *appsv1.Deployment) (*appsv1.Deployment, bool) { +func DeploymentConfigChanged(current, expected *apps_v1.Deployment) (*apps_v1.Deployment, bool) { changed := false updated := current.DeepCopy() @@ -73,14 +73,14 @@ func DeploymentConfigChanged(current, expected *appsv1.Deployment) (*appsv1.Depl } // DeploymentSelectorsDiffer checks if the current and expected Deployment selectors differ. -func DeploymentSelectorsDiffer(current, expected *appsv1.Deployment) bool { +func DeploymentSelectorsDiffer(current, expected *apps_v1.Deployment) bool { return !apiequality.Semantic.DeepEqual(current.Spec.Selector, expected.Spec.Selector) } // ClusterIPServiceChanged checks if the spec of current and expected match and if not, // returns true and the expected Service resource. The cluster IP is not compared // as it's assumed to be dynamically assigned. -func ClusterIPServiceChanged(current, expected *corev1.Service) (*corev1.Service, bool) { +func ClusterIPServiceChanged(current, expected *core_v1.Service) (*core_v1.Service, bool) { changed := false updated := current.DeepCopy() @@ -123,7 +123,7 @@ func ClusterIPServiceChanged(current, expected *corev1.Service) (*corev1.Service // LoadBalancerServiceChanged checks if current and expected match and if not, returns // true and the expected Service resource. The healthCheckNodePort and a port's nodePort // are not compared since they are dynamically assigned. -func LoadBalancerServiceChanged(current, expected *corev1.Service) (*corev1.Service, bool) { +func LoadBalancerServiceChanged(current, expected *core_v1.Service) (*core_v1.Service, bool) { changed := false updated := current.DeepCopy() @@ -197,7 +197,7 @@ func LoadBalancerServiceChanged(current, expected *corev1.Service) (*corev1.Serv // NodePortServiceChanged checks if current and expected match and if not, returns // true and the expected Service resource. The healthCheckNodePort is not compared // since it's dynamically assigned. -func NodePortServiceChanged(current, expected *corev1.Service) (*corev1.Service, bool) { +func NodePortServiceChanged(current, expected *core_v1.Service) (*core_v1.Service, bool) { changed := false updated := current.DeepCopy() @@ -252,7 +252,7 @@ func NodePortServiceChanged(current, expected *corev1.Service) (*corev1.Service, // ServiceAccountConfigChanged checks if the current and expected ServiceAccount // match and if not, returns true and the expected ServiceAccount. -func ServiceAccountConfigChanged(current, expected *corev1.ServiceAccount) (*corev1.ServiceAccount, bool) { +func ServiceAccountConfigChanged(current, expected *core_v1.ServiceAccount) (*core_v1.ServiceAccount, bool) { changed := false updated := current.DeepCopy() @@ -270,7 +270,7 @@ func ServiceAccountConfigChanged(current, expected *corev1.ServiceAccount) (*cor // ClusterRoleConfigChanged checks if the current and expected ClusterRole // match and if not, returns true and the expected ClusterRole. -func ClusterRoleConfigChanged(current, expected *rbacv1.ClusterRole) (*rbacv1.ClusterRole, bool) { +func ClusterRoleConfigChanged(current, expected *rbac_v1.ClusterRole) (*rbac_v1.ClusterRole, bool) { changed := false updated := current.DeepCopy() @@ -293,7 +293,7 @@ func ClusterRoleConfigChanged(current, expected *rbacv1.ClusterRole) (*rbacv1.Cl // ClusterRoleBindingConfigChanged checks if the current and expected ClusterRoleBinding // match and if not, returns true and the expected ClusterRoleBinding. -func ClusterRoleBindingConfigChanged(current, expected *rbacv1.ClusterRoleBinding) (*rbacv1.ClusterRoleBinding, bool) { +func ClusterRoleBindingConfigChanged(current, expected *rbac_v1.ClusterRoleBinding) (*rbac_v1.ClusterRoleBinding, bool) { changed := false updated := current.DeepCopy() @@ -322,7 +322,7 @@ func ClusterRoleBindingConfigChanged(current, expected *rbacv1.ClusterRoleBindin // RoleConfigChanged checks if the current and expected Role match // and if not, returns true and the expected Role. -func RoleConfigChanged(current, expected *rbacv1.Role) (*rbacv1.Role, bool) { +func RoleConfigChanged(current, expected *rbac_v1.Role) (*rbac_v1.Role, bool) { changed := false updated := current.DeepCopy() @@ -345,7 +345,7 @@ func RoleConfigChanged(current, expected *rbacv1.Role) (*rbacv1.Role, bool) { // RoleBindingConfigChanged checks if the current and expected RoleBinding // match and if not, returns true and the expected RoleBinding. -func RoleBindingConfigChanged(current, expected *rbacv1.RoleBinding) (*rbacv1.RoleBinding, bool) { +func RoleBindingConfigChanged(current, expected *rbac_v1.RoleBinding) (*rbac_v1.RoleBinding, bool) { changed := false updated := current.DeepCopy() diff --git a/internal/provisioner/equality/equality_test.go b/internal/provisioner/equality/equality_test.go index 1f60ec92eb7..131b9228f8c 100644 --- a/internal/provisioner/equality/equality_test.go +++ b/internal/provisioner/equality/equality_test.go @@ -16,17 +16,17 @@ package equality_test import ( "testing" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects/dataplane" "github.com/projectcontour/contour/internal/provisioner/objects/deployment" "github.com/projectcontour/contour/internal/provisioner/objects/service" "github.com/projectcontour/contour/internal/ref" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) var ( @@ -34,7 +34,7 @@ var ( testNs = testName + "-ns" testImage = "test-image:main" cntr = &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: testName, Namespace: testNs, }, @@ -44,43 +44,43 @@ var ( func TestDaemonSetConfigChanged(t *testing.T) { testCases := []struct { description string - mutate func(ds *appsv1.DaemonSet) + mutate func(ds *apps_v1.DaemonSet) expect bool }{ { description: "if nothing changes", - mutate: func(_ *appsv1.DaemonSet) {}, + mutate: func(_ *apps_v1.DaemonSet) {}, expect: false, }, { description: "if labels are changed", - mutate: func(ds *appsv1.DaemonSet) { + mutate: func(ds *apps_v1.DaemonSet) { ds.Labels = map[string]string{} }, expect: true, }, { description: "if selector is changed", - mutate: func(ds *appsv1.DaemonSet) { - ds.Spec.Selector = &metav1.LabelSelector{} + mutate: func(ds *apps_v1.DaemonSet) { + ds.Spec.Selector = &meta_v1.LabelSelector{} }, expect: true, }, { description: "if the container image is changed", - mutate: func(ds *appsv1.DaemonSet) { + mutate: func(ds *apps_v1.DaemonSet) { ds.Spec.Template.Spec.Containers[0].Image = "foo:latest" }, expect: true, }, { description: "if a volume is changed", - mutate: func(ds *appsv1.DaemonSet) { - ds.Spec.Template.Spec.Volumes = []corev1.Volume{ + mutate: func(ds *apps_v1.DaemonSet) { + ds.Spec.Template.Spec.Volumes = []core_v1.Volume{ { Name: "foo", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ + VolumeSource: core_v1.VolumeSource{ + HostPath: &core_v1.HostPathVolumeSource{ Path: "/foo", }, }, @@ -91,21 +91,21 @@ func TestDaemonSetConfigChanged(t *testing.T) { }, { description: "if container commands are changed", - mutate: func(ds *appsv1.DaemonSet) { + mutate: func(ds *apps_v1.DaemonSet) { ds.Spec.Template.Spec.Containers[0].Command = []string{"foo"} }, expect: true, }, { description: "if container args are changed", - mutate: func(ds *appsv1.DaemonSet) { + mutate: func(ds *apps_v1.DaemonSet) { ds.Spec.Template.Spec.Containers[0].Args = []string{"foo", "bar", "baz"} }, expect: true, }, { description: "if probe values are set to default values", - mutate: func(ds *appsv1.DaemonSet) { + mutate: func(ds *apps_v1.DaemonSet) { for i, c := range ds.Spec.Template.Spec.Containers { if c.Name == dataplane.EnvoyContainerName { ds.Spec.Template.Spec.Containers[i].ReadinessProbe.TimeoutSeconds = int32(1) @@ -140,43 +140,43 @@ func TestDaemonSetConfigChanged(t *testing.T) { func TestDeploymentConfigChanged(t *testing.T) { testCases := []struct { description string - mutate func(deployment *appsv1.Deployment) + mutate func(deployment *apps_v1.Deployment) expect bool }{ { description: "if nothing changes", - mutate: func(_ *appsv1.Deployment) {}, + mutate: func(_ *apps_v1.Deployment) {}, expect: false, }, { description: "if replicas is changed", - mutate: func(deploy *appsv1.Deployment) { + mutate: func(deploy *apps_v1.Deployment) { deploy.Spec.Replicas = nil }, expect: true, }, { description: "if selector is changed", - mutate: func(deploy *appsv1.Deployment) { - deploy.Spec.Selector = &metav1.LabelSelector{} + mutate: func(deploy *apps_v1.Deployment) { + deploy.Spec.Selector = &meta_v1.LabelSelector{} }, expect: true, }, { description: "if the container image is changed", - mutate: func(deploy *appsv1.Deployment) { + mutate: func(deploy *apps_v1.Deployment) { deploy.Spec.Template.Spec.Containers[0].Image = "foo:latest" }, expect: true, }, { description: "if a volume is changed", - mutate: func(deploy *appsv1.Deployment) { - deploy.Spec.Template.Spec.Volumes = []corev1.Volume{ + mutate: func(deploy *apps_v1.Deployment) { + deploy.Spec.Template.Spec.Volumes = []core_v1.Volume{ { Name: "foo", - VolumeSource: corev1.VolumeSource{ - HostPath: &corev1.HostPathVolumeSource{ + VolumeSource: core_v1.VolumeSource{ + HostPath: &core_v1.HostPathVolumeSource{ Path: "/foo", }, }, @@ -187,21 +187,21 @@ func TestDeploymentConfigChanged(t *testing.T) { }, { description: "if container commands are changed", - mutate: func(deploy *appsv1.Deployment) { + mutate: func(deploy *apps_v1.Deployment) { deploy.Spec.Template.Spec.Containers[0].Command = []string{"foo"} }, expect: true, }, { description: "if container args are changed", - mutate: func(deploy *appsv1.Deployment) { + mutate: func(deploy *apps_v1.Deployment) { deploy.Spec.Template.Spec.Containers[0].Args = []string{"foo", "bar", "baz"} }, expect: true, }, { description: "if probe values are set to default values", - mutate: func(deployment *appsv1.Deployment) { + mutate: func(deployment *apps_v1.Deployment) { deployment.Spec.Template.Spec.Containers[0].LivenessProbe.ProbeHandler.HTTPGet.Scheme = "HTTP" deployment.Spec.Template.Spec.Containers[0].LivenessProbe.TimeoutSeconds = int32(1) deployment.Spec.Template.Spec.Containers[0].LivenessProbe.PeriodSeconds = int32(10) @@ -234,24 +234,24 @@ func TestDeploymentConfigChanged(t *testing.T) { func TestClusterIpServiceChanged(t *testing.T) { testCases := []struct { description string - mutate func(service *corev1.Service) + mutate func(service *core_v1.Service) expect bool }{ { description: "if nothing changed", - mutate: func(_ *corev1.Service) {}, + mutate: func(_ *core_v1.Service) {}, expect: false, }, { description: "if the port number changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.Ports[0].Port = int32(1234) }, expect: true, }, { description: "if the target port number changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { intStrPort := intstr.IntOrString{IntVal: int32(1234)} svc.Spec.Ports[0].TargetPort = intStrPort }, @@ -259,24 +259,24 @@ func TestClusterIpServiceChanged(t *testing.T) { }, { description: "if the port name changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.Ports[0].Name = "foo" }, expect: true, }, { description: "if the port protocol changed", - mutate: func(svc *corev1.Service) { - svc.Spec.Ports[0].Protocol = corev1.ProtocolUDP + mutate: func(svc *core_v1.Service) { + svc.Spec.Ports[0].Protocol = core_v1.ProtocolUDP }, expect: true, }, { description: "if ports are added", - mutate: func(svc *corev1.Service) { - port := corev1.ServicePort{ + mutate: func(svc *core_v1.Service) { + port := core_v1.ServicePort{ Name: "foo", - Protocol: corev1.ProtocolUDP, + Protocol: core_v1.ProtocolUDP, Port: int32(1234), TargetPort: intstr.IntOrString{IntVal: int32(1234)}, } @@ -286,43 +286,43 @@ func TestClusterIpServiceChanged(t *testing.T) { }, { description: "if ports are removed", - mutate: func(svc *corev1.Service) { - svc.Spec.Ports = []corev1.ServicePort{} + mutate: func(svc *core_v1.Service) { + svc.Spec.Ports = []core_v1.ServicePort{} }, expect: true, }, { description: "if the cluster IP changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.ClusterIP = "1.2.3.4" }, expect: false, }, { description: "if selector changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.Selector = map[string]string{"foo": "bar"} }, expect: true, }, { description: "if ip family policy changed", - mutate: func(svc *corev1.Service) { - svc.Spec.IPFamilyPolicy = ref.To(corev1.IPFamilyPolicyRequireDualStack) + mutate: func(svc *core_v1.Service) { + svc.Spec.IPFamilyPolicy = ref.To(core_v1.IPFamilyPolicyRequireDualStack) }, expect: true, }, { description: "if service type changed", - mutate: func(svc *corev1.Service) { - svc.Spec.Type = corev1.ServiceTypeLoadBalancer + mutate: func(svc *core_v1.Service) { + svc.Spec.Type = core_v1.ServiceTypeLoadBalancer }, expect: true, }, { description: "if session affinity changed", - mutate: func(svc *corev1.Service) { - svc.Spec.SessionAffinity = corev1.ServiceAffinityClientIP + mutate: func(svc *core_v1.Service) { + svc.Spec.SessionAffinity = core_v1.ServiceAffinityClientIP }, expect: true, }, @@ -346,24 +346,24 @@ func TestClusterIpServiceChanged(t *testing.T) { func TestLoadBalancerServiceChanged(t *testing.T) { testCases := []struct { description string - mutate func(service *corev1.Service) + mutate func(service *core_v1.Service) expect bool }{ { description: "if nothing changed", - mutate: func(_ *corev1.Service) {}, + mutate: func(_ *core_v1.Service) {}, expect: false, }, { description: "if the port number changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.Ports[0].Port = int32(1234) }, expect: true, }, { description: "if the target port number changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { intStrPort := intstr.IntOrString{IntVal: int32(1234)} svc.Spec.Ports[0].TargetPort = intStrPort }, @@ -371,24 +371,24 @@ func TestLoadBalancerServiceChanged(t *testing.T) { }, { description: "if the port name changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.Ports[0].Name = "foo" }, expect: true, }, { description: "if the port protocol changed", - mutate: func(svc *corev1.Service) { - svc.Spec.Ports[0].Protocol = corev1.ProtocolUDP + mutate: func(svc *core_v1.Service) { + svc.Spec.Ports[0].Protocol = core_v1.ProtocolUDP }, expect: true, }, { description: "if ports are added", - mutate: func(svc *corev1.Service) { - port := corev1.ServicePort{ + mutate: func(svc *core_v1.Service) { + port := core_v1.ServicePort{ Name: "foo", - Protocol: corev1.ProtocolUDP, + Protocol: core_v1.ProtocolUDP, Port: int32(1234), TargetPort: intstr.IntOrString{IntVal: int32(1234)}, } @@ -398,63 +398,63 @@ func TestLoadBalancerServiceChanged(t *testing.T) { }, { description: "if ports are removed", - mutate: func(svc *corev1.Service) { - svc.Spec.Ports = []corev1.ServicePort{} + mutate: func(svc *core_v1.Service) { + svc.Spec.Ports = []core_v1.ServicePort{} }, expect: true, }, { description: "if the cluster IP changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.ClusterIP = "1.2.3.4" }, expect: false, }, { description: "if selector changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.Selector = map[string]string{"foo": "bar"} }, expect: true, }, { description: "if service type changed", - mutate: func(svc *corev1.Service) { - svc.Spec.Type = corev1.ServiceTypeClusterIP + mutate: func(svc *core_v1.Service) { + svc.Spec.Type = core_v1.ServiceTypeClusterIP }, expect: true, }, { description: "if session affinity changed", - mutate: func(svc *corev1.Service) { - svc.Spec.SessionAffinity = corev1.ServiceAffinityClientIP + mutate: func(svc *core_v1.Service) { + svc.Spec.SessionAffinity = core_v1.ServiceAffinityClientIP }, expect: true, }, { description: "if external traffic policy changed", - mutate: func(svc *corev1.Service) { - svc.Spec.ExternalTrafficPolicy = corev1.ServiceExternalTrafficPolicyTypeCluster + mutate: func(svc *core_v1.Service) { + svc.Spec.ExternalTrafficPolicy = core_v1.ServiceExternalTrafficPolicyTypeCluster }, expect: true, }, { description: "if ip family policy changed", - mutate: func(svc *corev1.Service) { - svc.Spec.IPFamilyPolicy = ref.To(corev1.IPFamilyPolicyRequireDualStack) + mutate: func(svc *core_v1.Service) { + svc.Spec.IPFamilyPolicy = ref.To(core_v1.IPFamilyPolicyRequireDualStack) }, expect: true, }, { description: "if annotations have changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Annotations = map[string]string{} }, expect: true, }, { description: "if load balancer IP changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.LoadBalancerIP = "5.6.7.8" }, expect: true, @@ -514,32 +514,32 @@ func TestLoadBalancerServiceChanged(t *testing.T) { func TestNodePortServiceChanged(t *testing.T) { testCases := []struct { description string - mutate func(service *corev1.Service) + mutate func(service *core_v1.Service) expect bool }{ { description: "if nothing changed", - mutate: func(_ *corev1.Service) {}, + mutate: func(_ *core_v1.Service) {}, expect: false, }, { description: "if the nodeport port number changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.Ports[0].NodePort = int32(1234) }, expect: true, }, { description: "if the number of ports changed", - mutate: func(svc *corev1.Service) { + mutate: func(svc *core_v1.Service) { svc.Spec.Ports = append(svc.Spec.Ports, svc.Spec.Ports[0]) }, expect: true, }, { description: "if ip family policy changed", - mutate: func(svc *corev1.Service) { - svc.Spec.IPFamilyPolicy = ref.To(corev1.IPFamilyPolicyRequireDualStack) + mutate: func(svc *core_v1.Service) { + svc.Spec.IPFamilyPolicy = ref.To(core_v1.IPFamilyPolicyRequireDualStack) }, expect: true, }, diff --git a/internal/provisioner/labels/labels_test.go b/internal/provisioner/labels/labels_test.go index 74fccc3d74b..bc26554fd08 100644 --- a/internal/provisioner/labels/labels_test.go +++ b/internal/provisioner/labels/labels_test.go @@ -16,8 +16,9 @@ package labels import ( "testing" - "github.com/projectcontour/contour/internal/provisioner/model" "github.com/stretchr/testify/assert" + + "github.com/projectcontour/contour/internal/provisioner/model" ) func TestAnyExist(t *testing.T) { diff --git a/internal/provisioner/model/model.go b/internal/provisioner/model/model.go index d6258ceb93a..a141182f92a 100644 --- a/internal/provisioner/model/model.go +++ b/internal/provisioner/model/model.go @@ -14,14 +14,14 @@ package model import ( - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contourv1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/ref" ) const ( @@ -38,7 +38,7 @@ const ( // for the given namespace/name. func Default(namespace, name string) *Contour { return &Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: name, }, @@ -46,31 +46,31 @@ func Default(namespace, name string) *Contour { ContourReplicas: 2, EnvoyWorkloadType: WorkloadTypeDaemonSet, EnvoyReplicas: 2, // ignored if not provisioning Envoy as a deployment. - EnvoyLogLevel: contourv1alpha1.InfoLog, + EnvoyLogLevel: contour_v1alpha1.InfoLog, EnvoyBaseID: 0, EnvoyMaxHeapSizeBytes: 0, NetworkPublishing: NetworkPublishing{ Envoy: EnvoyNetworkPublishing{ Type: LoadBalancerServicePublishingType, - ExternalTrafficPolicy: corev1.ServiceExternalTrafficPolicyTypeLocal, - IPFamilyPolicy: corev1.IPFamilyPolicySingleStack, + ExternalTrafficPolicy: core_v1.ServiceExternalTrafficPolicyTypeLocal, + IPFamilyPolicy: core_v1.IPFamilyPolicySingleStack, }, }, - EnvoyDaemonSetUpdateStrategy: appsv1.DaemonSetUpdateStrategy{ - Type: appsv1.RollingUpdateDaemonSetStrategyType, - RollingUpdate: &appsv1.RollingUpdateDaemonSet{ + EnvoyDaemonSetUpdateStrategy: apps_v1.DaemonSetUpdateStrategy{ + Type: apps_v1.RollingUpdateDaemonSetStrategyType, + RollingUpdate: &apps_v1.RollingUpdateDaemonSet{ MaxUnavailable: ref.To(intstr.FromString("10%")), }, }, - EnvoyDeploymentStrategy: appsv1.DeploymentStrategy{ - Type: appsv1.RollingUpdateDeploymentStrategyType, - RollingUpdate: &appsv1.RollingUpdateDeployment{ + EnvoyDeploymentStrategy: apps_v1.DeploymentStrategy{ + Type: apps_v1.RollingUpdateDeploymentStrategyType, + RollingUpdate: &apps_v1.RollingUpdateDeployment{ MaxSurge: ref.To(intstr.FromString("10%")), }, }, - ContourDeploymentStrategy: appsv1.DeploymentStrategy{ - Type: appsv1.RollingUpdateDeploymentStrategyType, - RollingUpdate: &appsv1.RollingUpdateDeployment{ + ContourDeploymentStrategy: apps_v1.DeploymentStrategy{ + Type: apps_v1.RollingUpdateDeploymentStrategyType, + RollingUpdate: &apps_v1.RollingUpdateDeployment{ MaxSurge: ref.To(intstr.FromString("50%")), MaxUnavailable: ref.To(intstr.FromString("25%")), }, @@ -85,7 +85,7 @@ func Default(namespace, name string) *Contour { // Contour is the representation of an instance of Contour + Envoy. type Contour struct { - metav1.ObjectMeta `json:"metadata,omitempty"` + meta_v1.ObjectMeta `json:"metadata,omitempty"` // Spec defines the desired state of Contour. Spec ContourSpec `json:"spec,omitempty"` @@ -173,7 +173,7 @@ type ContourSpec struct { // ContourLogLevel sets the log level for Contour // Allowed values are "info", "debug". - ContourLogLevel contourv1alpha1.LogLevel + ContourLogLevel contour_v1alpha1.LogLevel // NodePlacement enables scheduling of Contour and Envoy pods onto specific nodes. // @@ -188,7 +188,7 @@ type ContourSpec struct { EnableExternalNameService *bool // RuntimeSettings is any user-defined ContourConfigurationSpec to use when provisioning. - RuntimeSettings *contourv1alpha1.ContourConfigurationSpec + RuntimeSettings *contour_v1alpha1.ContourConfigurationSpec // EnvoyWorkloadType is the way to deploy Envoy, either "DaemonSet" or "Deployment". EnvoyWorkloadType WorkloadType @@ -200,15 +200,15 @@ type ContourSpec struct { // An update strategy to replace existing Envoy DaemonSet pods with new pods. // when envoy be running as a `Deployment`,it's must be nil // +optional - EnvoyDaemonSetUpdateStrategy appsv1.DaemonSetUpdateStrategy + EnvoyDaemonSetUpdateStrategy apps_v1.DaemonSetUpdateStrategy // The deployment strategy to use to replace existing Envoy pods with new ones. // when envoy be running as a `DaemonSet`,it's must be nil - EnvoyDeploymentStrategy appsv1.DeploymentStrategy + EnvoyDeploymentStrategy apps_v1.DeploymentStrategy // The deployment strategy to use to replace existing Contour pods with new ones. // when envoy be running as a `DaemonSet`,it's must be nil - ContourDeploymentStrategy appsv1.DeploymentStrategy + ContourDeploymentStrategy apps_v1.DeploymentStrategy // ResourceLabels is a set of labels to add to the provisioned resources. ResourceLabels map[string]string @@ -217,10 +217,10 @@ type ContourSpec struct { ResourceAnnotations map[string]string // EnvoyExtraVolumes holds the extra volumes to add to envoy's pod. - EnvoyExtraVolumes []corev1.Volume + EnvoyExtraVolumes []core_v1.Volume // EnvoyExtraVolumeMounts holds the extra volume mounts to add to envoy's pod(normally used with envoyExtraVolumes). - EnvoyExtraVolumeMounts []corev1.VolumeMount + EnvoyExtraVolumeMounts []core_v1.VolumeMount // EnvoyPodAnnotations holds the annotations that will be add to the envoy‘s pod. // the annotations: "prometheus.io/scrape", "prometheus.io/port", "prometheus.io/path" will be overwritten with predefined value. @@ -231,14 +231,14 @@ type ContourSpec struct { ContourPodAnnotations map[string]string // Compute Resources required by envoy container. - EnvoyResources corev1.ResourceRequirements + EnvoyResources core_v1.ResourceRequirements // Compute Resources required by contour container. - ContourResources corev1.ResourceRequirements + ContourResources core_v1.ResourceRequirements // EnvoyLogLevel sets the log level for Envoy // Allowed values are "trace", "debug", "info", "warn", "error", "critical", "off". - EnvoyLogLevel contourv1alpha1.LogLevel + EnvoyLogLevel contour_v1alpha1.LogLevel // The base ID to use when allocating shared memory regions. // if Envoy needs to be run multiple times on the same machine, each running Envoy will need a unique base ID @@ -254,14 +254,14 @@ type ContourSpec struct { // WatchNamespaces is an array of namespaces. Setting it will instruct the contour instance // to only watch these set of namespaces // default is nil, contour will watch resource of all namespaces - WatchNamespaces []contourv1.Namespace + WatchNamespaces []contour_v1.Namespace // DisabledFeatures defines an array of resources that will be ignored by // contour reconciler. - DisabledFeatures []contourv1.Feature + DisabledFeatures []contour_v1.Feature } -func NamespacesToStrings(ns []contourv1.Namespace) []string { +func NamespacesToStrings(ns []contour_v1.Namespace) []string { res := make([]string, len(ns)) for i, n := range ns { res[i] = string(n) @@ -269,7 +269,7 @@ func NamespacesToStrings(ns []contourv1.Namespace) []string { return res } -func FeaturesToStrings(fs []contourv1.Feature) []string { +func FeaturesToStrings(fs []contour_v1.Feature) []string { res := make([]string, len(fs)) for i := range fs { res[i] = string(fs[i]) @@ -278,14 +278,14 @@ func FeaturesToStrings(fs []contourv1.Feature) []string { } // WorkloadType is the type of Kubernetes workload to use for a component. -type WorkloadType = contourv1alpha1.WorkloadType +type WorkloadType = contour_v1alpha1.WorkloadType const ( // A Kubernetes DaemonSet. - WorkloadTypeDaemonSet = contourv1alpha1.WorkloadTypeDaemonSet + WorkloadTypeDaemonSet = contour_v1alpha1.WorkloadTypeDaemonSet // A Kubernetes Deployment. - WorkloadTypeDeployment = contourv1alpha1.WorkloadTypeDeployment + WorkloadTypeDeployment = contour_v1alpha1.WorkloadTypeDeployment ) // NodePlacement describes node scheduling configuration of Contour and Envoy pods. @@ -318,7 +318,7 @@ type ContourNodePlacement struct { // // See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ // for additional details. - Tolerations []corev1.Toleration + Tolerations []core_v1.Toleration } // EnvoyNodePlacement describes node scheduling configuration for Envoy pods. @@ -341,7 +341,7 @@ type EnvoyNodePlacement struct { // // See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ // for additional details. - Tolerations []corev1.Toleration + Tolerations []core_v1.Toleration } // NamespaceSpec defines the schema of a Contour namespace. @@ -425,30 +425,30 @@ type EnvoyNetworkPublishing struct { // IPFamilyPolicy represents the dual-stack-ness requested or required by // this Service. If there is no value provided, then this field will be set // to SingleStack. - IPFamilyPolicy corev1.IPFamilyPolicy + IPFamilyPolicy core_v1.IPFamilyPolicy // ExternalTrafficPolicy describes how nodes distribute service traffic they // receive on one of the Service's "externally-facing" addresses (NodePorts, ExternalIPs, // and LoadBalancer IPs). // // If unset, defaults to "Local". - ExternalTrafficPolicy corev1.ServiceExternalTrafficPolicyType + ExternalTrafficPolicy core_v1.ServiceExternalTrafficPolicyType } -type NetworkPublishingType = contourv1alpha1.NetworkPublishingType +type NetworkPublishingType = contour_v1alpha1.NetworkPublishingType const ( // LoadBalancerServicePublishingType publishes a network endpoint using a Kubernetes // LoadBalancer Service. - LoadBalancerServicePublishingType NetworkPublishingType = contourv1alpha1.LoadBalancerServicePublishingType + LoadBalancerServicePublishingType NetworkPublishingType = contour_v1alpha1.LoadBalancerServicePublishingType // NodePortServicePublishingType publishes a network endpoint using a Kubernetes // NodePort Service. - NodePortServicePublishingType NetworkPublishingType = contourv1alpha1.NodePortServicePublishingType + NodePortServicePublishingType NetworkPublishingType = contour_v1alpha1.NodePortServicePublishingType // ClusterIPServicePublishingType publishes a network endpoint using a Kubernetes // ClusterIP Service. - ClusterIPServicePublishingType NetworkPublishingType = contourv1alpha1.ClusterIPServicePublishingType + ClusterIPServicePublishingType NetworkPublishingType = contour_v1alpha1.ClusterIPServicePublishingType ) // LoadBalancerStrategy holds parameters for a load balancer. diff --git a/internal/provisioner/model/model_test.go b/internal/provisioner/model/model_test.go index 61800672bd9..6aebd5e33eb 100644 --- a/internal/provisioner/model/model_test.go +++ b/internal/provisioner/model/model_test.go @@ -17,23 +17,23 @@ import ( "reflect" "testing" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) func TestNamespacesToStrings(t *testing.T) { testCases := []struct { description string - namespaces []contourv1.Namespace + namespaces []contour_v1.Namespace expectStrings []string }{ { description: "no namespaces", - namespaces: []contourv1.Namespace{}, + namespaces: []contour_v1.Namespace{}, expectStrings: []string{}, }, { description: "2 namespaces", - namespaces: []contourv1.Namespace{"ns1", "ns2"}, + namespaces: []contour_v1.Namespace{"ns1", "ns2"}, expectStrings: []string{"ns1", "ns2"}, }, } @@ -50,17 +50,17 @@ func TestNamespacesToStrings(t *testing.T) { func TestFeaturesToStrings(t *testing.T) { testCases := []struct { description string - features []contourv1.Feature + features []contour_v1.Feature expectStrings []string }{ { description: "no features", - features: []contourv1.Feature{}, + features: []contour_v1.Feature{}, expectStrings: []string{}, }, { description: "2 features", - features: []contourv1.Feature{"tlsroutes", "grpcroutes"}, + features: []contour_v1.Feature{"tlsroutes", "grpcroutes"}, expectStrings: []string{"tlsroutes", "grpcroutes"}, }, } diff --git a/internal/provisioner/objects/contourconfig/contourconfig.go b/internal/provisioner/objects/contourconfig/contourconfig.go index 7356129d577..3da243a5266 100644 --- a/internal/provisioner/objects/contourconfig/contourconfig.go +++ b/internal/provisioner/objects/contourconfig/contourconfig.go @@ -16,19 +16,19 @@ package contourconfig import ( "context" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/provisioner/model" - "github.com/projectcontour/contour/internal/provisioner/objects" - "k8s.io/apimachinery/pkg/api/equality" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/provisioner/model" + "github.com/projectcontour/contour/internal/provisioner/objects" ) // EnsureContourConfig ensures that a ContourConfiguration exists for the given contour. func EnsureContourConfig(ctx context.Context, cli client.Client, contour *model.Contour) error { - desired := &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + desired := &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.ContourConfigurationName(), Labels: contour.CommonLabels(), @@ -45,7 +45,7 @@ func EnsureContourConfig(ctx context.Context, cli client.Client, contour *model. // being configured correctly for the Gateway being provisioned. setGatewayConfig(desired, contour) - updater := func(ctx context.Context, cli client.Client, current, desired *contour_api_v1alpha1.ContourConfiguration) error { + updater := func(ctx context.Context, cli client.Client, current, desired *contour_v1alpha1.ContourConfiguration) error { maybeUpdated := current.DeepCopy() setGatewayConfig(maybeUpdated, contour) @@ -55,21 +55,21 @@ func EnsureContourConfig(ctx context.Context, cli client.Client, contour *model. return nil } - return objects.EnsureObject(ctx, cli, desired, updater, new(contour_api_v1alpha1.ContourConfiguration)) + return objects.EnsureObject(ctx, cli, desired, updater, new(contour_v1alpha1.ContourConfiguration)) } -func setGatewayConfig(config *contour_api_v1alpha1.ContourConfiguration, contour *model.Contour) { - config.Spec.Gateway = &contour_api_v1alpha1.GatewayConfig{ - GatewayRef: &contour_api_v1alpha1.NamespacedName{ +func setGatewayConfig(config *contour_v1alpha1.ContourConfiguration, contour *model.Contour) { + config.Spec.Gateway = &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: contour.Namespace, Name: contour.Name, }, } if config.Spec.Envoy == nil { - config.Spec.Envoy = &contour_api_v1alpha1.EnvoyConfig{} + config.Spec.Envoy = &contour_v1alpha1.EnvoyConfig{} } - config.Spec.Envoy.Service = &contour_api_v1alpha1.NamespacedName{ + config.Spec.Envoy.Service = &contour_v1alpha1.NamespacedName{ Namespace: contour.Namespace, Name: contour.EnvoyServiceName(), } @@ -77,8 +77,8 @@ func setGatewayConfig(config *contour_api_v1alpha1.ContourConfiguration, contour // EnsureContourConfigDeleted deletes a ContourConfig for the provided contour, if the configured owner labels exist. func EnsureContourConfigDeleted(ctx context.Context, cli client.Client, contour *model.Contour) error { - obj := &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + obj := &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.ContourConfigurationName(), }, diff --git a/internal/provisioner/objects/contourconfig/contourconfig_test.go b/internal/provisioner/objects/contourconfig/contourconfig_test.go index 89188993c36..30946fe540a 100644 --- a/internal/provisioner/objects/contourconfig/contourconfig_test.go +++ b/internal/provisioner/objects/contourconfig/contourconfig_test.go @@ -17,39 +17,40 @@ import ( "context" "testing" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/provisioner/model" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client/fake" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/provisioner/model" ) func TestEnsureContourConfig(t *testing.T) { tests := map[string]struct { contour *model.Contour - existing *contour_api_v1alpha1.ContourConfiguration - want contour_api_v1alpha1.ContourConfigurationSpec + existing *contour_v1alpha1.ContourConfiguration + want contour_v1alpha1.ContourConfigurationSpec }{ "no existing ContourConfiguration": { contour: &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace-1", Name: "contour-1", }, }, - want: contour_api_v1alpha1.ContourConfigurationSpec{ - Gateway: &contour_api_v1alpha1.GatewayConfig{ - GatewayRef: &contour_api_v1alpha1.NamespacedName{ + want: contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Service: &contour_api_v1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "envoy-contour-1", }, @@ -58,40 +59,40 @@ func TestEnsureContourConfig(t *testing.T) { }, "existing ContourConfiguration found, with exactly the right spec": { contour: &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace-1", Name: "contour-1", }, }, - existing: &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + existing: &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace-1", Name: "contourconfig-contour-1", }, - Spec: contour_api_v1alpha1.ContourConfigurationSpec{ - Gateway: &contour_api_v1alpha1.GatewayConfig{ - GatewayRef: &contour_api_v1alpha1.NamespacedName{ + Spec: contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Service: &contour_api_v1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "envoy-contour-1", }, }, }, }, - want: contour_api_v1alpha1.ContourConfigurationSpec{ - Gateway: &contour_api_v1alpha1.GatewayConfig{ - GatewayRef: &contour_api_v1alpha1.NamespacedName{ + want: contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Service: &contour_api_v1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "envoy-contour-1", }, @@ -100,40 +101,40 @@ func TestEnsureContourConfig(t *testing.T) { }, "existing ContourConfiguration found, with the wrong spec": { contour: &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace-1", Name: "contour-1", }, }, - existing: &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + existing: &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace-1", Name: "contourconfig-contour-1", }, - Spec: contour_api_v1alpha1.ContourConfigurationSpec{ - Gateway: &contour_api_v1alpha1.GatewayConfig{ - GatewayRef: &contour_api_v1alpha1.NamespacedName{ + Spec: contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: "some-other-namespace", Name: "some-other-contour", }, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Service: &contour_api_v1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: "yet-another-namespace", Name: "some-other-envoy-service", }, }, }, }, - want: contour_api_v1alpha1.ContourConfigurationSpec{ - Gateway: &contour_api_v1alpha1.GatewayConfig{ - GatewayRef: &contour_api_v1alpha1.NamespacedName{ + want: contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Service: &contour_api_v1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "envoy-contour-1", }, @@ -142,56 +143,56 @@ func TestEnsureContourConfig(t *testing.T) { }, "existing ContourConfiguration found, with additional fields specified": { contour: &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace-1", Name: "contour-1", }, }, - existing: &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + existing: &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace-1", Name: "contourconfig-contour-1", }, - Spec: contour_api_v1alpha1.ContourConfigurationSpec{ - Gateway: &contour_api_v1alpha1.GatewayConfig{ - GatewayRef: &contour_api_v1alpha1.NamespacedName{ + Spec: contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Service: &contour_api_v1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "envoy-contour-1", }, - ClientCertificate: &contour_api_v1alpha1.NamespacedName{ + ClientCertificate: &contour_v1alpha1.NamespacedName{ Namespace: "client-cert-namespace", Name: "client-cert", }, }, - HTTPProxy: &contour_api_v1alpha1.HTTPProxyConfig{ + HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ RootNamespaces: []string{"ns-1", "ns-2"}, }, }, }, - want: contour_api_v1alpha1.ContourConfigurationSpec{ - Gateway: &contour_api_v1alpha1.GatewayConfig{ - GatewayRef: &contour_api_v1alpha1.NamespacedName{ + want: contour_v1alpha1.ContourConfigurationSpec{ + Gateway: &contour_v1alpha1.GatewayConfig{ + GatewayRef: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - Service: &contour_api_v1alpha1.NamespacedName{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Service: &contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "envoy-contour-1", }, - ClientCertificate: &contour_api_v1alpha1.NamespacedName{ + ClientCertificate: &contour_v1alpha1.NamespacedName{ Namespace: "client-cert-namespace", Name: "client-cert", }, }, - HTTPProxy: &contour_api_v1alpha1.HTTPProxyConfig{ + HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ RootNamespaces: []string{"ns-1", "ns-2"}, }, }, @@ -201,7 +202,7 @@ func TestEnsureContourConfig(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { scheme := runtime.NewScheme() - require.NoError(t, contour_api_v1alpha1.AddToScheme(scheme)) + require.NoError(t, contour_v1alpha1.AddToScheme(scheme)) clientBuilder := fake.NewClientBuilder().WithScheme(scheme) if tc.existing != nil { @@ -211,7 +212,7 @@ func TestEnsureContourConfig(t *testing.T) { require.NoError(t, EnsureContourConfig(context.Background(), client, tc.contour)) - got := &contour_api_v1alpha1.ContourConfiguration{} + got := &contour_v1alpha1.ContourConfiguration{} key := types.NamespacedName{ Namespace: tc.contour.Namespace, Name: "contourconfig-" + tc.contour.Name, @@ -226,18 +227,18 @@ func TestEnsureContourConfig(t *testing.T) { func TestEnsureContourConfigDeleted(t *testing.T) { tests := map[string]struct { contour *model.Contour - existing *contour_api_v1alpha1.ContourConfiguration + existing *contour_v1alpha1.ContourConfiguration wantDelete bool }{ "ContourConfiguration exists with the proper labels": { contour: &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace", Name: "contour-1", }, }, - existing: &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + existing: &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace", Name: "contourconfig-contour-1", Labels: map[string]string{ @@ -249,13 +250,13 @@ func TestEnsureContourConfigDeleted(t *testing.T) { }, "ContourConfiguration exists without the proper labels (no labels)": { contour: &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace", Name: "contour-1", }, }, - existing: &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + existing: &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace", Name: "contourconfig-contour-1", }, @@ -264,13 +265,13 @@ func TestEnsureContourConfigDeleted(t *testing.T) { }, "ContourConfiguration exists without the proper labels (wrong key)": { contour: &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace", Name: "contour-1", }, }, - existing: &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + existing: &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace", Name: "contourconfig-contour-1", Labels: map[string]string{ @@ -282,13 +283,13 @@ func TestEnsureContourConfigDeleted(t *testing.T) { }, "ContourConfiguration exists without the proper labels (wrong value)": { contour: &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace", Name: "contour-1", }, }, - existing: &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + existing: &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace", Name: "contourconfig-contour-1", Labels: map[string]string{ @@ -300,7 +301,7 @@ func TestEnsureContourConfigDeleted(t *testing.T) { }, "ContourConfiguration does not exist": { contour: &model.Contour{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "contour-namespace", Name: "contour-1", }, @@ -312,7 +313,7 @@ func TestEnsureContourConfigDeleted(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { scheme := runtime.NewScheme() - require.NoError(t, contour_api_v1alpha1.AddToScheme(scheme)) + require.NoError(t, contour_v1alpha1.AddToScheme(scheme)) clientBuilder := fake.NewClientBuilder().WithScheme(scheme) if tc.existing != nil { @@ -325,7 +326,7 @@ func TestEnsureContourConfigDeleted(t *testing.T) { // no error. require.NoError(t, EnsureContourConfigDeleted(context.Background(), client, tc.contour)) - remaining := &contour_api_v1alpha1.ContourConfiguration{} + remaining := &contour_v1alpha1.ContourConfiguration{} key := types.NamespacedName{ Namespace: tc.contour.Namespace, Name: "contourconfig-" + tc.contour.Name, diff --git a/internal/provisioner/objects/dataplane/dataplane.go b/internal/provisioner/objects/dataplane/dataplane.go index 792eacaffbf..b4892f65128 100644 --- a/internal/provisioner/objects/dataplane/dataplane.go +++ b/internal/provisioner/objects/dataplane/dataplane.go @@ -18,18 +18,18 @@ import ( "fmt" "path/filepath" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/resource" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/labels" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" "github.com/projectcontour/contour/internal/ref" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - "sigs.k8s.io/controller-runtime/pkg/client" ) const ( @@ -63,14 +63,14 @@ const ( // the default resource requirements for container: envoy-initconfig & shutdown-manager, the default value is come from: // ref: https://projectcontour.io/docs/1.25/deploy-options/#setting-resource-requests-and-limits -var defContainerResources = corev1.ResourceRequirements{ - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("25m"), - corev1.ResourceMemory: resource.MustParse("50Mi"), +var defContainerResources = core_v1.ResourceRequirements{ + Requests: core_v1.ResourceList{ + core_v1.ResourceCPU: resource.MustParse("25m"), + core_v1.ResourceMemory: resource.MustParse("50Mi"), }, - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("50m"), - corev1.ResourceMemory: resource.MustParse("100Mi"), + Limits: core_v1.ResourceList{ + core_v1.ResourceCPU: resource.MustParse("50m"), + core_v1.ResourceMemory: resource.MustParse("100Mi"), }, } @@ -81,7 +81,7 @@ func EnsureDataPlane(ctx context.Context, cli client.Client, contour *model.Cont case model.WorkloadTypeDeployment: desired := desiredDeployment(contour, contourImage, envoyImage) - updater := func(ctx context.Context, cli client.Client, current, desired *appsv1.Deployment) error { + updater := func(ctx context.Context, cli client.Client, current, desired *apps_v1.Deployment) error { differ := equality.DeploymentSelectorsDiffer(current, desired) if differ { return EnsureDataPlaneDeleted(ctx, cli, contour) @@ -90,13 +90,13 @@ func EnsureDataPlane(ctx context.Context, cli client.Client, contour *model.Cont return updateDeploymentIfNeeded(ctx, cli, contour, current, desired) } - return objects.EnsureObject(ctx, cli, desired, updater, &appsv1.Deployment{}) + return objects.EnsureObject(ctx, cli, desired, updater, &apps_v1.Deployment{}) // The default workload type is a DaemonSet. default: desired := DesiredDaemonSet(contour, contourImage, envoyImage) - updater := func(ctx context.Context, cli client.Client, current, desired *appsv1.DaemonSet) error { + updater := func(ctx context.Context, cli client.Client, current, desired *apps_v1.DaemonSet) error { differ := equality.DaemonSetSelectorsDiffer(current, desired) if differ { return EnsureDataPlaneDeleted(ctx, cli, contour) @@ -105,7 +105,7 @@ func EnsureDataPlane(ctx context.Context, cli client.Client, contour *model.Cont return updateDaemonSetIfNeeded(ctx, cli, contour, current, desired) } - return objects.EnsureObject(ctx, cli, desired, updater, &appsv1.DaemonSet{}) + return objects.EnsureObject(ctx, cli, desired, updater, &apps_v1.DaemonSet{}) } } @@ -117,8 +117,8 @@ func EnsureDataPlaneDeleted(ctx context.Context, cli client.Client, contour *mod // using finalizers so the Gateway spec is unavailable to us at deletion // time. - dsObj := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + dsObj := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.EnvoyDataPlaneName(), }, @@ -128,8 +128,8 @@ func EnsureDataPlaneDeleted(ctx context.Context, cli client.Client, contour *mod return err } - deployObj := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployObj := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.EnvoyDataPlaneName(), }, @@ -138,7 +138,7 @@ func EnsureDataPlaneDeleted(ctx context.Context, cli client.Client, contour *mod return objects.EnsureObjectDeleted(ctx, cli, deployObj, contour) } -func desiredContainers(contour *model.Contour, contourImage, envoyImage string) ([]corev1.Container, []corev1.Container) { +func desiredContainers(contour *model.Contour, contourImage, envoyImage string) ([]core_v1.Container, []core_v1.Container) { var ( metricsPort = objects.EnvoyMetricsPort healthPort = objects.EnvoyHealthPort @@ -158,17 +158,17 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) } } - ports := []corev1.ContainerPort{{ + ports := []core_v1.ContainerPort{{ Name: "metrics", ContainerPort: metricsPort, - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, }} - containers := []corev1.Container{ + containers := []core_v1.Container{ { Name: ShutdownContainerName, Image: contourImage, - ImagePullPolicy: corev1.PullIfNotPresent, + ImagePullPolicy: core_v1.PullIfNotPresent, Command: []string{ "/bin/contour", }, @@ -176,16 +176,16 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) "envoy", "shutdown-manager", }, - Lifecycle: &corev1.Lifecycle{ - PreStop: &corev1.LifecycleHandler{ - Exec: &corev1.ExecAction{ + Lifecycle: &core_v1.Lifecycle{ + PreStop: &core_v1.LifecycleHandler{ + Exec: &core_v1.ExecAction{ Command: []string{"/bin/contour", "envoy", "shutdown"}, }, }, }, - TerminationMessagePolicy: corev1.TerminationMessageReadFile, + TerminationMessagePolicy: core_v1.TerminationMessageReadFile, TerminationMessagePath: "/dev/termination-log", - VolumeMounts: []corev1.VolumeMount{ + VolumeMounts: []core_v1.VolumeMount{ { Name: envoyAdminVolName, MountPath: filepath.Join("/", envoyAdminVolMntDir), @@ -197,7 +197,7 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) { Name: EnvoyContainerName, Image: envoyImage, - ImagePullPolicy: corev1.PullIfNotPresent, + ImagePullPolicy: core_v1.PullIfNotPresent, Command: []string{ "envoy", }, @@ -209,11 +209,11 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) fmt.Sprintf("--log-level %s", contour.Spec.EnvoyLogLevel), fmt.Sprintf("--base-id %d", contour.Spec.EnvoyBaseID), }, - Env: []corev1.EnvVar{ + Env: []core_v1.EnvVar{ { Name: envoyNsEnvVar, - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ APIVersion: "v1", FieldPath: "metadata.namespace", }, @@ -221,19 +221,19 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) }, { Name: envoyPodEnvVar, - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ APIVersion: "v1", FieldPath: "metadata.name", }, }, }, }, - ReadinessProbe: &corev1.Probe{ + ReadinessProbe: &core_v1.Probe{ FailureThreshold: int32(3), - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Scheme: corev1.URISchemeHTTP, + ProbeHandler: core_v1.ProbeHandler{ + HTTPGet: &core_v1.HTTPGetAction{ + Scheme: core_v1.URISchemeHTTP, Path: "/ready", Port: intstr.IntOrString{IntVal: int32(healthPort)}, }, @@ -244,7 +244,7 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) TimeoutSeconds: int32(1), }, Ports: ports, - VolumeMounts: []corev1.VolumeMount{ + VolumeMounts: []core_v1.VolumeMount{ { Name: envoyCertsVolName, MountPath: filepath.Join("/", envoyCertsVolMntDir), @@ -260,26 +260,26 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) MountPath: filepath.Join("/", envoyAdminVolMntDir), }, }, - Lifecycle: &corev1.Lifecycle{ - PreStop: &corev1.LifecycleHandler{ - HTTPGet: &corev1.HTTPGetAction{ + Lifecycle: &core_v1.Lifecycle{ + PreStop: &core_v1.LifecycleHandler{ + HTTPGet: &core_v1.HTTPGetAction{ Path: "/shutdown", Port: intstr.FromInt(8090), Scheme: "HTTP", }, }, }, - TerminationMessagePolicy: corev1.TerminationMessageReadFile, + TerminationMessagePolicy: core_v1.TerminationMessageReadFile, TerminationMessagePath: "/dev/termination-log", Resources: contour.Spec.EnvoyResources, }, } - initContainers := []corev1.Container{ + initContainers := []core_v1.Container{ { Name: envoyInitContainerName, Image: contourImage, - ImagePullPolicy: corev1.PullIfNotPresent, + ImagePullPolicy: core_v1.PullIfNotPresent, Command: []string{ "contour", }, @@ -295,7 +295,7 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) fmt.Sprintf("--envoy-key-file=%s", filepath.Join("/", envoyCertsVolMntDir, "tls.key")), fmt.Sprintf("--overload-max-heap=%d", contour.Spec.EnvoyMaxHeapSizeBytes), }, - VolumeMounts: []corev1.VolumeMount{ + VolumeMounts: []core_v1.VolumeMount{ { Name: envoyCertsVolName, MountPath: filepath.Join("/", envoyCertsVolMntDir), @@ -307,18 +307,18 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) ReadOnly: false, }, }, - Env: []corev1.EnvVar{ + Env: []core_v1.EnvVar{ { Name: envoyNsEnvVar, - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ APIVersion: "v1", FieldPath: "metadata.namespace", }, }, }, }, - TerminationMessagePolicy: corev1.TerminationMessageReadFile, + TerminationMessagePolicy: core_v1.TerminationMessageReadFile, TerminationMessagePath: "/dev/termination-log", Resources: defContainerResources, @@ -334,36 +334,36 @@ func desiredContainers(contour *model.Contour, contourImage, envoyImage string) // DesiredDaemonSet returns the desired DaemonSet for the provided contour using // contourImage as the shutdown-manager/envoy-initconfig container images and // envoyImage as Envoy's container image. -func DesiredDaemonSet(contour *model.Contour, contourImage, envoyImage string) *appsv1.DaemonSet { +func DesiredDaemonSet(contour *model.Contour, contourImage, envoyImage string) *apps_v1.DaemonSet { initContainers, containers := desiredContainers(contour, contourImage, envoyImage) - ds := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + ds := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.EnvoyDataPlaneName(), Labels: contour.WorkloadLabels(), Annotations: contour.CommonAnnotations(), }, - Spec: appsv1.DaemonSetSpec{ + Spec: apps_v1.DaemonSetSpec{ RevisionHistoryLimit: ref.To(int32(10)), // Ensure the deamonset adopts only its own pods. Selector: EnvoyPodSelector(contour), UpdateStrategy: contour.Spec.EnvoyDaemonSetUpdateStrategy, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ + Template: core_v1.PodTemplateSpec{ + ObjectMeta: meta_v1.ObjectMeta{ // TODO [danehans]: Remove the prometheus annotations when Contour is updated to // show how the Prometheus Operator is used to scrape Contour/Envoy metrics. Annotations: envoyPodAnnotations(contour), Labels: envoyPodLabels(contour), }, - Spec: corev1.PodSpec{ + Spec: core_v1.PodSpec{ Containers: containers, InitContainers: initContainers, - Volumes: []corev1.Volume{ + Volumes: []core_v1.Volume{ { Name: envoyCertsVolName, - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ + VolumeSource: core_v1.VolumeSource{ + Secret: &core_v1.SecretVolumeSource{ DefaultMode: ref.To(int32(420)), SecretName: contour.EnvoyCertsSecretName(), }, @@ -371,14 +371,14 @@ func DesiredDaemonSet(contour *model.Contour, contourImage, envoyImage string) * }, { Name: envoyCfgVolName, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, + VolumeSource: core_v1.VolumeSource{ + EmptyDir: &core_v1.EmptyDirVolumeSource{}, }, }, { Name: envoyAdminVolName, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, + VolumeSource: core_v1.VolumeSource{ + EmptyDir: &core_v1.EmptyDirVolumeSource{}, }, }, }, @@ -386,8 +386,8 @@ func DesiredDaemonSet(contour *model.Contour, contourImage, envoyImage string) * AutomountServiceAccountToken: ref.To(false), TerminationGracePeriodSeconds: ref.To(int64(300)), SecurityContext: objects.NewUnprivilegedPodSecurity(), - DNSPolicy: corev1.DNSClusterFirst, - RestartPolicy: corev1.RestartPolicyAlways, + DNSPolicy: core_v1.DNSClusterFirst, + RestartPolicy: core_v1.RestartPolicyAlways, SchedulerName: "default-scheduler", }, }, @@ -407,36 +407,36 @@ func DesiredDaemonSet(contour *model.Contour, contourImage, envoyImage string) * return ds } -func desiredDeployment(contour *model.Contour, contourImage, envoyImage string) *appsv1.Deployment { +func desiredDeployment(contour *model.Contour, contourImage, envoyImage string) *apps_v1.Deployment { initContainers, containers := desiredContainers(contour, contourImage, envoyImage) - deployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployment := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.EnvoyDataPlaneName(), Labels: contour.WorkloadLabels(), Annotations: contour.CommonAnnotations(), }, - Spec: appsv1.DeploymentSpec{ + Spec: apps_v1.DeploymentSpec{ Replicas: ref.To(contour.Spec.EnvoyReplicas), RevisionHistoryLimit: ref.To(int32(10)), // Ensure the deamonset adopts only its own pods. Selector: EnvoyPodSelector(contour), Strategy: contour.Spec.EnvoyDeploymentStrategy, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ + Template: core_v1.PodTemplateSpec{ + ObjectMeta: meta_v1.ObjectMeta{ // TODO [danehans]: Remove the prometheus annotations when Contour is updated to // show how the Prometheus Operator is used to scrape Contour/Envoy metrics. Annotations: envoyPodAnnotations(contour), Labels: envoyPodLabels(contour), }, - Spec: corev1.PodSpec{ - Affinity: &corev1.Affinity{ - PodAntiAffinity: &corev1.PodAntiAffinity{ - PreferredDuringSchedulingIgnoredDuringExecution: []corev1.WeightedPodAffinityTerm{ + Spec: core_v1.PodSpec{ + Affinity: &core_v1.Affinity{ + PodAntiAffinity: &core_v1.PodAntiAffinity{ + PreferredDuringSchedulingIgnoredDuringExecution: []core_v1.WeightedPodAffinityTerm{ { Weight: int32(100), - PodAffinityTerm: corev1.PodAffinityTerm{ + PodAffinityTerm: core_v1.PodAffinityTerm{ LabelSelector: EnvoyPodSelector(contour), TopologyKey: "kubernetes.io/hostname", }, @@ -446,11 +446,11 @@ func desiredDeployment(contour *model.Contour, contourImage, envoyImage string) }, Containers: containers, InitContainers: initContainers, - Volumes: []corev1.Volume{ + Volumes: []core_v1.Volume{ { Name: envoyCertsVolName, - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ + VolumeSource: core_v1.VolumeSource{ + Secret: &core_v1.SecretVolumeSource{ DefaultMode: ref.To(int32(420)), SecretName: contour.EnvoyCertsSecretName(), }, @@ -458,14 +458,14 @@ func desiredDeployment(contour *model.Contour, contourImage, envoyImage string) }, { Name: envoyCfgVolName, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, + VolumeSource: core_v1.VolumeSource{ + EmptyDir: &core_v1.EmptyDirVolumeSource{}, }, }, { Name: envoyAdminVolName, - VolumeSource: corev1.VolumeSource{ - EmptyDir: &corev1.EmptyDirVolumeSource{}, + VolumeSource: core_v1.VolumeSource{ + EmptyDir: &core_v1.EmptyDirVolumeSource{}, }, }, }, @@ -473,8 +473,8 @@ func desiredDeployment(contour *model.Contour, contourImage, envoyImage string) AutomountServiceAccountToken: ref.To(false), TerminationGracePeriodSeconds: ref.To(int64(300)), SecurityContext: objects.NewUnprivilegedPodSecurity(), - DNSPolicy: corev1.DNSClusterFirst, - RestartPolicy: corev1.RestartPolicyAlways, + DNSPolicy: core_v1.DNSClusterFirst, + RestartPolicy: core_v1.RestartPolicyAlways, SchedulerName: "default-scheduler", }, }, @@ -496,7 +496,7 @@ func desiredDeployment(contour *model.Contour, contourImage, envoyImage string) // updateDaemonSetIfNeeded updates a DaemonSet if current does not match desired, // using contour to verify the existence of owner labels. -func updateDaemonSetIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *appsv1.DaemonSet) error { +func updateDaemonSetIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *apps_v1.DaemonSet) error { if labels.AnyExist(current, model.OwnerLabels(contour)) { ds, updated := equality.DaemonsetConfigChanged(current, desired) if updated { @@ -511,7 +511,7 @@ func updateDaemonSetIfNeeded(ctx context.Context, cli client.Client, contour *mo // updateDeploymentIfNeeded updates a Deployment if current does not match desired, // using contour to verify the existence of owner labels. -func updateDeploymentIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *appsv1.Deployment) error { +func updateDeploymentIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *apps_v1.Deployment) error { if labels.AnyExist(current, model.OwnerLabels(contour)) { ds, updated := equality.DeploymentConfigChanged(current, desired) if updated { @@ -526,8 +526,8 @@ func updateDeploymentIfNeeded(ctx context.Context, cli client.Client, contour *m // EnvoyPodSelector returns a label selector using "app: envoy" as the // key/value pair. -func EnvoyPodSelector(contour *model.Contour) *metav1.LabelSelector { - return &metav1.LabelSelector{ +func EnvoyPodSelector(contour *model.Contour) *meta_v1.LabelSelector { + return &meta_v1.LabelSelector{ MatchLabels: map[string]string{ "app": contour.EnvoyDataPlaneName(), }, diff --git a/internal/provisioner/objects/dataplane/dataplane_test.go b/internal/provisioner/objects/dataplane/dataplane_test.go index 928a9b7e631..590b835b163 100644 --- a/internal/provisioner/objects/dataplane/dataplane_test.go +++ b/internal/provisioner/objects/dataplane/dataplane_test.go @@ -17,17 +17,17 @@ import ( "fmt" "testing" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/provisioner/model" - "github.com/projectcontour/contour/internal/provisioner/objects" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/api/resource" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/provisioner/model" + "github.com/projectcontour/contour/internal/provisioner/objects" ) -func checkDaemonSetHasEnvVar(t *testing.T, ds *appsv1.DaemonSet, container, name string) { +func checkDaemonSetHasEnvVar(t *testing.T, ds *apps_v1.DaemonSet, container, name string) { t.Helper() if container == envoyInitContainerName { @@ -55,7 +55,7 @@ func checkDaemonSetHasEnvVar(t *testing.T, ds *appsv1.DaemonSet, container, name t.Errorf("daemonset is missing environment variable %q", name) } -func checkDaemonSetHasContainer(t *testing.T, ds *appsv1.DaemonSet, name string, expect bool) *corev1.Container { +func checkDaemonSetHasContainer(t *testing.T, ds *apps_v1.DaemonSet, name string, expect bool) *core_v1.Container { t.Helper() if ds.Spec.Template.Spec.Containers == nil { @@ -87,7 +87,7 @@ func checkDaemonSetHasContainer(t *testing.T, ds *appsv1.DaemonSet, name string, return nil } -func checkDaemonSetHasLabels(t *testing.T, ds *appsv1.DaemonSet, expected map[string]string) { +func checkDaemonSetHasLabels(t *testing.T, ds *apps_v1.DaemonSet, expected map[string]string) { t.Helper() if apiequality.Semantic.DeepEqual(ds.Labels, expected) { @@ -97,7 +97,7 @@ func checkDaemonSetHasLabels(t *testing.T, ds *appsv1.DaemonSet, expected map[st t.Errorf("daemonset has unexpected %q labels", ds.Labels) } -func checkDaemonSetHasPodAnnotations(t *testing.T, ds *appsv1.DaemonSet, expected map[string]string) { +func checkDaemonSetHasPodAnnotations(t *testing.T, ds *apps_v1.DaemonSet, expected map[string]string) { t.Helper() if apiequality.Semantic.DeepEqual(ds.Spec.Template.ObjectMeta.Annotations, expected) { @@ -107,7 +107,7 @@ func checkDaemonSetHasPodAnnotations(t *testing.T, ds *appsv1.DaemonSet, expecte t.Errorf("daemonset has unexpected %q pod annotations", ds.Spec.Template.Annotations) } -func checkContainerHasPort(t *testing.T, ds *appsv1.DaemonSet, port int32) { +func checkContainerHasPort(t *testing.T, ds *apps_v1.DaemonSet, port int32) { t.Helper() for _, c := range ds.Spec.Template.Spec.Containers { @@ -120,7 +120,7 @@ func checkContainerHasPort(t *testing.T, ds *appsv1.DaemonSet, port int32) { t.Errorf("container is missing containerPort %q", port) } -func checkContainerHasImage(t *testing.T, container *corev1.Container, image string) { +func checkContainerHasImage(t *testing.T, container *core_v1.Container, image string) { t.Helper() if container.Image == image { @@ -129,7 +129,7 @@ func checkContainerHasImage(t *testing.T, container *corev1.Container, image str t.Errorf("container is missing image %q", image) } -func checkContainerHaveResourceRequirements(t *testing.T, container *corev1.Container) { +func checkContainerHaveResourceRequirements(t *testing.T, container *core_v1.Container) { t.Helper() if apiequality.Semantic.DeepEqual(container.Resources, defContainerResources) { @@ -138,7 +138,7 @@ func checkContainerHaveResourceRequirements(t *testing.T, container *corev1.Cont t.Errorf("container doesn't have resource requiremetns") } -func checkDaemonSetHasNodeSelector(t *testing.T, ds *appsv1.DaemonSet, expected map[string]string) { +func checkDaemonSetHasNodeSelector(t *testing.T, ds *apps_v1.DaemonSet, expected map[string]string) { t.Helper() if apiequality.Semantic.DeepEqual(ds.Spec.Template.Spec.NodeSelector, expected) { @@ -147,7 +147,7 @@ func checkDaemonSetHasNodeSelector(t *testing.T, ds *appsv1.DaemonSet, expected t.Errorf("deployment has unexpected node selector %q", expected) } -func checkDaemonSetHasVolume(t *testing.T, ds *appsv1.DaemonSet, vol corev1.Volume, volMount corev1.VolumeMount) { +func checkDaemonSetHasVolume(t *testing.T, ds *apps_v1.DaemonSet, vol core_v1.Volume, volMount core_v1.VolumeMount) { t.Helper() hasVol := false @@ -176,7 +176,7 @@ func checkDaemonSetHasVolume(t *testing.T, ds *appsv1.DaemonSet, vol corev1.Volu } } -func checkDaemonSetHasResourceRequirements(t *testing.T, ds *appsv1.DaemonSet, expected corev1.ResourceRequirements) { +func checkDaemonSetHasResourceRequirements(t *testing.T, ds *apps_v1.DaemonSet, expected core_v1.ResourceRequirements) { t.Helper() if apiequality.Semantic.DeepEqual(ds.Spec.Template.Spec.Containers[1].Resources, expected) { @@ -185,7 +185,7 @@ func checkDaemonSetHasResourceRequirements(t *testing.T, ds *appsv1.DaemonSet, e t.Errorf("daemonset has unexpected resource requirements %v", expected) } -func checkDaemonSetHasUpdateStrategy(t *testing.T, ds *appsv1.DaemonSet, expected appsv1.DaemonSetUpdateStrategy) { +func checkDaemonSetHasUpdateStrategy(t *testing.T, ds *apps_v1.DaemonSet, expected apps_v1.DaemonSetUpdateStrategy) { t.Helper() if apiequality.Semantic.DeepEqual(ds.Spec.UpdateStrategy, expected) { @@ -194,7 +194,7 @@ func checkDaemonSetHasUpdateStrategy(t *testing.T, ds *appsv1.DaemonSet, expecte t.Errorf("daemonset has unexpected update strategy %q", expected) } -func checkDeploymentHasStrategy(t *testing.T, ds *appsv1.Deployment, expected appsv1.DeploymentStrategy) { +func checkDeploymentHasStrategy(t *testing.T, ds *apps_v1.Deployment, expected apps_v1.DeploymentStrategy) { t.Helper() if apiequality.Semantic.DeepEqual(ds.Spec.Strategy, expected) { @@ -203,7 +203,7 @@ func checkDeploymentHasStrategy(t *testing.T, ds *appsv1.Deployment, expected ap t.Errorf("deployment has unexpected strategy %q", expected) } -func checkDaemonSetHasTolerations(t *testing.T, ds *appsv1.DaemonSet, expected []corev1.Toleration) { +func checkDaemonSetHasTolerations(t *testing.T, ds *apps_v1.DaemonSet, expected []core_v1.Toleration) { t.Helper() if apiequality.Semantic.DeepEqual(ds.Spec.Template.Spec.Tolerations, expected) { @@ -212,13 +212,13 @@ func checkDaemonSetHasTolerations(t *testing.T, ds *appsv1.DaemonSet, expected [ t.Errorf("daemonset has unexpected tolerations %v", expected) } -func checkDaemonSecurityContext(t *testing.T, ds *appsv1.DaemonSet) { +func checkDaemonSecurityContext(t *testing.T, ds *apps_v1.DaemonSet) { t.Helper() user := int64(65534) group := int64(65534) nonRoot := true - expected := &corev1.PodSecurityContext{ + expected := &core_v1.PodSecurityContext{ RunAsUser: &user, RunAsGroup: &group, RunAsNonRoot: &nonRoot, @@ -229,7 +229,7 @@ func checkDaemonSecurityContext(t *testing.T, ds *appsv1.DaemonSet) { t.Errorf("deployment has unexpected SecurityContext %v", expected) } -func checkContainerHasArg(t *testing.T, container *corev1.Container, arg string) { +func checkContainerHasArg(t *testing.T, container *core_v1.Container, arg string) { t.Helper() for _, a := range container.Args { @@ -240,7 +240,7 @@ func checkContainerHasArg(t *testing.T, container *corev1.Container, arg string) t.Errorf("container is missing argument %q", arg) } -func checkContainerHasReadinessPort(t *testing.T, container *corev1.Container, port int32) { +func checkContainerHasReadinessPort(t *testing.T, container *core_v1.Container, port int32) { t.Helper() if container.ReadinessProbe != nil && @@ -251,7 +251,7 @@ func checkContainerHasReadinessPort(t *testing.T, container *corev1.Container, p t.Errorf("container has unexpected readiness port %d", port) } -func checkDaemonSetHasMetricsPort(t *testing.T, ds *appsv1.DaemonSet, port int32) { +func checkDaemonSetHasMetricsPort(t *testing.T, ds *apps_v1.DaemonSet, port int32) { t.Helper() if ds.Spec.Template.ObjectMeta.Annotations["prometheus.io/port"] == fmt.Sprint(port) { @@ -260,15 +260,15 @@ func checkDaemonSetHasMetricsPort(t *testing.T, ds *appsv1.DaemonSet, port int32 t.Errorf("container has unexpected metrics port %d", port) } -func checkEnvoyDeploymentHasAffinity(t *testing.T, d *appsv1.Deployment, contour *model.Contour) { +func checkEnvoyDeploymentHasAffinity(t *testing.T, d *apps_v1.Deployment, contour *model.Contour) { t.Helper() if apiequality.Semantic.DeepEqual(*d.Spec.Template.Spec.Affinity, - corev1.Affinity{ - PodAntiAffinity: &corev1.PodAntiAffinity{ - PreferredDuringSchedulingIgnoredDuringExecution: []corev1.WeightedPodAffinityTerm{ + core_v1.Affinity{ + PodAntiAffinity: &core_v1.PodAntiAffinity{ + PreferredDuringSchedulingIgnoredDuringExecution: []core_v1.WeightedPodAffinityTerm{ { Weight: int32(100), - PodAffinityTerm: corev1.PodAffinityTerm{ + PodAffinityTerm: core_v1.PodAffinityTerm{ LabelSelector: EnvoyPodSelector(contour), TopologyKey: "kubernetes.io/hostname", }, @@ -292,10 +292,10 @@ func TestDesiredDaemonSet(t *testing.T) { "prometheus.io/scrape": "false", } - volTest := corev1.Volume{ + volTest := core_v1.Volume{ Name: "vol-test-mount", } - volTestMount := corev1.VolumeMount{ + volTestMount := core_v1.VolumeMount{ Name: volTest.Name, } @@ -313,23 +313,23 @@ func TestDesiredDaemonSet(t *testing.T) { testBaseIDArg := "--base-id 1" testEnvoyMaxHeapSize := "--overload-max-heap=8000000000" - resQutoa := corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("400m"), - corev1.ResourceMemory: resource.MustParse("256Mi"), + resQutoa := core_v1.ResourceRequirements{ + Limits: core_v1.ResourceList{ + core_v1.ResourceCPU: resource.MustParse("400m"), + core_v1.ResourceMemory: resource.MustParse("256Mi"), }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("100m"), - corev1.ResourceMemory: resource.MustParse("25Mi"), + Requests: core_v1.ResourceList{ + core_v1.ResourceCPU: resource.MustParse("100m"), + core_v1.ResourceMemory: resource.MustParse("25Mi"), }, } cntr.Spec.EnvoyResources = resQutoa // Change the Envoy log level to test --log-level debug. - cntr.Spec.EnvoyLogLevel = v1alpha1.DebugLog - cntr.Spec.RuntimeSettings = &v1alpha1.ContourConfigurationSpec{ - Envoy: &v1alpha1.EnvoyConfig{ - Metrics: &v1alpha1.MetricsConfig{ + cntr.Spec.EnvoyLogLevel = contour_v1alpha1.DebugLog + cntr.Spec.RuntimeSettings = &contour_v1alpha1.ContourConfigurationSpec{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Port: int(objects.EnvoyMetricsPort), }, }, @@ -389,12 +389,12 @@ func TestNodePlacementDaemonSet(t *testing.T) { cntr := model.Default(fmt.Sprintf("%s-ns", name), name) selectors := map[string]string{"node-role": "envoy"} - tolerations := []corev1.Toleration{ + tolerations := []core_v1.Toleration{ { - Operator: corev1.TolerationOpExists, + Operator: core_v1.TolerationOpExists, Key: "node-role", Value: "envoy", - Effect: corev1.TaintEffectNoSchedule, + Effect: core_v1.TaintEffectNoSchedule, }, } @@ -416,12 +416,12 @@ func TestEnvoyCustomPorts(t *testing.T) { name := "envoy-runtime-ports" metricPort := 9090 cntr := model.Default(fmt.Sprintf("%s-ns", name), name) - cntr.Spec.RuntimeSettings = &v1alpha1.ContourConfigurationSpec{ - Envoy: &v1alpha1.EnvoyConfig{ - Health: &v1alpha1.HealthConfig{ + cntr.Spec.RuntimeSettings = &contour_v1alpha1.ContourConfigurationSpec{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + Health: &contour_v1alpha1.HealthConfig{ Port: 8020, }, - Metrics: &v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Port: metricPort, }, }, diff --git a/internal/provisioner/objects/deployment/deployment.go b/internal/provisioner/objects/deployment/deployment.go index ec1700c6eb5..523c35e6580 100644 --- a/internal/provisioner/objects/deployment/deployment.go +++ b/internal/provisioner/objects/deployment/deployment.go @@ -20,18 +20,18 @@ import ( "slices" "strings" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/labels" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" "github.com/projectcontour/contour/internal/ref" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - "sigs.k8s.io/controller-runtime/pkg/client" ) const ( @@ -55,7 +55,7 @@ const ( func EnsureDeployment(ctx context.Context, cli client.Client, contour *model.Contour, image string) error { desired := DesiredDeployment(contour, image) - updater := func(ctx context.Context, cli client.Client, current, desired *appsv1.Deployment) error { + updater := func(ctx context.Context, cli client.Client, current, desired *apps_v1.Deployment) error { differ := equality.DeploymentSelectorsDiffer(current, desired) if differ { return EnsureDeploymentDeleted(ctx, cli, contour) @@ -64,14 +64,14 @@ func EnsureDeployment(ctx context.Context, cli client.Client, contour *model.Con return updateDeploymentIfNeeded(ctx, cli, contour, current, desired) } - return objects.EnsureObject(ctx, cli, desired, updater, &appsv1.Deployment{}) + return objects.EnsureObject(ctx, cli, desired, updater, &apps_v1.Deployment{}) } // EnsureDeploymentDeleted ensures the deployment for the provided contour // is deleted if Contour owner labels exist. func EnsureDeploymentDeleted(ctx context.Context, cli client.Client, contour *model.Contour) error { - obj := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + obj := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.ContourDeploymentName(), }, @@ -82,7 +82,7 @@ func EnsureDeploymentDeleted(ctx context.Context, cli client.Client, contour *mo // DesiredDeployment returns the desired deployment for the provided contour using // image as Contour's container image. -func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment { +func DesiredDeployment(contour *model.Contour, image string) *apps_v1.Deployment { xdsPort := objects.XDSPort args := []string{ "serve", @@ -98,7 +98,7 @@ func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment fmt.Sprintf("--kubernetes-debug=%d", contour.Spec.KubernetesLogLevel), } - if contour.Spec.ContourLogLevel == v1alpha1.DebugLog { + if contour.Spec.ContourLogLevel == contour_v1alpha1.DebugLog { args = append(args, "--debug") } @@ -126,17 +126,17 @@ func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment if contour.Spec.IngressClassName != nil { args = append(args, fmt.Sprintf("--ingress-class-name=%s", *contour.Spec.IngressClassName)) } - container := corev1.Container{ + container := core_v1.Container{ Name: contourContainerName, Image: image, - ImagePullPolicy: corev1.PullIfNotPresent, + ImagePullPolicy: core_v1.PullIfNotPresent, Command: []string{"contour"}, Args: args, - Env: []corev1.EnvVar{ + Env: []core_v1.EnvVar{ { Name: contourNsEnvVar, - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ APIVersion: "v1", FieldPath: "metadata.namespace", }, @@ -144,15 +144,15 @@ func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment }, { Name: contourPodEnvVar, - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ APIVersion: "v1", FieldPath: "metadata.name", }, }, }, }, - Ports: []corev1.ContainerPort{ + Ports: []core_v1.ContainerPort{ { Name: "xds", ContainerPort: xdsPort, @@ -169,10 +169,10 @@ func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment Protocol: "TCP", }, }, - LivenessProbe: &corev1.Probe{ - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ - Scheme: corev1.URISchemeHTTP, + LivenessProbe: &core_v1.Probe{ + ProbeHandler: core_v1.ProbeHandler{ + HTTPGet: &core_v1.HTTPGetAction{ + Scheme: core_v1.URISchemeHTTP, Path: "/healthz", Port: intstr.IntOrString{IntVal: int32(metricsPort)}, }, @@ -182,9 +182,9 @@ func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment SuccessThreshold: int32(1), FailureThreshold: int32(3), }, - ReadinessProbe: &corev1.Probe{ - ProbeHandler: corev1.ProbeHandler{ - TCPSocket: &corev1.TCPSocketAction{ + ReadinessProbe: &core_v1.Probe{ + ProbeHandler: core_v1.ProbeHandler{ + TCPSocket: &core_v1.TCPSocketAction{ Port: intstr.IntOrString{ IntVal: xdsPort, }, @@ -196,8 +196,8 @@ func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment FailureThreshold: int32(3), }, TerminationMessagePath: "/dev/termination-log", - TerminationMessagePolicy: corev1.TerminationMessageReadFile, - VolumeMounts: []corev1.VolumeMount{ + TerminationMessagePolicy: core_v1.TerminationMessageReadFile, + VolumeMounts: []core_v1.VolumeMount{ { Name: contourCertsVolName, MountPath: filepath.Join("/", contourCertsVolMntDir), @@ -206,38 +206,38 @@ func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment }, Resources: contour.Spec.ContourResources, } - deploy := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deploy := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.ContourDeploymentName(), Labels: contour.WorkloadLabels(), Annotations: contour.CommonAnnotations(), }, - Spec: appsv1.DeploymentSpec{ + Spec: apps_v1.DeploymentSpec{ ProgressDeadlineSeconds: ref.To(int32(600)), Replicas: ref.To(contour.Spec.ContourReplicas), RevisionHistoryLimit: ref.To(int32(10)), // Ensure the deployment adopts only its own pods. Selector: ContourDeploymentPodSelector(contour), Strategy: contour.Spec.ContourDeploymentStrategy, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ + Template: core_v1.PodTemplateSpec{ + ObjectMeta: meta_v1.ObjectMeta{ // TODO [danehans]: Remove the prometheus annotations when Contour is updated to // show how the Prometheus Operator is used to scrape Contour/Envoy metrics. Annotations: contourPodAnnotations(contour), Labels: contourPodLabels(contour), }, - Spec: corev1.PodSpec{ + Spec: core_v1.PodSpec{ // TODO [danehans]: Readdress anti-affinity when https://github.com/projectcontour/contour/issues/2997 // is resolved. - Affinity: &corev1.Affinity{ - PodAntiAffinity: &corev1.PodAntiAffinity{ - PreferredDuringSchedulingIgnoredDuringExecution: []corev1.WeightedPodAffinityTerm{ + Affinity: &core_v1.Affinity{ + PodAntiAffinity: &core_v1.PodAntiAffinity{ + PreferredDuringSchedulingIgnoredDuringExecution: []core_v1.WeightedPodAffinityTerm{ { Weight: int32(100), - PodAffinityTerm: corev1.PodAffinityTerm{ + PodAffinityTerm: core_v1.PodAffinityTerm{ TopologyKey: "kubernetes.io/hostname", - LabelSelector: &metav1.LabelSelector{ + LabelSelector: &meta_v1.LabelSelector{ MatchLabels: ContourDeploymentPodSelector(contour).MatchLabels, }, }, @@ -245,21 +245,21 @@ func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment }, }, }, - Containers: []corev1.Container{container}, - Volumes: []corev1.Volume{ + Containers: []core_v1.Container{container}, + Volumes: []core_v1.Volume{ { Name: contourCertsVolName, - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ + VolumeSource: core_v1.VolumeSource{ + Secret: &core_v1.SecretVolumeSource{ DefaultMode: ref.To(int32(420)), SecretName: contour.ContourCertsSecretName(), }, }, }, }, - DNSPolicy: corev1.DNSClusterFirst, + DNSPolicy: core_v1.DNSClusterFirst, ServiceAccountName: contour.ContourRBACNames().ServiceAccount, - RestartPolicy: corev1.RestartPolicyAlways, + RestartPolicy: core_v1.RestartPolicyAlways, SchedulerName: "default-scheduler", SecurityContext: objects.NewUnprivilegedPodSecurity(), TerminationGracePeriodSeconds: ref.To(int64(30)), @@ -281,7 +281,7 @@ func DesiredDeployment(contour *model.Contour, image string) *appsv1.Deployment // updateDeploymentIfNeeded updates a Deployment if current does not match desired, // using contour to verify the existence of owner labels. -func updateDeploymentIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *appsv1.Deployment) error { +func updateDeploymentIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *apps_v1.Deployment) error { if labels.AnyExist(current, model.OwnerLabels(contour)) { deploy, updated := equality.DeploymentConfigChanged(current, desired) if updated { @@ -295,8 +295,8 @@ func updateDeploymentIfNeeded(ctx context.Context, cli client.Client, contour *m // ContourDeploymentPodSelector returns a label selector using "app: contour" as the // key/value pair. -func ContourDeploymentPodSelector(contour *model.Contour) *metav1.LabelSelector { - return &metav1.LabelSelector{ +func ContourDeploymentPodSelector(contour *model.Contour) *meta_v1.LabelSelector { + return &meta_v1.LabelSelector{ MatchLabels: map[string]string{ "app": contour.ContourDeploymentName(), }, diff --git a/internal/provisioner/objects/deployment/deployment_test.go b/internal/provisioner/objects/deployment/deployment_test.go index 9cf62aa29ed..96aa3fe47ee 100644 --- a/internal/provisioner/objects/deployment/deployment_test.go +++ b/internal/provisioner/objects/deployment/deployment_test.go @@ -18,17 +18,17 @@ import ( "strings" "testing" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/provisioner/model" - - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/api/resource" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/provisioner/model" ) -func checkDeploymentHasEnvVar(t *testing.T, deploy *appsv1.Deployment, name string) { +func checkDeploymentHasEnvVar(t *testing.T, deploy *apps_v1.Deployment, name string) { t.Helper() for _, envVar := range deploy.Spec.Template.Spec.Containers[0].Env { @@ -39,7 +39,7 @@ func checkDeploymentHasEnvVar(t *testing.T, deploy *appsv1.Deployment, name stri t.Errorf("deployment is missing environment variable %q", name) } -func checkDeploymentHasContainer(t *testing.T, deploy *appsv1.Deployment, name string, expect bool) *corev1.Container { +func checkDeploymentHasContainer(t *testing.T, deploy *apps_v1.Deployment, name string, expect bool) *core_v1.Container { t.Helper() if deploy.Spec.Template.Spec.Containers == nil { @@ -60,7 +60,7 @@ func checkDeploymentHasContainer(t *testing.T, deploy *appsv1.Deployment, name s return nil } -func checkDeploymentHasLabels(t *testing.T, deploy *appsv1.Deployment, expected map[string]string) { +func checkDeploymentHasLabels(t *testing.T, deploy *apps_v1.Deployment, expected map[string]string) { t.Helper() if apiequality.Semantic.DeepEqual(deploy.Labels, expected) { @@ -70,7 +70,7 @@ func checkDeploymentHasLabels(t *testing.T, deploy *appsv1.Deployment, expected t.Errorf("deployment has unexpected %q labels", deploy.Labels) } -func checkPodHasAnnotations(t *testing.T, tmpl *corev1.PodTemplateSpec, annotations map[string]string) { +func checkPodHasAnnotations(t *testing.T, tmpl *core_v1.PodTemplateSpec, annotations map[string]string) { t.Helper() for k, v := range annotations { @@ -80,7 +80,7 @@ func checkPodHasAnnotations(t *testing.T, tmpl *corev1.PodTemplateSpec, annotati } } -func checkContainerHasArg(t *testing.T, container *corev1.Container, arg string) { +func checkContainerHasArg(t *testing.T, container *core_v1.Container, arg string) { t.Helper() for _, a := range container.Args { @@ -91,7 +91,7 @@ func checkContainerHasArg(t *testing.T, container *corev1.Container, arg string) t.Errorf("container is missing argument %q", arg) } -func checkContainerHasImage(t *testing.T, container *corev1.Container, image string) { +func checkContainerHasImage(t *testing.T, container *core_v1.Container, image string) { t.Helper() if container.Image == image { @@ -100,7 +100,7 @@ func checkContainerHasImage(t *testing.T, container *corev1.Container, image str t.Errorf("container is missing image %q", image) } -func checkDeploymentHasNodeSelector(t *testing.T, deploy *appsv1.Deployment, expected map[string]string) { +func checkDeploymentHasNodeSelector(t *testing.T, deploy *apps_v1.Deployment, expected map[string]string) { t.Helper() if apiequality.Semantic.DeepEqual(deploy.Spec.Template.Spec.NodeSelector, expected) { @@ -109,7 +109,7 @@ func checkDeploymentHasNodeSelector(t *testing.T, deploy *appsv1.Deployment, exp t.Errorf("deployment has unexpected node selector %q", expected) } -func checkDeploymentHasTolerations(t *testing.T, deploy *appsv1.Deployment, expected []corev1.Toleration) { +func checkDeploymentHasTolerations(t *testing.T, deploy *apps_v1.Deployment, expected []core_v1.Toleration) { t.Helper() if apiequality.Semantic.DeepEqual(deploy.Spec.Template.Spec.Tolerations, expected) { @@ -118,7 +118,7 @@ func checkDeploymentHasTolerations(t *testing.T, deploy *appsv1.Deployment, expe t.Errorf("deployment has unexpected tolerations %v", expected) } -func checkDeploymentHasResourceRequirements(t *testing.T, deploy *appsv1.Deployment, expected corev1.ResourceRequirements) { +func checkDeploymentHasResourceRequirements(t *testing.T, deploy *apps_v1.Deployment, expected core_v1.ResourceRequirements) { t.Helper() if apiequality.Semantic.DeepEqual(deploy.Spec.Template.Spec.Containers[0].Resources, expected) { @@ -127,7 +127,7 @@ func checkDeploymentHasResourceRequirements(t *testing.T, deploy *appsv1.Deploym t.Errorf("daemonset has unexpected resource requirements %v", expected) } -func checkDeploymentHasStrategy(t *testing.T, ds *appsv1.Deployment, expected appsv1.DeploymentStrategy) { +func checkDeploymentHasStrategy(t *testing.T, ds *apps_v1.Deployment, expected apps_v1.DeploymentStrategy) { t.Helper() if apiequality.Semantic.DeepEqual(ds.Spec.Strategy, expected) { @@ -142,14 +142,14 @@ func TestDesiredDeployment(t *testing.T) { icName := "test-ic" cntr.Spec.IngressClassName = &icName - resQutoa := corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("400m"), - corev1.ResourceMemory: resource.MustParse("256Mi"), + resQutoa := core_v1.ResourceRequirements{ + Limits: core_v1.ResourceList{ + core_v1.ResourceCPU: resource.MustParse("400m"), + core_v1.ResourceMemory: resource.MustParse("256Mi"), }, - Requests: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("100m"), - corev1.ResourceMemory: resource.MustParse("25Mi"), + Requests: core_v1.ResourceList{ + core_v1.ResourceCPU: resource.MustParse("100m"), + core_v1.ResourceMemory: resource.MustParse("25Mi"), }, } @@ -163,7 +163,7 @@ func TestDesiredDeployment(t *testing.T) { cntr.Spec.KubernetesLogLevel = 7 // Change the Contour log level to test --debug. - cntr.Spec.ContourLogLevel = v1alpha1.DebugLog + cntr.Spec.ContourLogLevel = contour_v1alpha1.DebugLog cntr.Spec.ResourceLabels = map[string]string{ "key": "value", @@ -217,15 +217,15 @@ func TestDesiredDeployment(t *testing.T) { func TestDesiredDeploymentWhenSettingWatchNamespaces(t *testing.T) { testCases := []struct { description string - namespaces []contourv1.Namespace + namespaces []contour_v1.Namespace }{ { description: "several valid namespaces", - namespaces: []contourv1.Namespace{"ns1", "ns2"}, + namespaces: []contour_v1.Namespace{"ns1", "ns2"}, }, { description: "single valid namespace", - namespaces: []contourv1.Namespace{"ns1"}, + namespaces: []contour_v1.Namespace{"ns1"}, }, } @@ -250,12 +250,12 @@ func TestNodePlacementDeployment(t *testing.T) { cntr := model.Default(fmt.Sprintf("%s-ns", name), name) selectors := map[string]string{"node-role": "contour"} - tolerations := []corev1.Toleration{ + tolerations := []core_v1.Toleration{ { - Operator: corev1.TolerationOpExists, + Operator: core_v1.TolerationOpExists, Key: "node-role", Value: "contour", - Effect: corev1.TaintEffectNoSchedule, + Effect: core_v1.TaintEffectNoSchedule, }, } @@ -275,15 +275,15 @@ func TestNodePlacementDeployment(t *testing.T) { func TestDesiredDeploymentWhenSettingDisabledFeature(t *testing.T) { testCases := []struct { description string - disabledFeatures []contourv1.Feature + disabledFeatures []contour_v1.Feature }{ { description: "disable 2 featuers", - disabledFeatures: []contourv1.Feature{"tlsroutes", "grpcroutes"}, + disabledFeatures: []contour_v1.Feature{"tlsroutes", "grpcroutes"}, }, { description: "disable single feature", - disabledFeatures: []contourv1.Feature{"tlsroutes"}, + disabledFeatures: []contour_v1.Feature{"tlsroutes"}, }, } diff --git a/internal/provisioner/objects/object.go b/internal/provisioner/objects/object.go index 4a963983517..711c3dfc0f2 100644 --- a/internal/provisioner/objects/object.go +++ b/internal/provisioner/objects/object.go @@ -17,12 +17,12 @@ import ( "context" "fmt" - "github.com/projectcontour/contour/internal/provisioner/labels" - "github.com/projectcontour/contour/internal/provisioner/model" - - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/projectcontour/contour/internal/provisioner/labels" + "github.com/projectcontour/contour/internal/provisioner/model" ) const ( @@ -42,11 +42,11 @@ const ( // NewUnprivilegedPodSecurity makes a a non-root PodSecurityContext object // using 65534 as the user and group ID. -func NewUnprivilegedPodSecurity() *corev1.PodSecurityContext { +func NewUnprivilegedPodSecurity() *core_v1.PodSecurityContext { user := int64(65534) group := int64(65534) nonRoot := true - return &corev1.PodSecurityContext{ + return &core_v1.PodSecurityContext{ RunAsUser: &user, RunAsGroup: &group, RunAsNonRoot: &nonRoot, diff --git a/internal/provisioner/objects/object_test.go b/internal/provisioner/objects/object_test.go index a2af22ca69c..44317a9b5ad 100644 --- a/internal/provisioner/objects/object_test.go +++ b/internal/provisioner/objects/object_test.go @@ -18,35 +18,35 @@ import ( "errors" "testing" - "github.com/projectcontour/contour/internal/provisioner" - "github.com/projectcontour/contour/internal/provisioner/model" - "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" pkgclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "github.com/projectcontour/contour/internal/provisioner" + "github.com/projectcontour/contour/internal/provisioner/model" ) func TestEnsureObject_ErrorGettingObject(t *testing.T) { // An empty scheme is used to trigger an error getting the object. client := fake.NewClientBuilder().WithScheme(runtime.NewScheme()).Build() - want := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + want := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", }, } - require.ErrorContains(t, EnsureObject(context.Background(), client, want, nil, &corev1.Service{}), "failed to get resource obj-ns/obj-name") + require.ErrorContains(t, EnsureObject(context.Background(), client, want, nil, &core_v1.Service{}), "failed to get resource obj-ns/obj-name") } func TestEnsureObject_NonExistentObjectIsCreated(t *testing.T) { @@ -55,20 +55,20 @@ func TestEnsureObject_NonExistentObjectIsCreated(t *testing.T) { client := fake.NewClientBuilder().WithScheme(scheme).Build() - want := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + want := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", }, } - require.NoError(t, EnsureObject(context.Background(), client, want, nil, &corev1.Service{})) + require.NoError(t, EnsureObject(context.Background(), client, want, nil, &core_v1.Service{})) - got := &corev1.Service{} + got := &core_v1.Service{} require.NoError(t, client.Get(context.Background(), pkgclient.ObjectKeyFromObject(want), got)) assert.Equal(t, want, got) @@ -78,12 +78,12 @@ func TestEnsureObject_ExistingObjectIsUpdated(t *testing.T) { scheme, err := provisioner.CreateScheme() require.NoError(t, err) - existing := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + existing := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", ResourceVersion: "1", @@ -92,12 +92,12 @@ func TestEnsureObject_ExistingObjectIsUpdated(t *testing.T) { client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(existing).Build() - desired := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + desired := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", Annotations: map[string]string{ @@ -106,7 +106,7 @@ func TestEnsureObject_ExistingObjectIsUpdated(t *testing.T) { }, } - updater := func(ctx context.Context, client pkgclient.Client, current, desired *corev1.Service) error { + updater := func(ctx context.Context, client pkgclient.Client, current, desired *core_v1.Service) error { // Set another annotation on "desired" so we can validate that // updater is actually being called. desired = desired.DeepCopy() @@ -114,13 +114,13 @@ func TestEnsureObject_ExistingObjectIsUpdated(t *testing.T) { return client.Update(ctx, desired) } - require.NoError(t, EnsureObject(context.Background(), client, desired, updater, &corev1.Service{})) + require.NoError(t, EnsureObject(context.Background(), client, desired, updater, &core_v1.Service{})) want := desired.DeepCopy() want.ResourceVersion = "2" want.Annotations["called-updater"] = "true" - got := &corev1.Service{} + got := &core_v1.Service{} require.NoError(t, client.Get(context.Background(), pkgclient.ObjectKeyFromObject(want), got)) assert.Equal(t, want, got) @@ -130,12 +130,12 @@ func TestEnsureObject_ErrorUpdatingObject(t *testing.T) { scheme, err := provisioner.CreateScheme() require.NoError(t, err) - existing := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + existing := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", }, @@ -143,12 +143,12 @@ func TestEnsureObject_ErrorUpdatingObject(t *testing.T) { client := fake.NewClientBuilder().WithScheme(scheme).WithObjects(existing).Build() - desired := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + desired := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", Annotations: map[string]string{ @@ -157,11 +157,11 @@ func TestEnsureObject_ErrorUpdatingObject(t *testing.T) { }, } - updater := func(ctx context.Context, client pkgclient.Client, current, desired *corev1.Service) error { + updater := func(ctx context.Context, client pkgclient.Client, current, desired *core_v1.Service) error { return errors.New("update error") } - require.ErrorContains(t, EnsureObject(context.Background(), client, desired, updater, &corev1.Service{}), "update error") + require.ErrorContains(t, EnsureObject(context.Background(), client, desired, updater, &core_v1.Service{}), "update error") } func TestEnsureObjectDeleted_ObjectNotFound(t *testing.T) { @@ -170,12 +170,12 @@ func TestEnsureObjectDeleted_ObjectNotFound(t *testing.T) { client := fake.NewClientBuilder().WithScheme(scheme).Build() - svc := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + svc := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", }, @@ -188,12 +188,12 @@ func TestEnsureObjectDeleted_ErrorGettingObject(t *testing.T) { // An empty scheme is used to trigger an error getting the object. client := fake.NewClientBuilder().WithScheme(runtime.NewScheme()).Build() - svc := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + svc := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", }, @@ -206,12 +206,12 @@ func TestEnsureObjectDeleted_ObjectExistsWithoutLabels(t *testing.T) { scheme, err := provisioner.CreateScheme() require.NoError(t, err) - existing := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + existing := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", }, @@ -222,7 +222,7 @@ func TestEnsureObjectDeleted_ObjectExistsWithoutLabels(t *testing.T) { require.NoError(t, EnsureObjectDeleted(context.Background(), client, existing, model.Default("projectcontour", "contour"))) // Ensure service still exists. - res := &corev1.Service{} + res := &core_v1.Service{} require.NoError(t, client.Get(context.Background(), pkgclient.ObjectKeyFromObject(existing), res)) } @@ -230,12 +230,12 @@ func TestEnsureObjectDeleted_ObjectExistsWithNonMatchingLabels(t *testing.T) { scheme, err := provisioner.CreateScheme() require.NoError(t, err) - existing := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + existing := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", Labels: map[string]string{ @@ -249,7 +249,7 @@ func TestEnsureObjectDeleted_ObjectExistsWithNonMatchingLabels(t *testing.T) { require.NoError(t, EnsureObjectDeleted(context.Background(), client, existing, model.Default("projectcontour", "contour"))) // Ensure service still exists. - res := &corev1.Service{} + res := &core_v1.Service{} require.NoError(t, client.Get(context.Background(), pkgclient.ObjectKeyFromObject(existing), res)) } @@ -257,12 +257,12 @@ func TestEnsureObjectDeleted_ObjectExistsWithMatchingLabels(t *testing.T) { scheme, err := provisioner.CreateScheme() require.NoError(t, err) - existing := &corev1.Service{ - TypeMeta: metav1.TypeMeta{ + existing := &core_v1.Service{ + TypeMeta: meta_v1.TypeMeta{ APIVersion: "v1", Kind: "Service", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "obj-ns", Name: "obj-name", Labels: map[string]string{ @@ -276,6 +276,6 @@ func TestEnsureObjectDeleted_ObjectExistsWithMatchingLabels(t *testing.T) { require.NoError(t, EnsureObjectDeleted(context.Background(), client, existing, model.Default("projectcontour", "contour"))) // Ensure service no longer exists. - res := &corev1.Service{} + res := &core_v1.Service{} require.True(t, apierrors.IsNotFound(client.Get(context.Background(), pkgclient.ObjectKeyFromObject(existing), res))) } diff --git a/internal/provisioner/objects/rbac/clusterrole/cluster_role.go b/internal/provisioner/objects/rbac/clusterrole/cluster_role.go index 700ca27c31f..9af16419d4e 100644 --- a/internal/provisioner/objects/rbac/clusterrole/cluster_role.go +++ b/internal/provisioner/objects/rbac/clusterrole/cluster_role.go @@ -17,14 +17,15 @@ import ( "context" "fmt" + rbac_v1 "k8s.io/api/rbac/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/labels" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" "github.com/projectcontour/contour/internal/provisioner/objects/rbac/util" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/controller-runtime/pkg/client" ) // EnsureClusterRole ensures a ClusterRole resource exists with the provided name @@ -33,21 +34,21 @@ func EnsureClusterRole(ctx context.Context, cli client.Client, name string, cont desired := desiredClusterRole(name, contour, clusterScopedResourceOnly) // Enclose contour. - updater := func(ctx context.Context, cli client.Client, current, desired *rbacv1.ClusterRole) error { + updater := func(ctx context.Context, cli client.Client, current, desired *rbac_v1.ClusterRole) error { return updateClusterRoleIfNeeded(ctx, cli, contour, current, desired) } - return objects.EnsureObject(ctx, cli, desired, updater, &rbacv1.ClusterRole{}) + return objects.EnsureObject(ctx, cli, desired, updater, &rbac_v1.ClusterRole{}) } // desiredClusterRole constructs an instance of the desired ClusterRole resource with // the provided name and contour namespace/name for the owning contour labels. -func desiredClusterRole(name string, contour *model.Contour, clusterScopedResourceOnly bool) *rbacv1.ClusterRole { - role := &rbacv1.ClusterRole{ - TypeMeta: metav1.TypeMeta{ +func desiredClusterRole(name string, contour *model.Contour, clusterScopedResourceOnly bool) *rbac_v1.ClusterRole { + role := &rbac_v1.ClusterRole{ + TypeMeta: meta_v1.TypeMeta{ Kind: "Role", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Labels: contour.CommonLabels(), Annotations: contour.CommonAnnotations(), @@ -65,7 +66,7 @@ func desiredClusterRole(name string, contour *model.Contour, clusterScopedResour // updateClusterRoleIfNeeded updates a ClusterRole resource if current does not match desired, // using contour to verify the existence of owner labels. -func updateClusterRoleIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *rbacv1.ClusterRole) error { +func updateClusterRoleIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *rbac_v1.ClusterRole) error { if labels.AnyExist(current, model.OwnerLabels(contour)) { cr, updated := equality.ClusterRoleConfigChanged(current, desired) if updated { diff --git a/internal/provisioner/objects/rbac/clusterrole/cluster_role_test.go b/internal/provisioner/objects/rbac/clusterrole/cluster_role_test.go index 56fa4a8809f..ecd4a69b1ee 100644 --- a/internal/provisioner/objects/rbac/clusterrole/cluster_role_test.go +++ b/internal/provisioner/objects/rbac/clusterrole/cluster_role_test.go @@ -18,18 +18,18 @@ import ( "slices" "testing" + rbac_v1 "k8s.io/api/rbac/v1" + apiequality "k8s.io/apimachinery/pkg/api/equality" + "k8s.io/utils/diff" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects/rbac/util" "github.com/projectcontour/contour/internal/provisioner/slice" - - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - rbacv1 "k8s.io/api/rbac/v1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/utils/diff" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" ) -func checkClusterRoleName(t *testing.T, cr *rbacv1.ClusterRole, expected string) { +func checkClusterRoleName(t *testing.T, cr *rbac_v1.ClusterRole, expected string) { t.Helper() if cr.Name == expected { @@ -39,7 +39,7 @@ func checkClusterRoleName(t *testing.T, cr *rbacv1.ClusterRole, expected string) t.Errorf("cluster role has unexpected name %q", cr.Name) } -func checkClusterRoleLabels(t *testing.T, cr *rbacv1.ClusterRole, expected map[string]string) { +func checkClusterRoleLabels(t *testing.T, cr *rbac_v1.ClusterRole, expected map[string]string) { t.Helper() if apiequality.Semantic.DeepEqual(cr.Labels, expected) { @@ -49,7 +49,7 @@ func checkClusterRoleLabels(t *testing.T, cr *rbacv1.ClusterRole, expected map[s t.Errorf("cluster role has unexpected %q labels", cr.Labels) } -func clusterRoleRulesContainOnlyClusterScopeRules(cr *rbacv1.ClusterRole) bool { +func clusterRoleRulesContainOnlyClusterScopeRules(cr *rbac_v1.ClusterRole) bool { for _, r := range cr.Rules { if !slices.Contains(r.Resources, "gatewayclasses") && !slices.Contains(r.Resources, "gatewayclasses/status") && @@ -96,12 +96,12 @@ func TestDesiredClusterRole(t *testing.T) { } func TestDesiredClusterRoleFilterResources(t *testing.T) { - filterNamespacedGatewayResources := func(policyRules []rbacv1.PolicyRule) [][]string { + filterNamespacedGatewayResources := func(policyRules []rbac_v1.PolicyRule) [][]string { gatewayResources := [][]string{} for _, rule := range policyRules { for _, apigroup := range rule.APIGroups { // gatewayclass is in isolate rule - if apigroup == gatewayv1alpha2.GroupName && rule.Resources[0] != "gatewayclasses" && rule.Resources[0] != "gatewayclasses/status" { + if apigroup == gatewayapi_v1alpha2.GroupName && rule.Resources[0] != "gatewayclasses" && rule.Resources[0] != "gatewayclasses/status" { gatewayResources = append(gatewayResources, rule.Resources) break } @@ -110,11 +110,11 @@ func TestDesiredClusterRoleFilterResources(t *testing.T) { return gatewayResources } - filterContourResources := func(policyRules []rbacv1.PolicyRule) [][]string { + filterContourResources := func(policyRules []rbac_v1.PolicyRule) [][]string { contourResources := [][]string{} for _, rule := range policyRules { for _, apigroup := range rule.APIGroups { - if apigroup == contourv1.GroupName { + if apigroup == contour_v1.GroupName { contourResources = append(contourResources, rule.Resources) break } @@ -125,7 +125,7 @@ func TestDesiredClusterRoleFilterResources(t *testing.T) { tests := []struct { description string - disabledFeatures []contourv1.Feature + disabledFeatures []contour_v1.Feature clusterScopedResourceOnly bool expectedGateway [][]string expectedContour [][]string @@ -139,7 +139,7 @@ func TestDesiredClusterRoleFilterResources(t *testing.T) { }, { description: "disable tlsroutes feature", - disabledFeatures: []contourv1.Feature{"tlsroutes"}, + disabledFeatures: []contour_v1.Feature{"tlsroutes"}, clusterScopedResourceOnly: false, expectedGateway: [][]string{ removeFromStringArray(util.GatewayGroupNamespacedResource, "tlsroutes"), @@ -150,7 +150,7 @@ func TestDesiredClusterRoleFilterResources(t *testing.T) { { description: "disable extensionservices feature", - disabledFeatures: []contourv1.Feature{"extensionservices"}, + disabledFeatures: []contour_v1.Feature{"extensionservices"}, clusterScopedResourceOnly: false, expectedGateway: [][]string{util.GatewayGroupNamespacedResource, util.GatewayGroupNamespacedResourceStatus}, expectedContour: [][]string{ @@ -160,14 +160,14 @@ func TestDesiredClusterRoleFilterResources(t *testing.T) { }, { description: "disable non-existent features", - disabledFeatures: []contourv1.Feature{"abc", "efg"}, + disabledFeatures: []contour_v1.Feature{"abc", "efg"}, clusterScopedResourceOnly: false, expectedGateway: [][]string{util.GatewayGroupNamespacedResource, util.GatewayGroupNamespacedResourceStatus}, expectedContour: [][]string{util.ContourGroupNamespacedResource, util.ContourGroupNamespacedResourceStatus}, }, { description: "disable both gateway and contour features", - disabledFeatures: []contourv1.Feature{"grpcroutes", "tlsroutes", "extensionservices", "backendtlspolicies"}, + disabledFeatures: []contour_v1.Feature{"grpcroutes", "tlsroutes", "extensionservices", "backendtlspolicies"}, clusterScopedResourceOnly: false, expectedGateway: [][]string{ removeFromStringArray(util.GatewayGroupNamespacedResource, "tlsroutes", "grpcroutes", "backendtlspolicies"), diff --git a/internal/provisioner/objects/rbac/clusterrolebinding/cluster_role_binding.go b/internal/provisioner/objects/rbac/clusterrolebinding/cluster_role_binding.go index a9991a5b3cc..45dd6329045 100644 --- a/internal/provisioner/objects/rbac/clusterrolebinding/cluster_role_binding.go +++ b/internal/provisioner/objects/rbac/clusterrolebinding/cluster_role_binding.go @@ -17,15 +17,15 @@ import ( "context" "fmt" + core_v1 "k8s.io/api/core/v1" + rbac_v1 "k8s.io/api/rbac/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/labels" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" - - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/controller-runtime/pkg/client" ) // EnsureClusterRoleBinding ensures a ClusterRoleBinding resource with the provided @@ -35,37 +35,37 @@ func EnsureClusterRoleBinding(ctx context.Context, cli client.Client, name, role desired := desiredClusterRoleBinding(name, roleRef, svcAct, contour) // Enclose contour. - updater := func(ctx context.Context, cli client.Client, current, desired *rbacv1.ClusterRoleBinding) error { + updater := func(ctx context.Context, cli client.Client, current, desired *rbac_v1.ClusterRoleBinding) error { return updateClusterRoleBindingIfNeeded(ctx, cli, contour, current, desired) } - return objects.EnsureObject(ctx, cli, desired, updater, &rbacv1.ClusterRoleBinding{}) + return objects.EnsureObject(ctx, cli, desired, updater, &rbac_v1.ClusterRoleBinding{}) } // desiredClusterRoleBinding constructs an instance of the desired ClusterRoleBinding // resource with the provided name, contour namespace/name for the owning contour // labels, roleRef for the role reference, and svcAcctRef for the subject. -func desiredClusterRoleBinding(name, roleRef, svcAcctRef string, contour *model.Contour) *rbacv1.ClusterRoleBinding { - crb := &rbacv1.ClusterRoleBinding{ - TypeMeta: metav1.TypeMeta{ +func desiredClusterRoleBinding(name, roleRef, svcAcctRef string, contour *model.Contour) *rbac_v1.ClusterRoleBinding { + crb := &rbac_v1.ClusterRoleBinding{ + TypeMeta: meta_v1.TypeMeta{ Kind: "RoleBinding", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Labels: contour.CommonLabels(), Annotations: contour.CommonAnnotations(), }, } - crb.Subjects = []rbacv1.Subject{ + crb.Subjects = []rbac_v1.Subject{ { Kind: "ServiceAccount", - APIGroup: corev1.GroupName, + APIGroup: core_v1.GroupName, Name: svcAcctRef, Namespace: contour.Namespace, }, } - crb.RoleRef = rbacv1.RoleRef{ - APIGroup: rbacv1.GroupName, + crb.RoleRef = rbac_v1.RoleRef{ + APIGroup: rbac_v1.GroupName, Kind: "ClusterRole", Name: roleRef, } @@ -74,7 +74,7 @@ func desiredClusterRoleBinding(name, roleRef, svcAcctRef string, contour *model. // updateClusterRoleBindingIfNeeded updates a ClusterRoleBinding resource if current // does not match desired, using contour to verify the existence of owner labels. -func updateClusterRoleBindingIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *rbacv1.ClusterRoleBinding) error { +func updateClusterRoleBindingIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *rbac_v1.ClusterRoleBinding) error { if labels.AnyExist(current, model.OwnerLabels(contour)) { crb, updated := equality.ClusterRoleBindingConfigChanged(current, desired) if updated { diff --git a/internal/provisioner/objects/rbac/clusterrolebinding/cluster_role_binding_test.go b/internal/provisioner/objects/rbac/clusterrolebinding/cluster_role_binding_test.go index 822c59bf069..42f3c437bc2 100644 --- a/internal/provisioner/objects/rbac/clusterrolebinding/cluster_role_binding_test.go +++ b/internal/provisioner/objects/rbac/clusterrolebinding/cluster_role_binding_test.go @@ -17,13 +17,13 @@ import ( "fmt" "testing" - "github.com/projectcontour/contour/internal/provisioner/model" - - rbacv1 "k8s.io/api/rbac/v1" + rbac_v1 "k8s.io/api/rbac/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" + + "github.com/projectcontour/contour/internal/provisioner/model" ) -func checkClusterRoleBindingName(t *testing.T, crb *rbacv1.ClusterRoleBinding, expected string) { +func checkClusterRoleBindingName(t *testing.T, crb *rbac_v1.ClusterRoleBinding, expected string) { t.Helper() if crb.Name == expected { @@ -33,7 +33,7 @@ func checkClusterRoleBindingName(t *testing.T, crb *rbacv1.ClusterRoleBinding, e t.Errorf("cluster role binding has unexpected name %q", crb.Name) } -func checkClusterRoleBindingLabels(t *testing.T, crb *rbacv1.ClusterRoleBinding, expected map[string]string) { +func checkClusterRoleBindingLabels(t *testing.T, crb *rbac_v1.ClusterRoleBinding, expected map[string]string) { t.Helper() if apiequality.Semantic.DeepEqual(crb.Labels, expected) { @@ -43,7 +43,7 @@ func checkClusterRoleBindingLabels(t *testing.T, crb *rbacv1.ClusterRoleBinding, t.Errorf("cluster role binding has unexpected %q labels", crb.Labels) } -func checkClusterRoleBindingSvcAcct(t *testing.T, crb *rbacv1.ClusterRoleBinding, name, ns string) { +func checkClusterRoleBindingSvcAcct(t *testing.T, crb *rbac_v1.ClusterRoleBinding, name, ns string) { t.Helper() if crb.Subjects[0].Name == name && crb.Subjects[0].Namespace == ns { @@ -53,7 +53,7 @@ func checkClusterRoleBindingSvcAcct(t *testing.T, crb *rbacv1.ClusterRoleBinding t.Errorf("cluster role binding has unexpected %q/%q service account reference", crb.Subjects[0].Name, crb.Subjects[0].Namespace) } -func checkClusterRoleBindingRole(t *testing.T, crb *rbacv1.ClusterRoleBinding, expected string) { +func checkClusterRoleBindingRole(t *testing.T, crb *rbac_v1.ClusterRoleBinding, expected string) { t.Helper() if crb.RoleRef.Name == expected { diff --git a/internal/provisioner/objects/rbac/rbac.go b/internal/provisioner/objects/rbac/rbac.go index 271698c90ff..24e75579f4a 100644 --- a/internal/provisioner/objects/rbac/rbac.go +++ b/internal/provisioner/objects/rbac/rbac.go @@ -17,7 +17,15 @@ import ( "context" "fmt" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" + core_v1 "k8s.io/api/core/v1" + rbac_v1 "k8s.io/api/rbac/v1" + apierrors "k8s.io/apimachinery/pkg/api/errors" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + kerrors "k8s.io/apimachinery/pkg/util/errors" + "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" "github.com/projectcontour/contour/internal/provisioner/objects/rbac/clusterrole" @@ -26,14 +34,6 @@ import ( "github.com/projectcontour/contour/internal/provisioner/objects/rbac/rolebinding" "github.com/projectcontour/contour/internal/provisioner/objects/rbac/serviceaccount" "github.com/projectcontour/contour/internal/provisioner/slice" - - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - apierrors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - kerrors "k8s.io/apimachinery/pkg/util/errors" - "sigs.k8s.io/controller-runtime/pkg/client" ) // EnsureRBAC ensures all the necessary RBAC resources exist for the @@ -125,8 +125,8 @@ func EnsureRBACDeleted(ctx context.Context, cli client.Client, contour *model.Co contour.EnvoyRBACNames(), } { if len(name.RoleBinding) > 0 { - deletions = append(deletions, &rbacv1.RoleBinding{ - ObjectMeta: metav1.ObjectMeta{ + deletions = append(deletions, &rbac_v1.RoleBinding{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: name.RoleBinding, }, @@ -134,8 +134,8 @@ func EnsureRBACDeleted(ctx context.Context, cli client.Client, contour *model.Co } if len(name.Role) > 0 { - deletions = append(deletions, &rbacv1.Role{ - ObjectMeta: metav1.ObjectMeta{ + deletions = append(deletions, &rbac_v1.Role{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: name.Role, }, @@ -143,8 +143,8 @@ func EnsureRBACDeleted(ctx context.Context, cli client.Client, contour *model.Co } if len(name.ClusterRoleBinding) > 0 { - deletions = append(deletions, &rbacv1.ClusterRoleBinding{ - ObjectMeta: metav1.ObjectMeta{ + deletions = append(deletions, &rbac_v1.ClusterRoleBinding{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: name.ClusterRoleBinding, }, @@ -152,8 +152,8 @@ func EnsureRBACDeleted(ctx context.Context, cli client.Client, contour *model.Co } if len(name.ClusterRole) > 0 { - deletions = append(deletions, &rbacv1.ClusterRole{ - ObjectMeta: metav1.ObjectMeta{ + deletions = append(deletions, &rbac_v1.ClusterRole{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: name.ClusterRole, }, @@ -161,8 +161,8 @@ func EnsureRBACDeleted(ctx context.Context, cli client.Client, contour *model.Co } if len(name.ServiceAccount) > 0 { - deletions = append(deletions, &corev1.ServiceAccount{ - ObjectMeta: metav1.ObjectMeta{ + deletions = append(deletions, &core_v1.ServiceAccount{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: name.ServiceAccount, }, @@ -179,10 +179,10 @@ func EnsureRBACDeleted(ctx context.Context, cli client.Client, contour *model.Co return nil } -func validateNamespacesExist(ctx context.Context, cli client.Client, ns []contourv1.Namespace) error { +func validateNamespacesExist(ctx context.Context, cli client.Client, ns []contour_v1.Namespace) error { errs := []error{} for _, n := range ns { - namespace := &corev1.Namespace{} + namespace := &core_v1.Namespace{} // Check if the namespace exists err := cli.Get(ctx, types.NamespacedName{Name: string(n)}, namespace) if err != nil { diff --git a/internal/provisioner/objects/rbac/role/role.go b/internal/provisioner/objects/rbac/role/role.go index 83ab82085ce..6d72f85443e 100644 --- a/internal/provisioner/objects/rbac/role/role.go +++ b/internal/provisioner/objects/rbac/role/role.go @@ -17,17 +17,18 @@ import ( "context" "fmt" + coordination_v1 "k8s.io/api/coordination/v1" + core_v1 "k8s.io/api/core/v1" + rbac_v1 "k8s.io/api/rbac/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kerrors "k8s.io/apimachinery/pkg/util/errors" + "sigs.k8s.io/controller-runtime/pkg/client" + equality "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/labels" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" "github.com/projectcontour/contour/internal/provisioner/objects/rbac/util" - coordinationv1 "k8s.io/api/coordination/v1" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - kerrors "k8s.io/apimachinery/pkg/util/errors" - "sigs.k8s.io/controller-runtime/pkg/client" ) // EnsureControllerRole ensures a Role resource exists with the for the Contour @@ -35,12 +36,12 @@ import ( func EnsureControllerRole(ctx context.Context, cli client.Client, name string, contour *model.Contour) error { desired := desiredControllerRole(name, contour) - updater := func(ctx context.Context, cli client.Client, current, desired *rbacv1.Role) error { + updater := func(ctx context.Context, cli client.Client, current, desired *rbac_v1.Role) error { err := updateRoleIfNeeded(ctx, cli, contour, current, desired) return err } - return objects.EnsureObject(ctx, cli, desired, updater, &rbacv1.Role{}) + return objects.EnsureObject(ctx, cli, desired, updater, &rbac_v1.Role{}) } // EnsureRolesInNamespaces ensures a set of Role resources exist in namespaces @@ -52,11 +53,11 @@ func EnsureRolesInNamespaces(ctx context.Context, cli client.Client, name string for _, ns := range namespaces { desired := desiredRoleForResourceInNamespace(name, ns, contour) - updater := func(ctx context.Context, cli client.Client, current, desired *rbacv1.Role) error { + updater := func(ctx context.Context, cli client.Client, current, desired *rbac_v1.Role) error { err := updateRoleIfNeeded(ctx, cli, contour, current, desired) return err } - if err := objects.EnsureObject(ctx, cli, desired, updater, &rbacv1.Role{}); err != nil { + if err := objects.EnsureObject(ctx, cli, desired, updater, &rbac_v1.Role{}); err != nil { errs = append(errs, err) } } @@ -67,12 +68,12 @@ func EnsureRolesInNamespaces(ctx context.Context, cli client.Client, name string // desiredControllerRole constructs an instance of the desired Role resource with the // provided ns/name and using contour namespace/name for the owning contour labels for // the Contour controller. -func desiredControllerRole(name string, contour *model.Contour) *rbacv1.Role { - role := &rbacv1.Role{ - TypeMeta: metav1.TypeMeta{ +func desiredControllerRole(name string, contour *model.Contour) *rbac_v1.Role { + role := &rbac_v1.Role{ + TypeMeta: meta_v1.TypeMeta{ Kind: "Role", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: name, Labels: contour.CommonLabels(), @@ -80,15 +81,15 @@ func desiredControllerRole(name string, contour *model.Contour) *rbacv1.Role { }, } verbCGU := []string{"create", "get", "update"} - role.Rules = []rbacv1.PolicyRule{ + role.Rules = []rbac_v1.PolicyRule{ { Verbs: verbCGU, - APIGroups: []string{corev1.GroupName}, + APIGroups: []string{core_v1.GroupName}, Resources: []string{"events"}, }, { Verbs: verbCGU, - APIGroups: []string{coordinationv1.GroupName}, + APIGroups: []string{coordination_v1.GroupName}, Resources: []string{"leases"}, }, } @@ -97,12 +98,12 @@ func desiredControllerRole(name string, contour *model.Contour) *rbacv1.Role { // desiredRoleForResourceInNamespace constructs an instance of the desired Role resource with the // provided ns/name and using contour namespace/name for the corresponding Contour instance -func desiredRoleForResourceInNamespace(name, namespace string, contour *model.Contour) *rbacv1.Role { - return &rbacv1.Role{ - TypeMeta: metav1.TypeMeta{ +func desiredRoleForResourceInNamespace(name, namespace string, contour *model.Contour) *rbac_v1.Role { + return &rbac_v1.Role{ + TypeMeta: meta_v1.TypeMeta{ Kind: "Role", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, Labels: contour.CommonLabels(), @@ -114,7 +115,7 @@ func desiredRoleForResourceInNamespace(name, namespace string, contour *model.Co // updateRoleIfNeeded updates a Role resource if current does not match desired, // using contour to verify the existence of owner labels. -func updateRoleIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *rbacv1.Role) error { +func updateRoleIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *rbac_v1.Role) error { if labels.AnyExist(current, model.OwnerLabels(contour)) { role, updated := equality.RoleConfigChanged(current, desired) if updated { diff --git a/internal/provisioner/objects/rbac/role/role_test.go b/internal/provisioner/objects/rbac/role/role_test.go index 8db45e5f41d..20ac751c121 100644 --- a/internal/provisioner/objects/rbac/role/role_test.go +++ b/internal/provisioner/objects/rbac/role/role_test.go @@ -17,18 +17,18 @@ import ( "fmt" "testing" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" + rbac_v1 "k8s.io/api/rbac/v1" + apiequality "k8s.io/apimachinery/pkg/api/equality" + "k8s.io/utils/diff" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects/rbac/util" "github.com/projectcontour/contour/internal/provisioner/slice" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - - rbacv1 "k8s.io/api/rbac/v1" - apiequality "k8s.io/apimachinery/pkg/api/equality" - "k8s.io/utils/diff" ) -func checkRoleName(t *testing.T, role *rbacv1.Role, expected string) { +func checkRoleName(t *testing.T, role *rbac_v1.Role, expected string) { t.Helper() if role.Name == expected { @@ -38,7 +38,7 @@ func checkRoleName(t *testing.T, role *rbacv1.Role, expected string) { t.Errorf("role %q has unexpected name", role.Name) } -func checkRoleLabels(t *testing.T, role *rbacv1.Role, expected map[string]string) { +func checkRoleLabels(t *testing.T, role *rbac_v1.Role, expected map[string]string) { t.Helper() if apiequality.Semantic.DeepEqual(role.Labels, expected) { @@ -48,7 +48,7 @@ func checkRoleLabels(t *testing.T, role *rbacv1.Role, expected map[string]string t.Errorf("role has unexpected %q labels", role.Labels) } -func checkRoleNamespace(t *testing.T, role *rbacv1.Role, namespace string) { +func checkRoleNamespace(t *testing.T, role *rbac_v1.Role, namespace string) { t.Helper() if role.Namespace == namespace { @@ -102,11 +102,11 @@ func TestDesiredRoleForContourInNamespace(t *testing.T) { } func TestDesiredRoleFilterResources(t *testing.T) { - filterNamespacedGatewayResources := func(policyRules []rbacv1.PolicyRule) [][]string { + filterNamespacedGatewayResources := func(policyRules []rbac_v1.PolicyRule) [][]string { gatewayResources := [][]string{} for _, rule := range policyRules { for _, apigroup := range rule.APIGroups { - if apigroup == gatewayv1alpha2.GroupName { + if apigroup == gatewayapi_v1alpha2.GroupName { gatewayResources = append(gatewayResources, rule.Resources) break } @@ -115,11 +115,11 @@ func TestDesiredRoleFilterResources(t *testing.T) { return gatewayResources } - filterContourResources := func(policyRules []rbacv1.PolicyRule) [][]string { + filterContourResources := func(policyRules []rbac_v1.PolicyRule) [][]string { contourResources := [][]string{} for _, rule := range policyRules { for _, apigroup := range rule.APIGroups { - if apigroup == contourv1.GroupName { + if apigroup == contour_v1.GroupName { contourResources = append(contourResources, rule.Resources) break } @@ -130,7 +130,7 @@ func TestDesiredRoleFilterResources(t *testing.T) { tests := []struct { description string - disabledFeatures []contourv1.Feature + disabledFeatures []contour_v1.Feature expectedGateway [][]string expectedContour [][]string }{ @@ -142,7 +142,7 @@ func TestDesiredRoleFilterResources(t *testing.T) { }, { description: "disable tlsroutes feature", - disabledFeatures: []contourv1.Feature{"tlsroutes"}, + disabledFeatures: []contour_v1.Feature{"tlsroutes"}, expectedGateway: [][]string{ removeFromStringArray(util.GatewayGroupNamespacedResource, "tlsroutes"), removeFromStringArray(util.GatewayGroupNamespacedResourceStatus, "tlsroutes/status"), @@ -152,7 +152,7 @@ func TestDesiredRoleFilterResources(t *testing.T) { { description: "disable extensionservices feature", - disabledFeatures: []contourv1.Feature{"extensionservices"}, + disabledFeatures: []contour_v1.Feature{"extensionservices"}, expectedGateway: [][]string{util.GatewayGroupNamespacedResource, util.GatewayGroupNamespacedResourceStatus}, expectedContour: [][]string{ removeFromStringArray(util.ContourGroupNamespacedResource, "extensionservices"), @@ -161,13 +161,13 @@ func TestDesiredRoleFilterResources(t *testing.T) { }, { description: "disable non-existent features", - disabledFeatures: []contourv1.Feature{"abc", "efg"}, + disabledFeatures: []contour_v1.Feature{"abc", "efg"}, expectedGateway: [][]string{util.GatewayGroupNamespacedResource, util.GatewayGroupNamespacedResourceStatus}, expectedContour: [][]string{util.ContourGroupNamespacedResource, util.ContourGroupNamespacedResourceStatus}, }, { description: "disable both gateway and contour features", - disabledFeatures: []contourv1.Feature{"grpcroutes", "tlsroutes", "backendtlspolicies", "extensionservices"}, + disabledFeatures: []contour_v1.Feature{"grpcroutes", "tlsroutes", "backendtlspolicies", "extensionservices"}, expectedGateway: [][]string{ removeFromStringArray(util.GatewayGroupNamespacedResource, "tlsroutes", "grpcroutes", "backendtlspolicies"), removeFromStringArray(util.GatewayGroupNamespacedResourceStatus, "tlsroutes/status", "grpcroutes/status", "backendtlspolicies/status"), diff --git a/internal/provisioner/objects/rbac/rolebinding/role_binding.go b/internal/provisioner/objects/rbac/rolebinding/role_binding.go index e12c0117ada..e907856f02d 100644 --- a/internal/provisioner/objects/rbac/rolebinding/role_binding.go +++ b/internal/provisioner/objects/rbac/rolebinding/role_binding.go @@ -17,15 +17,16 @@ import ( "context" "fmt" + core_v1 "k8s.io/api/core/v1" + rbac_v1 "k8s.io/api/rbac/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kerrors "k8s.io/apimachinery/pkg/util/errors" + "sigs.k8s.io/controller-runtime/pkg/client" + equality "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/labels" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - kerrors "k8s.io/apimachinery/pkg/util/errors" - "sigs.k8s.io/controller-runtime/pkg/client" ) // EnsureControllerRoleBinding ensures a RoleBinding resource exists with the provided @@ -35,11 +36,11 @@ func EnsureControllerRoleBinding(ctx context.Context, cli client.Client, name, s desired := desiredRoleBindingInNamespace(name, svcAct, role, contour.Namespace, contour) // Enclose contour. - updater := func(ctx context.Context, cli client.Client, current, desired *rbacv1.RoleBinding) error { + updater := func(ctx context.Context, cli client.Client, current, desired *rbac_v1.RoleBinding) error { return updateRoleBindingIfNeeded(ctx, cli, contour, current, desired) } - return objects.EnsureObject(ctx, cli, desired, updater, &rbacv1.RoleBinding{}) + return objects.EnsureObject(ctx, cli, desired, updater, &rbac_v1.RoleBinding{}) } // EnsureRoleBindingsInNamespaces ensures a set of RoleBinding resources exist with the provided @@ -51,10 +52,10 @@ func EnsureRoleBindingsInNamespaces(ctx context.Context, cli client.Client, name desired := desiredRoleBindingInNamespace(name, svcAct, role, ns, contour) // Enclose contour. - updater := func(ctx context.Context, cli client.Client, current, desired *rbacv1.RoleBinding) error { + updater := func(ctx context.Context, cli client.Client, current, desired *rbac_v1.RoleBinding) error { return updateRoleBindingIfNeeded(ctx, cli, contour, current, desired) } - err := objects.EnsureObject(ctx, cli, desired, updater, &rbacv1.RoleBinding{}) + err := objects.EnsureObject(ctx, cli, desired, updater, &rbac_v1.RoleBinding{}) errs = append(errs, err) } @@ -65,27 +66,27 @@ func EnsureRoleBindingsInNamespaces(ctx context.Context, cli client.Client, name // with the provided name in provided namespace, using contour namespace/name // for the owning contour labels. The RoleBinding will use svcAct for the subject // and role for the role reference. -func desiredRoleBindingInNamespace(name, svcAcctRef, roleRef, namespace string, contour *model.Contour) *rbacv1.RoleBinding { - rb := &rbacv1.RoleBinding{ - TypeMeta: metav1.TypeMeta{ +func desiredRoleBindingInNamespace(name, svcAcctRef, roleRef, namespace string, contour *model.Contour) *rbac_v1.RoleBinding { + rb := &rbac_v1.RoleBinding{ + TypeMeta: meta_v1.TypeMeta{ Kind: "RoleBinding", }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: name, Labels: contour.CommonLabels(), Annotations: contour.CommonAnnotations(), }, } - rb.Subjects = []rbacv1.Subject{{ + rb.Subjects = []rbac_v1.Subject{{ Kind: "ServiceAccount", - APIGroup: corev1.GroupName, + APIGroup: core_v1.GroupName, Name: svcAcctRef, // service account will be the same one Namespace: contour.Namespace, }} - rb.RoleRef = rbacv1.RoleRef{ - APIGroup: rbacv1.GroupName, + rb.RoleRef = rbac_v1.RoleRef{ + APIGroup: rbac_v1.GroupName, Kind: "Role", Name: roleRef, } @@ -95,7 +96,7 @@ func desiredRoleBindingInNamespace(name, svcAcctRef, roleRef, namespace string, // updateRoleBindingIfNeeded updates a RoleBinding resource if current does // not match desired. -func updateRoleBindingIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *rbacv1.RoleBinding) error { +func updateRoleBindingIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *rbac_v1.RoleBinding) error { if labels.AnyExist(current, model.OwnerLabels(contour)) { rb, updated := equality.RoleBindingConfigChanged(current, desired) if updated { diff --git a/internal/provisioner/objects/rbac/rolebinding/role_binding_test.go b/internal/provisioner/objects/rbac/rolebinding/role_binding_test.go index 31907f3d33b..e0983576de8 100644 --- a/internal/provisioner/objects/rbac/rolebinding/role_binding_test.go +++ b/internal/provisioner/objects/rbac/rolebinding/role_binding_test.go @@ -17,13 +17,13 @@ import ( "fmt" "testing" - "github.com/projectcontour/contour/internal/provisioner/model" - - rbacv1 "k8s.io/api/rbac/v1" + rbac_v1 "k8s.io/api/rbac/v1" apiequality "k8s.io/apimachinery/pkg/api/equality" + + "github.com/projectcontour/contour/internal/provisioner/model" ) -func checkRoleBindingName(t *testing.T, rb *rbacv1.RoleBinding, expected string) { +func checkRoleBindingName(t *testing.T, rb *rbac_v1.RoleBinding, expected string) { t.Helper() if rb.Name == expected { @@ -33,7 +33,7 @@ func checkRoleBindingName(t *testing.T, rb *rbacv1.RoleBinding, expected string) t.Errorf("role binding %q has unexpected name", rb.Name) } -func checkRoleBindingNamespace(t *testing.T, rb *rbacv1.RoleBinding, expected string) { +func checkRoleBindingNamespace(t *testing.T, rb *rbac_v1.RoleBinding, expected string) { t.Helper() if rb.Namespace == expected { @@ -43,7 +43,7 @@ func checkRoleBindingNamespace(t *testing.T, rb *rbacv1.RoleBinding, expected st t.Errorf("role binding %q has unexpected namespace", rb.Namespace) } -func checkRoleBindingLabels(t *testing.T, rb *rbacv1.RoleBinding, expected map[string]string) { +func checkRoleBindingLabels(t *testing.T, rb *rbac_v1.RoleBinding, expected map[string]string) { t.Helper() if apiequality.Semantic.DeepEqual(rb.Labels, expected) { @@ -53,7 +53,7 @@ func checkRoleBindingLabels(t *testing.T, rb *rbacv1.RoleBinding, expected map[s t.Errorf("role binding has unexpected %q labels", rb.Labels) } -func checkRoleBindingSvcAcct(t *testing.T, rb *rbacv1.RoleBinding, name, ns string) { +func checkRoleBindingSvcAcct(t *testing.T, rb *rbac_v1.RoleBinding, name, ns string) { t.Helper() if rb.Subjects[0].Name == name && rb.Subjects[0].Namespace == ns { @@ -63,7 +63,7 @@ func checkRoleBindingSvcAcct(t *testing.T, rb *rbacv1.RoleBinding, name, ns stri t.Errorf("role binding has unexpected %q/%q service account reference", rb.Subjects[0].Name, rb.Subjects[0].Namespace) } -func checkRoleBindingRole(t *testing.T, rb *rbacv1.RoleBinding, expected string) { +func checkRoleBindingRole(t *testing.T, rb *rbac_v1.RoleBinding, expected string) { t.Helper() if rb.RoleRef.Name == expected { diff --git a/internal/provisioner/objects/rbac/serviceaccount/service_account.go b/internal/provisioner/objects/rbac/serviceaccount/service_account.go index 26ad2218053..70ba58c571b 100644 --- a/internal/provisioner/objects/rbac/serviceaccount/service_account.go +++ b/internal/provisioner/objects/rbac/serviceaccount/service_account.go @@ -17,15 +17,15 @@ import ( "context" "fmt" + core_v1 "k8s.io/api/core/v1" + rbac_v1 "k8s.io/api/rbac/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + utilequality "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/labels" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" - - corev1 "k8s.io/api/core/v1" - rbacv1 "k8s.io/api/rbac/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/controller-runtime/pkg/client" ) // EnsureServiceAccount ensures a ServiceAccount resource exists with the provided name @@ -33,22 +33,22 @@ import ( func EnsureServiceAccount(ctx context.Context, cli client.Client, name string, contour *model.Contour) error { desired := desiredServiceAccount(name, contour) - updater := func(ctx context.Context, cli client.Client, current, desired *corev1.ServiceAccount) error { + updater := func(ctx context.Context, cli client.Client, current, desired *core_v1.ServiceAccount) error { _, err := updateSvcAcctIfNeeded(ctx, cli, contour, current, desired) return err } - return objects.EnsureObject(ctx, cli, desired, updater, &corev1.ServiceAccount{}) + return objects.EnsureObject(ctx, cli, desired, updater, &core_v1.ServiceAccount{}) } // desiredServiceAccount generates the desired ServiceAccount resource for the // given contour. -func desiredServiceAccount(name string, contour *model.Contour) *corev1.ServiceAccount { - return &corev1.ServiceAccount{ - TypeMeta: metav1.TypeMeta{ - Kind: rbacv1.ServiceAccountKind, +func desiredServiceAccount(name string, contour *model.Contour) *core_v1.ServiceAccount { + return &core_v1.ServiceAccount{ + TypeMeta: meta_v1.TypeMeta{ + Kind: rbac_v1.ServiceAccountKind, }, - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: name, Labels: contour.CommonLabels(), @@ -59,7 +59,7 @@ func desiredServiceAccount(name string, contour *model.Contour) *corev1.ServiceA // updateSvcAcctIfNeeded updates a ServiceAccount resource if current does not match desired, // using contour to verify the existence of owner labels. -func updateSvcAcctIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *corev1.ServiceAccount) (*corev1.ServiceAccount, error) { +func updateSvcAcctIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *core_v1.ServiceAccount) (*core_v1.ServiceAccount, error) { if labels.AnyExist(current, model.OwnerLabels(contour)) { sa, updated := utilequality.ServiceAccountConfigChanged(current, desired) if updated { diff --git a/internal/provisioner/objects/rbac/util/util.go b/internal/provisioner/objects/rbac/util/util.go index 1fb781f0d6d..6a80ad24fe8 100644 --- a/internal/provisioner/objects/rbac/util/util.go +++ b/internal/provisioner/objects/rbac/util/util.go @@ -16,14 +16,15 @@ package util import ( "strings" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" + core_v1 "k8s.io/api/core/v1" + discovery_v1 "k8s.io/api/discovery/v1" + networking_v1 "k8s.io/api/networking/v1" + rbac_v1 "k8s.io/api/rbac/v1" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/slice" - corev1 "k8s.io/api/core/v1" - discoveryv1 "k8s.io/api/discovery/v1" - networkingv1 "k8s.io/api/networking/v1" - rbacv1 "k8s.io/api/rbac/v1" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" ) const contourV1GroupName = "projectcontour.io" @@ -42,8 +43,8 @@ var ( ) // PolicyRuleFor returns PolicyRule object with provided apiGroup, verbs and resources -func PolicyRuleFor(apiGroup string, verbs []string, resources ...string) rbacv1.PolicyRule { - return rbacv1.PolicyRule{ +func PolicyRuleFor(apiGroup string, verbs []string, resources ...string) rbac_v1.PolicyRule { + return rbac_v1.PolicyRule{ Verbs: verbs, APIGroups: []string{apiGroup}, Resources: resources, @@ -53,22 +54,22 @@ func PolicyRuleFor(apiGroup string, verbs []string, resources ...string) rbacv1. // NamespacedResourcePolicyRules returns a set of policy rules for resources that are // namespaced-scoped. If resourcesToSkip is not empty, skip creating RBAC for those // CRDs. -func NamespacedResourcePolicyRules(resourcesToSkip []contourv1.Feature) []rbacv1.PolicyRule { - return []rbacv1.PolicyRule{ +func NamespacedResourcePolicyRules(resourcesToSkip []contour_v1.Feature) []rbac_v1.PolicyRule { + return []rbac_v1.PolicyRule{ // Core Contour-watched resources. - PolicyRuleFor(corev1.GroupName, getListWatch, "secrets", "endpoints", "services", "configmaps"), + PolicyRuleFor(core_v1.GroupName, getListWatch, "secrets", "endpoints", "services", "configmaps"), // Discovery Contour-watched resources. - PolicyRuleFor(discoveryv1.GroupName, getListWatch, "endpointslices"), + PolicyRuleFor(discovery_v1.GroupName, getListWatch, "endpointslices"), // Gateway API resources. // Note, ReferenceGrant does not currently have a .status field so it's omitted from the status rule. - PolicyRuleFor(gatewayv1alpha2.GroupName, getListWatch, filterResources(resourcesToSkip, GatewayGroupNamespacedResource...)...), - PolicyRuleFor(gatewayv1alpha2.GroupName, update, filterResources(resourcesToSkip, GatewayGroupNamespacedResourceStatus...)...), + PolicyRuleFor(gatewayapi_v1alpha2.GroupName, getListWatch, filterResources(resourcesToSkip, GatewayGroupNamespacedResource...)...), + PolicyRuleFor(gatewayapi_v1alpha2.GroupName, update, filterResources(resourcesToSkip, GatewayGroupNamespacedResourceStatus...)...), // Ingress resources. - PolicyRuleFor(networkingv1.GroupName, getListWatch, "ingresses"), - PolicyRuleFor(networkingv1.GroupName, createGetUpdate, "ingresses/status"), + PolicyRuleFor(networking_v1.GroupName, getListWatch, "ingresses"), + PolicyRuleFor(networking_v1.GroupName, createGetUpdate, "ingresses/status"), // Contour CRDs. PolicyRuleFor(contourV1GroupName, getListWatch, filterResources(resourcesToSkip, ContourGroupNamespacedResource...)...), @@ -78,18 +79,18 @@ func NamespacedResourcePolicyRules(resourcesToSkip []contourv1.Feature) []rbacv1 // ClusterScopedResourcePolicyRules returns a set of policy rules for // cluster-scoped resources. -func ClusterScopedResourcePolicyRules() []rbacv1.PolicyRule { - return []rbacv1.PolicyRule{ +func ClusterScopedResourcePolicyRules() []rbac_v1.PolicyRule { + return []rbac_v1.PolicyRule{ // GatewayClass. - PolicyRuleFor(gatewayv1alpha2.GroupName, getListWatch, "gatewayclasses"), - PolicyRuleFor(gatewayv1alpha2.GroupName, update, "gatewayclasses/status"), + PolicyRuleFor(gatewayapi_v1alpha2.GroupName, getListWatch, "gatewayclasses"), + PolicyRuleFor(gatewayapi_v1alpha2.GroupName, update, "gatewayclasses/status"), // Namespaces - PolicyRuleFor(corev1.GroupName, getListWatch, "namespaces"), + PolicyRuleFor(core_v1.GroupName, getListWatch, "namespaces"), } } -func filterResources(resourcesToSkip []contourv1.Feature, resources ...string) []string { +func filterResources(resourcesToSkip []contour_v1.Feature, resources ...string) []string { if len(resourcesToSkip) == 0 { return resources } diff --git a/internal/provisioner/objects/rbac/util/util_test.go b/internal/provisioner/objects/rbac/util/util_test.go index c6218761e07..10d100253f8 100644 --- a/internal/provisioner/objects/rbac/util/util_test.go +++ b/internal/provisioner/objects/rbac/util/util_test.go @@ -17,13 +17,13 @@ import ( "reflect" "testing" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) func TestFilterResources(t *testing.T) { testCases := []struct { description string - disabledFeatures []contourv1.Feature + disabledFeatures []contour_v1.Feature resourceList []string expectedList []string }{ @@ -36,25 +36,25 @@ func TestFilterResources(t *testing.T) { { description: "disable extensionservices", resourceList: []string{"httpproxies", "tlscertificatedelegations", "extensionservices", "contourconfigurations"}, - disabledFeatures: []contourv1.Feature{"extensionservices"}, + disabledFeatures: []contour_v1.Feature{"extensionservices"}, expectedList: []string{"httpproxies", "tlscertificatedelegations", "contourconfigurations"}, }, { description: "disable extensionservices, filter status", resourceList: []string{"httpproxies/status", "extensionservices/status", "contourconfigurations/status"}, - disabledFeatures: []contourv1.Feature{"extensionservices"}, + disabledFeatures: []contour_v1.Feature{"extensionservices"}, expectedList: []string{"httpproxies/status", "contourconfigurations/status"}, }, { description: "disable tlsroutes", resourceList: []string{"gateways", "httproutes", "tlsroutes", "grpcroutes", "tcproutes", "referencegrants"}, - disabledFeatures: []contourv1.Feature{"tlsroutes"}, + disabledFeatures: []contour_v1.Feature{"tlsroutes"}, expectedList: []string{"gateways", "httproutes", "grpcroutes", "tcproutes", "referencegrants"}, }, { description: "disable non-existence abc", resourceList: []string{"gateways", "httproutes", "tlsroutes", "grpcroutes", "tcproutes", "referencegrants"}, - disabledFeatures: []contourv1.Feature{"abc"}, + disabledFeatures: []contour_v1.Feature{"abc"}, expectedList: []string{"gateways", "httproutes", "tlsroutes", "grpcroutes", "tcproutes", "referencegrants"}, }, } diff --git a/internal/provisioner/objects/secret/secret.go b/internal/provisioner/objects/secret/secret.go index 36fcc34ac2f..ef248a908ba 100644 --- a/internal/provisioner/objects/secret/secret.go +++ b/internal/provisioner/objects/secret/secret.go @@ -18,14 +18,15 @@ import ( "fmt" "strings" - "github.com/projectcontour/contour/internal/certgen" - "github.com/projectcontour/contour/internal/provisioner/model" - "github.com/projectcontour/contour/pkg/certs" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" utilerrors "k8s.io/apimachinery/pkg/util/errors" "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/projectcontour/contour/internal/certgen" + "github.com/projectcontour/contour/internal/provisioner/model" + "github.com/projectcontour/contour/pkg/certs" ) // generatedByVersionAnnotation is the key for the annotation that stores @@ -107,7 +108,7 @@ func tlsSecretsExist(contour *model.Contour, cli client.Client, generatedByVersi contour.ContourCertsSecretName(), contour.EnvoyCertsSecretName(), } { - s := &corev1.Secret{} + s := &core_v1.Secret{} key := client.ObjectKey{ Namespace: contour.Namespace, @@ -131,8 +132,8 @@ func EnsureXDSSecretsDeleted(ctx context.Context, cli client.Client, contour *mo contour.ContourCertsSecretName(), contour.EnvoyCertsSecretName(), } { - s := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + s := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: secretName, }, diff --git a/internal/provisioner/objects/service/service.go b/internal/provisioner/objects/service/service.go index 71d972934e6..439ab00f338 100644 --- a/internal/provisioner/objects/service/service.go +++ b/internal/provisioner/objects/service/service.go @@ -18,6 +18,11 @@ import ( "fmt" "strings" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/intstr" + "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/projectcontour/contour/internal/provisioner/equality" "github.com/projectcontour/contour/internal/provisioner/labels" "github.com/projectcontour/contour/internal/provisioner/model" @@ -25,11 +30,6 @@ import ( "github.com/projectcontour/contour/internal/provisioner/objects/dataplane" "github.com/projectcontour/contour/internal/provisioner/objects/deployment" "github.com/projectcontour/contour/internal/ref" - - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/intstr" - "sigs.k8s.io/controller-runtime/pkg/client" ) const ( @@ -108,28 +108,28 @@ var InternalLBAnnotations = map[model.LoadBalancerProviderType]map[string]string // EnsureContourService ensures that a Contour Service exists for the given contour. func EnsureContourService(ctx context.Context, cli client.Client, contour *model.Contour) error { // Enclose contour. - updater := func(ctx context.Context, cli client.Client, current, desired *corev1.Service) error { + updater := func(ctx context.Context, cli client.Client, current, desired *core_v1.Service) error { return updateContourServiceIfNeeded(ctx, cli, contour, current, desired) } - return objects.EnsureObject(ctx, cli, DesiredContourService(contour), updater, &corev1.Service{}) + return objects.EnsureObject(ctx, cli, DesiredContourService(contour), updater, &core_v1.Service{}) } // EnsureEnvoyService ensures that an Envoy Service exists for the given contour. func EnsureEnvoyService(ctx context.Context, cli client.Client, contour *model.Contour) error { // Enclose contour. - updater := func(ctx context.Context, cli client.Client, current, desired *corev1.Service) error { + updater := func(ctx context.Context, cli client.Client, current, desired *core_v1.Service) error { return updateEnvoyServiceIfNeeded(ctx, cli, contour, current, desired) } - return objects.EnsureObject(ctx, cli, DesiredEnvoyService(contour), updater, &corev1.Service{}) + return objects.EnsureObject(ctx, cli, DesiredEnvoyService(contour), updater, &core_v1.Service{}) } // EnsureContourServiceDeleted ensures that a Contour Service for the // provided contour is deleted if Contour owner labels exist. func EnsureContourServiceDeleted(ctx context.Context, cli client.Client, contour *model.Contour) error { - obj := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.ContourServiceName(), }, @@ -141,8 +141,8 @@ func EnsureContourServiceDeleted(ctx context.Context, cli client.Client, contour // EnsureEnvoyServiceDeleted ensures that an Envoy Service for the // provided contour is deleted. func EnsureEnvoyServiceDeleted(ctx context.Context, cli client.Client, contour *model.Contour) error { - obj := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + obj := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.EnvoyServiceName(), }, @@ -152,56 +152,56 @@ func EnsureEnvoyServiceDeleted(ctx context.Context, cli client.Client, contour * } // DesiredContourService generates the desired Contour Service for the given contour. -func DesiredContourService(contour *model.Contour) *corev1.Service { +func DesiredContourService(contour *model.Contour) *core_v1.Service { xdsPort := objects.XDSPort - svc := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + svc := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.ContourServiceName(), Labels: contour.CommonLabels(), Annotations: contour.CommonAnnotations(), }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{ { Name: "xds", Port: xdsPort, - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, TargetPort: intstr.IntOrString{IntVal: xdsPort}, }, }, Selector: deployment.ContourDeploymentPodSelector(contour).MatchLabels, - Type: corev1.ServiceTypeClusterIP, - SessionAffinity: corev1.ServiceAffinityNone, + Type: core_v1.ServiceTypeClusterIP, + SessionAffinity: core_v1.ServiceAffinityNone, }, } return svc } // DesiredEnvoyService generates the desired Envoy Service for the given contour. -func DesiredEnvoyService(contour *model.Contour) *corev1.Service { - var ports []corev1.ServicePort +func DesiredEnvoyService(contour *model.Contour) *core_v1.Service { + var ports []core_v1.ServicePort for _, port := range contour.Spec.NetworkPublishing.Envoy.Ports { - ports = append(ports, corev1.ServicePort{ + ports = append(ports, core_v1.ServicePort{ Name: port.Name, - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, Port: port.ServicePort, TargetPort: intstr.IntOrString{IntVal: port.ContainerPort}, }) } - svc := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + svc := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: contour.Namespace, Name: contour.EnvoyServiceName(), Labels: contour.CommonLabels(), Annotations: contour.CommonAnnotations(), }, - Spec: corev1.ServiceSpec{ + Spec: core_v1.ServiceSpec{ Ports: ports, Selector: dataplane.EnvoyPodSelector(contour).MatchLabels, - SessionAffinity: corev1.ServiceAffinityNone, + SessionAffinity: core_v1.ServiceAffinityNone, LoadBalancerIP: contour.Spec.NetworkPublishing.Envoy.LoadBalancer.LoadBalancerIP, }, } @@ -261,7 +261,7 @@ func DesiredEnvoyService(contour *model.Contour) *corev1.Service { } switch epType { case model.LoadBalancerServicePublishingType: - svc.Spec.Type = corev1.ServiceTypeLoadBalancer + svc.Spec.Type = core_v1.ServiceTypeLoadBalancer isInternal := contour.Spec.NetworkPublishing.Envoy.LoadBalancer.Scope == model.InternalLoadBalancer if isInternal { provider := providerParams.Type @@ -271,7 +271,7 @@ func DesiredEnvoyService(contour *model.Contour) *corev1.Service { } } case model.NodePortServicePublishingType: - svc.Spec.Type = corev1.ServiceTypeNodePort + svc.Spec.Type = core_v1.ServiceTypeNodePort for _, p := range contour.Spec.NetworkPublishing.Envoy.Ports { if p.NodePort == 0 { @@ -285,7 +285,7 @@ func DesiredEnvoyService(contour *model.Contour) *corev1.Service { } case model.ClusterIPServicePublishingType: - svc.Spec.Type = corev1.ServiceTypeClusterIP + svc.Spec.Type = core_v1.ServiceTypeClusterIP } if len(contour.Spec.NetworkPublishing.Envoy.ServiceAnnotations) > 0 { @@ -302,7 +302,7 @@ func DesiredEnvoyService(contour *model.Contour) *corev1.Service { } // updateContourServiceIfNeeded updates a Contour Service if current does not match desired. -func updateContourServiceIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *corev1.Service) error { +func updateContourServiceIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *core_v1.Service) error { if !labels.AnyExist(current, model.OwnerLabels(contour)) { return nil } @@ -319,14 +319,14 @@ func updateContourServiceIfNeeded(ctx context.Context, cli client.Client, contou // updateEnvoyServiceIfNeeded updates an Envoy Service if current does not match desired, // using contour to verify the existence of owner labels. -func updateEnvoyServiceIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *corev1.Service) error { +func updateEnvoyServiceIfNeeded(ctx context.Context, cli client.Client, contour *model.Contour, current, desired *core_v1.Service) error { if !labels.AnyExist(current, model.OwnerLabels(contour)) { return nil } // Using the Service returned by the equality pkg instead of the desired // parameter since clusterIP is immutable. - var updated *corev1.Service + var updated *core_v1.Service needed := false switch contour.Spec.NetworkPublishing.Envoy.Type { case model.NodePortServicePublishingType: diff --git a/internal/provisioner/objects/service/service_test.go b/internal/provisioner/objects/service/service_test.go index 1d72df130a0..faf2a89b602 100644 --- a/internal/provisioner/objects/service/service_test.go +++ b/internal/provisioner/objects/service/service_test.go @@ -18,14 +18,14 @@ import ( "sort" "testing" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/util/intstr" + "github.com/projectcontour/contour/internal/provisioner/model" "github.com/projectcontour/contour/internal/provisioner/objects" - - corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/util/intstr" ) -func checkServiceHasPort(t *testing.T, svc *corev1.Service, port int32) { +func checkServiceHasPort(t *testing.T, svc *core_v1.Service, port int32) { t.Helper() for _, p := range svc.Spec.Ports { @@ -36,7 +36,7 @@ func checkServiceHasPort(t *testing.T, svc *corev1.Service, port int32) { t.Errorf("service is missing port %q", port) } -func checkServiceHasNodeport(t *testing.T, svc *corev1.Service, port int32) { +func checkServiceHasNodeport(t *testing.T, svc *core_v1.Service, port int32) { t.Helper() for _, p := range svc.Spec.Ports { @@ -47,7 +47,7 @@ func checkServiceHasNodeport(t *testing.T, svc *corev1.Service, port int32) { t.Errorf("service is missing nodeport %q", port) } -func checkServiceHasTargetPort(t *testing.T, svc *corev1.Service, port int32) { +func checkServiceHasTargetPort(t *testing.T, svc *core_v1.Service, port int32) { t.Helper() intStrPort := intstr.IntOrString{IntVal: port} @@ -59,7 +59,7 @@ func checkServiceHasTargetPort(t *testing.T, svc *corev1.Service, port int32) { t.Errorf("service is missing targetPort %d", port) } -func checkServiceHasPortName(t *testing.T, svc *corev1.Service, name string) { +func checkServiceHasPortName(t *testing.T, svc *core_v1.Service, name string) { t.Helper() for _, p := range svc.Spec.Ports { @@ -70,7 +70,7 @@ func checkServiceHasPortName(t *testing.T, svc *corev1.Service, name string) { t.Errorf("service is missing port name %q", name) } -func checkServiceHasPortProtocol(t *testing.T, svc *corev1.Service, protocol corev1.Protocol) { +func checkServiceHasPortProtocol(t *testing.T, svc *core_v1.Service, protocol core_v1.Protocol) { t.Helper() for _, p := range svc.Spec.Ports { @@ -81,7 +81,7 @@ func checkServiceHasPortProtocol(t *testing.T, svc *corev1.Service, protocol cor t.Errorf("service is missing port protocol %q", protocol) } -func checkServiceHasAnnotations(t *testing.T, svc *corev1.Service, expectedKeys ...string) { +func checkServiceHasAnnotations(t *testing.T, svc *core_v1.Service, expectedKeys ...string) { t.Helper() // get all of the actual annotation keys from the service @@ -108,7 +108,7 @@ func checkServiceHasAnnotations(t *testing.T, svc *corev1.Service, expectedKeys } } -func checkServiceHasType(t *testing.T, svc *corev1.Service, svcType corev1.ServiceType) { +func checkServiceHasType(t *testing.T, svc *core_v1.Service, svcType core_v1.ServiceType) { t.Helper() if svc.Spec.Type != svcType { @@ -116,7 +116,7 @@ func checkServiceHasType(t *testing.T, svc *corev1.Service, svcType corev1.Servi } } -func checkServiceHasExternalTrafficPolicy(t *testing.T, svc *corev1.Service, policy corev1.ServiceExternalTrafficPolicyType) { +func checkServiceHasExternalTrafficPolicy(t *testing.T, svc *core_v1.Service, policy core_v1.ServiceExternalTrafficPolicyType) { t.Helper() if svc.Spec.ExternalTrafficPolicy != policy { @@ -124,7 +124,7 @@ func checkServiceHasExternalTrafficPolicy(t *testing.T, svc *corev1.Service, pol } } -func checkServiceHasNoExternalTrafficPolicy(t *testing.T, svc *corev1.Service) { +func checkServiceHasNoExternalTrafficPolicy(t *testing.T, svc *core_v1.Service) { t.Helper() if svc.Spec.ExternalTrafficPolicy != "" { @@ -132,7 +132,7 @@ func checkServiceHasNoExternalTrafficPolicy(t *testing.T, svc *corev1.Service) { } } -func checkServiceHasIPFamilyPolicy(t *testing.T, svc *corev1.Service, policy corev1.IPFamilyPolicy) { +func checkServiceHasIPFamilyPolicy(t *testing.T, svc *core_v1.Service, policy core_v1.IPFamilyPolicy) { t.Helper() if *svc.Spec.IPFamilyPolicy != policy { @@ -140,7 +140,7 @@ func checkServiceHasIPFamilyPolicy(t *testing.T, svc *corev1.Service, policy cor } } -func checkServiceHasLoadBalancerAddress(t *testing.T, svc *corev1.Service, address string) { +func checkServiceHasLoadBalancerAddress(t *testing.T, svc *core_v1.Service, address string) { t.Helper() if svc.Spec.LoadBalancerIP != address { @@ -156,7 +156,7 @@ func TestDesiredContourService(t *testing.T) { checkServiceHasPort(t, svc, xdsPort) checkServiceHasTargetPort(t, svc, xdsPort) checkServiceHasPortName(t, svc, "xds") - checkServiceHasPortProtocol(t, svc, corev1.ProtocolTCP) + checkServiceHasPortProtocol(t, svc, core_v1.ProtocolTCP) } func TestDesiredEnvoyService(t *testing.T) { @@ -181,9 +181,9 @@ func TestDesiredEnvoyService(t *testing.T) { } svc := DesiredEnvoyService(cntr) - checkServiceHasType(t, svc, corev1.ServiceTypeNodePort) - checkServiceHasExternalTrafficPolicy(t, svc, corev1.ServiceExternalTrafficPolicyTypeLocal) - checkServiceHasIPFamilyPolicy(t, svc, corev1.IPFamilyPolicySingleStack) + checkServiceHasType(t, svc, core_v1.ServiceTypeNodePort) + checkServiceHasExternalTrafficPolicy(t, svc, core_v1.ServiceExternalTrafficPolicyTypeLocal) + checkServiceHasIPFamilyPolicy(t, svc, core_v1.IPFamilyPolicySingleStack) checkServiceHasPort(t, svc, EnvoyServiceHTTPPort) checkServiceHasPort(t, svc, EnvoyServiceHTTPSPort) checkServiceHasNodeport(t, svc, 30081) @@ -193,25 +193,25 @@ func TestDesiredEnvoyService(t *testing.T) { } checkServiceHasPortName(t, svc, "http") checkServiceHasPortName(t, svc, "https") - checkServiceHasPortProtocol(t, svc, corev1.ProtocolTCP) + checkServiceHasPortProtocol(t, svc, core_v1.ProtocolTCP) cntr.Spec.NetworkPublishing.Envoy.Type = model.ClusterIPServicePublishingType - cntr.Spec.NetworkPublishing.Envoy.IPFamilyPolicy = corev1.IPFamilyPolicyRequireDualStack + cntr.Spec.NetworkPublishing.Envoy.IPFamilyPolicy = core_v1.IPFamilyPolicyRequireDualStack svc = DesiredEnvoyService(cntr) checkServiceHasNoExternalTrafficPolicy(t, svc) - checkServiceHasIPFamilyPolicy(t, svc, corev1.IPFamilyPolicyRequireDualStack) + checkServiceHasIPFamilyPolicy(t, svc, core_v1.IPFamilyPolicyRequireDualStack) // Check LB annotations for the different provider types, starting with AWS ELB (the default // if AWS provider params are not passed). cntr.Spec.NetworkPublishing.Envoy.Type = model.LoadBalancerServicePublishingType - cntr.Spec.NetworkPublishing.Envoy.ExternalTrafficPolicy = corev1.ServiceExternalTrafficPolicyTypeCluster - cntr.Spec.NetworkPublishing.Envoy.IPFamilyPolicy = corev1.IPFamilyPolicyPreferDualStack + cntr.Spec.NetworkPublishing.Envoy.ExternalTrafficPolicy = core_v1.ServiceExternalTrafficPolicyTypeCluster + cntr.Spec.NetworkPublishing.Envoy.IPFamilyPolicy = core_v1.IPFamilyPolicyPreferDualStack cntr.Spec.NetworkPublishing.Envoy.LoadBalancer.Scope = model.ExternalLoadBalancer cntr.Spec.NetworkPublishing.Envoy.LoadBalancer.ProviderParameters.Type = model.AWSLoadBalancerProvider svc = DesiredEnvoyService(cntr) - checkServiceHasType(t, svc, corev1.ServiceTypeLoadBalancer) - checkServiceHasExternalTrafficPolicy(t, svc, corev1.ServiceExternalTrafficPolicyTypeCluster) - checkServiceHasIPFamilyPolicy(t, svc, corev1.IPFamilyPolicyPreferDualStack) + checkServiceHasType(t, svc, core_v1.ServiceTypeLoadBalancer) + checkServiceHasExternalTrafficPolicy(t, svc, core_v1.ServiceExternalTrafficPolicyTypeCluster) + checkServiceHasIPFamilyPolicy(t, svc, core_v1.IPFamilyPolicyPreferDualStack) checkServiceHasAnnotations(t, svc, awsLbBackendProtoAnnotation, awsLBProxyProtocolAnnotation) // Test proxy protocol for AWS Classic load balancer (when provider params are specified). @@ -281,6 +281,6 @@ func TestDesiredEnvoyService(t *testing.T) { // Set network publishing type to ClusterIPService and verify the service type is as expected. cntr.Spec.NetworkPublishing.Envoy.Type = model.ClusterIPServicePublishingType svc = DesiredEnvoyService(cntr) - checkServiceHasType(t, svc, corev1.ServiceTypeClusterIP) + checkServiceHasType(t, svc, core_v1.ServiceTypeClusterIP) checkServiceHasAnnotations(t, svc) // passing no keys means we expect no annotations } diff --git a/internal/provisioner/scheme.go b/internal/provisioner/scheme.go index 367a1edba0a..998e23ff4c8 100644 --- a/internal/provisioner/scheme.go +++ b/internal/provisioner/scheme.go @@ -14,12 +14,13 @@ package provisioner import ( - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" apiextensions_v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" - gateway_api_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gateway_api_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) // CreateScheme returns a scheme with all the API types necessary for the gateway @@ -30,9 +31,9 @@ func CreateScheme() (*runtime.Scheme, error) { b := runtime.SchemeBuilder{ clientgoscheme.AddToScheme, apiextensions_v1.AddToScheme, - gateway_api_v1alpha2.AddToScheme, - gateway_api_v1beta1.AddToScheme, - contour_api_v1alpha1.AddToScheme, + gatewayapi_v1alpha2.AddToScheme, + gatewayapi_v1beta1.AddToScheme, + contour_v1alpha1.AddToScheme, } if err := b.AddToScheme(scheme); err != nil { diff --git a/internal/sorter/sorter.go b/internal/sorter/sorter.go index ae02c649de9..71e0550e704 100644 --- a/internal/sorter/sorter.go +++ b/internal/sorter/sorter.go @@ -17,24 +17,25 @@ import ( "sort" "strings" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - tcp "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_network_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + "github.com/projectcontour/contour/internal/dag" ) // Sorts the given route configuration values by name. -type routeConfigurationSorter []*envoy_route_v3.RouteConfiguration +type routeConfigurationSorter []*envoy_config_route_v3.RouteConfiguration func (s routeConfigurationSorter) Len() int { return len(s) } func (s routeConfigurationSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } func (s routeConfigurationSorter) Less(i, j int) bool { return s[i].Name < s[j].Name } // Sorts the given host values by name. -type virtualHostSorter []*envoy_route_v3.VirtualHost +type virtualHostSorter []*envoy_config_route_v3.VirtualHost func (s virtualHostSorter) Len() int { return len(s) } func (s virtualHostSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } @@ -367,21 +368,21 @@ func (s routeSorter) Less(i, j int) bool { } // Sorts clusters by name. -type clusterSorter []*envoy_cluster_v3.Cluster +type clusterSorter []*envoy_config_cluster_v3.Cluster func (s clusterSorter) Len() int { return len(s) } func (s clusterSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } func (s clusterSorter) Less(i, j int) bool { return s[i].Name < s[j].Name } // Sorts cluster load assignments by name. -type clusterLoadAssignmentSorter []*envoy_endpoint_v3.ClusterLoadAssignment +type clusterLoadAssignmentSorter []*envoy_config_endpoint_v3.ClusterLoadAssignment func (s clusterLoadAssignmentSorter) Len() int { return len(s) } func (s clusterLoadAssignmentSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } func (s clusterLoadAssignmentSorter) Less(i, j int) bool { return s[i].ClusterName < s[j].ClusterName } // Sorts the weighted clusters by name, then by weight. -type httpWeightedClusterSorter []*envoy_route_v3.WeightedCluster_ClusterWeight +type httpWeightedClusterSorter []*envoy_config_route_v3.WeightedCluster_ClusterWeight func (s httpWeightedClusterSorter) Len() int { return len(s) } func (s httpWeightedClusterSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } @@ -394,7 +395,7 @@ func (s httpWeightedClusterSorter) Less(i, j int) bool { } // Sorts the weighted clusters by name, then by weight. -type tcpWeightedClusterSorter []*tcp.TcpProxy_WeightedCluster_ClusterWeight +type tcpWeightedClusterSorter []*envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight func (s tcpWeightedClusterSorter) Len() int { return len(s) } func (s tcpWeightedClusterSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } @@ -407,14 +408,14 @@ func (s tcpWeightedClusterSorter) Less(i, j int) bool { } // Listeners sorts the listeners by name. -type listenerSorter []*envoy_listener_v3.Listener +type listenerSorter []*envoy_config_listener_v3.Listener func (s listenerSorter) Len() int { return len(s) } func (s listenerSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } func (s listenerSorter) Less(i, j int) bool { return s[i].Name < s[j].Name } // FilterChains sorts the filter chains by the first server name in the chain match. -type filterChainSorter []*envoy_listener_v3.FilterChain +type filterChainSorter []*envoy_config_listener_v3.FilterChain func (s filterChainSorter) Len() int { return len(s) } func (s filterChainSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } @@ -436,7 +437,7 @@ func (s filterChainSorter) Less(i, j int) bool { } // Sorts the secret values by name. -type secretSorter []*envoy_tls_v3.Secret +type secretSorter []*envoy_transport_socket_tls_v3.Secret func (s secretSorter) Len() int { return len(s) } func (s secretSorter) Swap(i, j int) { s[i], s[j] = s[j], s[i] } @@ -447,11 +448,11 @@ func (s secretSorter) Less(i, j int) bool { return s[i].Name < s[j].Name } // value. func For(v any) sort.Interface { switch v := v.(type) { - case []*envoy_tls_v3.Secret: + case []*envoy_transport_socket_tls_v3.Secret: return secretSorter(v) - case []*envoy_route_v3.RouteConfiguration: + case []*envoy_config_route_v3.RouteConfiguration: return routeConfigurationSorter(v) - case []*envoy_route_v3.VirtualHost: + case []*envoy_config_route_v3.VirtualHost: return virtualHostSorter(v) case []*dag.Route: return routeSorter(v) @@ -459,17 +460,17 @@ func For(v any) sort.Interface { return headerMatchConditionSorter(v) case []dag.QueryParamMatchCondition: return queryParamMatchConditionSorter(v) - case []*envoy_cluster_v3.Cluster: + case []*envoy_config_cluster_v3.Cluster: return clusterSorter(v) - case []*envoy_endpoint_v3.ClusterLoadAssignment: + case []*envoy_config_endpoint_v3.ClusterLoadAssignment: return clusterLoadAssignmentSorter(v) - case []*envoy_route_v3.WeightedCluster_ClusterWeight: + case []*envoy_config_route_v3.WeightedCluster_ClusterWeight: return httpWeightedClusterSorter(v) - case []*tcp.TcpProxy_WeightedCluster_ClusterWeight: + case []*envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight: return tcpWeightedClusterSorter(v) - case []*envoy_listener_v3.Listener: + case []*envoy_config_listener_v3.Listener: return listenerSorter(v) - case []*envoy_listener_v3.FilterChain: + case []*envoy_config_listener_v3.FilterChain: return filterChainSorter(v) default: return nil diff --git a/internal/sorter/sorter_test.go b/internal/sorter/sorter_test.go index 9e20a3f8941..e86b08b127b 100644 --- a/internal/sorter/sorter_test.go +++ b/internal/sorter/sorter_test.go @@ -19,15 +19,16 @@ import ( "sort" "testing" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - tcp "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - "github.com/projectcontour/contour/internal/dag" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_network_tcp_proxy_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/stretchr/testify/assert" "google.golang.org/protobuf/types/known/wrapperspb" + + "github.com/projectcontour/contour/internal/dag" ) func shuffleSlice[T any](original []T) []T { @@ -44,7 +45,7 @@ func TestInvalidSorter(t *testing.T) { } func TestSortRouteConfiguration(t *testing.T) { - want := []*envoy_route_v3.RouteConfiguration{ + want := []*envoy_config_route_v3.RouteConfiguration{ {Name: "bar"}, {Name: "baz"}, {Name: "foo"}, @@ -52,7 +53,7 @@ func TestSortRouteConfiguration(t *testing.T) { {Name: "same", InternalOnlyHeaders: []string{"a", "b"}}, } - have := []*envoy_route_v3.RouteConfiguration{ + have := []*envoy_config_route_v3.RouteConfiguration{ want[3], // Ensure the "same" element stays stable. want[4], want[2], @@ -65,7 +66,7 @@ func TestSortRouteConfiguration(t *testing.T) { } func TestSortVirtualHosts(t *testing.T) { - want := []*envoy_route_v3.VirtualHost{ + want := []*envoy_config_route_v3.VirtualHost{ {Name: "bar"}, {Name: "baz"}, {Name: "foo"}, @@ -73,7 +74,7 @@ func TestSortVirtualHosts(t *testing.T) { {Name: "same", Domains: []string{"a", "b"}}, } - have := []*envoy_route_v3.VirtualHost{ + have := []*envoy_config_route_v3.VirtualHost{ want[3], // Ensure the "same" element stays stable. want[4], want[2], @@ -543,7 +544,7 @@ func TestSortRoutesQueryParams(t *testing.T) { } func TestSortSecrets(t *testing.T) { - want := []*envoy_tls_v3.Secret{ + want := []*envoy_transport_socket_tls_v3.Secret{ {Name: "first"}, {Name: "second"}, } @@ -618,7 +619,7 @@ func TestSortQueryParamMatchConditionsValue(t *testing.T) { } func TestSortClusters(t *testing.T) { - want := []*envoy_cluster_v3.Cluster{ + want := []*envoy_config_cluster_v3.Cluster{ {Name: "first"}, {Name: "second"}, } @@ -626,7 +627,7 @@ func TestSortClusters(t *testing.T) { } func TestSortClusterLoadAssignments(t *testing.T) { - want := []*envoy_endpoint_v3.ClusterLoadAssignment{ + want := []*envoy_config_endpoint_v3.ClusterLoadAssignment{ {ClusterName: "first"}, {ClusterName: "second"}, } @@ -634,7 +635,7 @@ func TestSortClusterLoadAssignments(t *testing.T) { } func TestSortHTTPWeightedClusters(t *testing.T) { - want := []*envoy_route_v3.WeightedCluster_ClusterWeight{ + want := []*envoy_config_route_v3.WeightedCluster_ClusterWeight{ { Name: "first", Weight: wrapperspb.UInt32(10), @@ -652,7 +653,7 @@ func TestSortHTTPWeightedClusters(t *testing.T) { } func TestSortTCPWeightedClusters(t *testing.T) { - want := []*tcp.TcpProxy_WeightedCluster_ClusterWeight{ + want := []*envoy_filter_network_tcp_proxy_v3.TcpProxy_WeightedCluster_ClusterWeight{ { Name: "first", Weight: 10, @@ -670,7 +671,7 @@ func TestSortTCPWeightedClusters(t *testing.T) { } func TestSortListeners(t *testing.T) { - want := []*envoy_listener_v3.Listener{ + want := []*envoy_config_listener_v3.Listener{ {Name: "first"}, {Name: "second"}, } @@ -678,13 +679,13 @@ func TestSortListeners(t *testing.T) { } func TestSortFilterChains(t *testing.T) { - names := func(n ...string) *envoy_listener_v3.FilterChainMatch { - return &envoy_listener_v3.FilterChainMatch{ + names := func(n ...string) *envoy_config_listener_v3.FilterChainMatch { + return &envoy_config_listener_v3.FilterChainMatch{ ServerNames: n, } } - want := []*envoy_listener_v3.FilterChain{ + want := []*envoy_config_listener_v3.FilterChain{ { FilterChainMatch: names("first"), }, @@ -700,11 +701,11 @@ func TestSortFilterChains(t *testing.T) { FilterChainMatch: names("second", "aaaaa"), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{}, + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{}, }, } - have := []*envoy_listener_v3.FilterChain{ + have := []*envoy_config_listener_v3.FilterChain{ want[1], // zzzzz want[3], // blank want[2], // aaaaa diff --git a/internal/status/backendtlspolicyconditions.go b/internal/status/backendtlspolicyconditions.go index c4ae9ef8d14..174582b66fa 100644 --- a/internal/status/backendtlspolicyconditions.go +++ b/internal/status/backendtlspolicyconditions.go @@ -17,12 +17,13 @@ import ( "fmt" "time" - "github.com/projectcontour/contour/internal/gatewayapi" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" ) // BackendTLSPolicyStatusUpdate represents an atomic update to a @@ -34,7 +35,7 @@ type BackendTLSPolicyStatusUpdate struct { GatewayController gatewayapi_v1beta1.GatewayController Resource client.Object Generation int64 - TransitionTime metav1.Time + TransitionTime meta_v1.Time } // BackendTLSPolicyAncestorStatusUpdate helps update a specific ancestor ref's @@ -55,7 +56,7 @@ func (b *BackendTLSPolicyStatusUpdate) StatusUpdateFor(ancestorRef gatewayapi_v1 // AddCondition adds a condition with the given properties to the // BackendTLSPolicyAncestorStatus. -func (b *BackendTLSPolicyAncestorStatusUpdate) AddCondition(conditionType gatewayapi_v1alpha2.PolicyConditionType, status metav1.ConditionStatus, reason gatewayapi_v1alpha2.PolicyConditionReason, message string) metav1.Condition { +func (b *BackendTLSPolicyAncestorStatusUpdate) AddCondition(conditionType gatewayapi_v1alpha2.PolicyConditionType, status meta_v1.ConditionStatus, reason gatewayapi_v1alpha2.PolicyConditionReason, message string) meta_v1.Condition { var pas *gatewayapi_v1alpha2.PolicyAncestorStatus for _, v := range b.PolicyAncestorStatuses { @@ -86,12 +87,12 @@ func (b *BackendTLSPolicyAncestorStatusUpdate) AddCondition(conditionType gatewa message = pas.Conditions[idx].Message + ", " + message } - cond := metav1.Condition{ + cond := meta_v1.Condition{ Reason: string(reason), Status: status, Type: string(conditionType), Message: message, - LastTransitionTime: metav1.NewTime(time.Now()), + LastTransitionTime: meta_v1.NewTime(time.Now()), ObservedGeneration: b.Generation, } @@ -106,7 +107,7 @@ func (b *BackendTLSPolicyAncestorStatusUpdate) AddCondition(conditionType gatewa // ConditionsForAncestorRef returns the list of conditions for a given ancestor // if it exists. -func (b *BackendTLSPolicyStatusUpdate) ConditionsForAncestorRef(ancestorRef gatewayapi_v1beta1.ParentReference) []metav1.Condition { +func (b *BackendTLSPolicyStatusUpdate) ConditionsForAncestorRef(ancestorRef gatewayapi_v1beta1.ParentReference) []meta_v1.Condition { for _, pas := range b.PolicyAncestorStatuses { if pas.AncestorRef == ancestorRef { return pas.Conditions diff --git a/internal/status/backendtlspolicyconditions_test.go b/internal/status/backendtlspolicyconditions_test.go index b3e6d87487c..3c55128e3d3 100644 --- a/internal/status/backendtlspolicyconditions_test.go +++ b/internal/status/backendtlspolicyconditions_test.go @@ -17,14 +17,14 @@ import ( "testing" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/k8s" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/k8s" ) func TestBackendTLSPolicyAddCondition(t *testing.T) { @@ -37,20 +37,20 @@ func TestBackendTLSPolicyAddCondition(t *testing.T) { basUpdate := backendTLSPolicyUpdate.StatusUpdateFor(ancestorRef) - basUpdate.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, metav1.ConditionTrue, gatewayapi_v1alpha2.PolicyReasonAccepted, "Valid BackendTLSPolicy") + basUpdate.AddCondition(gatewayapi_v1alpha2.PolicyConditionAccepted, meta_v1.ConditionTrue, gatewayapi_v1alpha2.PolicyReasonAccepted, "Valid BackendTLSPolicy") require.Len(t, backendTLSPolicyUpdate.ConditionsForAncestorRef(ancestorRef), 1) got := backendTLSPolicyUpdate.ConditionsForAncestorRef(ancestorRef)[0] assert.EqualValues(t, gatewayapi_v1alpha2.PolicyConditionAccepted, got.Type) - assert.EqualValues(t, metav1.ConditionTrue, got.Status) + assert.EqualValues(t, meta_v1.ConditionTrue, got.Status) assert.EqualValues(t, gatewayapi_v1alpha2.PolicyReasonAccepted, got.Reason) assert.EqualValues(t, "Valid BackendTLSPolicy", got.Message) assert.EqualValues(t, 7, got.ObservedGeneration) } func TestBackendTLSPolicyMutate(t *testing.T) { - testTransitionTime := v1.NewTime(time.Now()) + testTransitionTime := meta_v1.NewTime(time.Now()) var testGeneration int64 = 7 bsu := BackendTLSPolicyStatusUpdate{ @@ -60,10 +60,10 @@ func TestBackendTLSPolicyMutate(t *testing.T) { PolicyAncestorStatuses: []*gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1alpha2.PolicyReasonAccepted), Message: "Accepted BackendTLSPolicy", }, @@ -73,7 +73,7 @@ func TestBackendTLSPolicyMutate(t *testing.T) { } btp := &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "test", }, @@ -81,10 +81,10 @@ func TestBackendTLSPolicyMutate(t *testing.T) { Ancestors: []gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("externalgateway", "some-gateway"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1alpha2.PolicyReasonAccepted), Message: "This was added by some other gateway and should not be removed.", }, @@ -95,7 +95,7 @@ func TestBackendTLSPolicyMutate(t *testing.T) { } wantBackendTLSPolicy := &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "test", }, @@ -103,12 +103,12 @@ func TestBackendTLSPolicyMutate(t *testing.T) { Ancestors: []gatewayapi_v1alpha2.PolicyAncestorStatus{ { AncestorRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { ObservedGeneration: testGeneration, LastTransitionTime: testTransitionTime, Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1alpha2.PolicyReasonAccepted), Message: "Accepted BackendTLSPolicy", }, @@ -116,10 +116,10 @@ func TestBackendTLSPolicyMutate(t *testing.T) { }, { AncestorRef: gatewayapi.GatewayParentRef("externalgateway", "some-gateway"), - Conditions: []metav1.Condition{ + Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1alpha2.PolicyConditionAccepted), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: string(gatewayapi_v1alpha2.PolicyReasonAccepted), Message: "This was added by some other gateway and should not be removed.", }, diff --git a/internal/status/cache.go b/internal/status/cache.go index b0d86202fc7..d3579d12c93 100644 --- a/internal/status/cache.go +++ b/internal/status/cache.go @@ -18,12 +18,13 @@ package status import ( "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/k8s" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/k8s" ) // ConditionType is used to ensure we only use a limited set of possible values @@ -49,7 +50,7 @@ func NewCache(gateway types.NamespacedName, gatewayController gatewayapi_v1beta1 type CacheEntry interface { AsStatusUpdate() k8s.StatusUpdate - ConditionFor(ConditionType) *contour_api_v1.DetailedCondition + ConditionFor(ConditionType) *contour_v1.DetailedCondition } // Cache holds status updates from the DAG back towards Kubernetes. @@ -71,7 +72,7 @@ type Cache struct { // Get returns a pointer to a the cache entry if it exists, nil // otherwise. The return value is shared between all callers, who // should take care to cooperate. -func (c *Cache) Get(obj metav1.Object) CacheEntry { +func (c *Cache) Get(obj meta_v1.Object) CacheEntry { kind := k8s.KindOf(obj) if _, ok := c.entries[kind]; !ok { @@ -82,7 +83,7 @@ func (c *Cache) Get(obj metav1.Object) CacheEntry { } // Put returns an entry to the cache. -func (c *Cache) Put(obj metav1.Object, e CacheEntry) { +func (c *Cache) Put(obj meta_v1.Object, e CacheEntry) { kind := k8s.KindOf(obj) if _, ok := c.entries[kind]; !ok { @@ -111,7 +112,7 @@ func (c *Cache) GetStatusUpdates() []k8s.StatusUpdate { for fullname, pu := range c.proxyUpdates { update := k8s.StatusUpdate{ NamespacedName: fullname, - Resource: &contour_api_v1.HTTPProxy{}, + Resource: &contour_v1.HTTPProxy{}, Mutator: pu, } @@ -193,10 +194,10 @@ func (c *Cache) GetBackendTLSPolicyUpdates() []*BackendTLSPolicyStatusUpdate { func (c *Cache) GatewayStatusAccessor(nsName types.NamespacedName, generation int64, gs *gatewayapi_v1beta1.GatewayStatus) (*GatewayStatusUpdate, func()) { gu := &GatewayStatusUpdate{ FullName: nsName, - Conditions: make(map[gatewayapi_v1beta1.GatewayConditionType]metav1.Condition), + Conditions: make(map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition), ExistingConditions: getGatewayConditions(gs), Generation: generation, - TransitionTime: metav1.NewTime(time.Now()), + TransitionTime: meta_v1.NewTime(time.Now()), } return gu, func() { @@ -212,12 +213,12 @@ func (c *Cache) GatewayStatusAccessor(nsName types.NamespacedName, generation in // back to the cache when everything is done. // The commit function pattern is used so that the ProxyUpdate does not need to know anything // the cache internals. -func (c *Cache) ProxyAccessor(proxy *contour_api_v1.HTTPProxy) (*ProxyUpdate, func()) { +func (c *Cache) ProxyAccessor(proxy *contour_v1.HTTPProxy) (*ProxyUpdate, func()) { pu := &ProxyUpdate{ Fullname: k8s.NamespacedNameOf(proxy), Generation: proxy.Generation, - TransitionTime: metav1.NewTime(time.Now()), - Conditions: make(map[ConditionType]*contour_api_v1.DetailedCondition), + TransitionTime: meta_v1.NewTime(time.Now()), + Conditions: make(map[ConditionType]*contour_v1.DetailedCondition), } return pu, func() { @@ -232,8 +233,8 @@ func (c *Cache) ProxyAccessor(proxy *contour_api_v1.HTTPProxy) (*ProxyUpdate, fu // If this is removed, the status reporting for when a parent delegates to a child that delegates to itself // will not work. Yes, I know, problems everywhere. I'm sorry. // TODO(youngnick)#2968: This issue has more details. - if c.proxyUpdates[pu.Fullname].Conditions[ValidCondition].Status == contour_api_v1.ConditionFalse { - if pu.Conditions[ValidCondition].Status == contour_api_v1.ConditionTrue { + if c.proxyUpdates[pu.Fullname].Conditions[ValidCondition].Status == contour_v1.ConditionFalse { + if pu.Conditions[ValidCondition].Status == contour_v1.ConditionTrue { return } } @@ -243,7 +244,7 @@ func (c *Cache) ProxyAccessor(proxy *contour_api_v1.HTTPProxy) (*ProxyUpdate, fu } // RouteConditionsAccessor returns a RouteStatusUpdate that allows a client to build up a list of -// metav1.Conditions as well as a function to commit the change back to the cache when everything +// meta_v1.Conditions as well as a function to commit the change back to the cache when everything // is done. The commit function pattern is used so that the RouteStatusUpdate does not need // to know anything the cache internals. func (c *Cache) RouteConditionsAccessor(nsName types.NamespacedName, generation int64, resource client.Object) (*RouteStatusUpdate, func()) { @@ -252,7 +253,7 @@ func (c *Cache) RouteConditionsAccessor(nsName types.NamespacedName, generation GatewayRef: c.gatewayRef, GatewayController: c.gatewayController, Generation: generation, - TransitionTime: metav1.NewTime(time.Now()), + TransitionTime: meta_v1.NewTime(time.Now()), Resource: resource, } @@ -274,7 +275,7 @@ func (c *Cache) BackendTLSPolicyConditionsAccessor(nsName types.NamespacedName, GatewayRef: c.gatewayRef, GatewayController: c.gatewayController, Generation: generation, - TransitionTime: metav1.NewTime(time.Now()), + TransitionTime: meta_v1.NewTime(time.Now()), Resource: resource, } diff --git a/internal/status/cache_test.go b/internal/status/cache_test.go index 0105f469468..1d49ccd1d8b 100644 --- a/internal/status/cache_test.go +++ b/internal/status/cache_test.go @@ -16,14 +16,15 @@ package status import ( "testing" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/k8s" "github.com/stretchr/testify/assert" core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/k8s" ) type testCacheEntry struct { @@ -44,10 +45,10 @@ func (t testCacheEntry) AsStatusUpdate() k8s.StatusUpdate { var _ CacheEntry = &testCacheEntry{} func TestCacheAcquisition(t *testing.T) { - ext := &contour_api_v1alpha1.ExtensionService{ + ext := &contour_v1alpha1.ExtensionService{ ObjectMeta: fixture.ObjectMeta("test/ext"), } - proxy := &contour_api_v1.HTTPProxy{ + proxy := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("test/proxy"), } httpRoute := &gatewayapi_v1beta1.HTTPRoute{ diff --git a/internal/status/extensionstatus.go b/internal/status/extensionstatus.go index 86f307c4325..fef3ffe497f 100644 --- a/internal/status/extensionstatus.go +++ b/internal/status/extensionstatus.go @@ -17,35 +17,36 @@ import ( "fmt" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/k8s" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/k8s" ) // ConditionCache holds all the DetailedConditions to add to the object // keyed by the Type (since that's what the API server will end up doing). type ConditionCache struct { - Conditions map[ConditionType]*contour_api_v1.DetailedCondition + Conditions map[ConditionType]*contour_v1.DetailedCondition } // ConditionFor returns the cached DetailedCondition of the given // type. If no such condition exists, a new one is created. -func (c *ConditionCache) ConditionFor(condType ConditionType) *contour_api_v1.DetailedCondition { +func (c *ConditionCache) ConditionFor(condType ConditionType) *contour_v1.DetailedCondition { if c.Conditions == nil { - c.Conditions = make(map[ConditionType]*contour_api_v1.DetailedCondition) + c.Conditions = make(map[ConditionType]*contour_v1.DetailedCondition) } if cond, ok := c.Conditions[condType]; ok { return cond } - cond := &contour_api_v1.DetailedCondition{ - Condition: contour_api_v1.Condition{ + cond := &contour_v1.DetailedCondition{ + Condition: contour_v1.Condition{ Type: string(condType), - Status: contour_api_v1.ConditionUnknown, + Status: contour_v1.ConditionUnknown, }, } @@ -59,14 +60,14 @@ type ExtensionCacheEntry struct { Name types.NamespacedName Generation int64 - TransitionTime v1.Time + TransitionTime meta_v1.Time } var _ CacheEntry = &ExtensionCacheEntry{} func (e *ExtensionCacheEntry) AsStatusUpdate() k8s.StatusUpdate { m := k8s.StatusMutatorFunc(func(obj client.Object) client.Object { - o, ok := obj.(*contour_api_v1alpha1.ExtensionService) + o, ok := obj.(*contour_v1alpha1.ExtensionService) if !ok { panic(fmt.Sprintf("unsupported %T object %q in status mutator", obj, e.Name)) } @@ -96,7 +97,7 @@ func (e *ExtensionCacheEntry) AsStatusUpdate() k8s.StatusUpdate { return k8s.StatusUpdate{ NamespacedName: e.Name, - Resource: &contour_api_v1alpha1.ExtensionService{}, + Resource: &contour_v1alpha1.ExtensionService{}, Mutator: m, } } @@ -106,13 +107,13 @@ func (e *ExtensionCacheEntry) AsStatusUpdate() k8s.StatusUpdate { // new entry is added. When the caller finishes with the cache entry, // it must call the returned function to release the entry back to the // cache. -func ExtensionAccessor(c *Cache, ext *contour_api_v1alpha1.ExtensionService) (*ExtensionCacheEntry, func()) { +func ExtensionAccessor(c *Cache, ext *contour_v1alpha1.ExtensionService) (*ExtensionCacheEntry, func()) { entry := c.Get(ext) if entry == nil { entry = &ExtensionCacheEntry{ Name: k8s.NamespacedNameOf(ext), Generation: ext.GetGeneration(), - TransitionTime: v1.NewTime(time.Now()), + TransitionTime: meta_v1.NewTime(time.Now()), } // Populate the cache with the new entry diff --git a/internal/status/gatewayclassconditions.go b/internal/status/gatewayclassconditions.go index 7d21bee4339..9b529ca29a7 100644 --- a/internal/status/gatewayclassconditions.go +++ b/internal/status/gatewayclassconditions.go @@ -17,7 +17,7 @@ import ( "time" apiequality "k8s.io/apimachinery/pkg/api/equality" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) @@ -25,33 +25,33 @@ import ( const ReasonOlderGatewayClassExists gatewayapi_v1beta1.GatewayClassConditionReason = "OlderGatewayClassExists" // computeGatewayClassAcceptedCondition computes the GatewayClass Accepted status condition. -func computeGatewayClassAcceptedCondition(gatewayClass *gatewayapi_v1beta1.GatewayClass, accepted bool) metav1.Condition { +func computeGatewayClassAcceptedCondition(gatewayClass *gatewayapi_v1beta1.GatewayClass, accepted bool) meta_v1.Condition { switch accepted { case true: - return metav1.Condition{ + return meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), Message: "Valid GatewayClass", ObservedGeneration: gatewayClass.Generation, - LastTransitionTime: metav1.NewTime(time.Now()), + LastTransitionTime: meta_v1.NewTime(time.Now()), } default: - return metav1.Condition{ + return meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(ReasonOlderGatewayClassExists), Message: "Invalid GatewayClass: another older GatewayClass with the same Spec.Controller exists", ObservedGeneration: gatewayClass.Generation, - LastTransitionTime: metav1.NewTime(time.Now()), + LastTransitionTime: meta_v1.NewTime(time.Now()), } } } // mergeConditions adds or updates matching conditions, and updates the transition // time if details of a condition have changed. Returns the updated condition array. -func mergeConditions(conditions []metav1.Condition, updates ...metav1.Condition) []metav1.Condition { - var additions []metav1.Condition +func mergeConditions(conditions []meta_v1.Condition, updates ...meta_v1.Condition) []meta_v1.Condition { + var additions []meta_v1.Condition for i, update := range updates { add := true for j, cond := range conditions { @@ -78,10 +78,10 @@ func mergeConditions(conditions []metav1.Condition, updates ...metav1.Condition) return conditions } -func conditionChanged(a, b metav1.Condition) bool { +func conditionChanged(a, b meta_v1.Condition) bool { return a.Status != b.Status || a.Reason != b.Reason || a.Message != b.Message } -func conditionsEqual(a, b []metav1.Condition) bool { +func conditionsEqual(a, b []meta_v1.Condition) bool { return apiequality.Semantic.DeepEqual(a, b) } diff --git a/internal/status/gatewayclassconditions_test.go b/internal/status/gatewayclassconditions_test.go index ef40c82a56f..49ae85b9d23 100644 --- a/internal/status/gatewayclassconditions_test.go +++ b/internal/status/gatewayclassconditions_test.go @@ -18,7 +18,7 @@ import ( "time" "github.com/stretchr/testify/assert" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) @@ -27,23 +27,23 @@ func TestComputeGatewayClassAcceptedCondition(t *testing.T) { testCases := []struct { name string accepted bool - expect metav1.Condition + expect meta_v1.Condition }{ { name: "accepted gatewayclass", accepted: true, - expect: metav1.Condition{ + expect: meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayClassReasonAccepted), }, }, { name: "not accepted gatewayclass", accepted: false, - expect: metav1.Condition{ + expect: meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: string(ReasonOlderGatewayClassExists), }, }, @@ -51,7 +51,7 @@ func TestComputeGatewayClassAcceptedCondition(t *testing.T) { for _, tc := range testCases { gc := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Generation: 7, }, } @@ -69,57 +69,57 @@ func TestConditionChanged(t *testing.T) { testCases := []struct { name string expected bool - a, b metav1.Condition + a, b meta_v1.Condition }{ { name: "nil and non-nil current are equal", expected: false, - a: metav1.Condition{}, + a: meta_v1.Condition{}, }, { name: "empty slices should be equal", expected: false, - a: metav1.Condition{}, - b: metav1.Condition{}, + a: meta_v1.Condition{}, + b: meta_v1.Condition{}, }, { name: "condition LastTransitionTime should be ignored", expected: false, - a: metav1.Condition{ + a: meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, - LastTransitionTime: metav1.Unix(0, 0), + Status: meta_v1.ConditionTrue, + LastTransitionTime: meta_v1.Unix(0, 0), }, - b: metav1.Condition{ + b: meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, - LastTransitionTime: metav1.Unix(1, 0), + Status: meta_v1.ConditionTrue, + LastTransitionTime: meta_v1.Unix(1, 0), }, }, { name: "check condition reason differs", expected: true, - a: metav1.Condition{ + a: meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "foo", }, - b: metav1.Condition{ + b: meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "bar", }, }, { name: "condition status differs", expected: true, - a: metav1.Condition{ + a: meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, - b: metav1.Condition{ + b: meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, }, }, } @@ -137,53 +137,53 @@ func TestMergeConditions(t *testing.T) { testCases := []struct { name string - current []metav1.Condition - updates []metav1.Condition - expected []metav1.Condition + current []meta_v1.Condition + updates []meta_v1.Condition + expected []meta_v1.Condition }{ { name: "status updated", - current: []metav1.Condition{ + current: []meta_v1.Condition{ newCondition("available", "false", "Reason", "Message", start), }, - updates: []metav1.Condition{ + updates: []meta_v1.Condition{ newCondition("available", "true", "Reason", "Message", later), }, - expected: []metav1.Condition{ + expected: []meta_v1.Condition{ newCondition("available", "true", "Reason", "Message", later), }, }, { name: "reason updated", - current: []metav1.Condition{ + current: []meta_v1.Condition{ newCondition("available", "false", "Reason", "Message", start), }, - updates: []metav1.Condition{ + updates: []meta_v1.Condition{ newCondition("available", "false", "New Reason", "Message", later), }, - expected: []metav1.Condition{ + expected: []meta_v1.Condition{ newCondition("available", "false", "New Reason", "Message", start), }, }, { name: "message updated", - current: []metav1.Condition{ + current: []meta_v1.Condition{ newCondition("available", "false", "Reason", "Message", start), }, - updates: []metav1.Condition{ + updates: []meta_v1.Condition{ newCondition("available", "false", "Reason", "New Message", later), }, - expected: []metav1.Condition{ + expected: []meta_v1.Condition{ newCondition("available", "false", "Reason", "New Message", start), }, }, { name: "new status", - current: []metav1.Condition{}, - updates: []metav1.Condition{ + current: []meta_v1.Condition{}, + updates: []meta_v1.Condition{ newCondition("available", "false", "Reason", "New Message", later), }, - expected: []metav1.Condition{ + expected: []meta_v1.Condition{ newCondition("available", "false", "Reason", "New Message", later), }, }, @@ -199,7 +199,7 @@ func TestConditionsEqual(t *testing.T) { testCases := []struct { name string expected bool - a, b []metav1.Condition + a, b []meta_v1.Condition }{ { name: "zero-valued status should be equal", @@ -208,78 +208,78 @@ func TestConditionsEqual(t *testing.T) { { name: "nil and non-nil slices should be equal", expected: true, - a: []metav1.Condition{}, + a: []meta_v1.Condition{}, }, { name: "empty slices should be equal", expected: true, - a: []metav1.Condition{}, - b: []metav1.Condition{}, + a: []meta_v1.Condition{}, + b: []meta_v1.Condition{}, }, { name: "condition LastTransitionTime should not be ignored", expected: false, - a: []metav1.Condition{ + a: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionTrue, - LastTransitionTime: metav1.Unix(0, 0), + Status: meta_v1.ConditionTrue, + LastTransitionTime: meta_v1.Unix(0, 0), }, }, - b: []metav1.Condition{ + b: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionTrue, - LastTransitionTime: metav1.Unix(1, 0), + Status: meta_v1.ConditionTrue, + LastTransitionTime: meta_v1.Unix(1, 0), }, }, }, { name: "check condition types differ", expected: false, - a: []metav1.Condition{ + a: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, - b: []metav1.Condition{ + b: []meta_v1.Condition{ { Type: "bar", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, { name: "check condition status differs", expected: false, - a: []metav1.Condition{ + a: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, - b: []metav1.Condition{ + b: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, }, }, }, { name: "check condition reasons differ", expected: false, - a: []metav1.Condition{ + a: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "foo", }, }, - b: []metav1.Condition{ + b: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionFalse, + Status: meta_v1.ConditionFalse, Reason: "bar", }, }, @@ -287,12 +287,12 @@ func TestConditionsEqual(t *testing.T) { { name: "check duplicate of a single condition type", expected: false, - a: []metav1.Condition{ + a: []meta_v1.Condition{ { Type: "foo", }, }, - b: []metav1.Condition{ + b: []meta_v1.Condition{ { Type: "foo", }, @@ -304,40 +304,40 @@ func TestConditionsEqual(t *testing.T) { { name: "check new condition added", expected: false, - a: []metav1.Condition{ + a: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, - b: []metav1.Condition{ + b: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, { Type: "bar", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, { name: "check condition removed", expected: false, - a: []metav1.Condition{ + a: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, { Type: "bar", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, - b: []metav1.Condition{ + b: []meta_v1.Condition{ { Type: "foo", - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, }, }, }, diff --git a/internal/status/gatewaystatus.go b/internal/status/gatewaystatus.go index 9e18444871f..cd879bb7d25 100644 --- a/internal/status/gatewaystatus.go +++ b/internal/status/gatewaystatus.go @@ -17,11 +17,12 @@ import ( "fmt" "time" - "github.com/projectcontour/contour/internal/ref" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/ref" ) const MessageValidGateway = "Valid Gateway" @@ -30,30 +31,30 @@ const MessageValidGateway = "Valid Gateway" // Gateway's status. type GatewayStatusUpdate struct { FullName types.NamespacedName - Conditions map[gatewayapi_v1beta1.GatewayConditionType]metav1.Condition - ExistingConditions map[gatewayapi_v1beta1.GatewayConditionType]metav1.Condition + Conditions map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition + ExistingConditions map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition ListenerStatus map[string]*gatewayapi_v1beta1.ListenerStatus Generation int64 - TransitionTime metav1.Time + TransitionTime meta_v1.Time } -// AddCondition returns a metav1.Condition for a given GatewayConditionType. +// AddCondition returns a meta_v1.Condition for a given GatewayConditionType. func (gatewayUpdate *GatewayStatusUpdate) AddCondition( cond gatewayapi_v1beta1.GatewayConditionType, - status metav1.ConditionStatus, + status meta_v1.ConditionStatus, reason gatewayapi_v1beta1.GatewayConditionReason, message string, -) metav1.Condition { +) meta_v1.Condition { if c, ok := gatewayUpdate.Conditions[cond]; ok { message = fmt.Sprintf("%s, %s", c.Message, message) } - newCond := metav1.Condition{ + newCond := meta_v1.Condition{ Reason: string(reason), Status: status, Type: string(cond), Message: message, - LastTransitionTime: metav1.NewTime(time.Now()), + LastTransitionTime: meta_v1.NewTime(time.Now()), ObservedGeneration: gatewayUpdate.Generation, } gatewayUpdate.Conditions[cond] = newCond @@ -97,10 +98,10 @@ func (gatewayUpdate *GatewayStatusUpdate) SetListenerAttachedRoutes(listenerName func (gatewayUpdate *GatewayStatusUpdate) AddListenerCondition( listenerName string, cond gatewayapi_v1beta1.ListenerConditionType, - status metav1.ConditionStatus, + status meta_v1.ConditionStatus, reason gatewayapi_v1beta1.ListenerConditionReason, message string, -) metav1.Condition { +) meta_v1.Condition { if gatewayUpdate.ListenerStatus == nil { gatewayUpdate.ListenerStatus = map[string]*gatewayapi_v1beta1.ListenerStatus{} } @@ -121,12 +122,12 @@ func (gatewayUpdate *GatewayStatusUpdate) AddListenerCondition( } } - newCond := metav1.Condition{ + newCond := meta_v1.Condition{ Reason: string(reason), Status: status, Type: string(cond), Message: message, - LastTransitionTime: metav1.NewTime(time.Now()), + LastTransitionTime: meta_v1.NewTime(time.Now()), ObservedGeneration: gatewayUpdate.Generation, } @@ -139,8 +140,8 @@ func (gatewayUpdate *GatewayStatusUpdate) AddListenerCondition( return newCond } -func getGatewayConditions(gs *gatewayapi_v1beta1.GatewayStatus) map[gatewayapi_v1beta1.GatewayConditionType]metav1.Condition { - conditions := make(map[gatewayapi_v1beta1.GatewayConditionType]metav1.Condition) +func getGatewayConditions(gs *gatewayapi_v1beta1.GatewayStatus) map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition { + conditions := make(map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition) for _, cond := range gs.Conditions { if _, ok := conditions[gatewayapi_v1beta1.GatewayConditionType(cond.Type)]; !ok { conditions[gatewayapi_v1beta1.GatewayConditionType(cond.Type)] = cond @@ -159,7 +160,7 @@ func (gatewayUpdate *GatewayStatusUpdate) Mutate(obj client.Object) client.Objec updated := o.DeepCopy() - var conditionsToWrite []metav1.Condition + var conditionsToWrite []meta_v1.Condition for _, cond := range gatewayUpdate.Conditions { @@ -199,7 +200,7 @@ func (gatewayUpdate *GatewayStatusUpdate) Mutate(obj client.Object) client.Objec for _, status := range gatewayUpdate.ListenerStatus { if status.Conditions == nil { // Conditions is a required field so we have to specify an empty slice here - status.Conditions = []metav1.Condition{} + status.Conditions = []meta_v1.Condition{} } if status.SupportedKinds == nil { // SupportedKinds is a required field so we have to specify an empty slice here diff --git a/internal/status/gatewaystatus_test.go b/internal/status/gatewaystatus_test.go index c71993f4c58..44328b59614 100644 --- a/internal/status/gatewaystatus_test.go +++ b/internal/status/gatewaystatus_test.go @@ -16,21 +16,22 @@ package status import ( "testing" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/ref" ) func TestGatewayAddCondition(t *testing.T) { var testGeneration int64 = 7 - simpleValidCondition := metav1.Condition{ + simpleValidCondition := meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayConditionAccepted), - Status: metav1.ConditionTrue, + Status: meta_v1.ConditionTrue, Reason: string(gatewayapi_v1.GatewayReasonAccepted), Message: MessageValidGateway, ObservedGeneration: testGeneration, @@ -38,15 +39,15 @@ func TestGatewayAddCondition(t *testing.T) { gatewayUpdate := GatewayStatusUpdate{ FullName: k8s.NamespacedNameFrom("test/test"), - Conditions: make(map[gatewayapi_v1beta1.GatewayConditionType]metav1.Condition), + Conditions: make(map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition), ExistingConditions: nil, Generation: testGeneration, - TransitionTime: metav1.Time{}, + TransitionTime: meta_v1.Time{}, } got := gatewayUpdate.AddCondition( gatewayapi_v1.GatewayConditionAccepted, - metav1.ConditionTrue, + meta_v1.ConditionTrue, gatewayapi_v1.GatewayReasonAccepted, MessageValidGateway, ) @@ -117,7 +118,7 @@ func TestGatewayMutate(t *testing.T) { Kind: gatewayapi_v1beta1.Kind("BarRoute"), }, }, - Conditions: []metav1.Condition{}, + Conditions: []meta_v1.Condition{}, }, "https": { Name: "https", @@ -128,7 +129,7 @@ func TestGatewayMutate(t *testing.T) { Kind: gatewayapi_v1beta1.Kind("TLSRoute"), }, }, - Conditions: []metav1.Condition{}, + Conditions: []meta_v1.Condition{}, }, } @@ -144,7 +145,7 @@ func TestGatewayMutate(t *testing.T) { Kind: gatewayapi_v1beta1.Kind("HTTPRoute"), }, }, - Conditions: []metav1.Condition{}, + Conditions: []meta_v1.Condition{}, }, }, }, @@ -166,62 +167,62 @@ func TestGatewayAddListenerCondition(t *testing.T) { var gsu GatewayStatusUpdate // first condition for listener-1 - res := gsu.AddListenerCondition("listener-1", gatewayapi_v1.ListenerConditionProgrammed, metav1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalid, "message 1") + res := gsu.AddListenerCondition("listener-1", gatewayapi_v1.ListenerConditionProgrammed, meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalid, "message 1") assert.Len(t, gsu.ListenerStatus["listener-1"].Conditions, 1) assert.Equal(t, string(gatewayapi_v1.ListenerConditionProgrammed), res.Type) - assert.Equal(t, metav1.ConditionFalse, res.Status) + assert.Equal(t, meta_v1.ConditionFalse, res.Status) assert.Equal(t, string(gatewayapi_v1.ListenerReasonInvalid), res.Reason) assert.Equal(t, "message 1", res.Message) // second condition (different type) for listener-1 - res = gsu.AddListenerCondition("listener-1", gatewayapi_v1.ListenerConditionAccepted, metav1.ConditionFalse, gatewayapi_v1.ListenerReasonUnsupportedProtocol, "message 2") + res = gsu.AddListenerCondition("listener-1", gatewayapi_v1.ListenerConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonUnsupportedProtocol, "message 2") assert.Len(t, gsu.ListenerStatus["listener-1"].Conditions, 2) assert.Equal(t, string(gatewayapi_v1.ListenerConditionAccepted), res.Type) - assert.Equal(t, metav1.ConditionFalse, res.Status) + assert.Equal(t, meta_v1.ConditionFalse, res.Status) assert.Equal(t, string(gatewayapi_v1.ListenerReasonUnsupportedProtocol), res.Reason) assert.Equal(t, "message 2", res.Message) // first condition for listener-2 - res = gsu.AddListenerCondition("listener-2", gatewayapi_v1.ListenerConditionProgrammed, metav1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalid, "message 3") + res = gsu.AddListenerCondition("listener-2", gatewayapi_v1.ListenerConditionProgrammed, meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalid, "message 3") assert.Len(t, gsu.ListenerStatus["listener-2"].Conditions, 1) assert.Len(t, gsu.ListenerStatus["listener-1"].Conditions, 2) assert.Equal(t, string(gatewayapi_v1.ListenerConditionProgrammed), res.Type) - assert.Equal(t, metav1.ConditionFalse, res.Status) + assert.Equal(t, meta_v1.ConditionFalse, res.Status) assert.Equal(t, string(gatewayapi_v1.ListenerReasonInvalid), res.Reason) assert.Equal(t, "message 3", res.Message) // third condition (pre-existing type) for listener-1 - res = gsu.AddListenerCondition("listener-1", gatewayapi_v1.ListenerConditionAccepted, metav1.ConditionFalse, gatewayapi_v1.ListenerReasonUnsupportedProtocol, "message 4") + res = gsu.AddListenerCondition("listener-1", gatewayapi_v1.ListenerConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonUnsupportedProtocol, "message 4") assert.Len(t, gsu.ListenerStatus["listener-1"].Conditions, 2) assert.Equal(t, string(gatewayapi_v1.ListenerConditionAccepted), res.Type) - assert.Equal(t, metav1.ConditionFalse, res.Status) + assert.Equal(t, meta_v1.ConditionFalse, res.Status) assert.Equal(t, string(gatewayapi_v1.ListenerReasonUnsupportedProtocol), res.Reason) assert.Equal(t, "message 2, message 4", res.Message) } func TestGetGatewayConditions(t *testing.T) { tests := map[string]struct { - conditions []metav1.Condition - want map[gatewayapi_v1beta1.GatewayConditionType]metav1.Condition + conditions []meta_v1.Condition + want map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition }{ "no gateway conditions": { conditions: nil, - want: map[gatewayapi_v1beta1.GatewayConditionType]metav1.Condition{}, + want: map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition{}, }, "one gateway condition": { - conditions: []metav1.Condition{ + conditions: []meta_v1.Condition{ {Type: string(gatewayapi_v1.GatewayConditionProgrammed)}, }, - want: map[gatewayapi_v1beta1.GatewayConditionType]metav1.Condition{ + want: map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionProgrammed: {Type: string(gatewayapi_v1.GatewayConditionProgrammed)}, }, }, "multiple gateway conditions": { - conditions: []metav1.Condition{ + conditions: []meta_v1.Condition{ {Type: string(gatewayapi_v1.GatewayConditionProgrammed)}, {Type: string(gatewayapi_v1.GatewayConditionAccepted)}, }, - want: map[gatewayapi_v1beta1.GatewayConditionType]metav1.Condition{ + want: map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionProgrammed: {Type: string(gatewayapi_v1.GatewayConditionProgrammed)}, gatewayapi_v1.GatewayConditionAccepted: {Type: string(gatewayapi_v1.GatewayConditionAccepted)}, }, diff --git a/internal/status/proxystatus.go b/internal/status/proxystatus.go index 7d2457dd4d2..cc42017765f 100644 --- a/internal/status/proxystatus.go +++ b/internal/status/proxystatus.go @@ -16,10 +16,11 @@ package status import ( "fmt" - projectcontour "github.com/projectcontour/contour/apis/projectcontour/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) type ProxyStatus string @@ -34,29 +35,29 @@ const ( type ProxyUpdate struct { Fullname types.NamespacedName Generation int64 - TransitionTime v1.Time + TransitionTime meta_v1.Time Vhost string // Conditions holds all the DetailedConditions to add to the object // keyed by the Type (since that's what the apiserver will end up // doing.) - Conditions map[ConditionType]*projectcontour.DetailedCondition + Conditions map[ConditionType]*contour_v1.DetailedCondition } // ConditionFor returns a DetailedCondition for a given ConditionType. // Currently only "Valid" is used. -func (pu *ProxyUpdate) ConditionFor(cond ConditionType) *projectcontour.DetailedCondition { +func (pu *ProxyUpdate) ConditionFor(cond ConditionType) *contour_v1.DetailedCondition { dc, ok := pu.Conditions[cond] if !ok { - newDc := &projectcontour.DetailedCondition{} + newDc := &contour_v1.DetailedCondition{} newDc.Type = string(cond) newDc.ObservedGeneration = pu.Generation if cond == ValidCondition { - newDc.Status = projectcontour.ConditionTrue + newDc.Status = contour_v1.ConditionTrue newDc.Reason = "Valid" newDc.Message = "Valid HTTPProxy" } else { - newDc.Status = projectcontour.ConditionFalse + newDc.Status = contour_v1.ConditionFalse } pu.Conditions[cond] = newDc return newDc @@ -65,7 +66,7 @@ func (pu *ProxyUpdate) ConditionFor(cond ConditionType) *projectcontour.Detailed } func (pu *ProxyUpdate) Mutate(obj client.Object) client.Object { - o, ok := obj.(*projectcontour.HTTPProxy) + o, ok := obj.(*contour_v1.HTTPProxy) if !ok { panic(fmt.Sprintf("Unsupported %T object %s/%s in status mutator", obj, pu.Fullname.Namespace, pu.Fullname.Name, @@ -95,15 +96,15 @@ func (pu *ProxyUpdate) Mutate(obj client.Object) client.Object { // Set the old status fields using the Valid DetailedCondition's details. // Other conditions are not relevant for these two fields. - validCond := proxy.Status.GetConditionFor(projectcontour.ValidConditionType) + validCond := proxy.Status.GetConditionFor(contour_v1.ValidConditionType) switch validCond.Status { - case projectcontour.ConditionTrue: + case contour_v1.ConditionTrue: // TODO(youngnick): bring the string(ProxyStatusValid) constants in here? proxy.Status.CurrentStatus = string(ProxyStatusValid) proxy.Status.Description = validCond.Message - case projectcontour.ConditionFalse: - if orphanCond, ok := validCond.GetError(projectcontour.ConditionTypeOrphanedError); ok { + case contour_v1.ConditionFalse: + if orphanCond, ok := validCond.GetError(contour_v1.ConditionTypeOrphanedError); ok { proxy.Status.CurrentStatus = string(ProxyStatusOrphaned) proxy.Status.Description = orphanCond.Message break diff --git a/internal/status/proxystatus_test.go b/internal/status/proxystatus_test.go index 447591b6e5c..8c3b81d2d2b 100644 --- a/internal/status/proxystatus_test.go +++ b/internal/status/proxystatus_test.go @@ -17,22 +17,23 @@ import ( "testing" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/k8s" "github.com/stretchr/testify/assert" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/k8s" ) func TestConditionFor(t *testing.T) { - simpleValidCondition := contour_api_v1.DetailedCondition{ - Condition: contour_api_v1.Condition{ + simpleValidCondition := contour_v1.DetailedCondition{ + Condition: contour_v1.Condition{ Type: "Valid", }, } pu := ProxyUpdate{ Fullname: k8s.NamespacedNameFrom("test/test"), - Conditions: map[ConditionType]*contour_api_v1.DetailedCondition{ + Conditions: map[ConditionType]*contour_v1.DetailedCondition{ ValidCondition: &simpleValidCondition, }, } @@ -43,13 +44,13 @@ func TestConditionFor(t *testing.T) { emptyProxyUpdate := ProxyUpdate{ Fullname: k8s.NamespacedNameFrom("test/test"), - Conditions: make(map[ConditionType]*contour_api_v1.DetailedCondition), + Conditions: make(map[ConditionType]*contour_v1.DetailedCondition), } - newDc := contour_api_v1.DetailedCondition{ - Condition: contour_api_v1.Condition{ + newDc := contour_v1.DetailedCondition{ + Condition: contour_v1.Condition{ Type: string(ValidCondition), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: "Valid", Message: "Valid HTTPProxy", }, @@ -60,21 +61,21 @@ func TestConditionFor(t *testing.T) { func TestStatusMutator(t *testing.T) { type testcase struct { - testProxy contour_api_v1.HTTPProxy + testProxy contour_v1.HTTPProxy proxyUpdate ProxyUpdate - wantConditions []contour_api_v1.DetailedCondition + wantConditions []contour_v1.DetailedCondition wantCurrentStatus string wantDescription string } - testTransitionTime := v1.NewTime(time.Now()) + testTransitionTime := meta_v1.NewTime(time.Now()) var testGeneration int64 = 7 run := func(desc string, tc testcase) { newProxy := tc.proxyUpdate.Mutate(&tc.testProxy) switch o := newProxy.(type) { - case *contour_api_v1.HTTPProxy: + case *contour_v1.HTTPProxy: assert.Equal(t, tc.wantConditions, o.Status.Conditions, desc) assert.Equal(t, tc.wantCurrentStatus, o.Status.CurrentStatus, desc) assert.Equal(t, tc.wantDescription, o.Status.Description, desc) @@ -84,8 +85,8 @@ func TestStatusMutator(t *testing.T) { } validConditionWarning := testcase{ - testProxy: contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + testProxy: contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "test", Generation: testGeneration, @@ -95,15 +96,15 @@ func TestStatusMutator(t *testing.T) { Fullname: k8s.NamespacedNameFrom("test/test"), Generation: testGeneration, TransitionTime: testTransitionTime, - Conditions: map[ConditionType]*contour_api_v1.DetailedCondition{ + Conditions: map[ConditionType]*contour_v1.DetailedCondition{ ValidCondition: { - Condition: contour_api_v1.Condition{ + Condition: contour_v1.Condition{ Type: string(ValidCondition), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: "Valid", Message: "Valid HTTPProxy", }, - Warnings: []contour_api_v1.SubCondition{ + Warnings: []contour_v1.SubCondition{ { Type: "TLSError", Reason: "TLSConfigError", @@ -113,17 +114,17 @@ func TestStatusMutator(t *testing.T) { }, }, }, - wantConditions: []contour_api_v1.DetailedCondition{ + wantConditions: []contour_v1.DetailedCondition{ { - Condition: contour_api_v1.Condition{ + Condition: contour_v1.Condition{ Type: string(ValidCondition), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, ObservedGeneration: testGeneration, LastTransitionTime: testTransitionTime, Reason: "Valid", Message: "Valid HTTPProxy", }, - Warnings: []contour_api_v1.SubCondition{ + Warnings: []contour_v1.SubCondition{ { Type: "TLSError", Reason: "TLSConfigError", @@ -138,8 +139,8 @@ func TestStatusMutator(t *testing.T) { run("valid with one warning", validConditionWarning) inValidConditionError := testcase{ - testProxy: contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + testProxy: contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "test", Generation: 6, @@ -149,15 +150,15 @@ func TestStatusMutator(t *testing.T) { Fullname: k8s.NamespacedNameFrom("test/test"), Generation: testGeneration, TransitionTime: testTransitionTime, - Conditions: map[ConditionType]*contour_api_v1.DetailedCondition{ + Conditions: map[ConditionType]*contour_v1.DetailedCondition{ ValidCondition: { - Condition: contour_api_v1.Condition{ + Condition: contour_v1.Condition{ Type: string(ValidCondition), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: "ErrorPresent", Message: "At least one error present, see Errors for details", }, - Errors: []contour_api_v1.SubCondition{ + Errors: []contour_v1.SubCondition{ { Type: "TLSError", Reason: "TLSConfigError", @@ -167,17 +168,17 @@ func TestStatusMutator(t *testing.T) { }, }, }, - wantConditions: []contour_api_v1.DetailedCondition{ + wantConditions: []contour_v1.DetailedCondition{ { - Condition: contour_api_v1.Condition{ + Condition: contour_v1.Condition{ Type: string(ValidCondition), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, ObservedGeneration: testGeneration, LastTransitionTime: testTransitionTime, Reason: "ErrorPresent", Message: "At least one error present, see Errors for details", }, - Errors: []contour_api_v1.SubCondition{ + Errors: []contour_v1.SubCondition{ { Type: "TLSError", Reason: "TLSConfigError", @@ -192,8 +193,8 @@ func TestStatusMutator(t *testing.T) { run("invalid status, one error", inValidConditionError) orphanedCondition := testcase{ - testProxy: contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + testProxy: contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "test", Generation: testGeneration, @@ -203,15 +204,15 @@ func TestStatusMutator(t *testing.T) { Fullname: k8s.NamespacedNameFrom("test/test"), Generation: testGeneration, TransitionTime: testTransitionTime, - Conditions: map[ConditionType]*contour_api_v1.DetailedCondition{ + Conditions: map[ConditionType]*contour_v1.DetailedCondition{ ValidCondition: { - Condition: contour_api_v1.Condition{ + Condition: contour_v1.Condition{ Type: string(ValidCondition), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, Reason: "Orphaned", Message: "this HTTPProxy is not part of a delegation chain from a root HTTPProxy", }, - Errors: []contour_api_v1.SubCondition{ + Errors: []contour_v1.SubCondition{ { Type: "Orphaned", Reason: "Orphaned", @@ -221,17 +222,17 @@ func TestStatusMutator(t *testing.T) { }, }, }, - wantConditions: []contour_api_v1.DetailedCondition{ + wantConditions: []contour_v1.DetailedCondition{ { - Condition: contour_api_v1.Condition{ + Condition: contour_v1.Condition{ Type: string(ValidCondition), - Status: contour_api_v1.ConditionFalse, + Status: contour_v1.ConditionFalse, ObservedGeneration: testGeneration, LastTransitionTime: testTransitionTime, Reason: "Orphaned", Message: "this HTTPProxy is not part of a delegation chain from a root HTTPProxy", }, - Errors: []contour_api_v1.SubCondition{ + Errors: []contour_v1.SubCondition{ { Type: "Orphaned", Reason: "Orphaned", @@ -247,18 +248,18 @@ func TestStatusMutator(t *testing.T) { run("orphaned HTTPProxy", orphanedCondition) updateExistingValidCond := testcase{ - testProxy: contour_api_v1.HTTPProxy{ - ObjectMeta: v1.ObjectMeta{ + testProxy: contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "test", Generation: testGeneration, }, - Status: contour_api_v1.HTTPProxyStatus{ - Conditions: []contour_api_v1.DetailedCondition{ + Status: contour_v1.HTTPProxyStatus{ + Conditions: []contour_v1.DetailedCondition{ { - Condition: contour_api_v1.Condition{ + Condition: contour_v1.Condition{ Type: string(ValidCondition), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, }, }, }, @@ -268,15 +269,15 @@ func TestStatusMutator(t *testing.T) { Fullname: k8s.NamespacedNameFrom("test/test"), Generation: testGeneration, TransitionTime: testTransitionTime, - Conditions: map[ConditionType]*contour_api_v1.DetailedCondition{ + Conditions: map[ConditionType]*contour_v1.DetailedCondition{ ValidCondition: { - Condition: contour_api_v1.Condition{ + Condition: contour_v1.Condition{ Type: string(ValidCondition), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, Reason: "Valid", Message: "Valid HTTPProxy", }, - Warnings: []contour_api_v1.SubCondition{ + Warnings: []contour_v1.SubCondition{ { Type: "TLSError", Reason: "TLSConfigError", @@ -286,17 +287,17 @@ func TestStatusMutator(t *testing.T) { }, }, }, - wantConditions: []contour_api_v1.DetailedCondition{ + wantConditions: []contour_v1.DetailedCondition{ { - Condition: contour_api_v1.Condition{ + Condition: contour_v1.Condition{ Type: string(ValidCondition), - Status: contour_api_v1.ConditionTrue, + Status: contour_v1.ConditionTrue, ObservedGeneration: testGeneration, LastTransitionTime: testTransitionTime, Reason: "Valid", Message: "Valid HTTPProxy", }, - Warnings: []contour_api_v1.SubCondition{ + Warnings: []contour_v1.SubCondition{ { Type: "TLSError", Reason: "TLSConfigError", diff --git a/internal/status/routeconditions.go b/internal/status/routeconditions.go index ff75aa54446..aaddcb40af8 100644 --- a/internal/status/routeconditions.go +++ b/internal/status/routeconditions.go @@ -17,12 +17,13 @@ import ( "fmt" "time" - "github.com/projectcontour/contour/internal/gatewayapi" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" ) const ( @@ -47,7 +48,7 @@ type RouteStatusUpdate struct { GatewayController gatewayapi_v1beta1.GatewayController Resource client.Object Generation int64 - TransitionTime metav1.Time + TransitionTime meta_v1.Time } // RouteParentStatusUpdate helps update a specific @@ -67,7 +68,7 @@ func (r *RouteStatusUpdate) StatusUpdateFor(parentRef gatewayapi_v1beta1.ParentR // AddCondition adds a condition with the given properties // to the RouteParentStatus. -func (r *RouteParentStatusUpdate) AddCondition(conditionType gatewayapi_v1beta1.RouteConditionType, status metav1.ConditionStatus, reason gatewayapi_v1beta1.RouteConditionReason, message string) metav1.Condition { +func (r *RouteParentStatusUpdate) AddCondition(conditionType gatewayapi_v1beta1.RouteConditionType, status meta_v1.ConditionStatus, reason gatewayapi_v1beta1.RouteConditionReason, message string) meta_v1.Condition { var rps *gatewayapi_v1beta1.RouteParentStatus for _, v := range r.RouteParentStatuses { @@ -98,12 +99,12 @@ func (r *RouteParentStatusUpdate) AddCondition(conditionType gatewayapi_v1beta1. message = rps.Conditions[idx].Message + ", " + message } - cond := metav1.Condition{ + cond := meta_v1.Condition{ Reason: string(reason), Status: status, Type: string(conditionType), Message: message, - LastTransitionTime: metav1.NewTime(time.Now()), + LastTransitionTime: meta_v1.NewTime(time.Now()), ObservedGeneration: r.Generation, } @@ -126,7 +127,7 @@ func (r *RouteParentStatusUpdate) ConditionExists(conditionType gatewayapi_v1bet return false } -func (r *RouteStatusUpdate) ConditionsForParentRef(parentRef gatewayapi_v1beta1.ParentReference) []metav1.Condition { +func (r *RouteStatusUpdate) ConditionsForParentRef(parentRef gatewayapi_v1beta1.ParentReference) []meta_v1.Condition { for _, rps := range r.RouteParentStatuses { if rps.ParentRef == parentRef { return rps.Conditions diff --git a/internal/status/routeconditions_test.go b/internal/status/routeconditions_test.go index 1bdf800eac6..f8c8584e429 100644 --- a/internal/status/routeconditions_test.go +++ b/internal/status/routeconditions_test.go @@ -17,12 +17,13 @@ import ( "testing" "time" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/k8s" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/k8s" ) func TestHTTPRouteAddCondition(t *testing.T) { @@ -35,24 +36,24 @@ func TestHTTPRouteAddCondition(t *testing.T) { rpsUpdate := httpRouteUpdate.StatusUpdateFor(parentRef) - rpsUpdate.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, metav1.ConditionTrue, "Valid", "Valid HTTPRoute") + rpsUpdate.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionTrue, "Valid", "Valid HTTPRoute") require.Len(t, httpRouteUpdate.ConditionsForParentRef(parentRef), 1) got := httpRouteUpdate.ConditionsForParentRef(parentRef)[0] assert.EqualValues(t, gatewayapi_v1beta1.RouteConditionAccepted, got.Type) - assert.EqualValues(t, metav1.ConditionTrue, got.Status) + assert.EqualValues(t, meta_v1.ConditionTrue, got.Status) assert.EqualValues(t, "Valid", got.Reason) assert.EqualValues(t, "Valid HTTPRoute", got.Message) assert.EqualValues(t, 7, got.ObservedGeneration) } -func newCondition(t string, status metav1.ConditionStatus, reason, msg string, lt time.Time) metav1.Condition { - return metav1.Condition{ +func newCondition(t string, status meta_v1.ConditionStatus, reason, msg string, lt time.Time) meta_v1.Condition { + return meta_v1.Condition{ Type: t, Status: status, Reason: reason, Message: msg, - LastTransitionTime: metav1.NewTime(lt), + LastTransitionTime: meta_v1.NewTime(lt), } } diff --git a/internal/xds/v3/contour.go b/internal/xds/v3/contour.go index 4b4f913b226..ce00f6b93ee 100644 --- a/internal/xds/v3/contour.go +++ b/internal/xds/v3/contour.go @@ -25,12 +25,13 @@ import ( envoy_service_route_v3 "github.com/envoyproxy/go-control-plane/envoy/service/route/v3" envoy_service_runtime_v3 "github.com/envoyproxy/go-control-plane/envoy/service/runtime/v3" envoy_service_secret_v3 "github.com/envoyproxy/go-control-plane/envoy/service/secret/v3" - "github.com/projectcontour/contour/internal/xds" "github.com/sirupsen/logrus" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" + + "github.com/projectcontour/contour/internal/xds" ) type grpcStream interface { diff --git a/internal/xds/v3/contour_test.go b/internal/xds/v3/contour_test.go index d7cd389761e..0000eece017 100644 --- a/internal/xds/v3/contour_test.go +++ b/internal/xds/v3/contour_test.go @@ -20,10 +20,8 @@ import ( "io" "testing" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/xds" "github.com/sirupsen/logrus" "github.com/sirupsen/logrus/hooks/test" "github.com/stretchr/testify/assert" @@ -32,6 +30,9 @@ import ( "google.golang.org/grpc/status" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/runtime/protoimpl" + + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/xds" ) func TestXDSHandlerStream(t *testing.T) { @@ -97,7 +98,7 @@ func TestXDSHandlerStream(t *testing.T) { ch <- i + 1 }, contents: func() []proto.Message { - return []proto.Message{new(envoy_endpoint_v3.ClusterLoadAssignment)} + return []proto.Message{new(envoy_config_endpoint_v3.ClusterLoadAssignment)} }, typeurl: func() string { return "io.projectcontour.potato" }, }, diff --git a/internal/xds/v3/hash.go b/internal/xds/v3/hash.go index b029de69e5c..1778fda4429 100644 --- a/internal/xds/v3/hash.go +++ b/internal/xds/v3/hash.go @@ -14,7 +14,7 @@ package v3 import ( - envoy_config_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" ) // nolint:revive @@ -25,7 +25,7 @@ const CONSTANT_HASH_VALUE = "contour" // service-node flag configured on Envoy. type ConstantHash struct{} -func (c ConstantHash) ID(*envoy_config_v3.Node) string { +func (c ConstantHash) ID(*envoy_config_core_v3.Node) string { return CONSTANT_HASH_VALUE } diff --git a/internal/xdscache/v3/cluster.go b/internal/xdscache/v3/cluster.go index 134efedbb12..115f96d01e4 100644 --- a/internal/xdscache/v3/cluster.go +++ b/internal/xdscache/v3/cluster.go @@ -17,26 +17,27 @@ import ( "sort" "sync" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" + "google.golang.org/protobuf/proto" + "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" - "google.golang.org/protobuf/proto" ) // ClusterCache manages the contents of the gRPC CDS cache. type ClusterCache struct { mu sync.Mutex - values map[string]*envoy_cluster_v3.Cluster + values map[string]*envoy_config_cluster_v3.Cluster contour.Cond } // Update replaces the contents of the cache with the supplied map. -func (c *ClusterCache) Update(v map[string]*envoy_cluster_v3.Cluster) { +func (c *ClusterCache) Update(v map[string]*envoy_config_cluster_v3.Cluster) { c.mu.Lock() defer c.mu.Unlock() @@ -48,7 +49,7 @@ func (c *ClusterCache) Update(v map[string]*envoy_cluster_v3.Cluster) { func (c *ClusterCache) Contents() []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_cluster_v3.Cluster + var values []*envoy_config_cluster_v3.Cluster for _, v := range c.values { values = append(values, v) } @@ -59,7 +60,7 @@ func (c *ClusterCache) Contents() []proto.Message { func (c *ClusterCache) Query(names []string) []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_cluster_v3.Cluster + var values []*envoy_config_cluster_v3.Cluster for _, n := range names { // if the cluster is not registered we cannot return // a blank cluster because each cluster has a required @@ -77,7 +78,7 @@ func (c *ClusterCache) Query(names []string) []proto.Message { func (*ClusterCache) TypeURL() string { return resource.ClusterType } func (c *ClusterCache) OnChange(root *dag.DAG) { - clusters := map[string]*envoy_cluster_v3.Cluster{} + clusters := map[string]*envoy_config_cluster_v3.Cluster{} for _, cluster := range root.GetClusters() { name := envoy.Clustername(cluster) diff --git a/internal/xdscache/v3/cluster_test.go b/internal/xdscache/v3/cluster_test.go index 8fd6f7f7d5e..fca970072af 100644 --- a/internal/xdscache/v3/cluster_test.go +++ b/internal/xdscache/v3/cluster_test.go @@ -17,25 +17,26 @@ import ( "testing" "time" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_extensions_upstream_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/protobuf" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_upstream_http_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/protobuf" ) func TestClusterCacheContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_cluster_v3.Cluster + contents map[string]*envoy_config_cluster_v3.Cluster want []proto.Message }{ "empty": { @@ -44,21 +45,21 @@ func TestClusterCacheContents(t *testing.T) { }, "simple": { contents: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), want: []proto.Message{ - cluster(&envoy_cluster_v3.Cluster{ + cluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, @@ -79,28 +80,28 @@ func TestClusterCacheContents(t *testing.T) { func TestClusterCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_cluster_v3.Cluster + contents map[string]*envoy_config_cluster_v3.Cluster query []string want []proto.Message }{ "exact match": { contents: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), query: []string{"default/kuard/443/da39a3ee5e"}, want: []proto.Message{ - cluster(&envoy_cluster_v3.Cluster{ + cluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, @@ -109,22 +110,22 @@ func TestClusterCacheQuery(t *testing.T) { }, "partial match": { contents: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, }), query: []string{"default/kuard/443/da39a3ee5e", "foo/bar/baz"}, want: []proto.Message{ - cluster(&envoy_cluster_v3.Cluster{ + cluster(&envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, @@ -133,11 +134,11 @@ func TestClusterCacheQuery(t *testing.T) { }, "no match": { contents: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, @@ -160,16 +161,16 @@ func TestClusterCacheQuery(t *testing.T) { func TestClusterVisit(t *testing.T) { tests := map[string]struct { objs []any - want map[string]*envoy_cluster_v3.Cluster + want map[string]*envoy_config_cluster_v3.Cluster }{ "nothing": { objs: nil, - want: map[string]*envoy_cluster_v3.Cluster{}, + want: map[string]*envoy_config_cluster_v3.Cluster{}, }, "single unnamed service": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -178,7 +179,7 @@ func TestClusterVisit(t *testing.T) { }, }, service("default", "kuard", - v1.ServicePort{ + core_v1.ServicePort{ Protocol: "TCP", Port: 443, TargetPort: intstr.FromInt(8443), @@ -186,11 +187,11 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard", }, @@ -199,7 +200,7 @@ func TestClusterVisit(t *testing.T) { "single named service": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -213,7 +214,7 @@ func TestClusterVisit(t *testing.T) { }, }, service("default", "kuard", - v1.ServicePort{ + core_v1.ServicePort{ Name: "https", Protocol: "TCP", Port: 443, @@ -222,11 +223,11 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard/https", }, @@ -235,7 +236,7 @@ func TestClusterVisit(t *testing.T) { "h2c upstream": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -254,7 +255,7 @@ func TestClusterVisit(t *testing.T) { map[string]string{ "projectcontour.io/upstream-protocol.h2c": "80,http", }, - v1.ServicePort{ + core_v1.ServicePort{ Protocol: "TCP", Name: "http", Port: 80, @@ -262,20 +263,20 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/f4f94965ec", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard/http", }, TypedExtensionProtocolOptions: map[string]*anypb.Any{ "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": protobuf.MustMarshalAny( - &envoy_extensions_upstream_http_v3.HttpProtocolOptions{ - UpstreamProtocolOptions: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ - ExplicitHttpConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ - ProtocolConfig: &envoy_extensions_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, + &envoy_upstream_http_v3.HttpProtocolOptions{ + UpstreamProtocolOptions: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_{ + ExplicitHttpConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig{ + ProtocolConfig: &envoy_upstream_http_v3.HttpProtocolOptions_ExplicitHttpConfig_Http2ProtocolOptions{}, }, }, }), @@ -286,7 +287,7 @@ func TestClusterVisit(t *testing.T) { "long namespace and service name": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "webserver-1-unimatrix-zero-one", Namespace: "beurocratic-company-test-domain-1", }, @@ -295,7 +296,7 @@ func TestClusterVisit(t *testing.T) { }, }, service("beurocratic-company-test-domain-1", "tiny-cog-department-test-instance", - v1.ServicePort{ + core_v1.ServicePort{ Name: "svc-0", Protocol: "TCP", Port: 443, @@ -304,11 +305,11 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "beurocra-7fe4b4/tiny-cog-7fe4b4/443/da39a3ee5e", AltStatName: "beurocratic-company-test-domain-1_tiny-cog-department-test-instance_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "beurocratic-company-test-domain-1/tiny-cog-department-test-instance/svc-0", }, @@ -316,20 +317,20 @@ func TestClusterVisit(t *testing.T) { }, "two service ports": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -339,12 +340,12 @@ func TestClusterVisit(t *testing.T) { }}, }, }, - service("default", "backend", v1.ServicePort{ + service("default", "backend", core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(6502), - }, v1.ServicePort{ + }, core_v1.ServicePort{ Name: "alt", Protocol: "TCP", Port: 8080, @@ -352,20 +353,20 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/da39a3ee5e", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, }, - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/8080/da39a3ee5e", AltStatName: "default_backend_8080", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/alt", }, @@ -374,30 +375,30 @@ func TestClusterVisit(t *testing.T) { }, "httpproxy with simple path healthcheck": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - HealthCheckPolicy: &contour_api_v1.HTTPHealthCheckPolicy{ + Routes: []contour_v1.Route{{ + HealthCheckPolicy: &contour_v1.HTTPHealthCheckPolicy{ Path: "/healthy", }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - service("default", "backend", v1.ServicePort{ + service("default", "backend", core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, @@ -405,21 +406,21 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/c184349821", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, - HealthChecks: []*envoy_core_v3.HealthCheck{{ + HealthChecks: []*envoy_config_core_v3.HealthCheck{{ Timeout: &durationpb.Duration{Seconds: 2}, Interval: &durationpb.Duration{Seconds: 10}, UnhealthyThreshold: wrapperspb.UInt32(3), HealthyThreshold: wrapperspb.UInt32(2), - HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ Path: "/healthy", Host: "contour-envoy-healthcheck", }, @@ -431,17 +432,17 @@ func TestClusterVisit(t *testing.T) { }, "httpproxy with custom healthcheck": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - HealthCheckPolicy: &contour_api_v1.HTTPHealthCheckPolicy{ + Routes: []contour_v1.Route{{ + HealthCheckPolicy: &contour_v1.HTTPHealthCheckPolicy{ Host: "foo-bar-host", Path: "/healthy", TimeoutSeconds: 99, @@ -449,17 +450,17 @@ func TestClusterVisit(t *testing.T) { UnhealthyThresholdCount: 97, HealthyThresholdCount: 96, }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - service("default", "backend", v1.ServicePort{ + service("default", "backend", core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, @@ -467,21 +468,21 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/7f8051653a", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, - HealthChecks: []*envoy_core_v3.HealthCheck{{ + HealthChecks: []*envoy_config_core_v3.HealthCheck{{ Timeout: &durationpb.Duration{Seconds: 99}, Interval: &durationpb.Duration{Seconds: 98}, UnhealthyThreshold: wrapperspb.UInt32(97), HealthyThreshold: wrapperspb.UInt32(96), - HealthChecker: &envoy_core_v3.HealthCheck_HttpHealthCheck_{ - HttpHealthCheck: &envoy_core_v3.HealthCheck_HttpHealthCheck{ + HealthChecker: &envoy_config_core_v3.HealthCheck_HttpHealthCheck_{ + HttpHealthCheck: &envoy_config_core_v3.HealthCheck_HttpHealthCheck{ Path: "/healthy", Host: "foo-bar-host", }, @@ -493,30 +494,30 @@ func TestClusterVisit(t *testing.T) { }, "httpproxy with RoundRobin lb algorithm": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + Routes: []contour_v1.Route{{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RoundRobin", }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - service("default", "backend", v1.ServicePort{ + service("default", "backend", core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, @@ -524,11 +525,11 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/da39a3ee5e", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, @@ -537,30 +538,30 @@ func TestClusterVisit(t *testing.T) { }, "httpproxy with WeightedLeastRequest lb algorithm": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + Routes: []contour_v1.Route{{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "WeightedLeastRequest", }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - service("default", "backend", v1.ServicePort{ + service("default", "backend", core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, @@ -568,44 +569,44 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/8bf87fefba", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, - LbPolicy: envoy_cluster_v3.Cluster_LEAST_REQUEST, + LbPolicy: envoy_config_cluster_v3.Cluster_LEAST_REQUEST, }, ), }, "httpproxy with Random lb algorithm": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + Routes: []contour_v1.Route{{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "Random", }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - service("default", "backend", v1.ServicePort{ + service("default", "backend", core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, @@ -613,51 +614,51 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/58d888c08a", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, - LbPolicy: envoy_cluster_v3.Cluster_RANDOM, + LbPolicy: envoy_config_cluster_v3.Cluster_RANDOM, }, ), }, "httpproxy with RequestHash lb algorithm and valid header hash option": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + Routes: []contour_v1.Route{{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "RequestHash", - RequestHashPolicies: []contour_api_v1.RequestHashPolicy{ + RequestHashPolicies: []contour_v1.RequestHashPolicy{ { - HeaderHashOptions: &contour_api_v1.HeaderHashOptions{ + HeaderHashOptions: &contour_v1.HeaderHashOptions{ HeaderName: "X-Custom-Header", }, }, }, }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - service("default", "backend", v1.ServicePort{ + service("default", "backend", core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, @@ -665,15 +666,15 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/1a2ffc1fef", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, - LbPolicy: envoy_cluster_v3.Cluster_RING_HASH, + LbPolicy: envoy_config_cluster_v3.Cluster_RING_HASH, }, ), }, @@ -681,30 +682,30 @@ func TestClusterVisit(t *testing.T) { // HTTPProxy has LB algorithm as a route-level construct, so it's not possible. "httpproxy with unknown lb algorithm": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - LoadBalancerPolicy: &contour_api_v1.LoadBalancerPolicy{ + Routes: []contour_v1.Route{{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "lulz", }, - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - service("default", "backend", v1.ServicePort{ + service("default", "backend", core_v1.ServicePort{ Name: "http", Protocol: "TCP", Port: 80, @@ -712,11 +713,11 @@ func TestClusterVisit(t *testing.T) { }), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/backend/80/da39a3ee5e", AltStatName: "default_backend_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/backend/http", }, @@ -726,7 +727,7 @@ func TestClusterVisit(t *testing.T) { "circuitbreaker annotations": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -749,7 +750,7 @@ func TestClusterVisit(t *testing.T) { "projectcontour.io/max-retries": "7", "projectcontour.io/per-host-max-connections": "45", }, - v1.ServicePort{ + core_v1.ServicePort{ Protocol: "TCP", Name: "http", Port: 80, @@ -757,22 +758,22 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/80/da39a3ee5e", AltStatName: "default_kuard_80", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard/http", }, - CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{ - Thresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + CircuitBreakers: &envoy_config_cluster_v3.CircuitBreakers{ + Thresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(9000), MaxPendingRequests: wrapperspb.UInt32(4096), MaxRequests: wrapperspb.UInt32(404), MaxRetries: wrapperspb.UInt32(7), }}, - PerHostThresholds: []*envoy_cluster_v3.CircuitBreakers_Thresholds{{ + PerHostThresholds: []*envoy_config_cluster_v3.CircuitBreakers_Thresholds{{ MaxConnections: wrapperspb.UInt32(45), }}, }, @@ -782,7 +783,7 @@ func TestClusterVisit(t *testing.T) { "projectcontour.io/num-retries annotation": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -800,7 +801,7 @@ func TestClusterVisit(t *testing.T) { }, }, service("default", "kuard", - v1.ServicePort{ + core_v1.ServicePort{ Name: "https", Protocol: "TCP", Port: 443, @@ -809,11 +810,11 @@ func TestClusterVisit(t *testing.T) { ), }, want: clustermap( - &envoy_cluster_v3.Cluster{ + &envoy_config_cluster_v3.Cluster{ Name: "default/kuard/443/da39a3ee5e", AltStatName: "default_kuard_443", - ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_cluster_v3.Cluster_EDS), - EdsClusterConfig: &envoy_cluster_v3.Cluster_EdsClusterConfig{ + ClusterDiscoveryType: envoy_v3.ClusterDiscoveryType(envoy_config_cluster_v3.Cluster_EDS), + EdsClusterConfig: &envoy_config_cluster_v3.Cluster_EdsClusterConfig{ EdsConfig: envoy_v3.ConfigSource("contour"), ServiceName: "default/kuard/https", }, @@ -830,37 +831,37 @@ func TestClusterVisit(t *testing.T) { } } -func service(ns, name string, ports ...v1.ServicePort) *v1.Service { +func service(ns, name string, ports ...core_v1.ServicePort) *core_v1.Service { return serviceWithAnnotations(ns, name, nil, ports...) } -func serviceWithAnnotations(ns, name string, annotations map[string]string, ports ...v1.ServicePort) *v1.Service { - return &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ +func serviceWithAnnotations(ns, name string, annotations map[string]string, ports ...core_v1.ServicePort) *core_v1.Service { + return &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: ns, Annotations: annotations, }, - Spec: v1.ServiceSpec{ + Spec: core_v1.ServiceSpec{ Ports: ports, }, } } -func cluster(c *envoy_cluster_v3.Cluster) *envoy_cluster_v3.Cluster { +func cluster(c *envoy_config_cluster_v3.Cluster) *envoy_config_cluster_v3.Cluster { // NOTE: Keep this in sync with envoy.defaultCluster(). - defaults := &envoy_cluster_v3.Cluster{ + defaults := &envoy_config_cluster_v3.Cluster{ ConnectTimeout: durationpb.New(2 * time.Second), CommonLbConfig: envoy_v3.ClusterCommonLBConfig(), - LbPolicy: envoy_cluster_v3.Cluster_ROUND_ROBIN, + LbPolicy: envoy_config_cluster_v3.Cluster_ROUND_ROBIN, } proto.Merge(defaults, c) return defaults } -func clustermap(clusters ...*envoy_cluster_v3.Cluster) map[string]*envoy_cluster_v3.Cluster { - m := make(map[string]*envoy_cluster_v3.Cluster) +func clustermap(clusters ...*envoy_config_cluster_v3.Cluster) map[string]*envoy_config_cluster_v3.Cluster { + m := make(map[string]*envoy_config_cluster_v3.Cluster) for _, c := range clusters { m[c.Name] = cluster(c) } diff --git a/internal/xdscache/v3/contour_test.go b/internal/xdscache/v3/contour_test.go index 60d37c6152f..bce148fd91b 100644 --- a/internal/xdscache/v3/contour_test.go +++ b/internal/xdscache/v3/contour_test.go @@ -14,14 +14,14 @@ package v3 import ( - v1 "k8s.io/api/core/v1" - discoveryv1 "k8s.io/api/discovery/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + discovery_v1 "k8s.io/api/discovery/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) -func endpoints(ns, name string, subsets ...v1.EndpointSubset) *v1.Endpoints { - return &v1.Endpoints{ - ObjectMeta: metav1.ObjectMeta{ +func endpoints(ns, name string, subsets ...core_v1.EndpointSubset) *core_v1.Endpoints { + return &core_v1.Endpoints{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: ns, }, @@ -29,21 +29,21 @@ func endpoints(ns, name string, subsets ...v1.EndpointSubset) *v1.Endpoints { } } -func addresses(ips ...string) []v1.EndpointAddress { - var addrs []v1.EndpointAddress +func addresses(ips ...string) []core_v1.EndpointAddress { + var addrs []core_v1.EndpointAddress for _, ip := range ips { - addrs = append(addrs, v1.EndpointAddress{IP: ip}) + addrs = append(addrs, core_v1.EndpointAddress{IP: ip}) } return addrs } -func endpointSlice(ns, name, service string, addressType discoveryv1.AddressType, endpoints []discoveryv1.Endpoint, ports []discoveryv1.EndpointPort) *discoveryv1.EndpointSlice { - return &discoveryv1.EndpointSlice{ - ObjectMeta: metav1.ObjectMeta{ +func endpointSlice(ns, name, service string, addressType discovery_v1.AddressType, endpoints []discovery_v1.Endpoint, ports []discovery_v1.EndpointPort) *discovery_v1.EndpointSlice { + return &discovery_v1.EndpointSlice{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: ns, Labels: map[string]string{ - discoveryv1.LabelServiceName: service, + discovery_v1.LabelServiceName: service, }, }, diff --git a/internal/xdscache/v3/endpointslicetranslator.go b/internal/xdscache/v3/endpointslicetranslator.go index 770415be436..65fa809e149 100644 --- a/internal/xdscache/v3/endpointslicetranslator.go +++ b/internal/xdscache/v3/endpointslicetranslator.go @@ -18,26 +18,27 @@ import ( "sort" "sync" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" + "github.com/sirupsen/logrus" + "google.golang.org/protobuf/proto" + core_v1 "k8s.io/api/core/v1" + discovery_v1 "k8s.io/api/discovery/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/tools/cache" + "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" - "github.com/sirupsen/logrus" - "google.golang.org/protobuf/proto" - v1 "k8s.io/api/core/v1" - discoveryv1 "k8s.io/api/discovery/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/client-go/tools/cache" ) // RecalculateEndpoints generates a slice of LoadBalancingEndpoint -// resources by matching the given service port to the given discoveryv1.EndpointSlice. +// resources by matching the given service port to the given discovery_v1.EndpointSlice. // endpointSliceMap may be nil, in which case, the result is also nil. -func (c *EndpointSliceCache) RecalculateEndpoints(port, healthPort v1.ServicePort, endpointSliceMap map[string]*discoveryv1.EndpointSlice) []*LoadBalancingEndpoint { +func (c *EndpointSliceCache) RecalculateEndpoints(port, healthPort core_v1.ServicePort, endpointSliceMap map[string]*discovery_v1.EndpointSlice) []*LoadBalancingEndpoint { var lb []*LoadBalancingEndpoint uniqueEndpoints := make(map[string]struct{}, 0) var healthCheckPort int32 @@ -65,7 +66,7 @@ func (c *EndpointSliceCache) RecalculateEndpoints(port, healthPort v1.ServicePor continue } - if *endpointPort.Protocol != v1.ProtocolTCP { + if *endpointPort.Protocol != core_v1.ProtocolTCP { continue } @@ -130,7 +131,7 @@ type EndpointSliceCache struct { // Cache of endpointsSlices, indexed by Namespaced name of the associated service. // the Inner map is a map[k,v] where k is the endpoint slice name and v is the // endpoint slice itself. - endpointSlices map[types.NamespacedName]map[string]*discoveryv1.EndpointSlice + endpointSlices map[types.NamespacedName]map[string]*discovery_v1.EndpointSlice } // Recalculate regenerates all the ClusterLoadAssignments from the @@ -138,11 +139,11 @@ type EndpointSliceCache struct { // will be generated for every stale ServerCluster, however, if there // are no endpointSlices for the Services in the ServiceCluster, the // ClusterLoadAssignment will be empty. -func (c *EndpointSliceCache) Recalculate() map[string]*envoy_endpoint_v3.ClusterLoadAssignment { +func (c *EndpointSliceCache) Recalculate() map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment { c.mu.Lock() defer c.mu.Unlock() - assignments := map[string]*envoy_endpoint_v3.ClusterLoadAssignment{} + assignments := map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{} for _, cluster := range c.stale { // Clusters can be in the stale list multiple times; // skip to avoid duplicate recalculations. @@ -150,7 +151,7 @@ func (c *EndpointSliceCache) Recalculate() map[string]*envoy_endpoint_v3.Cluster continue } - cla := envoy_endpoint_v3.ClusterLoadAssignment{ + cla := envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: cluster.ClusterName, Endpoints: nil, Policy: nil, @@ -226,14 +227,14 @@ func (c *EndpointSliceCache) SetClusters(clusters []*dag.ServiceCluster) error { // already cached. Any ServiceClusters that are backed by a Service // that endpointSlice belongs become stale. Returns a boolean indicating whether // any ServiceClusters use endpointSlice or not. -func (c *EndpointSliceCache) UpdateEndpointSlice(endpointSlice *discoveryv1.EndpointSlice) bool { +func (c *EndpointSliceCache) UpdateEndpointSlice(endpointSlice *discovery_v1.EndpointSlice) bool { c.mu.Lock() defer c.mu.Unlock() - name := types.NamespacedName{Namespace: endpointSlice.Namespace, Name: endpointSlice.Labels[discoveryv1.LabelServiceName]} + name := types.NamespacedName{Namespace: endpointSlice.Namespace, Name: endpointSlice.Labels[discovery_v1.LabelServiceName]} if c.endpointSlices[name] == nil { - c.endpointSlices[name] = make(map[string]*discoveryv1.EndpointSlice) + c.endpointSlices[name] = make(map[string]*discovery_v1.EndpointSlice) } c.endpointSlices[name][endpointSlice.Name] = endpointSlice.DeepCopy() @@ -250,11 +251,11 @@ func (c *EndpointSliceCache) UpdateEndpointSlice(endpointSlice *discoveryv1.Endp // DeleteEndpointSlice deletes endpointSlice from the cache. Any ServiceClusters // that are backed by a Service that endpointSlice belongs to, become stale. Returns // a boolean indicating whether any ServiceClusters use endpointSlice or not. -func (c *EndpointSliceCache) DeleteEndpointSlice(endpointSlice *discoveryv1.EndpointSlice) bool { +func (c *EndpointSliceCache) DeleteEndpointSlice(endpointSlice *discovery_v1.EndpointSlice) bool { c.mu.Lock() defer c.mu.Unlock() - name := types.NamespacedName{Namespace: endpointSlice.Namespace, Name: endpointSlice.Labels[discoveryv1.LabelServiceName]} + name := types.NamespacedName{Namespace: endpointSlice.Namespace, Name: endpointSlice.Labels[discovery_v1.LabelServiceName]} delete(c.endpointSlices[name], endpointSlice.Name) // If any service clusters include this endpointSlice, mark them @@ -272,11 +273,11 @@ func NewEndpointSliceTranslator(log logrus.FieldLogger) *EndpointSliceTranslator return &EndpointSliceTranslator{ Cond: contour.Cond{}, FieldLogger: log, - entries: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{}, + entries: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{}, cache: EndpointSliceCache{ stale: nil, services: map[types.NamespacedName][]*dag.ServiceCluster{}, - endpointSlices: map[types.NamespacedName]map[string]*discoveryv1.EndpointSlice{}, + endpointSlices: map[types.NamespacedName]map[string]*discovery_v1.EndpointSlice{}, }, } } @@ -293,13 +294,13 @@ type EndpointSliceTranslator struct { cache EndpointSliceCache mu sync.Mutex // Protects entries. - entries map[string]*envoy_endpoint_v3.ClusterLoadAssignment + entries map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment } // Merge combines the given entries with the existing entries in the // EndpointSliceTranslator. If the same key exists in both maps, an existing entry // is replaced. -func (e *EndpointSliceTranslator) Merge(entries map[string]*envoy_endpoint_v3.ClusterLoadAssignment) { +func (e *EndpointSliceTranslator) Merge(entries map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment) { e.mu.Lock() defer e.mu.Unlock() @@ -357,7 +358,7 @@ func (e *EndpointSliceTranslator) OnChange(root *dag.DAG) { func (e *EndpointSliceTranslator) OnAdd(obj any, _ bool) { switch obj := obj.(type) { - case *discoveryv1.EndpointSlice: + case *discovery_v1.EndpointSlice: if !e.cache.UpdateEndpointSlice(obj) { return } @@ -375,8 +376,8 @@ func (e *EndpointSliceTranslator) OnAdd(obj any, _ bool) { func (e *EndpointSliceTranslator) OnUpdate(oldObj, newObj any) { switch newObj := newObj.(type) { - case *discoveryv1.EndpointSlice: - oldObj, ok := oldObj.(*discoveryv1.EndpointSlice) + case *discovery_v1.EndpointSlice: + oldObj, ok := oldObj.(*discovery_v1.EndpointSlice) if !ok { e.Errorf("OnUpdate endpointSlice %#v received invalid oldObj %T; %#v", newObj, oldObj, oldObj) return @@ -412,7 +413,7 @@ func (e *EndpointSliceTranslator) OnUpdate(oldObj, newObj any) { func (e *EndpointSliceTranslator) OnDelete(obj any) { switch obj := obj.(type) { - case *discoveryv1.EndpointSlice: + case *discovery_v1.EndpointSlice: if !e.cache.DeleteEndpointSlice(obj) { return } @@ -435,7 +436,7 @@ func (e *EndpointSliceTranslator) Contents() []proto.Message { e.mu.Lock() defer e.mu.Unlock() - values := make([]*envoy_endpoint_v3.ClusterLoadAssignment, 0, len(e.entries)) + values := make([]*envoy_config_endpoint_v3.ClusterLoadAssignment, 0, len(e.entries)) for _, v := range e.entries { values = append(values, v) } @@ -448,12 +449,12 @@ func (e *EndpointSliceTranslator) Query(names []string) []proto.Message { e.mu.Lock() defer e.mu.Unlock() - values := make([]*envoy_endpoint_v3.ClusterLoadAssignment, 0, len(names)) + values := make([]*envoy_config_endpoint_v3.ClusterLoadAssignment, 0, len(names)) for _, n := range names { v, ok := e.entries[n] if !ok { e.Debugf("no cache entry for %q", n) - v = &envoy_endpoint_v3.ClusterLoadAssignment{ + v = &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: n, } } diff --git a/internal/xdscache/v3/endpointslicetranslator_test.go b/internal/xdscache/v3/endpointslicetranslator_test.go index b4f399afe0d..56aa36a4cb2 100644 --- a/internal/xdscache/v3/endpointslicetranslator_test.go +++ b/internal/xdscache/v3/endpointslicetranslator_test.go @@ -16,21 +16,22 @@ package v3 import ( "testing" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + "github.com/stretchr/testify/require" + "google.golang.org/protobuf/proto" + core_v1 "k8s.io/api/core/v1" + discovery_v1 "k8s.io/api/discovery/v1" + "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/ref" - "github.com/stretchr/testify/require" - "google.golang.org/protobuf/proto" - v1 "k8s.io/api/core/v1" - discoveryv1 "k8s.io/api/discovery/v1" ) func TestEndpointSliceTranslatorContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_endpoint_v3.ClusterLoadAssignment + contents map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment want []proto.Message }{ "empty": { @@ -63,7 +64,7 @@ func TestEndpointSliceTranslatorContents(t *testing.T) { func TestEndpointSliceCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_endpoint_v3.ClusterLoadAssignment + contents map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment query []string want []proto.Message }{ @@ -126,7 +127,7 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { Weight: 1, ServiceName: "httpbin-org", ServiceNamespace: "default", - ServicePort: v1.ServicePort{Name: "a"}, + ServicePort: core_v1.ServicePort{Name: "a"}, }, }, }, @@ -137,7 +138,7 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { Weight: 1, ServiceName: "httpbin-org", ServiceNamespace: "default", - ServicePort: v1.ServicePort{Name: "b"}, + ServicePort: core_v1.ServicePort{Name: "b"}, }, }, }, @@ -148,7 +149,7 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { Weight: 1, ServiceName: "simple", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, }, }, @@ -159,35 +160,35 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { Weight: 1, ServiceName: "healthcheck-port", ServiceNamespace: "default", - ServicePort: v1.ServicePort{Name: "a"}, - HealthPort: v1.ServicePort{Name: "health", Port: 8998}, + ServicePort: core_v1.ServicePort{Name: "a"}, + HealthPort: core_v1.ServicePort{Name: "health", Port: 8998}, }, }, }, } tests := map[string]struct { - endpointSlice *discoveryv1.EndpointSlice + endpointSlice *discovery_v1.EndpointSlice want []proto.Message wantUpdate bool }{ "simple": { - endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, @@ -195,14 +196,14 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { wantUpdate: true, }, "adding an endpoint slice not used by a cluster should not trigger a calculation": { - endpointSlice: endpointSlice("default", "not-used-eps-sdf8s", "not-used-endpoint", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "not-used-eps-sdf8s", "not-used-endpoint", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), @@ -210,24 +211,24 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { wantUpdate: false, }, "single slice, multiple addresses": { - endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{ "50.17.206.192", }, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](80), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("50.17.206.192", 80), @@ -237,7 +238,7 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { wantUpdate: true, }, "multiple slices": { - endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{ "50.17.206.192", @@ -258,18 +259,18 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { "50.19.99.160", }, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](80), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("23.23.247.89", 80), // addresses should be sorted @@ -282,42 +283,42 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { wantUpdate: true, }, "multiple ports": { - endpointSlice: endpointSlice("default", "httpbin-org-s9d8f", "httpbin-org", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "httpbin-org-s9d8f", "httpbin-org", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{ "10.10.1.1", }, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Name: ref.To[string]("a"), Port: ref.To[int32](8675), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, { Name: ref.To[string]("b"), Port: ref.To[int32](309), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, // Results should be sorted by cluster name. - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/a", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 8675)), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/b", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 309)), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, wantUpdate: true, }, "cartesian product": { - endpointSlice: endpointSlice("default", "httpbin-org-s9d8f", "httpbin-org", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "httpbin-org-s9d8f", "httpbin-org", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{ "10.10.1.1", @@ -328,46 +329,46 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { "10.10.2.2", }, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Name: ref.To[string]("a"), Port: ref.To[int32](8675), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, { Name: ref.To[string]("b"), Port: ref.To[int32](309), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/a", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 8675), // addresses should be sorted envoy_v3.SocketAddress("10.10.2.2", 8675), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/b", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 309), envoy_v3.SocketAddress("10.10.2.2", 309), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, wantUpdate: true, }, "not ready": { - endpointSlice: endpointSlice("default", "httpbin-org-s9d8f", "httpbin-org", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "httpbin-org-s9d8f", "httpbin-org", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{ "10.10.1.1", }, - Conditions: discoveryv1.EndpointConditions{ + Conditions: discovery_v1.EndpointConditions{ Ready: ref.To[bool](false), }, }, @@ -375,71 +376,71 @@ func TestEndpointSliceTranslatorAddEndpoints(t *testing.T) { Addresses: []string{ "10.10.2.2", }, - Conditions: discoveryv1.EndpointConditions{ + Conditions: discovery_v1.EndpointConditions{ Ready: ref.To[bool](true), }, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Name: ref.To[string]("a"), Port: ref.To[int32](8675), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, { Name: ref.To[string]("b"), Port: ref.To[int32](309), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/a", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.2.2", 8675), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/b", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.2.2", 309), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, wantUpdate: true, }, "health port": { - endpointSlice: endpointSlice("default", "healthcheck-port-s9d8f", "healthcheck-port", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "healthcheck-port-s9d8f", "healthcheck-port", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{ "10.10.1.1", }, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Name: ref.To[string]("health"), Port: ref.To[int32](8998), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, { Name: ref.To[string]("a"), Port: ref.To[int32](309), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/healthcheck-port", Endpoints: weightedHealthcheckEndpoints(1, 8998, envoy_v3.SocketAddress("10.10.1.1", 309), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, wantUpdate: true, }, @@ -469,7 +470,7 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { Weight: 1, ServiceName: "simple", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, }, }, @@ -480,7 +481,7 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { Weight: 1, ServiceName: "what-a-descriptive-service-name-you-must-be-so-proud", ServiceNamespace: "super-long-namespace-name-oh-boy", - ServicePort: v1.ServicePort{Name: "http"}, + ServicePort: core_v1.ServicePort{Name: "http"}, }, }, }, @@ -491,7 +492,7 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { Weight: 1, ServiceName: "what-a-descriptive-service-name-you-must-be-so-proud", ServiceNamespace: "super-long-namespace-name-oh-boy", - ServicePort: v1.ServicePort{Name: "https"}, + ServicePort: core_v1.ServicePort{Name: "https"}, }, }, }, @@ -499,32 +500,32 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { tests := map[string]struct { setup func(*EndpointSliceTranslator) - endpointSlice *discoveryv1.EndpointSlice + endpointSlice *discovery_v1.EndpointSlice want []proto.Message wantUpdate bool }{ "remove existing": { setup: func(endpointSliceTranslator *EndpointSliceTranslator) { - endpointSliceTranslator.OnAdd(endpointSlice("default", "simple-eps-fs9du", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSliceTranslator.OnAdd(endpointSlice("default", "simple-eps-fs9du", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), false) }, - endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), @@ -537,31 +538,31 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { }, "removing an Endpoints not used by a ServiceCluster should not trigger a recalculation": { setup: func(endpointSliceTranslator *EndpointSliceTranslator) { - endpointSliceTranslator.OnAdd(endpointSlice("default", "simple-eps-fs9du", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSliceTranslator.OnAdd(endpointSlice("default", "simple-eps-fs9du", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), false) }, - endpointSlice: endpointSlice("default", "different-fs9du", "different", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "different-fs9du", "different", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, @@ -572,14 +573,14 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { }, "remove non existent": { setup: func(*EndpointSliceTranslator) {}, - endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), @@ -596,23 +597,23 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { "super-long-namespace-name-oh-boy", "what-a-descriptive-service-name-you-must-be-so-proud-9d8f8", "what-a-descriptive-service-name-you-must-be-so-proud", - discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"172.16.0.2"}, }, { Addresses: []string{"172.16.0.1"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Name: ref.To[string]("http"), Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, { Name: ref.To[string]("https"), Port: ref.To[int32](8443), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ) @@ -622,23 +623,23 @@ func TestEndpointSliceTranslatorRemoveEndpoints(t *testing.T) { "super-long-namespace-name-oh-boy", "what-a-descriptive-service-name-you-must-be-so-proud-9d8f8", "what-a-descriptive-service-name-you-must-be-so-proud", - discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"172.16.0.2"}, }, { Addresses: []string{"172.16.0.1"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Name: ref.To[string]("http"), Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, { Name: ref.To[string]("https"), Port: ref.To[int32](8443), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), @@ -680,7 +681,7 @@ func TestEndpointSliceTranslatorUpdateEndpoints(t *testing.T) { Weight: 1, ServiceName: "simple", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, }, }, @@ -688,48 +689,48 @@ func TestEndpointSliceTranslatorUpdateEndpoints(t *testing.T) { tests := map[string]struct { setup func(*EndpointSliceTranslator) - old, new *discoveryv1.EndpointSlice + old, new *discovery_v1.EndpointSlice want []proto.Message wantUpdate bool }{ "update existing": { setup: func(endpointSliceTranslator *EndpointSliceTranslator) { - endpointSliceTranslator.OnAdd(endpointSlice("default", "simple-sdf8s", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSliceTranslator.OnAdd(endpointSlice("default", "simple-sdf8s", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), false) }, - old: endpointSlice("default", "simple-sdf8s", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + old: endpointSlice("default", "simple-sdf8s", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), - new: endpointSlice("default", "simple-sdf8s", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + new: endpointSlice("default", "simple-sdf8s", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.25"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8081), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.25", 8081)), }, @@ -738,42 +739,42 @@ func TestEndpointSliceTranslatorUpdateEndpoints(t *testing.T) { }, "getting an update for an Endpoints not used by a ServiceCluster should not trigger a recalculation": { setup: func(endpointSliceTranslator *EndpointSliceTranslator) { - endpointSliceTranslator.OnAdd(endpointSlice("default", "simple-sdf8s", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSliceTranslator.OnAdd(endpointSlice("default", "simple-sdf8s", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), false) }, - old: endpointSlice("default", "different-eps-fs9du", "different", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + old: endpointSlice("default", "different-eps-fs9du", "different", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), - new: endpointSlice("default", "different-eps-fs9du", "different", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + new: endpointSlice("default", "different-eps-fs9du", "different", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.25"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8081), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, @@ -805,7 +806,7 @@ func TestEndpointSliceTranslatorUpdateEndpoints(t *testing.T) { func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { tests := map[string]struct { cluster dag.ServiceCluster - endpointSlice *discoveryv1.EndpointSlice + endpointSlice *discovery_v1.EndpointSlice want []proto.Message }{ "simple": { @@ -817,19 +818,19 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { ServiceNamespace: "default", }}, }, - endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "simple-eps-fs9du", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), @@ -845,7 +846,7 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { ServiceNamespace: "default", }}, }, - endpointSlice: endpointSlice("default", "httpbin-org-fs9du", "httpbin-org", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "httpbin-org-fs9du", "httpbin-org", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"50.17.192.147"}, }, @@ -858,15 +859,15 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { { Addresses: []string{"50.19.99.160"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](80), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("23.23.247.89", 80), @@ -884,23 +885,23 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { Weight: 1, ServiceName: "secure", ServiceNamespace: "default", - ServicePort: v1.ServicePort{Name: "https"}, + ServicePort: core_v1.ServicePort{Name: "https"}, }}, }, - endpointSlice: endpointSlice("default", "secure-fs9du", "secure", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "secure-fs9du", "secure", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8443), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), Name: ref.To[string]("https"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/secure/https", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8443)), @@ -914,11 +915,11 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { Weight: 1, ServiceName: "httpbin-org", ServiceNamespace: "default", - HealthPort: v1.ServicePort{Name: "health", Port: 8998}, - ServicePort: v1.ServicePort{Name: "a", Port: 80}, + HealthPort: core_v1.ServicePort{Name: "health", Port: 8998}, + ServicePort: core_v1.ServicePort{Name: "a", Port: 80}, }}, }, - endpointSlice: endpointSlice("default", "httpbin-org-fs9du", "httpbin-org", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "httpbin-org-fs9du", "httpbin-org", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"50.17.192.147"}, }, @@ -931,21 +932,21 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { { Addresses: []string{"50.19.99.160"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](80), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), Name: ref.To[string]("a"), }, { Port: ref.To[int32](8998), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), Name: ref.To[string]("health"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org", Endpoints: weightedHealthcheckEndpoints(1, 8998, envoy_v3.SocketAddress("23.23.247.89", 80), @@ -963,11 +964,11 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { Weight: 1, ServiceName: "httpbin-org", ServiceNamespace: "default", - HealthPort: v1.ServicePort{Name: "a", Port: 80}, - ServicePort: v1.ServicePort{Name: "a", Port: 80}, + HealthPort: core_v1.ServicePort{Name: "a", Port: 80}, + ServicePort: core_v1.ServicePort{Name: "a", Port: 80}, }}, }, - endpointSlice: endpointSlice("default", "httpbin-org-fs9du", "httpbin-org", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + endpointSlice: endpointSlice("default", "httpbin-org-fs9du", "httpbin-org", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"50.17.192.147"}, }, @@ -980,21 +981,21 @@ func TestEndpointSliceTranslatorRecomputeClusterLoadAssignment(t *testing.T) { { Addresses: []string{"50.19.99.160"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](80), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), Name: ref.To[string]("a"), }, { Port: ref.To[int32](8998), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), Name: ref.To[string]("health"), }, }, ), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("23.23.247.89", 80), @@ -1029,19 +1030,19 @@ func TestEndpointSliceTranslatorScaleToZeroEndpoints(t *testing.T) { Weight: 1, ServiceName: "simple", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }}, }, })) - e1 := endpointSlice("default", "simple-eps-fs9du", "simple", discoveryv1.AddressTypeIPv4, []discoveryv1.Endpoint{ + e1 := endpointSlice("default", "simple-eps-fs9du", "simple", discovery_v1.AddressTypeIPv4, []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, - }, []discoveryv1.EndpointPort{ + }, []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, }, ) @@ -1049,7 +1050,7 @@ func TestEndpointSliceTranslatorScaleToZeroEndpoints(t *testing.T) { // Assert endpoint was added want := []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, @@ -1058,12 +1059,12 @@ func TestEndpointSliceTranslatorScaleToZeroEndpoints(t *testing.T) { protobuf.RequireEqual(t, want, endpointSliceTranslator.Contents()) // e2 is the same as e1, but without endpoint subsets - e2 := endpointSlice("default", "simple-eps-fs9du", "simple", discoveryv1.AddressTypeIPv4, nil, nil) + e2 := endpointSlice("default", "simple-eps-fs9du", "simple", discovery_v1.AddressTypeIPv4, nil, nil) endpointSliceTranslator.OnUpdate(e1, e2) // Assert endpoints are removed want = []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, } protobuf.RequireEqual(t, want, endpointSliceTranslator.Contents()) @@ -1079,19 +1080,19 @@ func TestEndpointSliceTranslatorWeightedService(t *testing.T) { Weight: 0, ServiceName: "weight0", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, { Weight: 1, ServiceName: "weight1", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, { Weight: 2, ServiceName: "weight2", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, }, }, @@ -1099,22 +1100,22 @@ func TestEndpointSliceTranslatorWeightedService(t *testing.T) { require.NoError(t, endpointSliceTranslator.cache.SetClusters(clusters)) - endpoints := []discoveryv1.Endpoint{ + endpoints := []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, } - ports := []discoveryv1.EndpointPort{ + ports := []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, } - endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-fs23r", "weight0", discoveryv1.AddressTypeIPv4, endpoints, ports), false) - endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-sdf9f", "weight1", discoveryv1.AddressTypeIPv4, endpoints, ports), false) - endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-v9drg", "weight2", discoveryv1.AddressTypeIPv4, endpoints, ports), false) + endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-fs23r", "weight0", discovery_v1.AddressTypeIPv4, endpoints, ports), false) + endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-sdf9f", "weight1", discovery_v1.AddressTypeIPv4, endpoints, ports), false) + endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-v9drg", "weight2", discovery_v1.AddressTypeIPv4, endpoints, ports), false) // Each helper builds a `LocalityLbEndpoints` with one // entry, so we can compose the final result by reaching @@ -1124,9 +1125,9 @@ func TestEndpointSliceTranslatorWeightedService(t *testing.T) { w2 := envoy_v3.WeightedEndpoints(2, envoy_v3.SocketAddress("192.168.183.24", 8080)) want := []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/weighted", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ w0[0], w1[0], w2[0], }, }, @@ -1144,17 +1145,17 @@ func TestEndpointSliceTranslatorDefaultWeightedService(t *testing.T) { { ServiceName: "weight0", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, { ServiceName: "weight1", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, { ServiceName: "weight2", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, }, }, @@ -1162,22 +1163,22 @@ func TestEndpointSliceTranslatorDefaultWeightedService(t *testing.T) { require.NoError(t, endpointSliceTranslator.cache.SetClusters(clusters)) - endpoints := []discoveryv1.Endpoint{ + endpoints := []discovery_v1.Endpoint{ { Addresses: []string{"192.168.183.24"}, }, } - ports := []discoveryv1.EndpointPort{ + ports := []discovery_v1.EndpointPort{ { Port: ref.To[int32](8080), - Protocol: ref.To[v1.Protocol]("TCP"), + Protocol: ref.To[core_v1.Protocol]("TCP"), }, } - endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-fs23r", "weight0", discoveryv1.AddressTypeIPv4, endpoints, ports), false) - endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-sdf9f", "weight1", discoveryv1.AddressTypeIPv4, endpoints, ports), false) - endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-v9drg", "weight2", discoveryv1.AddressTypeIPv4, endpoints, ports), false) + endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-fs23r", "weight0", discovery_v1.AddressTypeIPv4, endpoints, ports), false) + endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-sdf9f", "weight1", discovery_v1.AddressTypeIPv4, endpoints, ports), false) + endpointSliceTranslator.OnAdd(endpointSlice("default", "weight0-eps-v9drg", "weight2", discovery_v1.AddressTypeIPv4, endpoints, ports), false) // Each helper builds a `LocalityLbEndpoints` with one // entry, so we can compose the final result by reaching @@ -1187,9 +1188,9 @@ func TestEndpointSliceTranslatorDefaultWeightedService(t *testing.T) { w2 := envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)) want := []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/weighted", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ w0[0], w1[0], w2[0], }, }, diff --git a/internal/xdscache/v3/endpointstranslator.go b/internal/xdscache/v3/endpointstranslator.go index 497bddd25e2..240a927ebb9 100644 --- a/internal/xdscache/v3/endpointstranslator.go +++ b/internal/xdscache/v3/endpointstranslator.go @@ -18,30 +18,31 @@ import ( "sort" "sync" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" + "github.com/sirupsen/logrus" + "google.golang.org/protobuf/proto" + core_v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/tools/cache" + "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" - "github.com/sirupsen/logrus" - "google.golang.org/protobuf/proto" - v1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/client-go/tools/cache" ) type ( - LocalityEndpoints = envoy_endpoint_v3.LocalityLbEndpoints - LoadBalancingEndpoint = envoy_endpoint_v3.LbEndpoint + LocalityEndpoints = envoy_config_endpoint_v3.LocalityLbEndpoints + LoadBalancingEndpoint = envoy_config_endpoint_v3.LbEndpoint ) // RecalculateEndpoints generates a slice of LoadBalancingEndpoint -// resources by matching the given service port to the given v1.Endpoints. +// resources by matching the given service port to the given core_v1.Endpoints. // eps may be nil, in which case, the result is also nil. -func RecalculateEndpoints(port, healthPort v1.ServicePort, eps *v1.Endpoints) []*LoadBalancingEndpoint { +func RecalculateEndpoints(port, healthPort core_v1.ServicePort, eps *core_v1.Endpoints) []*LoadBalancingEndpoint { if eps == nil { return nil } @@ -56,7 +57,7 @@ func RecalculateEndpoints(port, healthPort v1.ServicePort, eps *v1.Endpoints) [] } for _, endpointPort := range s.Ports { - if endpointPort.Protocol != v1.ProtocolTCP { + if endpointPort.Protocol != core_v1.ProtocolTCP { // NOTE: we only support "TCP", which is the default. continue } @@ -75,7 +76,7 @@ func RecalculateEndpoints(port, healthPort v1.ServicePort, eps *v1.Endpoints) [] } // If we matched this port, collect Envoy endpoints for all the ready addresses. - addresses := append([]v1.EndpointAddress{}, s.Addresses...) // Shallow copy. + addresses := append([]core_v1.EndpointAddress{}, s.Addresses...) // Shallow copy. sort.Slice(addresses, func(i, j int) bool { return addresses[i].IP < addresses[j].IP }) for _, a := range addresses { @@ -109,7 +110,7 @@ type EndpointsCache struct { services map[types.NamespacedName][]*dag.ServiceCluster // Cache of endpoints, indexed by name. - endpoints map[types.NamespacedName]*v1.Endpoints + endpoints map[types.NamespacedName]*core_v1.Endpoints } // Recalculate regenerates all the ClusterLoadAssignments from the @@ -117,11 +118,11 @@ type EndpointsCache struct { // will be generated for every stale ServerCluster, however, if there // are no endpoints for the Services in the ServiceCluster, the // ClusterLoadAssignment will be empty. -func (c *EndpointsCache) Recalculate() map[string]*envoy_endpoint_v3.ClusterLoadAssignment { +func (c *EndpointsCache) Recalculate() map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment { c.mu.Lock() defer c.mu.Unlock() - assignments := map[string]*envoy_endpoint_v3.ClusterLoadAssignment{} + assignments := map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{} for _, cluster := range c.stale { // Clusters can be in the stale list multiple times; // skip to avoid duplicate recalculations. @@ -129,7 +130,7 @@ func (c *EndpointsCache) Recalculate() map[string]*envoy_endpoint_v3.ClusterLoad continue } - cla := envoy_endpoint_v3.ClusterLoadAssignment{ + cla := envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: cluster.ClusterName, Endpoints: nil, Policy: nil, @@ -205,7 +206,7 @@ func (c *EndpointsCache) SetClusters(clusters []*dag.ServiceCluster) error { // already cached. Any ServiceClusters that are backed by a Service // that eps belongs become stale. Returns a boolean indicating whether // any ServiceClusters use eps or not. -func (c *EndpointsCache) UpdateEndpoint(eps *v1.Endpoints) bool { +func (c *EndpointsCache) UpdateEndpoint(eps *core_v1.Endpoints) bool { c.mu.Lock() defer c.mu.Unlock() @@ -225,7 +226,7 @@ func (c *EndpointsCache) UpdateEndpoint(eps *v1.Endpoints) bool { // DeleteEndpoint deletes eps from the cache. Any ServiceClusters // that are backed by a Service that eps belongs become stale. Returns // a boolean indicating whether any ServiceClusters use eps or not. -func (c *EndpointsCache) DeleteEndpoint(eps *v1.Endpoints) bool { +func (c *EndpointsCache) DeleteEndpoint(eps *core_v1.Endpoints) bool { c.mu.Lock() defer c.mu.Unlock() @@ -247,11 +248,11 @@ func NewEndpointsTranslator(log logrus.FieldLogger) *EndpointsTranslator { return &EndpointsTranslator{ Cond: contour.Cond{}, FieldLogger: log, - entries: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{}, + entries: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{}, cache: EndpointsCache{ stale: nil, services: map[types.NamespacedName][]*dag.ServiceCluster{}, - endpoints: map[types.NamespacedName]*v1.Endpoints{}, + endpoints: map[types.NamespacedName]*core_v1.Endpoints{}, }, } } @@ -268,13 +269,13 @@ type EndpointsTranslator struct { cache EndpointsCache mu sync.Mutex // Protects entries. - entries map[string]*envoy_endpoint_v3.ClusterLoadAssignment + entries map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment } // Merge combines the given entries with the existing entries in the // EndpointsTranslator. If the same key exists in both maps, an existing entry // is replaced. -func (e *EndpointsTranslator) Merge(entries map[string]*envoy_endpoint_v3.ClusterLoadAssignment) { +func (e *EndpointsTranslator) Merge(entries map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment) { e.mu.Lock() defer e.mu.Unlock() @@ -332,7 +333,7 @@ func (e *EndpointsTranslator) OnChange(root *dag.DAG) { // equal returns true if a and b are the same length, have the same set // of keys, and have proto-equivalent values for each key, or false otherwise. -func equal(a, b map[string]*envoy_endpoint_v3.ClusterLoadAssignment) bool { +func equal(a, b map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment) bool { if len(a) != len(b) { return false } @@ -352,7 +353,7 @@ func equal(a, b map[string]*envoy_endpoint_v3.ClusterLoadAssignment) bool { func (e *EndpointsTranslator) OnAdd(obj any, _ bool) { switch obj := obj.(type) { - case *v1.Endpoints: + case *core_v1.Endpoints: if !e.cache.UpdateEndpoint(obj) { return } @@ -370,8 +371,8 @@ func (e *EndpointsTranslator) OnAdd(obj any, _ bool) { func (e *EndpointsTranslator) OnUpdate(oldObj, newObj any) { switch newObj := newObj.(type) { - case *v1.Endpoints: - oldObj, ok := oldObj.(*v1.Endpoints) + case *core_v1.Endpoints: + oldObj, ok := oldObj.(*core_v1.Endpoints) if !ok { e.Errorf("OnUpdate endpoints %#v received invalid oldObj %T; %#v", newObj, oldObj, oldObj) return @@ -407,7 +408,7 @@ func (e *EndpointsTranslator) OnUpdate(oldObj, newObj any) { func (e *EndpointsTranslator) OnDelete(obj any) { switch obj := obj.(type) { - case *v1.Endpoints: + case *core_v1.Endpoints: if !e.cache.DeleteEndpoint(obj) { return } @@ -430,7 +431,7 @@ func (e *EndpointsTranslator) Contents() []proto.Message { e.mu.Lock() defer e.mu.Unlock() - values := make([]*envoy_endpoint_v3.ClusterLoadAssignment, 0, len(e.entries)) + values := make([]*envoy_config_endpoint_v3.ClusterLoadAssignment, 0, len(e.entries)) for _, v := range e.entries { values = append(values, v) } @@ -443,12 +444,12 @@ func (e *EndpointsTranslator) Query(names []string) []proto.Message { e.mu.Lock() defer e.mu.Unlock() - values := make([]*envoy_endpoint_v3.ClusterLoadAssignment, 0, len(names)) + values := make([]*envoy_config_endpoint_v3.ClusterLoadAssignment, 0, len(names)) for _, n := range names { v, ok := e.entries[n] if !ok { e.Debugf("no cache entry for %q", n) - v = &envoy_endpoint_v3.ClusterLoadAssignment{ + v = &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: n, } } diff --git a/internal/xdscache/v3/endpointstranslator_test.go b/internal/xdscache/v3/endpointstranslator_test.go index 6ff9acd513a..b4be3ab5c0b 100644 --- a/internal/xdscache/v3/endpointstranslator_test.go +++ b/internal/xdscache/v3/endpointstranslator_test.go @@ -16,22 +16,23 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" - "github.com/projectcontour/contour/internal/dag" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/protobuf" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/config/endpoint/v3" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" + + "github.com/projectcontour/contour/internal/dag" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/protobuf" ) func TestEndpointsTranslatorContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_endpoint_v3.ClusterLoadAssignment + contents map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment want []proto.Message }{ "empty": { @@ -64,7 +65,7 @@ func TestEndpointsTranslatorContents(t *testing.T) { func TestEndpointCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_endpoint_v3.ClusterLoadAssignment + contents map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment query []string want []proto.Message }{ @@ -127,7 +128,7 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { Weight: 1, ServiceName: "httpbin-org", ServiceNamespace: "default", - ServicePort: v1.ServicePort{Name: "a"}, + ServicePort: core_v1.ServicePort{Name: "a"}, }, }, }, @@ -138,7 +139,7 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { Weight: 1, ServiceName: "httpbin-org", ServiceNamespace: "default", - ServicePort: v1.ServicePort{Name: "b"}, + ServicePort: core_v1.ServicePort{Name: "b"}, }, }, }, @@ -149,7 +150,7 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { Weight: 1, ServiceName: "simple", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, }, }, @@ -160,30 +161,30 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { Weight: 1, ServiceName: "healthcheck-port", ServiceNamespace: "default", - ServicePort: v1.ServicePort{Name: "a"}, - HealthPort: v1.ServicePort{Name: "health", Port: 8998}, + ServicePort: core_v1.ServicePort{Name: "a"}, + HealthPort: core_v1.ServicePort{Name: "health", Port: 8998}, }, }, }, } tests := map[string]struct { - ep *v1.Endpoints + ep *core_v1.Endpoints want []proto.Message wantUpdate bool }{ "simple": { - ep: endpoints("default", "simple", v1.EndpointSubset{ + ep: endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, @@ -191,7 +192,7 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { wantUpdate: true, }, "adding an Endpoints not used by a ServiceCluster should not trigger a recalculation": { - ep: endpoints("default", "not-used-endpoint", v1.EndpointSubset{ + ep: endpoints("default", "not-used-endpoint", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), @@ -201,7 +202,7 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { wantUpdate: false, }, "multiple addresses": { - ep: endpoints("default", "simple", v1.EndpointSubset{ + ep: endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses( "50.17.192.147", "50.17.206.192", @@ -213,10 +214,10 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("23.23.247.89", 80), // addresses should be sorted @@ -229,7 +230,7 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { wantUpdate: true, }, "multiple ports": { - ep: endpoints("default", "httpbin-org", v1.EndpointSubset{ + ep: endpoints("default", "httpbin-org", core_v1.EndpointSubset{ Addresses: addresses( "10.10.1.1", ), @@ -239,22 +240,22 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, // Results should be sorted by cluster name. - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/a", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 8675)), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/b", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 309)), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, wantUpdate: true, }, "cartesian product": { - ep: endpoints("default", "httpbin-org", v1.EndpointSubset{ + ep: endpoints("default", "httpbin-org", core_v1.EndpointSubset{ Addresses: addresses( "10.10.2.2", "10.10.1.1", @@ -265,27 +266,27 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/a", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 8675), // addresses should be sorted envoy_v3.SocketAddress("10.10.2.2", 8675), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/b", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 309), envoy_v3.SocketAddress("10.10.2.2", 309), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, wantUpdate: true, }, "not ready": { - ep: endpoints("default", "httpbin-org", v1.EndpointSubset{ + ep: endpoints("default", "httpbin-org", core_v1.EndpointSubset{ Addresses: addresses( "10.10.1.1", ), @@ -295,7 +296,7 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { Ports: ports( port("a", 8675), ), - }, v1.EndpointSubset{ + }, core_v1.EndpointSubset{ Addresses: addresses( "10.10.2.2", "10.10.1.1", @@ -305,26 +306,26 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/healthcheck-port"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/a", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 8675), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org/b", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("10.10.1.1", 309), envoy_v3.SocketAddress("10.10.2.2", 309), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, wantUpdate: true, }, "health port": { - ep: endpoints("default", "healthcheck-port", v1.EndpointSubset{ + ep: endpoints("default", "healthcheck-port", core_v1.EndpointSubset{ Addresses: addresses("10.10.1.1"), Ports: ports( port("a", 309), @@ -332,15 +333,15 @@ func TestEndpointsTranslatorAddEndpoints(t *testing.T) { ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/healthcheck-port", Endpoints: weightedHealthcheckEndpoints(1, 8998, envoy_v3.SocketAddress("10.10.1.1", 309), ), }, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/a"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/httpbin-org/b"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, }, wantUpdate: true, }, @@ -378,7 +379,7 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { Weight: 1, ServiceName: "simple", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, }, }, @@ -389,7 +390,7 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { Weight: 1, ServiceName: "what-a-descriptive-service-name-you-must-be-so-proud", ServiceNamespace: "super-long-namespace-name-oh-boy", - ServicePort: v1.ServicePort{Name: "http"}, + ServicePort: core_v1.ServicePort{Name: "http"}, }, }, }, @@ -400,7 +401,7 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { Weight: 1, ServiceName: "what-a-descriptive-service-name-you-must-be-so-proud", ServiceNamespace: "super-long-namespace-name-oh-boy", - ServicePort: v1.ServicePort{Name: "https"}, + ServicePort: core_v1.ServicePort{Name: "https"}, }, }, }, @@ -408,20 +409,20 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { tests := map[string]struct { setup func(*EndpointsTranslator) - ep *v1.Endpoints + ep *core_v1.Endpoints want []proto.Message wantUpdate bool }{ "remove existing": { setup: func(et *EndpointsTranslator) { - et.OnAdd(endpoints("default", "simple", v1.EndpointSubset{ + et.OnAdd(endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), ), }), false) }, - ep: endpoints("default", "simple", v1.EndpointSubset{ + ep: endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), @@ -436,21 +437,21 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { }, "removing an Endpoints not used by a ServiceCluster should not trigger a recalculation": { setup: func(et *EndpointsTranslator) { - et.OnAdd(endpoints("default", "simple", v1.EndpointSubset{ + et.OnAdd(endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), ), }), false) }, - ep: endpoints("default", "different", v1.EndpointSubset{ + ep: endpoints("default", "different", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, @@ -461,7 +462,7 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { }, "remove non existent": { setup: func(*EndpointsTranslator) {}, - ep: endpoints("default", "simple", v1.EndpointSubset{ + ep: endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), @@ -479,7 +480,7 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { e1 := endpoints( "super-long-namespace-name-oh-boy", "what-a-descriptive-service-name-you-must-be-so-proud", - v1.EndpointSubset{ + core_v1.EndpointSubset{ Addresses: addresses( "172.16.0.2", "172.16.0.1", @@ -495,7 +496,7 @@ func TestEndpointsTranslatorRemoveEndpoints(t *testing.T) { ep: endpoints( "super-long-namespace-name-oh-boy", "what-a-descriptive-service-name-you-must-be-so-proud", - v1.EndpointSubset{ + core_v1.EndpointSubset{ Addresses: addresses( "172.16.0.2", "172.16.0.1", @@ -549,7 +550,7 @@ func TestEndpointsTranslatorUpdateEndpoints(t *testing.T) { Weight: 1, ServiceName: "simple", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, }, }, @@ -557,33 +558,33 @@ func TestEndpointsTranslatorUpdateEndpoints(t *testing.T) { tests := map[string]struct { setup func(*EndpointsTranslator) - old, new *v1.Endpoints + old, new *core_v1.Endpoints want []proto.Message wantUpdate bool }{ "update existing": { setup: func(et *EndpointsTranslator) { - et.OnAdd(endpoints("default", "simple", v1.EndpointSubset{ + et.OnAdd(endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), ), }), false) }, - old: endpoints("default", "simple", v1.EndpointSubset{ + old: endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), ), }), - new: endpoints("default", "simple", v1.EndpointSubset{ + new: endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.25"), Ports: ports( port("", 8081), ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.25", 8081)), }, @@ -592,27 +593,27 @@ func TestEndpointsTranslatorUpdateEndpoints(t *testing.T) { }, "getting an update for an Endpoints not used by a ServiceCluster should not trigger a recalculation": { setup: func(et *EndpointsTranslator) { - et.OnAdd(endpoints("default", "simple", v1.EndpointSubset{ + et.OnAdd(endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), ), }), false) }, - old: endpoints("default", "different", v1.EndpointSubset{ + old: endpoints("default", "different", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), ), }), - new: endpoints("default", "different", v1.EndpointSubset{ + new: endpoints("default", "different", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.25"), Ports: ports( port("", 8081), ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, @@ -644,7 +645,7 @@ func TestEndpointsTranslatorUpdateEndpoints(t *testing.T) { func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { tests := map[string]struct { cluster dag.ServiceCluster - ep *v1.Endpoints + ep *core_v1.Endpoints want []proto.Message }{ "simple": { @@ -656,14 +657,14 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { ServiceNamespace: "default", }}, }, - ep: endpoints("default", "simple", v1.EndpointSubset{ + ep: endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), @@ -679,7 +680,7 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { ServiceNamespace: "default", }}, }, - ep: endpoints("default", "httpbin-org", v1.EndpointSubset{ + ep: endpoints("default", "httpbin-org", core_v1.EndpointSubset{ Addresses: addresses( "50.17.192.147", "23.23.247.89", @@ -691,7 +692,7 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("23.23.247.89", 80), @@ -709,17 +710,17 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { Weight: 1, ServiceName: "secure", ServiceNamespace: "default", - ServicePort: v1.ServicePort{Name: "https"}, + ServicePort: core_v1.ServicePort{Name: "https"}, }}, }, - ep: endpoints("default", "secure", v1.EndpointSubset{ + ep: endpoints("default", "secure", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("https", 8443), ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/secure/https", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8443)), @@ -733,11 +734,11 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { Weight: 1, ServiceName: "httpbin-org", ServiceNamespace: "default", - HealthPort: v1.ServicePort{Name: "health", Port: 8998}, - ServicePort: v1.ServicePort{Name: "a", Port: 80}, + HealthPort: core_v1.ServicePort{Name: "health", Port: 8998}, + ServicePort: core_v1.ServicePort{Name: "a", Port: 80}, }}, }, - ep: endpoints("default", "httpbin-org", v1.EndpointSubset{ + ep: endpoints("default", "httpbin-org", core_v1.EndpointSubset{ Addresses: addresses( "50.17.192.147", "23.23.247.89", @@ -750,7 +751,7 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org", Endpoints: weightedHealthcheckEndpoints(1, 8998, envoy_v3.SocketAddress("23.23.247.89", 80), @@ -768,11 +769,11 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { Weight: 1, ServiceName: "httpbin-org", ServiceNamespace: "default", - HealthPort: v1.ServicePort{Name: "a", Port: 80}, - ServicePort: v1.ServicePort{Name: "a", Port: 80}, + HealthPort: core_v1.ServicePort{Name: "a", Port: 80}, + ServicePort: core_v1.ServicePort{Name: "a", Port: 80}, }}, }, - ep: endpoints("default", "httpbin-org", v1.EndpointSubset{ + ep: endpoints("default", "httpbin-org", core_v1.EndpointSubset{ Addresses: addresses( "50.17.192.147", "23.23.247.89", @@ -785,7 +786,7 @@ func TestEndpointsTranslatorRecomputeClusterLoadAssignment(t *testing.T) { ), }), want: []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/httpbin-org", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("23.23.247.89", 80), @@ -822,12 +823,12 @@ func TestEndpointsTranslatorScaleToZeroEndpoints(t *testing.T) { Weight: 1, ServiceName: "simple", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }}, }, })) - e1 := endpoints("default", "simple", v1.EndpointSubset{ + e1 := endpoints("default", "simple", core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports( port("", 8080), @@ -837,7 +838,7 @@ func TestEndpointsTranslatorScaleToZeroEndpoints(t *testing.T) { // Assert endpoint was added want := []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/simple", Endpoints: envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)), }, @@ -851,7 +852,7 @@ func TestEndpointsTranslatorScaleToZeroEndpoints(t *testing.T) { // Assert endpoints are removed want = []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, + &envoy_config_endpoint_v3.ClusterLoadAssignment{ClusterName: "default/simple"}, } protobuf.RequireEqual(t, want, et.Contents()) @@ -868,19 +869,19 @@ func TestEndpointsTranslatorWeightedService(t *testing.T) { Weight: 0, ServiceName: "weight0", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, { Weight: 1, ServiceName: "weight1", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, { Weight: 2, ServiceName: "weight2", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, }, }, @@ -888,7 +889,7 @@ func TestEndpointsTranslatorWeightedService(t *testing.T) { require.NoError(t, et.cache.SetClusters(clusters)) - epSubset := v1.EndpointSubset{ + epSubset := core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports(port("", 8080)), } @@ -905,9 +906,9 @@ func TestEndpointsTranslatorWeightedService(t *testing.T) { w2 := envoy_v3.WeightedEndpoints(2, envoy_v3.SocketAddress("192.168.183.24", 8080)) want := []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/weighted", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ w0[0], w1[0], w2[0], }, }, @@ -928,17 +929,17 @@ func TestEndpointsTranslatorDefaultWeightedService(t *testing.T) { { ServiceName: "weight0", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, { ServiceName: "weight1", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, { ServiceName: "weight2", ServiceNamespace: "default", - ServicePort: v1.ServicePort{}, + ServicePort: core_v1.ServicePort{}, }, }, }, @@ -946,7 +947,7 @@ func TestEndpointsTranslatorDefaultWeightedService(t *testing.T) { require.NoError(t, et.cache.SetClusters(clusters)) - epSubset := v1.EndpointSubset{ + epSubset := core_v1.EndpointSubset{ Addresses: addresses("192.168.183.24"), Ports: ports(port("", 8080)), } @@ -963,9 +964,9 @@ func TestEndpointsTranslatorDefaultWeightedService(t *testing.T) { w2 := envoy_v3.WeightedEndpoints(1, envoy_v3.SocketAddress("192.168.183.24", 8080)) want := []proto.Message{ - &envoy_endpoint_v3.ClusterLoadAssignment{ + &envoy_config_endpoint_v3.ClusterLoadAssignment{ ClusterName: "default/weighted", - Endpoints: []*envoy_endpoint_v3.LocalityLbEndpoints{ + Endpoints: []*envoy_config_endpoint_v3.LocalityLbEndpoints{ w0[0], w1[0], w2[0], }, }, @@ -976,7 +977,7 @@ func TestEndpointsTranslatorDefaultWeightedService(t *testing.T) { func TestEqual(t *testing.T) { tests := map[string]struct { - a, b map[string]*envoy_endpoint_v3.ClusterLoadAssignment + a, b map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment want bool }{ "both nil": { @@ -985,21 +986,21 @@ func TestEqual(t *testing.T) { want: true, }, "one nil, one empty": { - a: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{}, + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{}, b: nil, want: true, }, "both empty": { - a: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{}, - b: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{}, + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{}, + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{}, want: true, }, "a is an incomplete subset of b": { - a: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{ + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, }, - b: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{ + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, @@ -1007,24 +1008,24 @@ func TestEqual(t *testing.T) { want: false, }, "b is an incomplete subset of a": { - a: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{ + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, }, - b: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{ + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, }, want: false, }, "a and b have the same keys, different values": { - a: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{ + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, }, - b: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{ + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "different"}, @@ -1032,12 +1033,12 @@ func TestEqual(t *testing.T) { want: false, }, "a and b have the same values, different keys": { - a: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{ + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, }, - b: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{ + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "d": {ClusterName: "a"}, "e": {ClusterName: "b"}, "f": {ClusterName: "c"}, @@ -1045,12 +1046,12 @@ func TestEqual(t *testing.T) { want: false, }, "a and b have the same keys, same values": { - a: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{ + a: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, }, - b: map[string]*envoy_endpoint_v3.ClusterLoadAssignment{ + b: map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment{ "a": {ClusterName: "a"}, "b": {ClusterName: "b"}, "c": {ClusterName: "c"}, @@ -1066,53 +1067,53 @@ func TestEqual(t *testing.T) { } } -func ports(eps ...v1.EndpointPort) []v1.EndpointPort { +func ports(eps ...core_v1.EndpointPort) []core_v1.EndpointPort { return eps } -func port(name string, port int32) v1.EndpointPort { - return v1.EndpointPort{ +func port(name string, port int32) core_v1.EndpointPort { + return core_v1.EndpointPort{ Name: name, Port: port, Protocol: "TCP", } } -func clusterloadassignments(clas ...*envoy_endpoint_v3.ClusterLoadAssignment) map[string]*envoy_endpoint_v3.ClusterLoadAssignment { - m := make(map[string]*envoy_endpoint_v3.ClusterLoadAssignment) +func clusterloadassignments(clas ...*envoy_config_endpoint_v3.ClusterLoadAssignment) map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment { + m := make(map[string]*envoy_config_endpoint_v3.ClusterLoadAssignment) for _, cla := range clas { m[cla.ClusterName] = cla } return m } -func weightedHealthcheckEndpoints(weight uint32, healthcheckPort int32, addrs ...*envoy_core_v3.Address) []*envoy_endpoint_v3.LocalityLbEndpoints { +func weightedHealthcheckEndpoints(weight uint32, healthcheckPort int32, addrs ...*envoy_config_core_v3.Address) []*envoy_config_endpoint_v3.LocalityLbEndpoints { lbendpoints := healthcheckEndpoints(healthcheckPort, addrs...) lbendpoints[0].LoadBalancingWeight = wrapperspb.UInt32(weight) return lbendpoints } -func healthcheckEndpoints(healthcheckPort int32, addrs ...*envoy_core_v3.Address) []*envoy_endpoint_v3.LocalityLbEndpoints { - lbendpoints := make([]*envoy_endpoint_v3.LbEndpoint, 0, len(addrs)) +func healthcheckEndpoints(healthcheckPort int32, addrs ...*envoy_config_core_v3.Address) []*envoy_config_endpoint_v3.LocalityLbEndpoints { + lbendpoints := make([]*envoy_config_endpoint_v3.LbEndpoint, 0, len(addrs)) for _, addr := range addrs { lbendpoints = append(lbendpoints, healthCheckLBEndpoint(addr, healthcheckPort)) } - return []*envoy_endpoint_v3.LocalityLbEndpoints{{ + return []*envoy_config_endpoint_v3.LocalityLbEndpoints{{ LbEndpoints: lbendpoints, }} } // healthCheckLBEndpoint creates a new LbEndpoint include healthCheckConfig -func healthCheckLBEndpoint(addr *envoy_core_v3.Address, healthCheckPort int32) *envoy_endpoint_v3.LbEndpoint { - var hc *envoy_endpoint_v3.Endpoint_HealthCheckConfig +func healthCheckLBEndpoint(addr *envoy_config_core_v3.Address, healthCheckPort int32) *envoy_config_endpoint_v3.LbEndpoint { + var hc *envoy_config_endpoint_v3.Endpoint_HealthCheckConfig if healthCheckPort != 0 { - hc = &envoy_endpoint_v3.Endpoint_HealthCheckConfig{ + hc = &envoy_config_endpoint_v3.Endpoint_HealthCheckConfig{ PortValue: uint32(healthCheckPort), } } - return &envoy_endpoint_v3.LbEndpoint{ - HostIdentifier: &envoy_endpoint_v3.LbEndpoint_Endpoint{ - Endpoint: &envoy_endpoint_v3.Endpoint{ + return &envoy_config_endpoint_v3.LbEndpoint{ + HostIdentifier: &envoy_config_endpoint_v3.LbEndpoint_Endpoint{ + Endpoint: &envoy_config_endpoint_v3.Endpoint{ Address: addr, HealthCheckConfig: hc, }, diff --git a/internal/xdscache/v3/listener.go b/internal/xdscache/v3/listener.go index 635d797bca0..975c0654743 100644 --- a/internal/xdscache/v3/listener.go +++ b/internal/xdscache/v3/listener.go @@ -17,12 +17,15 @@ import ( "sort" "sync" - envoy_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_config_accesslog_v3 "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "google.golang.org/protobuf/proto" + "k8s.io/apimachinery/pkg/types" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/contourconfig" "github.com/projectcontour/contour/internal/dag" @@ -31,8 +34,6 @@ import ( "github.com/projectcontour/contour/internal/sorter" "github.com/projectcontour/contour/internal/timeout" "github.com/projectcontour/contour/pkg/config" - "google.golang.org/protobuf/proto" - "k8s.io/apimachinery/pkg/types" ) // nolint:revive @@ -85,12 +86,12 @@ type ListenerConfig struct { // AccessLogType defines if Envoy logs should be output as Envoy's default or JSON. // Valid values: 'envoy', 'json' // If not set, defaults to 'envoy' - AccessLogType contour_api_v1alpha1.AccessLogType + AccessLogType contour_v1alpha1.AccessLogType // AccessLogJSONFields sets the fields that should be shown in JSON logs. // Valid entries are the keys from internal/envoy/accesslog.go:jsonheaders // Defaults to a particular set of fields. - AccessLogJSONFields contour_api_v1alpha1.AccessLogJSONFields + AccessLogJSONFields contour_v1alpha1.AccessLogJSONFields // AccessLogFormatString sets the format string to be used for text based access logs. // Defaults to empty to defer to Envoy's default log format. @@ -100,7 +101,7 @@ type ListenerConfig struct { AccessLogFormatterExtensions []string // AccessLogLevel defines the logging level for access log. - AccessLogLevel contour_api_v1alpha1.AccessLogLevel + AccessLogLevel contour_v1alpha1.AccessLogLevel // Timeouts holds Listener timeout settings. Timeouts contourconfig.Timeouts @@ -113,7 +114,7 @@ type ListenerConfig struct { MergeSlashes bool // ServerHeaderTransformation defines the action to be applied to the Server header on the response path. - ServerHeaderTransformation contour_api_v1alpha1.ServerHeaderTransformationType + ServerHeaderTransformation contour_v1alpha1.ServerHeaderTransformationType // XffNumTrustedHops sets the number of additional ingress proxy hops from the // right side of the x-forwarded-for HTTP header to trust. @@ -148,7 +149,7 @@ type ListenerConfig struct { TracingConfig *TracingConfig // SocketOptions configures socket options HTTP and HTTPS listeners. - SocketOptions *contour_api_v1alpha1.SocketOptions + SocketOptions *contour_v1alpha1.SocketOptions } type ExtensionServiceConfig struct { @@ -229,14 +230,14 @@ func (lvc *ListenerConfig) accesslogType() string { // accesslogFields returns the access log fields that should be configured // for Envoy, or a default set if not configured. -func (lvc *ListenerConfig) accesslogFields() contour_api_v1alpha1.AccessLogJSONFields { +func (lvc *ListenerConfig) accesslogFields() contour_v1alpha1.AccessLogJSONFields { if lvc.AccessLogJSONFields != nil { return lvc.AccessLogJSONFields } - return contour_api_v1alpha1.DefaultAccessLogJSONFields + return contour_v1alpha1.DefaultAccessLogJSONFields } -func (lvc *ListenerConfig) newInsecureAccessLog() []*envoy_accesslog_v3.AccessLog { +func (lvc *ListenerConfig) newInsecureAccessLog() []*envoy_config_accesslog_v3.AccessLog { switch lvc.accesslogType() { case string(config.JSONAccessLog): return envoy_v3.FileAccessLogJSON(lvc.httpAccessLog(), lvc.accesslogFields(), lvc.AccessLogFormatterExtensions, lvc.AccessLogLevel) @@ -245,7 +246,7 @@ func (lvc *ListenerConfig) newInsecureAccessLog() []*envoy_accesslog_v3.AccessLo } } -func (lvc *ListenerConfig) newSecureAccessLog() []*envoy_accesslog_v3.AccessLog { +func (lvc *ListenerConfig) newSecureAccessLog() []*envoy_config_accesslog_v3.AccessLog { switch lvc.accesslogType() { case "json": return envoy_v3.FileAccessLogJSON(lvc.httpsAccessLog(), lvc.accesslogFields(), lvc.AccessLogFormatterExtensions, lvc.AccessLogLevel) @@ -255,30 +256,30 @@ func (lvc *ListenerConfig) newSecureAccessLog() []*envoy_accesslog_v3.AccessLog } // minTLSVersion returns the requested minimum TLS protocol -// version or envoy_tls_v3.TlsParameters_TLSv1_2 if not configured. -func (lvc *ListenerConfig) minTLSVersion() envoy_tls_v3.TlsParameters_TlsProtocol { +// version or envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2 if not configured. +func (lvc *ListenerConfig) minTLSVersion() envoy_transport_socket_tls_v3.TlsParameters_TlsProtocol { ver := envoy_v3.ParseTLSVersion(lvc.MinimumTLSVersion) - if ver > envoy_tls_v3.TlsParameters_TLSv1_2 { + if ver > envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2 { return ver } - return envoy_tls_v3.TlsParameters_TLSv1_2 + return envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2 } // maxTLSVersion returns the requested maximum TLS protocol -// version or envoy_tls_v3.TlsParameters_TLSv1_3 if not configured. -func (lvc *ListenerConfig) maxTLSVersion() envoy_tls_v3.TlsParameters_TlsProtocol { +// version or envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3 if not configured. +func (lvc *ListenerConfig) maxTLSVersion() envoy_transport_socket_tls_v3.TlsParameters_TlsProtocol { ver := envoy_v3.ParseTLSVersion(lvc.MaximumTLSVersion) - if ver >= envoy_tls_v3.TlsParameters_TLSv1_2 { + if ver >= envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2 { return ver } - return envoy_tls_v3.TlsParameters_TLSv1_3 + return envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3 } // ListenerCache manages the contents of the gRPC LDS cache. type ListenerCache struct { mu sync.Mutex - values map[string]*envoy_listener_v3.Listener - staticValues map[string]*envoy_listener_v3.Listener + values map[string]*envoy_config_listener_v3.Listener + staticValues map[string]*envoy_config_listener_v3.Listener Config ListenerConfig contour.Cond @@ -287,13 +288,13 @@ type ListenerCache struct { // NewListenerCache returns an instance of a ListenerCache func NewListenerCache( listenerConfig ListenerConfig, - metricsConfig contour_api_v1alpha1.MetricsConfig, - healthConfig contour_api_v1alpha1.HealthConfig, + metricsConfig contour_v1alpha1.MetricsConfig, + healthConfig contour_v1alpha1.HealthConfig, adminPort int, ) *ListenerCache { listenerCache := &ListenerCache{ Config: listenerConfig, - staticValues: map[string]*envoy_listener_v3.Listener{}, + staticValues: map[string]*envoy_config_listener_v3.Listener{}, } for _, l := range envoy_v3.StatsListeners(metricsConfig, healthConfig) { @@ -311,7 +312,7 @@ func NewListenerCache( } // Update replaces the contents of the cache with the supplied map. -func (c *ListenerCache) Update(v map[string]*envoy_listener_v3.Listener) { +func (c *ListenerCache) Update(v map[string]*envoy_config_listener_v3.Listener) { c.mu.Lock() defer c.mu.Unlock() @@ -323,7 +324,7 @@ func (c *ListenerCache) Update(v map[string]*envoy_listener_v3.Listener) { func (c *ListenerCache) Contents() []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_listener_v3.Listener + var values []*envoy_config_listener_v3.Listener for _, v := range c.values { values = append(values, v) } @@ -339,7 +340,7 @@ func (c *ListenerCache) Contents() []proto.Message { func (c *ListenerCache) Query(names []string) []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_listener_v3.Listener + var values []*envoy_config_listener_v3.Listener for _, n := range names { v, ok := c.values[n] if !ok { @@ -363,7 +364,7 @@ func (*ListenerCache) TypeURL() string { return resource.ListenerType } func (c *ListenerCache) OnChange(root *dag.DAG) { cfg := c.Config - listeners := map[string]*envoy_listener_v3.Listener{} + listeners := map[string]*envoy_config_listener_v3.Listener{} socketOptions := envoy_v3.NewSocketOptions().TCPKeepalive() if cfg.SocketOptions != nil { @@ -442,7 +443,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { for _, vh := range listener.SecureVirtualHosts { var alpnProtos []string - var filters []*envoy_listener_v3.Filter + var filters []*envoy_config_listener_v3.Filter var forwardClientCertificate *dag.ClientCertificateDetails if vh.DownstreamValidation != nil { @@ -450,7 +451,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { } if vh.TCPProxy == nil { - var authzFilter *http.HttpFilter + var authzFilter *envoy_filter_network_http_connection_manager_v3.HttpFilter if vh.ExternalAuthorization != nil { authzFilter = envoy_v3.FilterExternalAuthz(vh.ExternalAuthorization) @@ -501,7 +502,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { // backend in its ServerHello. } - var downstreamTLS *envoy_tls_v3.DownstreamTlsContext + var downstreamTLS *envoy_transport_socket_tls_v3.DownstreamTlsContext // Secret is provided when TLS is terminated and nil when TLS passthrough is used. if vh.Secret != nil { @@ -510,7 +511,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { // Choose the lower of the configured or requested TLS version. maxVer := min(cfg.maxTLSVersion(), envoy_v3.ParseTLSVersion(vh.MaxTLSVersion)) - if maxVer == envoy_tls_v3.TlsParameters_TLS_AUTO { + if maxVer == envoy_transport_socket_tls_v3.TlsParameters_TLS_AUTO { maxVer = cfg.maxTLSVersion() } @@ -587,9 +588,9 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { // 1. connection balancer if cfg.ConnectionBalancer == "exact" { for _, listener := range listeners { - listener.ConnectionBalanceConfig = &envoy_listener_v3.Listener_ConnectionBalanceConfig{ - BalanceType: &envoy_listener_v3.Listener_ConnectionBalanceConfig_ExactBalance_{ - ExactBalance: &envoy_listener_v3.Listener_ConnectionBalanceConfig_ExactBalance{}, + listener.ConnectionBalanceConfig = &envoy_config_listener_v3.Listener_ConnectionBalanceConfig{ + BalanceType: &envoy_config_listener_v3.Listener_ConnectionBalanceConfig_ExactBalance_{ + ExactBalance: &envoy_config_listener_v3.Listener_ConnectionBalanceConfig_ExactBalance{}, }, } } @@ -598,7 +599,7 @@ func (c *ListenerCache) OnChange(root *dag.DAG) { c.Update(listeners) } -func httpGlobalExternalAuthConfig(config *GlobalExternalAuthConfig) *http.HttpFilter { +func httpGlobalExternalAuthConfig(config *GlobalExternalAuthConfig) *envoy_filter_network_http_connection_manager_v3.HttpFilter { if config == nil { return nil } @@ -662,7 +663,7 @@ func envoyTracingConfigCustomTag(tags []*CustomTag) []*envoy_v3.CustomTag { return customTags } -func proxyProtocol(useProxy bool) []*envoy_listener_v3.ListenerFilter { +func proxyProtocol(useProxy bool) []*envoy_config_listener_v3.ListenerFilter { if useProxy { return envoy_v3.ListenerFilters( envoy_v3.ProxyProtocol(), @@ -671,6 +672,6 @@ func proxyProtocol(useProxy bool) []*envoy_listener_v3.ListenerFilter { return nil } -func secureProxyProtocol(useProxy bool) []*envoy_listener_v3.ListenerFilter { +func secureProxyProtocol(useProxy bool) []*envoy_config_listener_v3.ListenerFilter { return append(proxyProtocol(useProxy), envoy_v3.TLSInspector()) } diff --git a/internal/xdscache/v3/listener_test.go b/internal/xdscache/v3/listener_test.go index d72ddc56814..d5d0cdc5ee8 100644 --- a/internal/xdscache/v3/listener_test.go +++ b/internal/xdscache/v3/listener_test.go @@ -19,9 +19,23 @@ import ( "testing" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" + envoy_config_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v3" + envoy_filter_http_ratelimit_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" + envoy_filter_network_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + "github.com/envoyproxy/go-control-plane/pkg/wellknown" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/durationpb" + "google.golang.org/protobuf/types/known/wrapperspb" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/contourconfig" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" @@ -29,26 +43,11 @@ import ( "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/timeout" - - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3" - ratelimit_config_v3 "github.com/envoyproxy/go-control-plane/envoy/config/ratelimit/v3" - ratelimit_filter_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" - http "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - "github.com/envoyproxy/go-control-plane/pkg/wellknown" - "google.golang.org/protobuf/proto" - "google.golang.org/protobuf/types/known/durationpb" - "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" - networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" ) func TestListenerCacheContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_listener_v3.Listener + contents map[string]*envoy_config_listener_v3.Listener want []proto.Message }{ "empty": { @@ -56,17 +55,17 @@ func TestListenerCacheContents(t *testing.T) { want: nil, }, "simple": { - contents: listenermap(&envoy_listener_v3.Listener{ + contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), want: []proto.Message{ - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, }, @@ -85,49 +84,49 @@ func TestListenerCacheContents(t *testing.T) { func TestListenerCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_listener_v3.Listener + contents map[string]*envoy_config_listener_v3.Listener query []string want []proto.Message }{ "exact match": { - contents: listenermap(&envoy_listener_v3.Listener{ + contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), query: []string{ENVOY_HTTP_LISTENER}, want: []proto.Message{ - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, }, }, "partial match": { - contents: listenermap(&envoy_listener_v3.Listener{ + contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), query: []string{ENVOY_HTTP_LISTENER, "stats-listener"}, want: []proto.Message{ - &envoy_listener_v3.Listener{ + &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }, }, }, "no match": { - contents: listenermap(&envoy_listener_v3.Listener{ + contents: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), query: []string{"stats-listener"}, @@ -146,13 +145,13 @@ func TestListenerCacheQuery(t *testing.T) { } func TestListenerVisit(t *testing.T) { - httpsFilterFor := func(vhost string) *envoy_listener_v3.Filter { + httpsFilterFor := func(vhost string) *envoy_config_listener_v3.Filter { return envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests(vhost)). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", vhost)). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). Get() } @@ -160,23 +159,23 @@ func TestListenerVisit(t *testing.T) { DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). Get() jwksTimeout := "10s" jwksTimeoutDuration, _ := time.ParseDuration(jwksTimeout) - jwtProvider := contour_api_v1.JWTProvider{ + jwtProvider := contour_v1.JWTProvider{ Name: "provider-1", Issuer: "issuer.jwt.example.com", - RemoteJWKS: contour_api_v1.RemoteJWKS{ + RemoteJWKS: contour_v1.RemoteJWKS{ URI: "https://jwt.example.com/jwks.json", Timeout: jwksTimeout, }, } jwksURL, _ := url.Parse(jwtProvider.RemoteJWKS.URI) - secret := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + secret := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, @@ -184,8 +183,8 @@ func TestListenerVisit(t *testing.T) { Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), } - fallbackSecret := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + fallbackSecret := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbacksecret", Namespace: "default", }, @@ -193,13 +192,13 @@ func TestListenerVisit(t *testing.T) { Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), } - service := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + service := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, @@ -210,16 +209,16 @@ func TestListenerVisit(t *testing.T) { ListenerConfig fallbackCertificate *types.NamespacedName objs []any - want map[string]*envoy_listener_v3.Listener + want map[string]*envoy_config_listener_v3.Listener }{ "nothing": { objs: nil, - want: map[string]*envoy_listener_v3.Listener{}, + want: map[string]*envoy_config_listener_v3.Listener{}, }, "one http only ingress": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -229,29 +228,29 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), }, "one http only httpproxy": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -260,10 +259,10 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), }, @@ -271,7 +270,7 @@ func TestListenerVisit(t *testing.T) { "simple ingress with secret": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -295,22 +294,22 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -320,7 +319,7 @@ func TestListenerVisit(t *testing.T) { "multiple tls ingress with secrets should be sorted": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "sortedsecond", Namespace: "default", }, @@ -342,7 +341,7 @@ func TestListenerVisit(t *testing.T) { }, }, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "sortedfirst", Namespace: "default", }, @@ -366,28 +365,28 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"sortedfirst.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("sortedfirst.example.com")), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"sortedsecond.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("sortedsecond.example.com")), }}, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -397,7 +396,7 @@ func TestListenerVisit(t *testing.T) { "simple ingress with missing secret": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -421,29 +420,29 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), }), }, "simple httpproxy with secret": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -453,19 +452,19 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -478,7 +477,7 @@ func TestListenerVisit(t *testing.T) { "ingress with allow-http: false": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -490,12 +489,12 @@ func TestListenerVisit(t *testing.T) { }, }, }, - want: map[string]*envoy_listener_v3.Listener{}, + want: map[string]*envoy_config_listener_v3.Listener{}, }, "simple tls ingress with allow-http:false": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", Annotations: map[string]string{ @@ -522,14 +521,14 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -544,7 +543,7 @@ func TestListenerVisit(t *testing.T) { }, objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -568,26 +567,26 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.ProxyProtocol(), ), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.ProxyProtocol(), envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -601,7 +600,7 @@ func TestListenerVisit(t *testing.T) { }, objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -625,28 +624,28 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy("/tmp/http_access.log", "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy("/tmp/http_access.log", "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), ListenerFilters: envoy_v3.ListenerFilters( envoy_v3.TLSInspector(), ), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("whatever.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "whatever.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/tmp/https_access.log", "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/tmp/https_access.log", "", nil, contour_v1alpha1.LogLevelInfo)). Get()), }}, SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -660,7 +659,7 @@ func TestListenerVisit(t *testing.T) { }, objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -684,19 +683,19 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -713,7 +712,7 @@ func TestListenerVisit(t *testing.T) { }, objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", Annotations: map[string]string{ @@ -741,19 +740,19 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"whatever.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_3, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version Filters: envoy_v3.Filters(httpsFilterFor("whatever.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -769,22 +768,22 @@ func TestListenerVisit(t *testing.T) { MaximumTLSVersion: "1.3", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", MinimumProtocolVersion: "1.3", MaximumProtocolVersion: "1.3", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -794,19 +793,19 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_3, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -821,22 +820,22 @@ func TestListenerVisit(t *testing.T) { MaximumTLSVersion: "1.2", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", MinimumProtocolVersion: "1.2", MaximumProtocolVersion: "1.3", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -846,19 +845,19 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_2, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, nil, "h2", "http/1.1"), // note, cannot downgrade from the configured version Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -875,20 +874,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -898,19 +897,19 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, []string{"ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384"}, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, []string{"ECDHE-ECDSA-AES256-GCM-SHA384", "ECDHE-RSA-AES256-GCM-SHA384"}, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -931,22 +930,22 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -960,45 +959,45 @@ func TestListenerVisit(t *testing.T) { fallbackSecret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). RequestTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). RequestTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). RequestTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), @@ -1022,22 +1021,22 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -1051,45 +1050,45 @@ func TestListenerVisit(t *testing.T) { fallbackSecret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). ConnectionIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). ConnectionIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). ConnectionIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), @@ -1113,22 +1112,22 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -1142,45 +1141,45 @@ func TestListenerVisit(t *testing.T) { fallbackSecret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). StreamIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). StreamIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). StreamIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), @@ -1204,22 +1203,22 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -1233,45 +1232,45 @@ func TestListenerVisit(t *testing.T) { fallbackSecret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). DelayedCloseTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DelayedCloseTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DelayedCloseTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), @@ -1295,22 +1294,22 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -1324,45 +1323,45 @@ func TestListenerVisit(t *testing.T) { fallbackSecret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). MaxConnectionDuration(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). MaxConnectionDuration(timeout.DurationSetting(90 * time.Second)). Get(), ), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). MaxConnectionDuration(timeout.DurationSetting(90 * time.Second)). Get(), ), @@ -1386,22 +1385,22 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -1415,45 +1414,45 @@ func TestListenerVisit(t *testing.T) { fallbackSecret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). ConnectionShutdownGracePeriod(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). ConnectionShutdownGracePeriod(timeout.DurationSetting(90 * time.Second)). Get(), ), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). ConnectionShutdownGracePeriod(timeout.DurationSetting(90 * time.Second)). Get(), ), @@ -1471,22 +1470,22 @@ func TestListenerVisit(t *testing.T) { Namespace: "default", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -1500,25 +1499,25 @@ func TestListenerVisit(t *testing.T) { fallbackSecret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(fallbackCertFilter), Name: "fallback-certificate", }}, @@ -1534,22 +1533,22 @@ func TestListenerVisit(t *testing.T) { Namespace: "default", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple2", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.another.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -1559,22 +1558,22 @@ func TestListenerVisit(t *testing.T) { }, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -1588,34 +1587,34 @@ func TestListenerVisit(t *testing.T) { fallbackSecret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{ + FilterChains: []*envoy_config_listener_v3.FilterChain{ { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.another.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.another.com")), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(fallbackCertFilter), Name: "fallback-certificate", }, @@ -1632,22 +1631,22 @@ func TestListenerVisit(t *testing.T) { Namespace: "", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -1669,22 +1668,22 @@ func TestListenerVisit(t *testing.T) { Namespace: "default", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: false, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -1697,19 +1696,19 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(httpsFilterFor("www.example.com")), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -1725,20 +1724,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1747,14 +1746,14 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). ConnectionIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), @@ -1769,20 +1768,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1791,14 +1790,14 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). StreamIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), @@ -1813,20 +1812,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1835,14 +1834,14 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). MaxConnectionDuration(timeout.DurationSetting(90 * time.Second)). Get(), @@ -1857,20 +1856,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1879,14 +1878,14 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). DelayedCloseTimeout(timeout.DurationSetting(90 * time.Second)). Get(), @@ -1901,20 +1900,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1923,14 +1922,14 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). ConnectionShutdownGracePeriod(timeout.DurationSetting(90 * time.Second)). Get(), @@ -1946,20 +1945,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -1969,32 +1968,32 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). ConnectionIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). ConnectionIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get()), }}, @@ -2009,20 +2008,20 @@ func TestListenerVisit(t *testing.T) { AllowChunkedLength: true, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2031,14 +2030,14 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). AllowChunkedLength(true). Get(), @@ -2051,20 +2050,20 @@ func TestListenerVisit(t *testing.T) { MergeSlashes: true, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2074,14 +2073,14 @@ func TestListenerVisit(t *testing.T) { service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). MergeSlashes(true). Get(), @@ -2091,23 +2090,23 @@ func TestListenerVisit(t *testing.T) { }, "httpproxy with server_header_transformation set to pass through in listener config": { ListenerConfig: ListenerConfig{ - ServerHeaderTransformation: v1alpha1.PassThroughServerHeader, + ServerHeaderTransformation: contour_v1alpha1.PassThroughServerHeader, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2117,16 +2116,16 @@ func TestListenerVisit(t *testing.T) { service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). - ServerHeaderTransformation(v1alpha1.PassThroughServerHeader). + ServerHeaderTransformation(contour_v1alpha1.PassThroughServerHeader). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), @@ -2137,20 +2136,20 @@ func TestListenerVisit(t *testing.T) { XffNumTrustedHops: 1, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2159,14 +2158,14 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). NumTrustedHops(1). Get(), @@ -2181,20 +2180,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2204,32 +2203,32 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). StreamIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). StreamIdleTimeout(timeout.DurationSetting(90 * time.Second)). Get()), }}, @@ -2247,20 +2246,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2270,32 +2269,32 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). MaxConnectionDuration(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). MaxConnectionDuration(timeout.DurationSetting(90 * time.Second)). Get()), }}, @@ -2312,20 +2311,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2335,32 +2334,32 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). DelayedCloseTimeout(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DelayedCloseTimeout(timeout.DurationSetting(90 * time.Second)). Get()), }}, @@ -2377,20 +2376,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2400,32 +2399,32 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). ConnectionShutdownGracePeriod(timeout.DurationSetting(90 * time.Second)). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). ConnectionShutdownGracePeriod(timeout.DurationSetting(90 * time.Second)). Get()), }}, @@ -2449,20 +2448,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2471,33 +2470,33 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName("ingress_http"). MetricsPrefix("ingress_http"). - AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy("/dev/stdout", "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). - AddFilter(&http.HttpFilter{ + AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "contour", FailureModeDeny: true, Timeout: durationpb.New(7 * time.Second), - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: dag.ExtensionClusterName(k8s.NamespacedNameFrom("projectcontour/ratelimit")), Authority: "extension.projectcontour.ratelimit", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, - EnableXRatelimitHeaders: ratelimit_filter_v3.RateLimit_DRAFT_VERSION_03, + EnableXRatelimitHeaders: envoy_filter_http_ratelimit_v3.RateLimit_DRAFT_VERSION_03, RateLimitedAsResourceExhausted: true, }), }, @@ -2521,20 +2520,20 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2544,33 +2543,33 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). - AddFilter(&http.HttpFilter{ + AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "contour", FailureModeDeny: true, Timeout: durationpb.New(7 * time.Second), - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: dag.ExtensionClusterName(k8s.NamespacedNameFrom("projectcontour/ratelimit")), Authority: "ratelimit-example.com", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, - EnableXRatelimitHeaders: ratelimit_filter_v3.RateLimit_DRAFT_VERSION_03, + EnableXRatelimitHeaders: envoy_filter_http_ratelimit_v3.RateLimit_DRAFT_VERSION_03, RateLimitedAsResourceExhausted: true, }), }, @@ -2578,39 +2577,39 @@ func TestListenerVisit(t *testing.T) { Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). - AddFilter(&http.HttpFilter{ + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). + AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "contour", FailureModeDeny: true, Timeout: durationpb.New(7 * time.Second), - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: dag.ExtensionClusterName(k8s.NamespacedNameFrom("projectcontour/ratelimit")), Authority: "ratelimit-example.com", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, - EnableXRatelimitHeaders: ratelimit_filter_v3.RateLimit_DRAFT_VERSION_03, + EnableXRatelimitHeaders: envoy_filter_http_ratelimit_v3.RateLimit_DRAFT_VERSION_03, RateLimitedAsResourceExhausted: true, }), }, @@ -2641,22 +2640,22 @@ func TestListenerVisit(t *testing.T) { }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ { - Services: []contour_api_v1.Service{ + Services: []contour_v1.Service{ { Name: "backend", Port: 80, @@ -2670,33 +2669,33 @@ func TestListenerVisit(t *testing.T) { fallbackSecret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). - AddFilter(&http.HttpFilter{ + AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "contour", FailureModeDeny: true, Timeout: durationpb.New(7 * time.Second), - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: dag.ExtensionClusterName(k8s.NamespacedNameFrom("projectcontour/ratelimit")), Authority: "extension.projectcontour.ratelimit", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, - EnableXRatelimitHeaders: ratelimit_filter_v3.RateLimit_DRAFT_VERSION_03, + EnableXRatelimitHeaders: envoy_filter_http_ratelimit_v3.RateLimit_DRAFT_VERSION_03, RateLimitedAsResourceExhausted: true, }), }, @@ -2704,39 +2703,39 @@ func TestListenerVisit(t *testing.T) { Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). - AddFilter(&http.HttpFilter{ + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). + AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "contour", FailureModeDeny: true, Timeout: durationpb.New(7 * time.Second), - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: dag.ExtensionClusterName(k8s.NamespacedNameFrom("projectcontour/ratelimit")), Authority: "extension.projectcontour.ratelimit", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, - EnableXRatelimitHeaders: ratelimit_filter_v3.RateLimit_DRAFT_VERSION_03, + EnableXRatelimitHeaders: envoy_filter_http_ratelimit_v3.RateLimit_DRAFT_VERSION_03, RateLimitedAsResourceExhausted: true, }), }, @@ -2744,34 +2743,34 @@ func TestListenerVisit(t *testing.T) { Get(), ), }, { - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ TransportProtocol: "tls", }, - TransportSocket: transportSocket("fallbacksecret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("fallbacksecret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(ENVOY_FALLBACK_ROUTECONFIG). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). - AddFilter(&http.HttpFilter{ + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). + AddFilter(&envoy_filter_network_http_connection_manager_v3.HttpFilter{ Name: wellknown.HTTPRateLimit, - ConfigType: &http.HttpFilter_TypedConfig{ - TypedConfig: protobuf.MustMarshalAny(&ratelimit_filter_v3.RateLimit{ + ConfigType: &envoy_filter_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: protobuf.MustMarshalAny(&envoy_filter_http_ratelimit_v3.RateLimit{ Domain: "contour", FailureModeDeny: true, Timeout: durationpb.New(7 * time.Second), - RateLimitService: &ratelimit_config_v3.RateLimitServiceConfig{ - GrpcService: &envoy_core_v3.GrpcService{ - TargetSpecifier: &envoy_core_v3.GrpcService_EnvoyGrpc_{ - EnvoyGrpc: &envoy_core_v3.GrpcService_EnvoyGrpc{ + RateLimitService: &envoy_config_ratelimit_v3.RateLimitServiceConfig{ + GrpcService: &envoy_config_core_v3.GrpcService{ + TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ + EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ ClusterName: dag.ExtensionClusterName(k8s.NamespacedNameFrom("projectcontour/ratelimit")), Authority: "extension.projectcontour.ratelimit", }, }, }, - TransportApiVersion: envoy_core_v3.ApiVersion_V3, + TransportApiVersion: envoy_config_core_v3.ApiVersion_V3, }, - EnableXRatelimitHeaders: ratelimit_filter_v3.RateLimit_DRAFT_VERSION_03, + EnableXRatelimitHeaders: envoy_filter_http_ratelimit_v3.RateLimit_DRAFT_VERSION_03, RateLimitedAsResourceExhausted: true, }), }, @@ -2788,26 +2787,26 @@ func TestListenerVisit(t *testing.T) { }, "DSCP marking with socket options": { ListenerConfig: ListenerConfig{ - SocketOptions: &v1alpha1.SocketOptions{ + SocketOptions: &contour_v1alpha1.SocketOptions{ TOS: 64, TrafficClass: 64, }, }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2816,10 +2815,10 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), - FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo), 0)), + FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManager(ENVOY_HTTP_LISTENER, envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo), 0)), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().TOS(64).TrafficClass(64).Build(), }), }, @@ -2828,20 +2827,20 @@ func TestListenerVisit(t *testing.T) { MaxRequestsPerConnection: ref.To(uint32(1)), }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2850,14 +2849,14 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). MaxRequestsPerConnection(ref.To(uint32(1))). Get(), @@ -2870,20 +2869,20 @@ func TestListenerVisit(t *testing.T) { MaxRequestsPerConnection: ref.To(uint32(1)), }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2893,32 +2892,32 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). MaxRequestsPerConnection(ref.To(uint32(1))). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). MaxRequestsPerConnection(ref.To(uint32(1))). Get()), }}, @@ -2933,20 +2932,20 @@ func TestListenerVisit(t *testing.T) { HTTP2MaxConcurrentStreams: ref.To(uint32(100)), }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2955,14 +2954,14 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains( envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). HTTP2MaxConcurrentStreams(ref.To(uint32(100))). Get(), @@ -2975,20 +2974,20 @@ func TestListenerVisit(t *testing.T) { HTTP2MaxConcurrentStreams: ref.To(uint32(101)), }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -2998,32 +2997,32 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). HTTP2MaxConcurrentStreams(ref.To(uint32(101))). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). HTTP2MaxConcurrentStreams(ref.To(uint32(101))). Get()), }}, @@ -3038,20 +3037,20 @@ func TestListenerVisit(t *testing.T) { PerConnectionBufferLimitBytes: ref.To(uint32(32768)), }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -3060,7 +3059,7 @@ func TestListenerVisit(t *testing.T) { }, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), @@ -3068,7 +3067,7 @@ func TestListenerVisit(t *testing.T) { envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). Get(), ), @@ -3080,20 +3079,20 @@ func TestListenerVisit(t *testing.T) { PerConnectionBufferLimitBytes: ref.To(uint32(32768)), }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -3103,33 +3102,33 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). Get()), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -3144,33 +3143,33 @@ func TestListenerVisit(t *testing.T) { PerConnectionBufferLimitBytes: ref.To(uint32(32768)), }, objs: []any{ - &contour_api_v1alpha1.ExtensionService{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1alpha1.ExtensionService{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "auth", Namespace: "extension", }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, - Authorization: &contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + Authorization: &contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: "extension", Name: "auth", }, }, - JWTProviders: []contour_api_v1.JWTProvider{jwtProvider}, + JWTProviders: []contour_v1.JWTProvider{jwtProvider}, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -3180,27 +3179,27 @@ func TestListenerVisit(t *testing.T) { secret, service, }, - want: listenermap(&envoy_listener_v3.Listener{ + want: listenermap(&envoy_config_listener_v3.Listener{ Name: ENVOY_HTTP_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8080), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), FilterChains: envoy_v3.FilterChains(envoy_v3.HTTPConnectionManagerBuilder(). RouteConfigName(ENVOY_HTTP_LISTENER). MetricsPrefix(ENVOY_HTTP_LISTENER). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). DefaultFilters(). Get(), ), SocketOptions: envoy_v3.NewSocketOptions().TCPKeepalive().Build(), - }, &envoy_listener_v3.Listener{ + }, &envoy_config_listener_v3.Listener{ Name: ENVOY_HTTPS_LISTENER, Address: envoy_v3.SocketAddress("0.0.0.0", 8443), PerConnectionBufferLimitBytes: wrapperspb.UInt32(32768), - FilterChains: []*envoy_listener_v3.FilterChain{{ - FilterChainMatch: &envoy_listener_v3.FilterChainMatch{ + FilterChains: []*envoy_config_listener_v3.FilterChain{{ + FilterChainMatch: &envoy_config_listener_v3.FilterChainMatch{ ServerNames: []string{"www.example.com"}, }, - TransportSocket: transportSocket("secret", envoy_tls_v3.TlsParameters_TLSv1_2, envoy_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), + TransportSocket: transportSocket("secret", envoy_transport_socket_tls_v3.TlsParameters_TLSv1_2, envoy_transport_socket_tls_v3.TlsParameters_TLSv1_3, nil, "h2", "http/1.1"), Filters: envoy_v3.Filters(envoy_v3.HTTPConnectionManagerBuilder(). AddFilter(envoy_v3.FilterMisdirectedRequests("www.example.com")). DefaultFilters(). @@ -3224,7 +3223,7 @@ func TestListenerVisit(t *testing.T) { })). MetricsPrefix(ENVOY_HTTPS_LISTENER). RouteConfigName(path.Join("https", "www.example.com")). - AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, v1alpha1.LogLevelInfo)). + AccessLoggers(envoy_v3.FileAccessLogEnvoy(DEFAULT_HTTP_ACCESS_LOG, "", nil, contour_v1alpha1.LogLevelInfo)). Get()), }}, ListenerFilters: envoy_v3.ListenerFilters( @@ -3247,14 +3246,14 @@ func TestListenerVisit(t *testing.T) { } } -func transportSocket(secretName string, tlsMinProtoVersion, tlsMaxProtoVersion envoy_tls_v3.TlsParameters_TlsProtocol, cipherSuites []string, alpnprotos ...string) *envoy_core_v3.TransportSocket { +func transportSocket(secretName string, tlsMinProtoVersion, tlsMaxProtoVersion envoy_transport_socket_tls_v3.TlsParameters_TlsProtocol, cipherSuites []string, alpnprotos ...string) *envoy_config_core_v3.TransportSocket { secret := &dag.Secret{ - Object: &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + Object: &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: secretName, Namespace: "default", }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, } @@ -3263,8 +3262,8 @@ func transportSocket(secretName string, tlsMinProtoVersion, tlsMaxProtoVersion e ) } -func listenermap(listeners ...*envoy_listener_v3.Listener) map[string]*envoy_listener_v3.Listener { - m := make(map[string]*envoy_listener_v3.Listener) +func listenermap(listeners ...*envoy_config_listener_v3.Listener) map[string]*envoy_config_listener_v3.Listener { + m := make(map[string]*envoy_config_listener_v3.Listener) for _, l := range listeners { m[l.Name] = l } diff --git a/internal/xdscache/v3/route.go b/internal/xdscache/v3/route.go index 6b858159abf..42c4202a7ca 100644 --- a/internal/xdscache/v3/route.go +++ b/internal/xdscache/v3/route.go @@ -18,25 +18,26 @@ import ( "sort" "sync" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" + "google.golang.org/protobuf/proto" + "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" - "google.golang.org/protobuf/proto" ) // RouteCache manages the contents of the gRPC RDS cache. type RouteCache struct { mu sync.Mutex - values map[string]*envoy_route_v3.RouteConfiguration + values map[string]*envoy_config_route_v3.RouteConfiguration contour.Cond } // Update replaces the contents of the cache with the supplied map. -func (c *RouteCache) Update(v map[string]*envoy_route_v3.RouteConfiguration) { +func (c *RouteCache) Update(v map[string]*envoy_config_route_v3.RouteConfiguration) { c.mu.Lock() defer c.mu.Unlock() @@ -49,7 +50,7 @@ func (c *RouteCache) Contents() []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_route_v3.RouteConfiguration + var values []*envoy_config_route_v3.RouteConfiguration for _, v := range c.values { values = append(values, v) } @@ -63,7 +64,7 @@ func (c *RouteCache) Query(names []string) []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_route_v3.RouteConfiguration + var values []*envoy_config_route_v3.RouteConfiguration for _, n := range names { v, ok := c.values[n] if !ok { @@ -72,7 +73,7 @@ func (c *RouteCache) Query(names []string) []proto.Message { // not the same as returning nil, we're choosing to // say "the configuration you asked for _does exists_, // but it contains no useful information. - v = &envoy_route_v3.RouteConfiguration{ + v = &envoy_config_route_v3.RouteConfiguration{ Name: n, } } @@ -91,7 +92,7 @@ func (c *RouteCache) OnChange(root *dag.DAG) { // - one for all the HTTP vhost routes -- "ingress_http" // - one per svhost -- "https/" // - one for fallback cert (if configured) -- "ingress_fallbackcert" - routeConfigs := map[string]*envoy_route_v3.RouteConfiguration{} + routeConfigs := map[string]*envoy_config_route_v3.RouteConfiguration{} // To maintain backwards compatibility, generate an "ingress_http" RouteConfiguration // regardless of whether there are any vhosts if we are in static Listener mode. diff --git a/internal/xdscache/v3/route_test.go b/internal/xdscache/v3/route_test.go index fc51f4da26d..6a1d1ec0a24 100644 --- a/internal/xdscache/v3/route_test.go +++ b/internal/xdscache/v3/route_test.go @@ -18,35 +18,35 @@ import ( "testing" "time" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" + envoy_filter_http_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" + envoy_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" + envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" envoy_type_v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" - - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" - envoy_cors_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" - envoy_config_filter_http_ext_authz_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" - matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/dag" - envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" "github.com/stretchr/testify/assert" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" "google.golang.org/protobuf/types/known/durationpb" "google.golang.org/protobuf/types/known/wrapperspb" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/dag" + envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/protobuf" + "github.com/projectcontour/contour/internal/ref" ) func TestRouteCacheContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_route_v3.RouteConfiguration + contents map[string]*envoy_config_route_v3.RouteConfiguration want []proto.Message }{ "empty": { @@ -54,7 +54,7 @@ func TestRouteCacheContents(t *testing.T) { want: nil, }, "simple": { - contents: map[string]*envoy_route_v3.RouteConfiguration{ + contents: map[string]*envoy_config_route_v3.RouteConfiguration{ "ingress_http": { Name: "ingress_http", }, @@ -63,10 +63,10 @@ func TestRouteCacheContents(t *testing.T) { }, }, want: []proto.Message{ - &envoy_route_v3.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "ingress_http", }, - &envoy_route_v3.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "ingress_https", }, }, @@ -85,48 +85,48 @@ func TestRouteCacheContents(t *testing.T) { func TestRouteCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_route_v3.RouteConfiguration + contents map[string]*envoy_config_route_v3.RouteConfiguration query []string want []proto.Message }{ "exact match": { - contents: map[string]*envoy_route_v3.RouteConfiguration{ + contents: map[string]*envoy_config_route_v3.RouteConfiguration{ "ingress_http": { Name: "ingress_http", }, }, query: []string{"ingress_http"}, want: []proto.Message{ - &envoy_route_v3.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "ingress_http", }, }, }, "partial match": { - contents: map[string]*envoy_route_v3.RouteConfiguration{ + contents: map[string]*envoy_config_route_v3.RouteConfiguration{ "ingress_http": { Name: "ingress_http", }, }, query: []string{"stats-handler", "ingress_http"}, want: []proto.Message{ - &envoy_route_v3.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "ingress_http", }, - &envoy_route_v3.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "stats-handler", }, }, }, "no match": { - contents: map[string]*envoy_route_v3.RouteConfiguration{ + contents: map[string]*envoy_config_route_v3.RouteConfiguration{ "ingress_http": { Name: "ingress_http", }, }, query: []string{"stats-handler"}, want: []proto.Message{ - &envoy_route_v3.RouteConfiguration{ + &envoy_config_route_v3.RouteConfiguration{ Name: "stats-handler", }, }, @@ -147,7 +147,7 @@ func TestRouteVisit(t *testing.T) { tests := map[string]struct { objs []any fallbackCertificate *types.NamespacedName - want map[string]*envoy_route_v3.RouteConfiguration + want map[string]*envoy_config_route_v3.RouteConfiguration }{ "nothing": { objs: nil, @@ -158,7 +158,7 @@ func TestRouteVisit(t *testing.T) { "one http only ingress with service": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -166,13 +166,13 @@ func TestRouteVisit(t *testing.T) { DefaultBackend: backend("kuard", 8080), }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -183,7 +183,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -194,7 +194,7 @@ func TestRouteVisit(t *testing.T) { "one http only ingress with regex match": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -211,13 +211,13 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -228,7 +228,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routeRegex("/[^/]+/invoices(/.*|/?)"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -238,30 +238,30 @@ func TestRouteVisit(t *testing.T) { }, "one http only httpproxy": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -272,7 +272,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/80/da39a3ee5e"), }, @@ -283,7 +283,7 @@ func TestRouteVisit(t *testing.T) { "default backend ingress with secret": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -295,21 +295,21 @@ func TestRouteVisit(t *testing.T) { DefaultBackend: backend("kuard", 8080), }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -320,7 +320,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -331,7 +331,7 @@ func TestRouteVisit(t *testing.T) { "vhost ingress with secret": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -357,21 +357,21 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "www", Protocol: "TCP", Port: 8080, @@ -383,7 +383,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -391,7 +391,7 @@ func TestRouteVisit(t *testing.T) { ), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -401,44 +401,44 @@ func TestRouteVisit(t *testing.T) { }, "simple httpproxy with secret": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 8080, }}, }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "www", Protocol: "TCP", Port: 8080, @@ -450,11 +450,11 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -464,7 +464,7 @@ func TestRouteVisit(t *testing.T) { ), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/8080/da39a3ee5e"), }, @@ -475,7 +475,7 @@ func TestRouteVisit(t *testing.T) { "simple tls ingress with allow-http:false": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", Annotations: map[string]string{ @@ -504,21 +504,21 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "www", Protocol: "TCP", Port: 8080, @@ -531,7 +531,7 @@ func TestRouteVisit(t *testing.T) { envoy_v3.RouteConfiguration("ingress_http"), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -542,7 +542,7 @@ func TestRouteVisit(t *testing.T) { "simple tls ingress with force-ssl-redirect": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", Annotations: map[string]string{ @@ -571,21 +571,21 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "www", Protocol: "TCP", Port: 8080, @@ -597,11 +597,11 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -611,7 +611,7 @@ func TestRouteVisit(t *testing.T) { ), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -622,7 +622,7 @@ func TestRouteVisit(t *testing.T) { "ingress with websocket annotation": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", Annotations: map[string]string{ @@ -656,13 +656,13 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "www", Protocol: "TCP", Port: 8080, @@ -674,11 +674,11 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/ws1"), Action: websocketroute("default/kuard/8080/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -689,7 +689,7 @@ func TestRouteVisit(t *testing.T) { "ingress invalid timeout": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -700,13 +700,13 @@ func TestRouteVisit(t *testing.T) { DefaultBackend: backend("kuard", 8080), }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -717,7 +717,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -728,7 +728,7 @@ func TestRouteVisit(t *testing.T) { "ingress infinite timeout": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -739,13 +739,13 @@ func TestRouteVisit(t *testing.T) { DefaultBackend: backend("kuard", 8080), }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -756,7 +756,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routetimeout("default/kuard/8080/da39a3ee5e", 0), }, @@ -767,7 +767,7 @@ func TestRouteVisit(t *testing.T) { "ingress 90 second timeout": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -778,13 +778,13 @@ func TestRouteVisit(t *testing.T) { DefaultBackend: backend("kuard", 8080), }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -795,7 +795,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routetimeout("default/kuard/8080/da39a3ee5e", 90*time.Second), }, @@ -806,7 +806,7 @@ func TestRouteVisit(t *testing.T) { "ingress different path matches": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, @@ -851,13 +851,13 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -868,27 +868,27 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routeExact("/foo4"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routeRegex("/foo3[a|b]?"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/foo2"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixIngress("/foo"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/foo"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/8080/da39a3ee5e"), }, @@ -899,7 +899,7 @@ func TestRouteVisit(t *testing.T) { "vhost name exceeds 60 chars": { // projectcontour/contour#25 objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "my-service-name", Namespace: "default", }, @@ -922,13 +922,13 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "www", Protocol: "TCP", Port: 80, @@ -940,7 +940,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("my-very-very-long-service-host-name.subdomain.boring-dept.my.company", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/kuard/80/da39a3ee5e"), }, @@ -951,7 +951,7 @@ func TestRouteVisit(t *testing.T) { "ingress retry-on": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -962,13 +962,13 @@ func TestRouteVisit(t *testing.T) { DefaultBackend: backend("kuard", 8080), }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -979,7 +979,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeretry("default/kuard/8080/da39a3ee5e", "5xx,gateway-error", 1, 0), }, @@ -990,7 +990,7 @@ func TestRouteVisit(t *testing.T) { "ingress retry-on, num-retries": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -1002,13 +1002,13 @@ func TestRouteVisit(t *testing.T) { DefaultBackend: backend("kuard", 8080), }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -1019,7 +1019,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeretry("default/kuard/8080/da39a3ee5e", "5xx,gateway-error", 7, 0), }, @@ -1031,7 +1031,7 @@ func TestRouteVisit(t *testing.T) { "ingress num-retries disabled": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -1043,13 +1043,13 @@ func TestRouteVisit(t *testing.T) { DefaultBackend: backend("kuard", 8080), }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -1060,7 +1060,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeretry("default/kuard/8080/da39a3ee5e", "5xx,gateway-error", 0, 0), }, @@ -1072,7 +1072,7 @@ func TestRouteVisit(t *testing.T) { "ingress retry-on, per-try-timeout": { objs: []any{ &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", Annotations: map[string]string{ @@ -1084,13 +1084,13 @@ func TestRouteVisit(t *testing.T) { DefaultBackend: backend("kuard", 8080), }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 8080, TargetPort: intstr.FromInt(8080), @@ -1101,7 +1101,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("*", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeretry("default/kuard/8080/da39a3ee5e", "5xx,gateway-error", 1, 150*time.Millisecond), }, @@ -1112,37 +1112,37 @@ func TestRouteVisit(t *testing.T) { "httpproxy num-retries disabled": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, - RetryPolicy: &contour_api_v1.RetryPolicy{ + RetryPolicy: &contour_v1.RetryPolicy{ NumRetries: -1, - RetryOn: []contour_api_v1.RetryOn{"5xx", "gateway-error"}, + RetryOn: []contour_v1.RetryOn{"5xx", "gateway-error"}, }, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1153,7 +1153,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routeretry("default/backend/80/da39a3ee5e", "5xx,gateway-error", 0, 0), }, @@ -1164,20 +1164,20 @@ func TestRouteVisit(t *testing.T) { "httpproxy no weights defined": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -1187,26 +1187,26 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1217,12 +1217,12 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -1238,20 +1238,20 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy one weight defined": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -1262,26 +1262,26 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1292,12 +1292,12 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 0), weightedCluster("default/backendtwo/80/da39a3ee5e", 50), @@ -1313,20 +1313,20 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy all weights defined": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, Weight: 22, @@ -1338,26 +1338,26 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1368,12 +1368,12 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 22), weightedCluster("default/backendtwo/80/da39a3ee5e", 50), @@ -1389,28 +1389,28 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy w/ missing fqdn": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{}, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{}, + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1424,20 +1424,20 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with pathPrefix": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -1447,26 +1447,26 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1477,12 +1477,12 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -1498,20 +1498,20 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with mirror policy": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -1522,26 +1522,26 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1552,7 +1552,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: withMirrorPolicy(routecluster("default/backend/80/da39a3ee5e"), "default/backendtwo/80/da39a3ee5e"), }, @@ -1562,23 +1562,23 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with pathPrefix with tls": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -1588,34 +1588,34 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1626,11 +1626,11 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -1640,12 +1640,12 @@ func TestRouteVisit(t *testing.T) { ), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -1660,27 +1660,27 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with pathPrefix includes": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Includes: []contour_api_v1.Include{{ + Includes: []contour_v1.Include{{ Name: "child", Namespace: "teama", - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/blog", }}, }}, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -1690,56 +1690,56 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "child", Namespace: "teama", }, - Spec: contour_api_v1.HTTPProxySpec{ - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/info", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "teama", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1750,16 +1750,16 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/blog/info"), Action: routecluster("teama/backend/80/da39a3ee5e"), }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -1775,34 +1775,34 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with corsPolicy": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET, PUT, POST"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET, PUT, POST"}, }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1813,18 +1813,18 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("www.example.com", - &envoy_cors_v3.CorsPolicy{ + &envoy_filter_http_cors_v3.CorsPolicy{ AllowCredentials: &wrapperspb.BoolValue{Value: false}, AllowPrivateNetworkAccess: &wrapperspb.BoolValue{Value: false}, - AllowOriginStringMatch: []*matcher.StringMatcher{{ - MatchPattern: &matcher.StringMatcher_Exact{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, }}, AllowMethods: "GET, PUT, POST", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/80/da39a3ee5e"), }, @@ -1834,45 +1834,45 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with corsPolicy with tls": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - CORSPolicy: &contour_api_v1.CORSPolicy{ + CORSPolicy: &contour_v1.CORSPolicy{ AllowOrigin: []string{"*"}, - AllowMethods: []contour_api_v1.CORSHeaderValue{"GET, PUT, POST"}, + AllowMethods: []contour_v1.CORSHeaderValue{"GET, PUT, POST"}, }, - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1883,22 +1883,22 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.CORSVirtualHost("www.example.com", - &envoy_cors_v3.CorsPolicy{ + &envoy_filter_http_cors_v3.CorsPolicy{ AllowCredentials: &wrapperspb.BoolValue{Value: false}, AllowPrivateNetworkAccess: &wrapperspb.BoolValue{Value: false}, - AllowOriginStringMatch: []*matcher.StringMatcher{{ - MatchPattern: &matcher.StringMatcher_Exact{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, }}, AllowMethods: "GET, PUT, POST", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -1908,18 +1908,18 @@ func TestRouteVisit(t *testing.T) { ), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.CORSVirtualHost("www.example.com", - &envoy_cors_v3.CorsPolicy{ + &envoy_filter_http_cors_v3.CorsPolicy{ AllowCredentials: &wrapperspb.BoolValue{Value: false}, AllowPrivateNetworkAccess: &wrapperspb.BoolValue{Value: false}, - AllowOriginStringMatch: []*matcher.StringMatcher{{ - MatchPattern: &matcher.StringMatcher_Exact{ + AllowOriginStringMatch: []*envoy_matcher_v3.StringMatcher{{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ Exact: "*", }, IgnoreCase: true, }}, AllowMethods: "GET, PUT, POST", }, - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/80/da39a3ee5e"), }, @@ -1928,38 +1928,38 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with header contains conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Contains: "abc", }, }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -1970,7 +1970,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -1983,41 +1983,41 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with header notcontains conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", NotContains: "abc", }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2028,7 +2028,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -2042,41 +2042,41 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with header exact match conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Exact: "abc", }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2087,7 +2087,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -2101,41 +2101,41 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with header exact not match conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", NotExact: "abc", }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2146,7 +2146,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", Value: "abc", @@ -2160,41 +2160,41 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with header present conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Present: true, }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2205,7 +2205,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", MatchType: "present", @@ -2218,41 +2218,41 @@ func TestRouteVisit(t *testing.T) { "httpproxy with header regex conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, { - Header: &contour_api_v1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "x-header", Regex: "foo.*", }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2263,7 +2263,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithHeaderConditions("/", dag.HeaderMatchCondition{ Name: "x-header", MatchType: "regex", @@ -2276,38 +2276,38 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with query parameter contains conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Contains: "abc", }, }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2318,7 +2318,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "param", Value: "abc", @@ -2331,41 +2331,41 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with header prefix conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Prefix: "abc", }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2376,7 +2376,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "param", Value: "abc", @@ -2389,41 +2389,41 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with header suffix conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Suffix: "abc", }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2434,7 +2434,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "param", Value: "abc", @@ -2447,42 +2447,42 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with query parameter exact match conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Exact: "abc", IgnoreCase: true, }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2493,7 +2493,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "param", Value: "abc", @@ -2507,41 +2507,41 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with query parameter regex match conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Regex: "^abc.*", }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2552,7 +2552,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "param", Value: "^abc.*", @@ -2565,41 +2565,41 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with query parameter present conditions": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, { - QueryParameter: &contour_api_v1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "param", Present: true, }, }, }, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2610,7 +2610,7 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefixWithQueryParameterConditions("/", dag.QueryParamMatchCondition{ Name: "param", MatchType: "present", @@ -2622,25 +2622,25 @@ func TestRouteVisit(t *testing.T) { }, "httpproxy with route-level header manipulation": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, - RequestHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "In-Foo", Value: "bar", }}, @@ -2648,8 +2648,8 @@ func TestRouteVisit(t *testing.T) { "In-Baz", }, }, - ResponseHeadersPolicy: &contour_api_v1.HeadersPolicy{ - Set: []contour_api_v1.HeaderValue{{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{{ Name: "Out-Foo", Value: "bar", }}, @@ -2660,13 +2660,13 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2677,29 +2677,29 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: "default/backend/80/da39a3ee5e", }, }, }, - RequestHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ - Header: &envoy_core_v3.HeaderValue{ + RequestHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "In-Foo", Value: "bar", }, - AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, }}, RequestHeadersToRemove: []string{"In-Baz"}, - ResponseHeadersToAdd: []*envoy_core_v3.HeaderValueOption{{ - Header: &envoy_core_v3.HeaderValue{ + ResponseHeadersToAdd: []*envoy_config_core_v3.HeaderValueOption{{ + Header: &envoy_config_core_v3.HeaderValue{ Key: "Out-Foo", Value: "bar", }, - AppendAction: envoy_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, + AppendAction: envoy_config_core_v3.HeaderValueOption_OVERWRITE_IF_EXISTS_OR_ADD, }}, ResponseHeadersToRemove: []string{"Out-Baz"}, }, @@ -2713,24 +2713,24 @@ func TestRouteVisit(t *testing.T) { Namespace: "default", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -2740,42 +2740,42 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbacksecret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2786,11 +2786,11 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -2800,12 +2800,12 @@ func TestRouteVisit(t *testing.T) { ), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2818,12 +2818,12 @@ func TestRouteVisit(t *testing.T) { )), envoy_v3.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG, envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2842,24 +2842,24 @@ func TestRouteVisit(t *testing.T) { Namespace: "default", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: false, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -2869,24 +2869,24 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple-enabled", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "projectcontour.io", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -2896,42 +2896,42 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbacksecret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -2942,11 +2942,11 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -2954,11 +2954,11 @@ func TestRouteVisit(t *testing.T) { }, ), envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -2968,12 +2968,12 @@ func TestRouteVisit(t *testing.T) { ), envoy_v3.RouteConfiguration("https/projectcontour.io", envoy_v3.VirtualHost("projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -2986,12 +2986,12 @@ func TestRouteVisit(t *testing.T) { )), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -3004,12 +3004,12 @@ func TestRouteVisit(t *testing.T) { )), envoy_v3.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG, envoy_v3.VirtualHost("projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -3028,24 +3028,24 @@ func TestRouteVisit(t *testing.T) { Namespace: "default", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -3055,24 +3055,24 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple-enabled", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "projectcontour.io", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -3082,42 +3082,42 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbacksecret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -3128,11 +3128,11 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -3140,11 +3140,11 @@ func TestRouteVisit(t *testing.T) { }, ), envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -3154,12 +3154,12 @@ func TestRouteVisit(t *testing.T) { ), envoy_v3.RouteConfiguration("https/projectcontour.io", envoy_v3.VirtualHost("projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -3172,12 +3172,12 @@ func TestRouteVisit(t *testing.T) { )), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -3190,12 +3190,12 @@ func TestRouteVisit(t *testing.T) { )), envoy_v3.RouteConfiguration(ENVOY_FALLBACK_ROUTECONFIG, envoy_v3.VirtualHost("projectcontour.io", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -3206,12 +3206,12 @@ func TestRouteVisit(t *testing.T) { }, }, ), envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -3230,24 +3230,24 @@ func TestRouteVisit(t *testing.T) { Namespace: "badnamespace", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: true, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -3257,42 +3257,42 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbacksecret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -3308,24 +3308,24 @@ func TestRouteVisit(t *testing.T) { Namespace: "default", }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", EnableFallbackCertificate: false, }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }, { @@ -3335,42 +3335,42 @@ func TestRouteVisit(t *testing.T) { }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "fallbacksecret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backendtwo", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -3381,11 +3381,11 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -3395,12 +3395,12 @@ func TestRouteVisit(t *testing.T) { ), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_WeightedClusters{ - WeightedClusters: &envoy_route_v3.WeightedCluster{ + Action: &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_WeightedClusters{ + WeightedClusters: &envoy_config_route_v3.WeightedCluster{ Clusters: weightedClusters( weightedCluster("default/backend/80/da39a3ee5e", 1), weightedCluster("default/backendtwo/80/da39a3ee5e", 1), @@ -3415,17 +3415,17 @@ func TestRouteVisit(t *testing.T) { }, "direct response on configuration error": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "missing-backend-service", Port: 80, }}, @@ -3436,10 +3436,10 @@ func TestRouteVisit(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_DirectResponse{ - DirectResponse: &envoy_route_v3.DirectResponseAction{ + Action: &envoy_config_route_v3.Route_DirectResponse{ + DirectResponse: &envoy_config_route_v3.DirectResponseAction{ Status: http.StatusServiceUnavailable, }, }, @@ -3463,25 +3463,25 @@ func TestRouteVisit_GlobalExternalAuthorization(t *testing.T) { tests := map[string]struct { objs []any fallbackCertificate *types.NamespacedName - want map[string]*envoy_route_v3.RouteConfiguration + want map[string]*envoy_config_route_v3.RouteConfiguration }{ "HTTP virtual host, authcontext override": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "header_2": "new_message_2", "header_3": "message_3", @@ -3490,19 +3490,19 @@ func TestRouteVisit_GlobalExternalAuthorization(t *testing.T) { }}, }, }, - &contour_api_v1alpha1.ExtensionService{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1alpha1.ExtensionService{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "ns", }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -3513,13 +3513,13 @@ func TestRouteVisit_GlobalExternalAuthorization(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.ExtAuthzFilterName: protobuf.MustMarshalAny(&envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ - CheckSettings: &envoy_config_filter_http_ext_authz_v3.CheckSettings{ + envoy_v3.ExtAuthzFilterName: protobuf.MustMarshalAny(&envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ + CheckSettings: &envoy_filter_http_ext_authz_v3.CheckSettings{ ContextExtensions: map[string]string{ "header_1": "message_1", "header_2": "new_message_2", @@ -3536,39 +3536,39 @@ func TestRouteVisit_GlobalExternalAuthorization(t *testing.T) { }, "HTTP virtual host, auth disabled for a route": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Disabled: true, }, }}, }, }, - &contour_api_v1alpha1.ExtensionService{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1alpha1.ExtensionService{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "ns", }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -3579,12 +3579,12 @@ func TestRouteVisit_GlobalExternalAuthorization(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.ExtAuthzFilterName: protobuf.MustMarshalAny(&envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_Disabled{ + envoy_v3.ExtAuthzFilterName: protobuf.MustMarshalAny(&envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute_Disabled{ Disabled: true, }, }), @@ -3596,24 +3596,24 @@ func TestRouteVisit_GlobalExternalAuthorization(t *testing.T) { }, "HTTPs virtual host, authcontext override": { objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "header_2": "new_message_2", "header_3": "message_3", @@ -3622,27 +3622,27 @@ func TestRouteVisit_GlobalExternalAuthorization(t *testing.T) { }}, }, }, - &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Type: "kubernetes.io/tls", Data: secretdata(CERTIFICATE, RSA_PRIVATE_KEY), }, - &contour_api_v1alpha1.ExtensionService{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1alpha1.ExtensionService{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "test", Namespace: "ns", }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(8080), @@ -3653,11 +3653,11 @@ func TestRouteVisit_GlobalExternalAuthorization(t *testing.T) { want: routeConfigurations( envoy_v3.RouteConfiguration("ingress_http", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), - Action: &envoy_route_v3.Route_Redirect{ - Redirect: &envoy_route_v3.RedirectAction{ - SchemeRewriteSpecifier: &envoy_route_v3.RedirectAction_HttpsRedirect{ + Action: &envoy_config_route_v3.Route_Redirect{ + Redirect: &envoy_config_route_v3.RedirectAction{ + SchemeRewriteSpecifier: &envoy_config_route_v3.RedirectAction_HttpsRedirect{ HttpsRedirect: true, }, }, @@ -3667,13 +3667,13 @@ func TestRouteVisit_GlobalExternalAuthorization(t *testing.T) { ), envoy_v3.RouteConfiguration("https/www.example.com", envoy_v3.VirtualHost("www.example.com", - &envoy_route_v3.Route{ + &envoy_config_route_v3.Route{ Match: routePrefix("/"), Action: routecluster("default/backend/80/da39a3ee5e"), TypedPerFilterConfig: map[string]*anypb.Any{ - envoy_v3.ExtAuthzFilterName: protobuf.MustMarshalAny(&envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute{ - Override: &envoy_config_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ - CheckSettings: &envoy_config_filter_http_ext_authz_v3.CheckSettings{ + envoy_v3.ExtAuthzFilterName: protobuf.MustMarshalAny(&envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute{ + Override: &envoy_filter_http_ext_authz_v3.ExtAuthzPerRoute_CheckSettings{ + CheckSettings: &envoy_filter_http_ext_authz_v3.CheckSettings{ ContextExtensions: map[string]string{ "header_1": "message_1", "header_2": "new_message_2", @@ -3970,35 +3970,35 @@ func TestSortLongestRouteFirst(t *testing.T) { } } -func routecluster(cluster string) *envoy_route_v3.Route_Route { - return &envoy_route_v3.Route_Route{ - Route: &envoy_route_v3.RouteAction{ - ClusterSpecifier: &envoy_route_v3.RouteAction_Cluster{ +func routecluster(cluster string) *envoy_config_route_v3.Route_Route { + return &envoy_config_route_v3.Route_Route{ + Route: &envoy_config_route_v3.RouteAction{ + ClusterSpecifier: &envoy_config_route_v3.RouteAction_Cluster{ Cluster: cluster, }, }, } } -func websocketroute(c string) *envoy_route_v3.Route_Route { +func websocketroute(c string) *envoy_config_route_v3.Route_Route { r := routecluster(c) r.Route.UpgradeConfigs = append(r.Route.UpgradeConfigs, - &envoy_route_v3.RouteAction_UpgradeConfig{ + &envoy_config_route_v3.RouteAction_UpgradeConfig{ UpgradeType: "websocket", }, ) return r } -func routetimeout(cluster string, timeout time.Duration) *envoy_route_v3.Route_Route { +func routetimeout(cluster string, timeout time.Duration) *envoy_config_route_v3.Route_Route { r := routecluster(cluster) r.Route.Timeout = durationpb.New(timeout) return r } -func routeretry(cluster, retryOn string, numRetries uint32, perTryTimeout time.Duration) *envoy_route_v3.Route_Route { +func routeretry(cluster, retryOn string, numRetries uint32, perTryTimeout time.Duration) *envoy_config_route_v3.Route_Route { r := routecluster(cluster) - r.Route.RetryPolicy = &envoy_route_v3.RetryPolicy{ + r.Route.RetryPolicy = &envoy_config_route_v3.RetryPolicy{ RetryOn: retryOn, } if numRetries > 0 { @@ -4010,7 +4010,7 @@ func routeretry(cluster, retryOn string, numRetries uint32, perTryTimeout time.D return r } -func routeRegex(regex string, headers ...dag.HeaderMatchCondition) *envoy_route_v3.RouteMatch { +func routeRegex(regex string, headers ...dag.HeaderMatchCondition) *envoy_config_route_v3.RouteMatch { return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.RegexMatchCondition{ Regex: regex, @@ -4019,7 +4019,7 @@ func routeRegex(regex string, headers ...dag.HeaderMatchCondition) *envoy_route_ }) } -func routePrefixIngress(prefix string, headers ...dag.HeaderMatchCondition) *envoy_route_v3.RouteMatch { +func routePrefixIngress(prefix string, headers ...dag.HeaderMatchCondition) *envoy_config_route_v3.RouteMatch { return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.PrefixMatchCondition{ Prefix: prefix, @@ -4029,7 +4029,7 @@ func routePrefixIngress(prefix string, headers ...dag.HeaderMatchCondition) *env }) } -func routePrefix(prefix string) *envoy_route_v3.RouteMatch { +func routePrefix(prefix string) *envoy_config_route_v3.RouteMatch { return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.PrefixMatchCondition{ Prefix: prefix, @@ -4037,7 +4037,7 @@ func routePrefix(prefix string) *envoy_route_v3.RouteMatch { }) } -func routePrefixWithHeaderConditions(prefix string, headers ...dag.HeaderMatchCondition) *envoy_route_v3.RouteMatch { +func routePrefixWithHeaderConditions(prefix string, headers ...dag.HeaderMatchCondition) *envoy_config_route_v3.RouteMatch { return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.PrefixMatchCondition{ Prefix: prefix, @@ -4046,7 +4046,7 @@ func routePrefixWithHeaderConditions(prefix string, headers ...dag.HeaderMatchCo }) } -func routePrefixWithQueryParameterConditions(prefix string, queryParams ...dag.QueryParamMatchCondition) *envoy_route_v3.RouteMatch { +func routePrefixWithQueryParameterConditions(prefix string, queryParams ...dag.QueryParamMatchCondition) *envoy_config_route_v3.RouteMatch { return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.PrefixMatchCondition{ Prefix: prefix, @@ -4055,7 +4055,7 @@ func routePrefixWithQueryParameterConditions(prefix string, queryParams ...dag.Q }) } -func routeExact(path string, headers ...dag.HeaderMatchCondition) *envoy_route_v3.RouteMatch { +func routeExact(path string, headers ...dag.HeaderMatchCondition) *envoy_config_route_v3.RouteMatch { return envoy_v3.RouteMatch(&dag.Route{ PathMatchCondition: &dag.ExactMatchCondition{ Path: path, @@ -4064,29 +4064,29 @@ func routeExact(path string, headers ...dag.HeaderMatchCondition) *envoy_route_v }) } -func weightedClusters(first, second *envoy_route_v3.WeightedCluster_ClusterWeight, rest ...*envoy_route_v3.WeightedCluster_ClusterWeight) []*envoy_route_v3.WeightedCluster_ClusterWeight { - return append([]*envoy_route_v3.WeightedCluster_ClusterWeight{first, second}, rest...) +func weightedClusters(first, second *envoy_config_route_v3.WeightedCluster_ClusterWeight, rest ...*envoy_config_route_v3.WeightedCluster_ClusterWeight) []*envoy_config_route_v3.WeightedCluster_ClusterWeight { + return append([]*envoy_config_route_v3.WeightedCluster_ClusterWeight{first, second}, rest...) } -func weightedCluster(name string, weight uint32) *envoy_route_v3.WeightedCluster_ClusterWeight { - return &envoy_route_v3.WeightedCluster_ClusterWeight{ +func weightedCluster(name string, weight uint32) *envoy_config_route_v3.WeightedCluster_ClusterWeight { + return &envoy_config_route_v3.WeightedCluster_ClusterWeight{ Name: name, Weight: wrapperspb.UInt32(weight), } } -func routeConfigurations(rcs ...*envoy_route_v3.RouteConfiguration) map[string]*envoy_route_v3.RouteConfiguration { - m := make(map[string]*envoy_route_v3.RouteConfiguration) +func routeConfigurations(rcs ...*envoy_config_route_v3.RouteConfiguration) map[string]*envoy_config_route_v3.RouteConfiguration { + m := make(map[string]*envoy_config_route_v3.RouteConfiguration) for _, rc := range rcs { m[rc.Name] = rc } return m } -func withMirrorPolicy(route *envoy_route_v3.Route_Route, mirror string) *envoy_route_v3.Route_Route { - route.Route.RequestMirrorPolicies = []*envoy_route_v3.RouteAction_RequestMirrorPolicy{{ +func withMirrorPolicy(route *envoy_config_route_v3.Route_Route, mirror string) *envoy_config_route_v3.Route_Route { + route.Route.RequestMirrorPolicies = []*envoy_config_route_v3.RouteAction_RequestMirrorPolicy{{ Cluster: mirror, - RuntimeFraction: &envoy_core_v3.RuntimeFractionalPercent{ + RuntimeFraction: &envoy_config_core_v3.RuntimeFractionalPercent{ DefaultValue: &envoy_type_v3.FractionalPercent{ Numerator: 100, Denominator: envoy_type_v3.FractionalPercent_HUNDRED, @@ -4110,13 +4110,13 @@ func buildDAGGlobalExtAuth(t *testing.T, fallbackCertificate *types.NamespacedNa }, &dag.HTTPProxyProcessor{ FallbackCertificate: fallbackCertificate, - GlobalExternalAuthorization: &contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + GlobalExternalAuthorization: &contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Name: "test", Namespace: "ns", }, FailOpen: false, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "header_1": "message_1", "header_2": "message_2", diff --git a/internal/xdscache/v3/runtime.go b/internal/xdscache/v3/runtime.go index dd35009f711..ce8415f33d5 100644 --- a/internal/xdscache/v3/runtime.go +++ b/internal/xdscache/v3/runtime.go @@ -18,12 +18,13 @@ import ( "sync" resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/structpb" + "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" - "google.golang.org/protobuf/proto" - "google.golang.org/protobuf/types/known/structpb" ) type ConfigurableRuntimeSettings struct { diff --git a/internal/xdscache/v3/runtime_test.go b/internal/xdscache/v3/runtime_test.go index b7b21b48ab6..70c1185af3b 100644 --- a/internal/xdscache/v3/runtime_test.go +++ b/internal/xdscache/v3/runtime_test.go @@ -17,14 +17,15 @@ import ( "testing" envoy_service_runtime_v3 "github.com/envoyproxy/go-control-plane/envoy/service/runtime/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/protobuf" - "github.com/projectcontour/contour/internal/ref" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/structpb" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/protobuf" + "github.com/projectcontour/contour/internal/ref" ) func TestRuntimeCacheContents(t *testing.T) { @@ -114,21 +115,21 @@ func TestRuntimeCacheQuery(t *testing.T) { } func TestRuntimeVisit(t *testing.T) { - service := &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + service := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, }}, }, } - secret := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + secret := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, @@ -160,20 +161,20 @@ func TestRuntimeVisit(t *testing.T) { MaxConnectionsPerListener: ref.To(uint32(100)), }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -200,23 +201,23 @@ func TestRuntimeVisit(t *testing.T) { MaxConnectionsPerListener: ref.To(uint32(100)), }, objs: []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -256,33 +257,33 @@ func TestRuntimeCacheOnChangeDelete(t *testing.T) { MaxConnectionsPerListener: ref.To(uint32(100)), } objs := []any{ - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, diff --git a/internal/xdscache/v3/secret.go b/internal/xdscache/v3/secret.go index 8fe079f0984..c6359e17991 100644 --- a/internal/xdscache/v3/secret.go +++ b/internal/xdscache/v3/secret.go @@ -17,28 +17,29 @@ import ( "sort" "sync" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3" + "google.golang.org/protobuf/proto" + "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/envoy" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/protobuf" "github.com/projectcontour/contour/internal/sorter" - "google.golang.org/protobuf/proto" ) // SecretCache manages the contents of the gRPC SDS cache. type SecretCache struct { mu sync.Mutex - values map[string]*envoy_tls_v3.Secret - staticValues map[string]*envoy_tls_v3.Secret + values map[string]*envoy_transport_socket_tls_v3.Secret + staticValues map[string]*envoy_transport_socket_tls_v3.Secret contour.Cond } -func NewSecretsCache(secrets []*envoy_tls_v3.Secret) *SecretCache { +func NewSecretsCache(secrets []*envoy_transport_socket_tls_v3.Secret) *SecretCache { secretCache := &SecretCache{ - staticValues: map[string]*envoy_tls_v3.Secret{}, + staticValues: map[string]*envoy_transport_socket_tls_v3.Secret{}, } for _, s := range secrets { @@ -48,7 +49,7 @@ func NewSecretsCache(secrets []*envoy_tls_v3.Secret) *SecretCache { } // Update replaces the contents of the cache with the supplied map. -func (c *SecretCache) Update(v map[string]*envoy_tls_v3.Secret) { +func (c *SecretCache) Update(v map[string]*envoy_transport_socket_tls_v3.Secret) { c.mu.Lock() defer c.mu.Unlock() @@ -60,7 +61,7 @@ func (c *SecretCache) Update(v map[string]*envoy_tls_v3.Secret) { func (c *SecretCache) Contents() []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_tls_v3.Secret + var values []*envoy_transport_socket_tls_v3.Secret for _, v := range c.values { values = append(values, v) } @@ -74,7 +75,7 @@ func (c *SecretCache) Contents() []proto.Message { func (c *SecretCache) Query(names []string) []proto.Message { c.mu.Lock() defer c.mu.Unlock() - var values []*envoy_tls_v3.Secret + var values []*envoy_transport_socket_tls_v3.Secret for _, n := range names { // we can only return secrets where their value is // known. if the secret is not registered in the cache @@ -95,7 +96,7 @@ func (c *SecretCache) Query(names []string) []proto.Message { func (*SecretCache) TypeURL() string { return resource.SecretType } func (c *SecretCache) OnChange(root *dag.DAG) { - secrets := map[string]*envoy_tls_v3.Secret{} + secrets := map[string]*envoy_transport_socket_tls_v3.Secret{} for _, secret := range root.GetSecrets() { name := envoy.Secretname(secret) diff --git a/internal/xdscache/v3/secret_test.go b/internal/xdscache/v3/secret_test.go index 989d50c744e..1aa187047fc 100644 --- a/internal/xdscache/v3/secret_test.go +++ b/internal/xdscache/v3/secret_test.go @@ -16,23 +16,24 @@ package v3 import ( "testing" - envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" - envoy_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/internal/fixture" - "github.com/projectcontour/contour/internal/protobuf" + envoy_config_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + envoy_transport_socket_tls_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "google.golang.org/protobuf/proto" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/internal/fixture" + "github.com/projectcontour/contour/internal/protobuf" ) func TestSecretCacheContents(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_tls_v3.Secret + contents map[string]*envoy_transport_socket_tls_v3.Secret want []proto.Message }{ "empty": { @@ -61,7 +62,7 @@ func TestSecretCacheContents(t *testing.T) { func TestSecretCacheQuery(t *testing.T) { tests := map[string]struct { - contents map[string]*envoy_tls_v3.Secret + contents map[string]*envoy_transport_socket_tls_v3.Secret query []string want []proto.Message }{ @@ -106,28 +107,28 @@ func TestSecretCacheQuery(t *testing.T) { func TestSecretVisit(t *testing.T) { tests := map[string]struct { objs []any - want map[string]*envoy_tls_v3.Secret + want map[string]*envoy_transport_socket_tls_v3.Secret }{ "nothing": { objs: nil, - want: map[string]*envoy_tls_v3.Secret{}, + want: map[string]*envoy_transport_socket_tls_v3.Secret{}, }, "unassociated secrets": { objs: []any{ tlssecret("default", "secret-a", secretdata(CERTIFICATE, RSA_PRIVATE_KEY)), tlssecret("default", "secret-b", secretdata(CERTIFICATE_2, RSA_PRIVATE_KEY_2)), }, - want: map[string]*envoy_tls_v3.Secret{}, + want: map[string]*envoy_transport_socket_tls_v3.Secret{}, }, "simple ingress with secret": { objs: []any{ - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, @@ -136,7 +137,7 @@ func TestSecretVisit(t *testing.T) { }, }, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, @@ -165,13 +166,13 @@ func TestSecretVisit(t *testing.T) { }, "multiple ingresses with shared secret": { objs: []any{ - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 8080, @@ -180,7 +181,7 @@ func TestSecretVisit(t *testing.T) { }, }, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple-a", Namespace: "default", }, @@ -202,7 +203,7 @@ func TestSecretVisit(t *testing.T) { }, }, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple-b", Namespace: "default", }, @@ -231,13 +232,13 @@ func TestSecretVisit(t *testing.T) { }, "multiple ingresses with different secrets": { objs: []any{ - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kuard", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 80, @@ -246,7 +247,7 @@ func TestSecretVisit(t *testing.T) { }, }, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple-a", Namespace: "default", }, @@ -268,7 +269,7 @@ func TestSecretVisit(t *testing.T) { }, }, &networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple-b", Namespace: "default", }, @@ -299,13 +300,13 @@ func TestSecretVisit(t *testing.T) { }, "simple httpproxy with secret": { objs: []any{ - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 80, @@ -313,20 +314,20 @@ func TestSecretVisit(t *testing.T) { }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -341,13 +342,13 @@ func TestSecretVisit(t *testing.T) { }, "multiple httpproxies with shared secret": { objs: []any{ - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 80, @@ -355,40 +356,40 @@ func TestSecretVisit(t *testing.T) { }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple-a", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www1.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple-b", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www2.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -403,13 +404,13 @@ func TestSecretVisit(t *testing.T) { }, "multiple httpproxies with different secret": { objs: []any{ - &v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "backend", Namespace: "default", }, - Spec: v1.ServiceSpec{ - Ports: []v1.ServicePort{{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{{ Name: "http", Protocol: "TCP", Port: 80, @@ -417,40 +418,40 @@ func TestSecretVisit(t *testing.T) { }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple-a", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www1.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret-a", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, }}, }, }, - &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple-b", Namespace: "default", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "www2.example.com", - TLS: &contour_api_v1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "secret-b", }, }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "backend", Port: 80, }}, @@ -525,27 +526,27 @@ func buildDAGFallback(t *testing.T, fallbackCertificate *types.NamespacedName, o return builder.Build() } -func secretmap(secrets ...*envoy_tls_v3.Secret) map[string]*envoy_tls_v3.Secret { - m := make(map[string]*envoy_tls_v3.Secret) +func secretmap(secrets ...*envoy_transport_socket_tls_v3.Secret) map[string]*envoy_transport_socket_tls_v3.Secret { + m := make(map[string]*envoy_transport_socket_tls_v3.Secret) for _, s := range secrets { m[s.Name] = s } return m } -func secret(name string, data map[string][]byte) *envoy_tls_v3.Secret { - return &envoy_tls_v3.Secret{ +func secret(name string, data map[string][]byte) *envoy_transport_socket_tls_v3.Secret { + return &envoy_transport_socket_tls_v3.Secret{ Name: name, - Type: &envoy_tls_v3.Secret_TlsCertificate{ - TlsCertificate: &envoy_tls_v3.TlsCertificate{ - CertificateChain: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ - InlineBytes: data[v1.TLSCertKey], + Type: &envoy_transport_socket_tls_v3.Secret_TlsCertificate{ + TlsCertificate: &envoy_transport_socket_tls_v3.TlsCertificate{ + CertificateChain: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ + InlineBytes: data[core_v1.TLSCertKey], }, }, - PrivateKey: &envoy_core_v3.DataSource{ - Specifier: &envoy_core_v3.DataSource_InlineBytes{ - InlineBytes: data[v1.TLSPrivateKeyKey], + PrivateKey: &envoy_config_core_v3.DataSource{ + Specifier: &envoy_config_core_v3.DataSource_InlineBytes{ + InlineBytes: data[core_v1.TLSPrivateKeyKey], }, }, }, @@ -553,14 +554,14 @@ func secret(name string, data map[string][]byte) *envoy_tls_v3.Secret { } } -// tlssecert creates a new v1.Secret object of type kubernetes.io/tls. -func tlssecret(namespace, name string, data map[string][]byte) *v1.Secret { - return &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ +// tlssecert creates a new(core_v1.Secret object of type kubernetes.io/tls. +func tlssecret(namespace, name string, data map[string][]byte) *core_v1.Secret { + return &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Type: v1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: data, } } @@ -678,7 +679,7 @@ s9pb3b/IYa6Tnxo6cPdhwZ3CrLlq/1IopES1SmvaS4dgMFmf/0vk func secretdata(cert, key string) map[string][]byte { return map[string][]byte{ - v1.TLSCertKey: []byte(cert), - v1.TLSPrivateKeyKey: []byte(key), + core_v1.TLSCertKey: []byte(cert), + core_v1.TLSPrivateKeyKey: []byte(key), } } diff --git a/internal/xdscache/v3/server_test.go b/internal/xdscache/v3/server_test.go index 33f8d1d2d72..7472e17bfb3 100644 --- a/internal/xdscache/v3/server_test.go +++ b/internal/xdscache/v3/server_test.go @@ -20,7 +20,7 @@ import ( "time" envoy_service_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/service/cluster/v3" - discovery "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" + envoy_service_discovery_v3 "github.com/envoyproxy/go-control-plane/envoy/service/discovery/v3" envoy_service_endpoint_v3 "github.com/envoyproxy/go-control-plane/envoy/service/endpoint/v3" envoy_service_listener_v3 "github.com/envoyproxy/go-control-plane/envoy/service/listener/v3" envoy_service_route_v3 "github.com/envoyproxy/go-control-plane/envoy/service/route/v3" @@ -32,10 +32,10 @@ import ( "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/status" - v1 "k8s.io/api/core/v1" - discoveryv1 "k8s.io/api/discovery/v1" + core_v1 "k8s.io/api/core/v1" + discovery_v1 "k8s.io/api/discovery/v1" networking_v1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "github.com/projectcontour/contour/internal/contour" @@ -55,16 +55,16 @@ func TestGRPC(t *testing.T) { tests := map[string]func(*testing.T, *grpc.ClientConn){ "StreamClusters": func(t *testing.T, cc *grpc.ClientConn) { - eh.OnAdd(&v1.Service{ - ObjectMeta: metav1.ObjectMeta{ + eh.OnAdd(&core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "simple", Namespace: "default", }, - Spec: v1.ServiceSpec{ + Spec: core_v1.ServiceSpec{ Selector: map[string]string{ "app": "simple", }, - Ports: []v1.ServicePort{{ + Ports: []core_v1.ServicePort{{ Protocol: "TCP", Port: 80, TargetPort: intstr.FromInt(6502), @@ -82,16 +82,16 @@ func TestGRPC(t *testing.T) { checktimeout(t, stream) // check that the second receive times out }, "StreamEndpoints": func(t *testing.T, cc *grpc.ClientConn) { - et.OnAdd(&v1.Endpoints{ - ObjectMeta: metav1.ObjectMeta{ + et.OnAdd(&core_v1.Endpoints{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kube-scheduler", Namespace: "kube-system", }, - Subsets: []v1.EndpointSubset{{ - Addresses: []v1.EndpointAddress{{ + Subsets: []core_v1.EndpointSubset{{ + Addresses: []core_v1.EndpointAddress{{ IP: "130.211.139.167", }}, - Ports: []v1.EndpointPort{{ + Ports: []core_v1.EndpointPort{{ Port: 80, }, { Port: 443, @@ -109,20 +109,20 @@ func TestGRPC(t *testing.T) { checktimeout(t, stream) // check that the second receive times out }, "StreamEndpointSlices": func(t *testing.T, cc *grpc.ClientConn) { - et.OnAdd(&discoveryv1.EndpointSlice{ - ObjectMeta: metav1.ObjectMeta{ + et.OnAdd(&discovery_v1.EndpointSlice{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "kube-scheduler", Namespace: "kube-system", }, - AddressType: discoveryv1.AddressTypeIPv4, - Endpoints: []discoveryv1.Endpoint{ + AddressType: discovery_v1.AddressTypeIPv4, + Endpoints: []discovery_v1.Endpoint{ { Addresses: []string{ "130.211.139.167", }, }, }, - Ports: []discoveryv1.EndpointPort{ + Ports: []discovery_v1.EndpointPort{ { Port: ref.To[int32](80), }, @@ -144,7 +144,7 @@ func TestGRPC(t *testing.T) { "StreamListeners": func(t *testing.T, cc *grpc.ClientConn) { // add an ingress, which will create a non tls listener eh.OnAdd(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httpbin-org", Namespace: "default", }, @@ -173,7 +173,7 @@ func TestGRPC(t *testing.T) { }, "StreamRoutes": func(t *testing.T, cc *grpc.ClientConn) { eh.OnAdd(&networking_v1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "httpbin-org", Namespace: "default", }, @@ -201,14 +201,14 @@ func TestGRPC(t *testing.T) { checktimeout(t, stream) // check that the second receive times out }, "StreamSecrets": func(t *testing.T, cc *grpc.ClientConn) { - eh.OnAdd(&v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + eh.OnAdd(&core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "secret", Namespace: "default", }, Data: map[string][]byte{ - v1.TLSCertKey: []byte("certificate"), - v1.TLSPrivateKeyKey: []byte("key"), + core_v1.TLSCertKey: []byte("certificate"), + core_v1.TLSPrivateKeyKey: []byte("key"), }, }, false) @@ -279,18 +279,18 @@ func TestGRPC(t *testing.T) { } func sendreq(t *testing.T, stream interface { - Send(*discovery.DiscoveryRequest) error + Send(*envoy_service_discovery_v3.DiscoveryRequest) error }, typeurl string, ) { t.Helper() - err := stream.Send(&discovery.DiscoveryRequest{ + err := stream.Send(&envoy_service_discovery_v3.DiscoveryRequest{ TypeUrl: typeurl, }) require.NoError(t, err) } func checkrecv(t *testing.T, stream interface { - Recv() (*discovery.DiscoveryResponse, error) + Recv() (*envoy_service_discovery_v3.DiscoveryResponse, error) }, ) { t.Helper() @@ -299,7 +299,7 @@ func checkrecv(t *testing.T, stream interface { } func checktimeout(t *testing.T, stream interface { - Recv() (*discovery.DiscoveryResponse, error) + Recv() (*envoy_service_discovery_v3.DiscoveryResponse, error) }, ) { t.Helper() diff --git a/internal/xdscache/v3/snapshot.go b/internal/xdscache/v3/snapshot.go index 696a08102ef..7842dbd884b 100644 --- a/internal/xdscache/v3/snapshot.go +++ b/internal/xdscache/v3/snapshot.go @@ -21,10 +21,11 @@ import ( envoy_cache_v3 "github.com/envoyproxy/go-control-plane/pkg/cache/v3" envoy_resource_v3 "github.com/envoyproxy/go-control-plane/pkg/resource/v3" "github.com/google/uuid" + "github.com/sirupsen/logrus" + "github.com/projectcontour/contour/internal/dag" contour_xds_v3 "github.com/projectcontour/contour/internal/xds/v3" "github.com/projectcontour/contour/internal/xdscache" - "github.com/sirupsen/logrus" ) // SnapshotHandler responds to DAG builds via the OnChange() diff --git a/pkg/config/accesslog.go b/pkg/config/accesslog.go index a074d73143f..7cb05892ac6 100644 --- a/pkg/config/accesslog.go +++ b/pkg/config/accesslog.go @@ -14,12 +14,12 @@ package config import ( - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) // DefaultFields are fields that will be included by default when JSON logging is enabled. -var DefaultFields = AccessLogFields(contour_api_v1alpha1.DefaultAccessLogJSONFields) +var DefaultFields = AccessLogFields(contour_v1alpha1.DefaultAccessLogJSONFields) // DEFAULT_ACCESS_LOG_TYPE is the default access log format. // nolint:revive -const DEFAULT_ACCESS_LOG_TYPE AccessLogType = AccessLogType(contour_api_v1alpha1.DefaultAccessLogType) +const DEFAULT_ACCESS_LOG_TYPE AccessLogType = AccessLogType(contour_v1alpha1.DefaultAccessLogType) diff --git a/pkg/config/ciphersuites.go b/pkg/config/ciphersuites.go index 75156170a03..c10ea24f9f9 100644 --- a/pkg/config/ciphersuites.go +++ b/pkg/config/ciphersuites.go @@ -14,7 +14,7 @@ package config import ( - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) // TLSCiphers holds a list of TLS ciphers @@ -29,18 +29,18 @@ type TLSCiphers []string // // The commented ciphers are left in place to simplify updating this list for future // versions of envoy. -var DefaultTLSCiphers = TLSCiphers(contour_api_v1alpha1.DefaultTLSCiphers) +var DefaultTLSCiphers = TLSCiphers(contour_v1alpha1.DefaultTLSCiphers) // ValidTLSCiphers contains the list of TLS ciphers that Envoy supports // See: https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#extensions-transport-sockets-tls-v3-tlsparameters // Note: This list is a superset of what is valid for stock Envoy builds and those using BoringSSL FIPS. -var ValidTLSCiphers = contour_api_v1alpha1.ValidTLSCiphers +var ValidTLSCiphers = contour_v1alpha1.ValidTLSCiphers // SanitizeCipherSuites trims a list of ciphers to remove whitespace and // duplicates, returning the passed in default if the corrected list is empty. // The ciphers argument should be a list of valid ciphers. func SanitizeCipherSuites(ciphers []string) []string { - e := &contour_api_v1alpha1.EnvoyTLS{ + e := &contour_v1alpha1.EnvoyTLS{ CipherSuites: ciphers, } return e.SanitizedCipherSuites() @@ -48,7 +48,7 @@ func SanitizeCipherSuites(ciphers []string) []string { // Validate ciphers. Returns error on unsupported cipher. func (tlsCiphers TLSCiphers) Validate() error { - e := &contour_api_v1alpha1.EnvoyTLS{ + e := &contour_v1alpha1.EnvoyTLS{ CipherSuites: tlsCiphers, } return e.Validate() diff --git a/pkg/config/parameters.go b/pkg/config/parameters.go index 52edabb2869..539970a591c 100644 --- a/pkg/config/parameters.go +++ b/pkg/config/parameters.go @@ -22,10 +22,11 @@ import ( "strings" "time" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "gopkg.in/yaml.v3" "k8s.io/apimachinery/pkg/util/validation" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) // ServerType is the name of a xDS server implementation. @@ -120,7 +121,7 @@ const ( type AccessLogType string func (a AccessLogType) Validate() error { - return contour_api_v1alpha1.AccessLogType(a).Validate() + return contour_v1alpha1.AccessLogType(a).Validate() } const ( @@ -131,20 +132,20 @@ const ( type AccessLogFields []string func (a AccessLogFields) Validate() error { - return contour_api_v1alpha1.AccessLogJSONFields(a).Validate() + return contour_v1alpha1.AccessLogJSONFields(a).Validate() } func (a AccessLogFields) AsFieldMap() map[string]string { - return contour_api_v1alpha1.AccessLogJSONFields(a).AsFieldMap() + return contour_v1alpha1.AccessLogJSONFields(a).AsFieldMap() } // AccessLogFormatterExtensions returns a list of formatter extension names required by the access log format. func (p Parameters) AccessLogFormatterExtensions() []string { - el := &contour_api_v1alpha1.EnvoyLogging{ - AccessLogFormat: contour_api_v1alpha1.AccessLogType(p.AccessLogFormat), + el := &contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.AccessLogType(p.AccessLogFormat), AccessLogFormatString: p.AccessLogFormatString, - AccessLogJSONFields: contour_api_v1alpha1.AccessLogJSONFields(p.AccessLogFields), - AccessLogLevel: contour_api_v1alpha1.AccessLogLevel(p.AccessLogLevel), + AccessLogJSONFields: contour_v1alpha1.AccessLogJSONFields(p.AccessLogFields), + AccessLogLevel: contour_v1alpha1.AccessLogLevel(p.AccessLogLevel), } return el.AccessLogFormatterExtensions() } @@ -242,7 +243,7 @@ func (t ProtocolParameters) Validate() error { return fmt.Errorf("invalid TLS cipher suites: %w", err) } - return contour_api_v1alpha1.ValidateTLSProtocolVersions(t.MinimumProtocolVersion, t.MaximumProtocolVersion) + return contour_v1alpha1.ValidateTLSProtocolVersions(t.MinimumProtocolVersion, t.MaximumProtocolVersion) } // ServerParameters holds the configuration for the Contour xDS server. @@ -460,7 +461,7 @@ type ClusterParameters struct { // GlobalCircuitBreakerDefaults holds configurable global defaults for the circuit breakers. // // +optional - GlobalCircuitBreakerDefaults *contour_api_v1alpha1.GlobalCircuitBreakerDefaults `yaml:"circuit-breakers,omitempty"` + GlobalCircuitBreakerDefaults *contour_v1alpha1.GlobalCircuitBreakerDefaults `yaml:"circuit-breakers,omitempty"` // UpstreamTLS contains the TLS policy parameters for upstream connections UpstreamTLS ProtocolParameters `yaml:"upstream-tls,omitempty"` @@ -867,7 +868,7 @@ type RateLimitService struct { // DefaultGlobalRateLimitPolicy allows setting a default global rate limit policy for all HTTPProxy // HTTPProxy can overwrite this configuration. - DefaultGlobalRateLimitPolicy *contour_api_v1.GlobalRateLimitPolicy `yaml:"defaultGlobalRateLimitPolicy,omitempty"` + DefaultGlobalRateLimitPolicy *contour_v1.GlobalRateLimitPolicy `yaml:"defaultGlobalRateLimitPolicy,omitempty"` } // MetricsParameters defines configuration for metrics server endpoints in both @@ -973,7 +974,7 @@ func (p *MetricsServerParameters) HasTLS() bool { type AccessLogLevel string func (a AccessLogLevel) Validate() error { - return contour_api_v1alpha1.AccessLogLevel(a).Validate() + return contour_v1alpha1.AccessLogLevel(a).Validate() } const ( @@ -1009,7 +1010,7 @@ func (p *Parameters) Validate() error { return err } - if err := contour_api_v1alpha1.AccessLogFormatString(p.AccessLogFormatString).Validate(); err != nil { + if err := contour_v1alpha1.AccessLogFormatString(p.AccessLogFormatString).Validate(); err != nil { return err } diff --git a/pkg/config/parameters_test.go b/pkg/config/parameters_test.go index 60e8dda17e7..3e275286a8f 100644 --- a/pkg/config/parameters_test.go +++ b/pkg/config/parameters_test.go @@ -18,10 +18,11 @@ import ( "strings" "testing" - "github.com/projectcontour/contour/internal/ref" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "gopkg.in/yaml.v3" + + "github.com/projectcontour/contour/internal/ref" ) func TestGetenvOr(t *testing.T) { diff --git a/test/conformance/gatewayapi/gateway_conformance_test.go b/test/conformance/gatewayapi/gateway_conformance_test.go index 86165a97226..361bab69311 100644 --- a/test/conformance/gatewayapi/gateway_conformance_test.go +++ b/test/conformance/gatewayapi/gateway_conformance_test.go @@ -31,9 +31,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/config" "sigs.k8s.io/controller-runtime/pkg/log" - v1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" conformance_v1alpha1 "sigs.k8s.io/gateway-api/conformance/apis/v1alpha1" "sigs.k8s.io/gateway-api/conformance/tests" "sigs.k8s.io/gateway-api/conformance/utils/flags" @@ -53,9 +53,9 @@ func TestGatewayConformance(t *testing.T) { clientset, err := kubernetes.NewForConfig(cfg) require.NoError(t, err) - require.NoError(t, v1alpha2.AddToScheme(client.Scheme())) - require.NoError(t, v1beta1.AddToScheme(client.Scheme())) - require.NoError(t, v1.AddToScheme(client.Scheme())) + require.NoError(t, gatewayapi_v1alpha2.AddToScheme(client.Scheme())) + require.NoError(t, gatewayapi_v1beta1.AddToScheme(client.Scheme())) + require.NoError(t, gatewayapi_v1.AddToScheme(client.Scheme())) cSuiteOptions := suite.Options{ Client: client, diff --git a/test/e2e/bench/bench_test.go b/test/e2e/bench/bench_test.go index b452d1d5f63..57f52095eda 100644 --- a/test/e2e/bench/bench_test.go +++ b/test/e2e/bench/bench_test.go @@ -29,19 +29,20 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/onsi/gomega/gmeasure" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" "gonum.org/v1/plot" "gonum.org/v1/plot/plotter" "gonum.org/v1/plot/vg" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) var ( @@ -76,27 +77,27 @@ var _ = BeforeSuite(func() { "projectcontour.bench-workload": "app", } // Add resource limits to Contour Deployment. - f.Deployment.ContourDeployment.Spec.Template.Spec.Containers[0].Resources = corev1.ResourceRequirements{ - Limits: corev1.ResourceList{ - corev1.ResourceCPU: resource.MustParse("1"), - corev1.ResourceMemory: resource.MustParse("2Gi"), + f.Deployment.ContourDeployment.Spec.Template.Spec.Containers[0].Resources = core_v1.ResourceRequirements{ + Limits: core_v1.ResourceList{ + core_v1.ResourceCPU: resource.MustParse("1"), + core_v1.ResourceMemory: resource.MustParse("2Gi"), }, } // Add metrics port to Envoy DaemonSet. f.Deployment.EnvoyDaemonSet.Spec.Template.Spec.Containers[1].Ports = append( f.Deployment.EnvoyDaemonSet.Spec.Template.Spec.Containers[1].Ports, - corev1.ContainerPort{ + core_v1.ContainerPort{ Name: "metrics", HostPort: 8002, ContainerPort: 8002, - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, }, ) require.NoError(f.T(), f.Deployment.EnsureResourcesForInclusterContour(true)) require.Eventually(f.T(), func() bool { - s := &corev1.Service{} + s := &core_v1.Service{} if err := f.Client.Get(context.TODO(), client.ObjectKeyFromObject(f.Deployment.EnvoyService), s); err != nil { return false } @@ -116,28 +117,28 @@ var _ = Describe("Benchmark", func() { f.NamespacedTest("sequential-service-creation", func(namespace string) { Context("with many services created sequentially", func() { deployApp := func(name string) { - deployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployment := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: name, }, - Spec: appsv1.DeploymentSpec{ - Selector: &metav1.LabelSelector{ + Spec: apps_v1.DeploymentSpec{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"app.kubernetes.io/name": name}, }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ + Template: core_v1.PodTemplateSpec{ + ObjectMeta: meta_v1.ObjectMeta{ Labels: map[string]string{"app.kubernetes.io/name": name}, }, - Spec: corev1.PodSpec{ + Spec: core_v1.PodSpec{ NodeSelector: map[string]string{ "projectcontour.bench-workload": "app", }, - Containers: []corev1.Container{ + Containers: []core_v1.Container{ { Name: "conformance-echo", Image: "gcr.io/k8s-staging-ingressconformance/echoserver@sha256:dc59c3e517399b436fa9db58f16506bd37f3cd831a7298eaf01bd5762ec514e1", - Env: []corev1.EnvVar{ + Env: []core_v1.EnvVar{ { Name: "INGRESS_NAME", Value: name, @@ -148,30 +149,30 @@ var _ = Describe("Benchmark", func() { }, { Name: "POD_NAME", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ FieldPath: "metadata.name", }, }, }, { Name: "NAMESPACE", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ FieldPath: "metadata.namespace", }, }, }, }, - Ports: []corev1.ContainerPort{ + Ports: []core_v1.ContainerPort{ { Name: "http-api", ContainerPort: 3000, }, }, - ReadinessProbe: &corev1.Probe{ - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ + ReadinessProbe: &core_v1.Probe{ + ProbeHandler: core_v1.ProbeHandler{ + HTTPGet: &core_v1.HTTPGetAction{ Path: "/health", Port: intstr.FromInt(3000), }, @@ -185,13 +186,13 @@ var _ = Describe("Benchmark", func() { } require.NoError(f.T(), f.Client.Create(context.TODO(), deployment)) - service := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + service := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: name, }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{ { Name: "http", Port: 80, @@ -205,30 +206,30 @@ var _ = Describe("Benchmark", func() { // Wait for deployment availability before we continue. require.Eventually(f.T(), func() bool { - d := &appsv1.Deployment{} + d := &apps_v1.Deployment{} if err := f.Client.Get(context.TODO(), client.ObjectKeyFromObject(deployment), d); err != nil { return false } for _, c := range d.Status.Conditions { - return c.Type == appsv1.DeploymentAvailable && c.Status == corev1.ConditionTrue + return c.Type == apps_v1.DeploymentAvailable && c.Status == core_v1.ConditionTrue } return false }, time.Minute*2, f.RetryInterval) } deployHTTPProxy := func(name string) { - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: name, }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: name + ".projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: name, Port: 80, @@ -250,7 +251,7 @@ var _ = Describe("Benchmark", func() { // Warm up Envoy on each worker node to ensure no outliers. deployApp("warm-up") deployHTTPProxy("warm-up") - nodes := &corev1.NodeList{} + nodes := &core_v1.NodeList{} labelSelector := &client.ListOptions{ LabelSelector: labels.SelectorFromSet(f.Deployment.EnvoyDaemonSet.Spec.Template.Spec.NodeSelector), } @@ -259,7 +260,7 @@ var _ = Describe("Benchmark", func() { for _, node := range nodes.Items { nodeExternalIP := "" for _, a := range node.Status.Addresses { - if a.Type == corev1.NodeExternalIP { + if a.Type == core_v1.NodeExternalIP { nodeExternalIP = a.Address } } diff --git a/test/e2e/certs.go b/test/e2e/certs.go index 930802cfb8f..028575c9a31 100644 --- a/test/e2e/certs.go +++ b/test/e2e/certs.go @@ -25,10 +25,10 @@ import ( certmanagermetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" api_errors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" "sigs.k8s.io/controller-runtime/pkg/client" ) @@ -46,7 +46,7 @@ type Certs struct { // and uses it to create a self-signed Certificate. It returns a cleanup function. func (c *Certs) CreateSelfSignedCert(ns, name, secretName, dnsName string) func() { issuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: "selfsigned", }, @@ -62,7 +62,7 @@ func (c *Certs) CreateSelfSignedCert(ns, name, secretName, dnsName string) func( } cert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, @@ -110,7 +110,7 @@ func (c *Certs) CreateCertAndWaitFor(cert *certmanagerv1.Certificate, condition // secret and optional CA certificate. The secret must have the "tls.crt" and "tls.key" keys, // and "ca.crt" if CA certificate is also provided. func (c *Certs) GetTLSCertificate(secretNamespace, secretName string) (tls.Certificate, *x509.CertPool) { - secret := &corev1.Secret{} + secret := &core_v1.Secret{} require.NoError(c.t, c.client.Get(context.TODO(), client.ObjectKey{Namespace: secretNamespace, Name: secretName}, secret)) cert, err := tls.X509KeyPair(secret.Data["tls.crt"], secret.Data["tls.key"]) @@ -129,7 +129,7 @@ func (c *Certs) GetTLSCertificate(secretNamespace, secretName string) (tls.Certi // ensureSelfSignedIssuer ensuers that selfsigned issuer is created. func (c *Certs) ensureSelfSignedIssuer(ns string) *certmanagerv1.Issuer { issuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: "selfsigned", }, @@ -156,7 +156,7 @@ func (c *Certs) CreateCA(ns, name string) func() { issuer := c.ensureSelfSignedIssuer(ns) caSigningCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, @@ -183,7 +183,7 @@ func (c *Certs) CreateCA(ns, name string) func() { require.NoError(c.t, c.client.Create(context.TODO(), caSigningCert)) localCAIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, @@ -199,8 +199,8 @@ func (c *Certs) CreateCA(ns, name string) func() { require.NoError(c.t, c.client.Create(context.TODO(), localCAIssuer)) return func() { - caSecret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + caSecret := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, @@ -215,7 +215,7 @@ func (c *Certs) CreateCA(ns, name string) func() { // CreateCert creates end-entity certificate using given CA issuer. func (c *Certs) CreateCert(ns, name, issuer string, dnsNames ...string) func() { cert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, @@ -231,8 +231,8 @@ func (c *Certs) CreateCert(ns, name, issuer string, dnsNames ...string) func() { require.NoError(c.t, c.client.Create(context.TODO(), cert)) return func() { - secret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + secret := &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, diff --git a/test/e2e/deployment.go b/test/e2e/deployment.go index dae0fce22f9..fd73f1f69d7 100644 --- a/test/e2e/deployment.go +++ b/test/e2e/deployment.go @@ -31,24 +31,25 @@ import ( "time" "github.com/onsi/gomega/gexec" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/pkg/config" "gopkg.in/yaml.v3" apps_v1 "k8s.io/api/apps/v1" batch_v1 "k8s.io/api/batch/v1" - coordinationv1 "k8s.io/api/coordination/v1" - v1 "k8s.io/api/core/v1" + coordination_v1 "k8s.io/api/coordination/v1" + core_v1 "k8s.io/api/core/v1" rbac_v1 "k8s.io/api/rbac/v1" apiextensions_v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" api_errors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/wait" apimachinery_util_yaml "k8s.io/apimachinery/pkg/util/yaml" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/pkg/config" ) // EnvoyDeploymentMode determines how Envoy is deployed (daemonset or deployment) @@ -81,11 +82,11 @@ type Deployment struct { // EnvoyDeploymentMode determines how Envoy is deployed (daemonset or deployment) EnvoyDeploymentMode - Namespace *v1.Namespace - ContourServiceAccount *v1.ServiceAccount - EnvoyServiceAccount *v1.ServiceAccount - ContourConfigMap *v1.ConfigMap - CertgenServiceAccount *v1.ServiceAccount + Namespace *core_v1.Namespace + ContourServiceAccount *core_v1.ServiceAccount + EnvoyServiceAccount *core_v1.ServiceAccount + ContourConfigMap *core_v1.ConfigMap + CertgenServiceAccount *core_v1.ServiceAccount CertgenRoleBinding *rbac_v1.RoleBinding CertgenRole *rbac_v1.Role CertgenJob *batch_v1.Job @@ -93,25 +94,25 @@ type Deployment struct { ContourRoleBinding *rbac_v1.RoleBinding ContourClusterRole *rbac_v1.ClusterRole ContourRole *rbac_v1.Role - ContourService *v1.Service - EnvoyService *v1.Service + ContourService *core_v1.Service + EnvoyService *core_v1.Service ContourDeployment *apps_v1.Deployment EnvoyDaemonSet *apps_v1.DaemonSet EnvoyDeployment *apps_v1.Deployment // Optional volumes that will be attached to Envoy daemonset. - EnvoyExtraVolumes []v1.Volume - EnvoyExtraVolumeMounts []v1.VolumeMount + EnvoyExtraVolumes []core_v1.Volume + EnvoyExtraVolumeMounts []core_v1.VolumeMount // Ratelimit deployment. RateLimitDeployment *apps_v1.Deployment - RateLimitService *v1.Service - RateLimitExtensionService *contour_api_v1alpha1.ExtensionService + RateLimitService *core_v1.Service + RateLimitExtensionService *contour_v1alpha1.ExtensionService // Global External Authorization deployment. GlobalExtAuthDeployment *apps_v1.Deployment - GlobalExtAuthService *v1.Service - GlobalExtAuthExtensionService *contour_api_v1alpha1.ExtensionService + GlobalExtAuthService *core_v1.Service + GlobalExtAuthExtensionService *contour_v1alpha1.ExtensionService } // UnmarshalResources unmarshals resources from rendered Contour manifest in @@ -144,11 +145,11 @@ func (d *Deployment) UnmarshalResources() error { defer deploymentFile.Close() decoderDeployment := apimachinery_util_yaml.NewYAMLToJSONDecoder(deploymentFile) - d.Namespace = new(v1.Namespace) - d.ContourServiceAccount = new(v1.ServiceAccount) - d.EnvoyServiceAccount = new(v1.ServiceAccount) - d.ContourConfigMap = new(v1.ConfigMap) - d.CertgenServiceAccount = new(v1.ServiceAccount) + d.Namespace = new(core_v1.Namespace) + d.ContourServiceAccount = new(core_v1.ServiceAccount) + d.EnvoyServiceAccount = new(core_v1.ServiceAccount) + d.ContourConfigMap = new(core_v1.ConfigMap) + d.CertgenServiceAccount = new(core_v1.ServiceAccount) d.CertgenRoleBinding = new(rbac_v1.RoleBinding) d.CertgenRole = new(rbac_v1.Role) d.CertgenJob = new(batch_v1.Job) @@ -156,8 +157,8 @@ func (d *Deployment) UnmarshalResources() error { d.ContourRoleBinding = new(rbac_v1.RoleBinding) d.ContourClusterRole = new(rbac_v1.ClusterRole) d.ContourRole = new(rbac_v1.Role) - d.ContourService = new(v1.Service) - d.EnvoyService = new(v1.Service) + d.ContourService = new(core_v1.Service) + d.EnvoyService = new(core_v1.Service) d.ContourDeployment = new(apps_v1.Deployment) d.EnvoyDaemonSet = new(apps_v1.DaemonSet) d.EnvoyDeployment = new(apps_v1.Deployment) @@ -216,7 +217,7 @@ func (d *Deployment) UnmarshalResources() error { if err := decoder.Decode(d.RateLimitDeployment); err != nil { return err } - d.RateLimitService = new(v1.Service) + d.RateLimitService = new(core_v1.Service) if err := decoder.Decode(d.RateLimitService); err != nil { return err } @@ -227,7 +228,7 @@ func (d *Deployment) UnmarshalResources() error { } defer rLESFile.Close() decoder = apimachinery_util_yaml.NewYAMLToJSONDecoder(rLESFile) - d.RateLimitExtensionService = new(contour_api_v1alpha1.ExtensionService) + d.RateLimitExtensionService = new(contour_v1alpha1.ExtensionService) if err := decoder.Decode(d.RateLimitExtensionService); err != nil { return err @@ -248,7 +249,7 @@ func (d *Deployment) UnmarshalResources() error { if err := decoder.Decode(d.GlobalExtAuthDeployment); err != nil { return err } - d.GlobalExtAuthService = new(v1.Service) + d.GlobalExtAuthService = new(core_v1.Service) if err := decoder.Decode(d.GlobalExtAuthService); err != nil { return err } @@ -259,7 +260,7 @@ func (d *Deployment) UnmarshalResources() error { } defer rGlobalExtAuthExtSvcFile.Close() decoder = apimachinery_util_yaml.NewYAMLToJSONDecoder(rGlobalExtAuthExtSvcFile) - d.GlobalExtAuthExtensionService = new(contour_api_v1alpha1.ExtensionService) + d.GlobalExtAuthExtensionService = new(contour_v1alpha1.ExtensionService) return decoder.Decode(d.GlobalExtAuthExtensionService) } @@ -273,9 +274,9 @@ func (d *Deployment) ensureResource(new, existing client.Object) error { return err } new.SetResourceVersion(existing.GetResourceVersion()) - // If a v1.Service, pass along existing cluster IP and healthcheck node port. - if newS, ok := new.(*v1.Service); ok { - existingS := existing.(*v1.Service) + // If a core_v1.Service, pass along existing cluster IP and healthcheck node port. + if newS, ok := new.(*core_v1.Service); ok { + existingS := existing.(*core_v1.Service) newS.Spec.ClusterIP = existingS.Spec.ClusterIP newS.Spec.ClusterIPs = existingS.Spec.ClusterIPs newS.Spec.HealthCheckNodePort = existingS.Spec.HealthCheckNodePort @@ -284,23 +285,23 @@ func (d *Deployment) ensureResource(new, existing client.Object) error { } func (d *Deployment) EnsureNamespace() error { - return d.ensureResource(d.Namespace, new(v1.Namespace)) + return d.ensureResource(d.Namespace, new(core_v1.Namespace)) } func (d *Deployment) EnsureContourServiceAccount() error { - return d.ensureResource(d.ContourServiceAccount, new(v1.ServiceAccount)) + return d.ensureResource(d.ContourServiceAccount, new(core_v1.ServiceAccount)) } func (d *Deployment) EnsureEnvoyServiceAccount() error { - return d.ensureResource(d.EnvoyServiceAccount, new(v1.ServiceAccount)) + return d.ensureResource(d.EnvoyServiceAccount, new(core_v1.ServiceAccount)) } func (d *Deployment) EnsureContourConfigMap() error { - return d.ensureResource(d.ContourConfigMap, new(v1.ConfigMap)) + return d.ensureResource(d.ContourConfigMap, new(core_v1.ConfigMap)) } func (d *Deployment) EnsureCertgenServiceAccount() error { - return d.ensureResource(d.CertgenServiceAccount, new(v1.ServiceAccount)) + return d.ensureResource(d.CertgenServiceAccount, new(core_v1.ServiceAccount)) } func (d *Deployment) EnsureCertgenRoleBinding() error { @@ -345,11 +346,11 @@ func (d *Deployment) EnsureContourRole() error { } func (d *Deployment) EnsureContourService() error { - return d.ensureResource(d.ContourService, new(v1.Service)) + return d.ensureResource(d.ContourService, new(core_v1.Service)) } func (d *Deployment) EnsureEnvoyService() error { - return d.ensureResource(d.EnvoyService, new(v1.Service)) + return d.ensureResource(d.EnvoyService, new(core_v1.Service)) } func (d *Deployment) EnsureContourDeployment() error { @@ -381,8 +382,8 @@ func (d *Deployment) EnsureRateLimitResources(namespace, configContents string) setNamespace = namespace } - configMap := &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + configMap := &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ratelimit-config", Namespace: setNamespace, }, @@ -390,7 +391,7 @@ func (d *Deployment) EnsureRateLimitResources(namespace, configContents string) "ratelimit-config.yaml": configContents, }, } - if err := d.ensureResource(configMap, new(v1.ConfigMap)); err != nil { + if err := d.ensureResource(configMap, new(core_v1.ConfigMap)); err != nil { return err } @@ -403,9 +404,9 @@ func (d *Deployment) EnsureRateLimitResources(namespace, configContents string) } deployment.Spec.Template.Spec.Containers[i].Env = append( deployment.Spec.Template.Spec.Containers[i].Env, - v1.EnvVar{Name: "HOST", Value: "::"}, - v1.EnvVar{Name: "GRPC_HOST", Value: "::"}, - v1.EnvVar{Name: "DEBUG_HOST", Value: "::"}, + core_v1.EnvVar{Name: "HOST", Value: "::"}, + core_v1.EnvVar{Name: "GRPC_HOST", Value: "::"}, + core_v1.EnvVar{Name: "DEBUG_HOST", Value: "::"}, ) } } @@ -415,13 +416,13 @@ func (d *Deployment) EnsureRateLimitResources(namespace, configContents string) service := d.RateLimitService.DeepCopy() service.Namespace = setNamespace - if err := d.ensureResource(service, new(v1.Service)); err != nil { + if err := d.ensureResource(service, new(core_v1.Service)); err != nil { return err } extSvc := d.RateLimitExtensionService.DeepCopy() extSvc.Namespace = setNamespace - return d.ensureResource(extSvc, new(contour_api_v1alpha1.ExtensionService)) + return d.ensureResource(extSvc, new(contour_v1alpha1.ExtensionService)) } func (d *Deployment) EnsureGlobalExternalAuthResources(namespace string) error { @@ -438,14 +439,14 @@ func (d *Deployment) EnsureGlobalExternalAuthResources(namespace string) error { service := d.GlobalExtAuthService.DeepCopy() service.Namespace = setNamespace - if err := d.ensureResource(service, new(v1.Service)); err != nil { + if err := d.ensureResource(service, new(core_v1.Service)); err != nil { return err } extSvc := d.GlobalExtAuthExtensionService.DeepCopy() extSvc.Namespace = setNamespace - return d.ensureResource(extSvc, new(contour_api_v1alpha1.ExtensionService)) + return d.ensureResource(extSvc, new(contour_v1alpha1.ExtensionService)) } // Convenience method for deploying the pieces of the deployment needed for @@ -499,8 +500,8 @@ func (d *Deployment) EnsureResourcesForLocalContour() error { os.RemoveAll(bFile.Name()) }() - bootstrapConfigMap := &v1.ConfigMap{ - ObjectMeta: metav1.ObjectMeta{ + bootstrapConfigMap := &core_v1.ConfigMap{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "envoy-bootstrap", Namespace: d.Namespace.Name, }, @@ -508,7 +509,7 @@ func (d *Deployment) EnsureResourcesForLocalContour() error { "envoy.json": string(bootstrapContents), }, } - if err := d.ensureResource(bootstrapConfigMap, new(v1.ConfigMap)); err != nil { + if err := d.ensureResource(bootstrapConfigMap, new(core_v1.ConfigMap)); err != nil { return err } @@ -527,26 +528,26 @@ func (d *Deployment) EnsureResourcesForLocalContour() error { return d.EnsureEnvoyDeployment() } -func (d *Deployment) mutatePodTemplate(pts v1.PodTemplateSpec) v1.PodTemplateSpec { +func (d *Deployment) mutatePodTemplate(pts core_v1.PodTemplateSpec) core_v1.PodTemplateSpec { // Add bootstrap ConfigMap as volume and add envoy admin volume on Envoy pods (also removes cert volume). - pts.Spec.Volumes = []v1.Volume{{ + pts.Spec.Volumes = []core_v1.Volume{{ Name: "envoy-config", - VolumeSource: v1.VolumeSource{ - ConfigMap: &v1.ConfigMapVolumeSource{ - LocalObjectReference: v1.LocalObjectReference{ + VolumeSource: core_v1.VolumeSource{ + ConfigMap: &core_v1.ConfigMapVolumeSource{ + LocalObjectReference: core_v1.LocalObjectReference{ Name: "envoy-bootstrap", }, }, }, }, { Name: "envoy-admin", - VolumeSource: v1.VolumeSource{ - EmptyDir: &v1.EmptyDirVolumeSource{}, + VolumeSource: core_v1.VolumeSource{ + EmptyDir: &core_v1.EmptyDirVolumeSource{}, }, }} // Remove cert volume mount. - pts.Spec.Containers[1].VolumeMounts = []v1.VolumeMount{ + pts.Spec.Containers[1].VolumeMounts = []core_v1.VolumeMount{ pts.Spec.Containers[1].VolumeMounts[0], // Config mount pts.Spec.Containers[1].VolumeMounts[2], // Admin mount } @@ -562,11 +563,11 @@ func (d *Deployment) mutatePodTemplate(pts v1.PodTemplateSpec) v1.PodTemplateSpe // Expose the metrics & admin interfaces via host port to test from outside the kind cluster. pts.Spec.Containers[0].Ports = append(pts.Spec.Containers[0].Ports, - v1.ContainerPort{ + core_v1.ContainerPort{ Name: "metrics", ContainerPort: 8002, HostPort: 8002, - Protocol: v1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, }) return pts @@ -605,7 +606,7 @@ func (d *Deployment) DeleteResourcesForLocalContour() error { // Starts local contour, applying arguments and marshaling config into config // file. Returns running Contour command and config file so we can clean them // up. -func (d *Deployment) StartLocalContour(config *config.Parameters, contourConfiguration *contour_api_v1alpha1.ContourConfiguration, additionalArgs ...string) (*gexec.Session, string, error) { +func (d *Deployment) StartLocalContour(config *config.Parameters, contourConfiguration *contour_v1alpha1.ContourConfiguration, additionalArgs ...string) (*gexec.Session, string, error) { var content []byte var configReferenceName string var contourServeArgs []string @@ -621,7 +622,7 @@ func (d *Deployment) StartLocalContour(config *config.Parameters, contourConfigu // Set the xds server to the defined testing port as well as enable insecure communication. contourConfiguration.Spec.XDSServer.Port = port contourConfiguration.Spec.XDSServer.Address = listenAllAddress() - contourConfiguration.Spec.XDSServer.TLS = &contour_api_v1alpha1.TLS{ + contourConfiguration.Spec.XDSServer.TLS = &contour_v1alpha1.TLS{ Insecure: ref.To(true), } @@ -701,8 +702,8 @@ func (d *Deployment) StopLocalContour(contourCmd *gexec.Session, configFile stri // Look for the ENV variable to tell if this test run should use // the ContourConfiguration file or the ContourConfiguration CRD. if useContourConfiguration, variableFound := os.LookupEnv("USE_CONTOUR_CONFIGURATION_CRD"); variableFound && useContourConfiguration == "true" { - cc := &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ + cc := &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Name: configFile, Namespace: "projectcontour", }, @@ -770,7 +771,7 @@ func (d *Deployment) EnsureResourcesForInclusterContour(startContourDeployment b return fmt.Errorf("invalid certgen job containers, expected 1, got %d", l) } d.CertgenJob.Spec.Template.Spec.Containers[0].Image = d.contourImage - d.CertgenJob.Spec.Template.Spec.Containers[0].ImagePullPolicy = v1.PullIfNotPresent + d.CertgenJob.Spec.Template.Spec.Containers[0].ImagePullPolicy = core_v1.PullIfNotPresent if err := d.EnsureCertgenJob(); err != nil { return err } @@ -797,7 +798,7 @@ func (d *Deployment) EnsureResourcesForInclusterContour(startContourDeployment b return fmt.Errorf("invalid contour deployment containers, expected 1, got %d", l) } d.ContourDeployment.Spec.Template.Spec.Containers[0].Image = d.contourImage - d.ContourDeployment.Spec.Template.Spec.Containers[0].ImagePullPolicy = v1.PullIfNotPresent + d.ContourDeployment.Spec.Template.Spec.Containers[0].ImagePullPolicy = core_v1.PullIfNotPresent if startContourDeployment { if err := d.EnsureContourDeployment(); err != nil { return err @@ -808,7 +809,7 @@ func (d *Deployment) EnsureResourcesForInclusterContour(startContourDeployment b } } - var envoyPodSpec *v1.PodSpec + var envoyPodSpec *core_v1.PodSpec if d.EnvoyDeploymentMode == DeploymentMode { envoyPodSpec = &d.EnvoyDeployment.Spec.Template.Spec } else { @@ -820,12 +821,12 @@ func (d *Deployment) EnsureResourcesForInclusterContour(startContourDeployment b return fmt.Errorf("invalid envoy %s init containers, expected 1, got %d", d.EnvoyDeploymentMode, l) } envoyPodSpec.InitContainers[0].Image = d.contourImage - envoyPodSpec.InitContainers[0].ImagePullPolicy = v1.PullIfNotPresent + envoyPodSpec.InitContainers[0].ImagePullPolicy = core_v1.PullIfNotPresent if l := len(envoyPodSpec.Containers); l != 2 { return fmt.Errorf("invalid envoy %s containers, expected 2, got %d", d.EnvoyDeploymentMode, l) } envoyPodSpec.Containers[0].Image = d.contourImage - envoyPodSpec.Containers[0].ImagePullPolicy = v1.PullIfNotPresent + envoyPodSpec.Containers[0].ImagePullPolicy = core_v1.PullIfNotPresent if d.EnvoyDeploymentMode == DeploymentMode { // The envoy deployment uses host ports, so can have at most @@ -860,8 +861,8 @@ func (d *Deployment) EnsureResourcesForInclusterContour(startContourDeployment b func (d *Deployment) DeleteResourcesForInclusterContour() error { // Also need to delete leader election resources to ensure // multiple test runs can be run cleanly. - leaderElectionLease := &coordinationv1.Lease{ - ObjectMeta: metav1.ObjectMeta{ + leaderElectionLease := &coordination_v1.Lease{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "leader-elect", Namespace: d.Namespace.Name, }, @@ -910,7 +911,7 @@ func (d *Deployment) DumpContourLogs() error { return err } - pods := new(v1.PodList) + pods := new(core_v1.PodList) podListOptions := &client.ListOptions{ LabelSelector: labels.SelectorFromSet(d.ContourDeployment.Spec.Selector.MatchLabels), Namespace: d.ContourDeployment.Namespace, @@ -919,11 +920,11 @@ func (d *Deployment) DumpContourLogs() error { return err } - podLogOptions := &v1.PodLogOptions{ + podLogOptions := &core_v1.PodLogOptions{ Container: "contour", } for _, pod := range pods.Items { - if pod.Status.Phase == v1.PodFailed { + if pod.Status.Phase == core_v1.PodFailed { continue } @@ -948,7 +949,7 @@ func (d *Deployment) DumpContourLogs() error { func (d *Deployment) EnsureDeleted(obj client.Object) error { // Delete the object; if it already doesn't exist, // then we're done. - err := d.client.Delete(context.Background(), obj, &client.DeleteOptions{PropagationPolicy: ref.To(metav1.DeletePropagationBackground)}) + err := d.client.Delete(context.Background(), obj, &client.DeleteOptions{PropagationPolicy: ref.To(meta_v1.DeletePropagationBackground)}) if api_errors.IsNotFound(err) { return nil } diff --git a/test/e2e/fixtures.go b/test/e2e/fixtures.go index bbab25500fd..3f1d1273927 100644 --- a/test/e2e/fixtures.go +++ b/test/e2e/fixtures.go @@ -22,18 +22,19 @@ import ( "time" "github.com/onsi/ginkgo/v2" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/pkg/config" "github.com/stretchr/testify/require" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/kubernetes" "k8s.io/client-go/tools/clientcmd" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/pkg/config" ) const ( @@ -67,7 +68,7 @@ type Echo struct { } // Deploy runs DeployN with a default of 1 replica. -func (e *Echo) Deploy(ns, name string) (func(), *appsv1.Deployment) { +func (e *Echo) Deploy(ns, name string) (func(), *apps_v1.Deployment) { return e.DeployN(ns, name, 1) } @@ -77,41 +78,41 @@ func (e *Echo) Deploy(ns, name string) (func(), *appsv1.Deployment) { // can be configured. Namespace is defaulted to "default" // and name is defaulted to "ingress-conformance-echo" if not provided. Returns // a cleanup function. -func (e *Echo) DeployN(ns, name string, replicas int32) (func(), *appsv1.Deployment) { +func (e *Echo) DeployN(ns, name string, replicas int32) (func(), *apps_v1.Deployment) { ns = valOrDefault(ns, "default") name = valOrDefault(name, "ingress-conformance-echo") - deployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployment := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, - Spec: appsv1.DeploymentSpec{ + Spec: apps_v1.DeploymentSpec{ Replicas: ref.To(replicas), - Selector: &metav1.LabelSelector{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"app.kubernetes.io/name": name}, }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ + Template: core_v1.PodTemplateSpec{ + ObjectMeta: meta_v1.ObjectMeta{ Labels: map[string]string{"app.kubernetes.io/name": name}, }, - Spec: corev1.PodSpec{ - TopologySpreadConstraints: []corev1.TopologySpreadConstraint{ + Spec: core_v1.PodSpec{ + TopologySpreadConstraints: []core_v1.TopologySpreadConstraint{ { // Attempt to spread pods across different nodes if possible. TopologyKey: "kubernetes.io/hostname", MaxSkew: 1, - WhenUnsatisfiable: corev1.ScheduleAnyway, - LabelSelector: &metav1.LabelSelector{ + WhenUnsatisfiable: core_v1.ScheduleAnyway, + LabelSelector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"app.kubernetes.io/name": name}, }, }, }, - Containers: []corev1.Container{ + Containers: []core_v1.Container{ { Name: "conformance-echo", Image: EchoServerImage, - Env: []corev1.EnvVar{ + Env: []core_v1.EnvVar{ { Name: "INGRESS_NAME", Value: name, @@ -122,30 +123,30 @@ func (e *Echo) DeployN(ns, name string, replicas int32) (func(), *appsv1.Deploym }, { Name: "POD_NAME", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ FieldPath: "metadata.name", }, }, }, { Name: "NAMESPACE", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ FieldPath: "metadata.namespace", }, }, }, }, - Ports: []corev1.ContainerPort{ + Ports: []core_v1.ContainerPort{ { Name: "http-api", ContainerPort: 3000, }, }, - ReadinessProbe: &corev1.Probe{ - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ + ReadinessProbe: &core_v1.Probe{ + ProbeHandler: core_v1.ProbeHandler{ + HTTPGet: &core_v1.HTTPGetAction{ Path: "/health", Port: intstr.FromInt(3000), }, @@ -159,13 +160,13 @@ func (e *Echo) DeployN(ns, name string, replicas int32) (func(), *appsv1.Deploym } require.NoError(e.t, e.client.Create(context.TODO(), deployment)) - service := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + service := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{ { Name: "http", Port: 80, @@ -184,18 +185,18 @@ func (e *Echo) DeployN(ns, name string, replicas int32) (func(), *appsv1.Deploym } func (e *Echo) ScaleAndWaitDeployment(name, ns string, replicas int32) { - deployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployment := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: ns, }, } updateAndWaitFor(e.t, e.client, deployment, - func(d *appsv1.Deployment) { + func(d *apps_v1.Deployment) { d.Spec.Replicas = ref.To(replicas) }, - func(d *appsv1.Deployment) bool { + func(d *apps_v1.Deployment) bool { if d.Status.Replicas == replicas && d.Status.ReadyReplicas == replicas { return true } @@ -207,7 +208,7 @@ func (e *Echo) ListPodIPs(ns, name string) ([]string, error) { ns = valOrDefault(ns, "default") name = valOrDefault(name, "ingress-conformance-echo") - pods := new(corev1.PodList) + pods := new(core_v1.PodList) podListOptions := &client.ListOptions{ LabelSelector: labels.SelectorFromSet(map[string]string{"app.kubernetes.io/name": name}), Namespace: ns, @@ -243,7 +244,7 @@ func (e *Echo) DumpEchoLogs(ns, name string) ([][]byte, error) { return nil, err } - pods := new(corev1.PodList) + pods := new(core_v1.PodList) podListOptions := &client.ListOptions{ LabelSelector: labels.SelectorFromSet(map[string]string{"app.kubernetes.io/name": name}), Namespace: ns, @@ -252,11 +253,11 @@ func (e *Echo) DumpEchoLogs(ns, name string) ([][]byte, error) { return nil, err } - podLogOptions := &corev1.PodLogOptions{ + podLogOptions := &core_v1.PodLogOptions{ Container: "conformance-echo", } for _, pod := range pods.Items { - if pod.Status.Phase == corev1.PodFailed { + if pod.Status.Phase == core_v1.PodFailed { continue } @@ -287,29 +288,29 @@ type EchoSecure struct { // fails the test if it encounters an error. Namespace is defaulted to "default" // and name is defaulted to "ingress-conformance-echo-tls" if not provided. Returns // a cleanup function. -func (e *EchoSecure) Deploy(ns, name string, preApplyHook func(deployment *appsv1.Deployment, service *corev1.Service)) func() { +func (e *EchoSecure) Deploy(ns, name string, preApplyHook func(deployment *apps_v1.Deployment, service *core_v1.Service)) func() { ns = valOrDefault(ns, "default") name = valOrDefault(name, "ingress-conformance-echo-tls") - deployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployment := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, - Spec: appsv1.DeploymentSpec{ - Selector: &metav1.LabelSelector{ + Spec: apps_v1.DeploymentSpec{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"app.kubernetes.io/name": name}, }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ + Template: core_v1.PodTemplateSpec{ + ObjectMeta: meta_v1.ObjectMeta{ Labels: map[string]string{"app.kubernetes.io/name": name}, }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ + Spec: core_v1.PodSpec{ + Containers: []core_v1.Container{ { Name: "conformance-echo", Image: EchoServerImage, - Env: []corev1.EnvVar{ + Env: []core_v1.EnvVar{ { Name: "INGRESS_NAME", Value: name, @@ -320,16 +321,16 @@ func (e *EchoSecure) Deploy(ns, name string, preApplyHook func(deployment *appsv }, { Name: "POD_NAME", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ FieldPath: "metadata.name", }, }, }, { Name: "NAMESPACE", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ FieldPath: "metadata.namespace", }, }, @@ -347,7 +348,7 @@ func (e *EchoSecure) Deploy(ns, name string, preApplyHook func(deployment *appsv Value: "/run/secrets/certs/ca.crt", }, }, - Ports: []corev1.ContainerPort{ + Ports: []core_v1.ContainerPort{ { Name: "http-api", ContainerPort: 3000, @@ -357,15 +358,15 @@ func (e *EchoSecure) Deploy(ns, name string, preApplyHook func(deployment *appsv ContainerPort: 8443, }, }, - ReadinessProbe: &corev1.Probe{ - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ + ReadinessProbe: &core_v1.Probe{ + ProbeHandler: core_v1.ProbeHandler{ + HTTPGet: &core_v1.HTTPGetAction{ Path: "/health", Port: intstr.FromInt(3000), }, }, }, - VolumeMounts: []corev1.VolumeMount{ + VolumeMounts: []core_v1.VolumeMount{ { MountPath: "/run/secrets/certs", Name: "backend-server-cert", @@ -374,11 +375,11 @@ func (e *EchoSecure) Deploy(ns, name string, preApplyHook func(deployment *appsv }, }, }, - Volumes: []corev1.Volume{ + Volumes: []core_v1.Volume{ { Name: "backend-server-cert", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ + VolumeSource: core_v1.VolumeSource{ + Secret: &core_v1.SecretVolumeSource{ SecretName: "backend-server-cert", }, }, @@ -389,16 +390,16 @@ func (e *EchoSecure) Deploy(ns, name string, preApplyHook func(deployment *appsv }, } - service := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + service := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, Annotations: map[string]string{ "projectcontour.io/upstream-protocol.tls": "443", }, }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{ { Name: "http", Port: 80, @@ -436,38 +437,38 @@ func (g *GRPC) Deploy(ns, name string) func() { ns = valOrDefault(ns, "default") name = valOrDefault(name, "grpc-echo") - deployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployment := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, - Spec: appsv1.DeploymentSpec{ + Spec: apps_v1.DeploymentSpec{ Replicas: ref.To(int32(1)), - Selector: &metav1.LabelSelector{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"app.kubernetes.io/name": name}, }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ + Template: core_v1.PodTemplateSpec{ + ObjectMeta: meta_v1.ObjectMeta{ Labels: map[string]string{"app.kubernetes.io/name": name}, }, - Spec: corev1.PodSpec{ - TopologySpreadConstraints: []corev1.TopologySpreadConstraint{ + Spec: core_v1.PodSpec{ + TopologySpreadConstraints: []core_v1.TopologySpreadConstraint{ { // Attempt to spread pods across different nodes if possible. TopologyKey: "kubernetes.io/hostname", MaxSkew: 1, - WhenUnsatisfiable: corev1.ScheduleAnyway, - LabelSelector: &metav1.LabelSelector{ + WhenUnsatisfiable: core_v1.ScheduleAnyway, + LabelSelector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"app.kubernetes.io/name": name}, }, }, }, - Containers: []corev1.Container{ + Containers: []core_v1.Container{ { Name: "grpc-echo", Image: GRPCServerImage, - ImagePullPolicy: corev1.PullIfNotPresent, - Env: []corev1.EnvVar{ + ImagePullPolicy: core_v1.PullIfNotPresent, + Env: []core_v1.EnvVar{ { Name: "INGRESS_NAME", Value: name, @@ -478,30 +479,30 @@ func (g *GRPC) Deploy(ns, name string) func() { }, { Name: "POD_NAME", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ FieldPath: "metadata.name", }, }, }, { Name: "NAMESPACE", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ FieldPath: "metadata.namespace", }, }, }, }, - Ports: []corev1.ContainerPort{ + Ports: []core_v1.ContainerPort{ { Name: "grpc", ContainerPort: 9000, }, }, - ReadinessProbe: &corev1.Probe{ - ProbeHandler: corev1.ProbeHandler{ - Exec: &corev1.ExecAction{ + ReadinessProbe: &core_v1.Probe{ + ProbeHandler: core_v1.ProbeHandler{ + Exec: &core_v1.ExecAction{ Command: []string{"/grpc-health-probe", "-addr=localhost:9000"}, }, }, @@ -514,13 +515,13 @@ func (g *GRPC) Deploy(ns, name string) func() { } require.NoError(g.t, g.client.Create(context.TODO(), deployment)) - service := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + service := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{ { Name: "grpc", Port: 9000, @@ -549,42 +550,42 @@ func DefaultContourConfigFileParams() *config.Parameters { } // DefaultContourConfiguration returns a default ContourConfiguration object. -func DefaultContourConfiguration() *contour_api_v1alpha1.ContourConfiguration { - return &contour_api_v1alpha1.ContourConfiguration{ - ObjectMeta: metav1.ObjectMeta{ +func DefaultContourConfiguration() *contour_v1alpha1.ContourConfiguration { + return &contour_v1alpha1.ContourConfiguration{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ingress", Namespace: "projectcontour", }, - Spec: contour_api_v1alpha1.ContourConfigurationSpec{ - XDSServer: &contour_api_v1alpha1.XDSServerConfig{ + Spec: contour_v1alpha1.ContourConfigurationSpec{ + XDSServer: &contour_v1alpha1.XDSServerConfig{ Type: XDSServerTypeFromEnv(), Address: listenAllAddress(), Port: 8001, - TLS: &contour_api_v1alpha1.TLS{ + TLS: &contour_v1alpha1.TLS{ CAFile: "/certs/ca.crt", CertFile: "/certs/tls.crt", KeyFile: "/certs/tls.key", Insecure: ref.To(false), }, }, - Debug: &contour_api_v1alpha1.DebugConfig{ + Debug: &contour_v1alpha1.DebugConfig{ Address: localAddress(), Port: 6060, }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: listenAllAddress(), Port: 8000, }, FeatureFlags: UseFeatureFlagsFromEnv(), - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - DefaultHTTPVersions: []contour_api_v1alpha1.HTTPVersionType{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + DefaultHTTPVersions: []contour_v1alpha1.HTTPVersionType{ "HTTP/1.1", "HTTP/2", }, - Listener: &contour_api_v1alpha1.EnvoyListenerConfig{ + Listener: &contour_v1alpha1.EnvoyListenerConfig{ UseProxyProto: ref.To(false), DisableAllowChunkedLength: ref.To(false), ConnectionBalancer: "", - TLS: &contour_api_v1alpha1.EnvoyTLS{ + TLS: &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: "1.2", CipherSuites: []string{ "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]", @@ -594,43 +595,43 @@ func DefaultContourConfiguration() *contour_api_v1alpha1.ContourConfiguration { }, }, }, - Service: &contour_api_v1alpha1.NamespacedName{ + Service: &contour_v1alpha1.NamespacedName{ Name: "envoy", Namespace: "projectcontour", }, - HTTPListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPListener: &contour_v1alpha1.EnvoyListener{ Address: listenAllAddress(), Port: 8080, AccessLog: "/dev/stdout", }, - HTTPSListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPSListener: &contour_v1alpha1.EnvoyListener{ Address: listenAllAddress(), Port: 8443, AccessLog: "/dev/stdout", }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: listenAllAddress(), Port: 8002, }, - Metrics: &contour_api_v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: listenAllAddress(), Port: 8002, }, - Logging: &contour_api_v1alpha1.EnvoyLogging{ - AccessLogFormat: contour_api_v1alpha1.EnvoyAccessLog, + Logging: &contour_v1alpha1.EnvoyLogging{ + AccessLogFormat: contour_v1alpha1.EnvoyAccessLog, }, - Cluster: &contour_api_v1alpha1.ClusterParameters{ - DNSLookupFamily: contour_api_v1alpha1.AutoClusterDNSFamily, + Cluster: &contour_v1alpha1.ClusterParameters{ + DNSLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, }, - Network: &contour_api_v1alpha1.NetworkParameters{ + Network: &contour_v1alpha1.NetworkParameters{ EnvoyAdminPort: ref.To(9001), }, }, - HTTPProxy: &contour_api_v1alpha1.HTTPProxyConfig{ + HTTPProxy: &contour_v1alpha1.HTTPProxyConfig{ DisablePermitInsecure: ref.To(false), }, EnableExternalNameService: ref.To(false), - Metrics: &contour_api_v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: listenAllAddress(), Port: 8000, }, @@ -638,12 +639,12 @@ func DefaultContourConfiguration() *contour_api_v1alpha1.ContourConfiguration { } } -func XDSServerTypeFromEnv() contour_api_v1alpha1.XDSServerType { +func XDSServerTypeFromEnv() contour_v1alpha1.XDSServerType { // Default to contour if not provided. - serverType := contour_api_v1alpha1.ContourServerType + serverType := contour_v1alpha1.ContourServerType typeFromEnv, found := os.LookupEnv("CONTOUR_E2E_XDS_SERVER_TYPE") if found { - serverType = contour_api_v1alpha1.XDSServerType(typeFromEnv) + serverType = contour_v1alpha1.XDSServerType(typeFromEnv) } return serverType } diff --git a/test/e2e/framework.go b/test/e2e/framework.go index 0d7e41866d5..26f1e56c2ed 100644 --- a/test/e2e/framework.go +++ b/test/e2e/framework.go @@ -31,18 +31,17 @@ import ( "github.com/davecgh/go-spew/spew" "github.com/onsi/ginkgo/v2" "github.com/onsi/gomega/gexec" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contourv1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/sirupsen/logrus" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" apiextensions_v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" api_errors "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/wait" kubescheme "k8s.io/client-go/kubernetes/scheme" + _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" // needed if tests are run against GCP "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/config" @@ -50,8 +49,8 @@ import ( gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" - // needed if tests are run against GCP - _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) // Framework provides a collection of helpful functions for @@ -103,8 +102,8 @@ func NewFramework(inClusterTestSuite bool) *Framework { scheme := runtime.NewScheme() require.NoError(t, kubescheme.AddToScheme(scheme)) - require.NoError(t, contourv1.AddToScheme(scheme)) - require.NoError(t, contourv1alpha1.AddToScheme(scheme)) + require.NoError(t, contour_v1.AddToScheme(scheme)) + require.NoError(t, contour_v1alpha1.AddToScheme(scheme)) require.NoError(t, gatewayapi_v1alpha2.AddToScheme(scheme)) require.NoError(t, gatewayapi_v1beta1.AddToScheme(scheme)) require.NoError(t, certmanagerv1.AddToScheme(scheme)) @@ -308,7 +307,7 @@ func (f *Framework) Test(body TestBody) { } // CreateHTTPProxy creates the provided HTTPProxy and returns any relevant error. -func (f *Framework) CreateHTTPProxy(proxy *contourv1.HTTPProxy) error { +func (f *Framework) CreateHTTPProxy(proxy *contour_v1.HTTPProxy) error { return f.Client.Create(context.TODO(), proxy) } @@ -367,7 +366,7 @@ func updateAndWaitFor[T client.Object](t require.TestingT, cli client.Client, ob // CreateHTTPProxyAndWaitFor creates the provided HTTPProxy in the Kubernetes API // and then waits for the specified condition to be true. -func (f *Framework) CreateHTTPProxyAndWaitFor(proxy *contourv1.HTTPProxy, condition func(*contourv1.HTTPProxy) bool) (*contourv1.HTTPProxy, bool) { +func (f *Framework) CreateHTTPProxyAndWaitFor(proxy *contour_v1.HTTPProxy, condition func(*contour_v1.HTTPProxy) bool) (*contour_v1.HTTPProxy, bool) { return createAndWaitFor(f.t, f.Client, proxy, condition, f.RetryInterval, f.RetryTimeout) } @@ -398,16 +397,16 @@ func (f *Framework) CreateBackendTLSPolicyAndWaitFor(route *gatewayapi_v1alpha2. // CreateNamespace creates a namespace with the given name in the // Kubernetes API or fails the test if it encounters an error. func (f *Framework) CreateNamespace(name string) { - ns := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ + ns := &core_v1.Namespace{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, Labels: map[string]string{"contour-e2e-ns": "true"}, }, } key := client.ObjectKeyFromObject(ns) - existing := &corev1.Namespace{} - if err := f.Client.Get(context.Background(), key, existing); err == nil && existing.Status.Phase == corev1.NamespaceTerminating { + existing := &core_v1.Namespace{} + if err := f.Client.Get(context.Background(), key, existing); err == nil && existing.Status.Phase == core_v1.NamespaceTerminating { // Got an existing namespace and it's terminating: give it a chance to go // away. require.Eventually(f.t, func() bool { @@ -422,8 +421,8 @@ func (f *Framework) CreateNamespace(name string) { // DeleteNamespace deletes the namespace with the given name in the // Kubernetes API or fails the test if it encounters an error. func (f *Framework) DeleteNamespace(name string, waitForDeletion bool) { - ns := &corev1.Namespace{ - ObjectMeta: metav1.ObjectMeta{ + ns := &core_v1.Namespace{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, }, } @@ -506,7 +505,7 @@ func UsingContourConfigCRD() bool { // HTTPProxyValid returns true if the proxy has a .status.currentStatus // of "valid". -func HTTPProxyValid(proxy *contourv1.HTTPProxy) bool { +func HTTPProxyValid(proxy *contour_v1.HTTPProxy) bool { if proxy == nil { return false } @@ -521,19 +520,19 @@ func HTTPProxyValid(proxy *contourv1.HTTPProxy) bool { // HTTPProxyInvalid returns true if the proxy has a .status.currentStatus // of "invalid". -func HTTPProxyInvalid(proxy *contourv1.HTTPProxy) bool { +func HTTPProxyInvalid(proxy *contour_v1.HTTPProxy) bool { return proxy != nil && proxy.Status.CurrentStatus == "invalid" } // HTTPProxyNotReconciled returns true if the proxy has a .status.currentStatus // of "NotReconciled". -func HTTPProxyNotReconciled(proxy *contourv1.HTTPProxy) bool { +func HTTPProxyNotReconciled(proxy *contour_v1.HTTPProxy) bool { return proxy != nil && proxy.Status.CurrentStatus == "NotReconciled" } // HTTPProxyErrors provides a pretty summary of any Errors on the HTTPProxy Valid condition. // If there are no errors, the return value will be empty. -func HTTPProxyErrors(proxy *contourv1.HTTPProxy) string { +func HTTPProxyErrors(proxy *contour_v1.HTTPProxy) string { cond := proxy.Status.GetConditionFor("Valid") errors := cond.Errors if len(errors) > 0 { @@ -545,7 +544,7 @@ func HTTPProxyErrors(proxy *contourv1.HTTPProxy) string { // DetailedConditionInvalid returns true if the provided detailed condition // list contains a condition of type "Valid" and status "False". -func DetailedConditionInvalid(conditions []contourv1.DetailedCondition) bool { +func DetailedConditionInvalid(conditions []contour_v1.DetailedCondition) bool { for _, c := range conditions { if c.Condition.Type == "Valid" { return c.Condition.Status == "False" diff --git a/test/e2e/gateway/backend_tls_policy_test.go b/test/e2e/gateway/backend_tls_policy_test.go index 7535792fb96..23a59a0f56d 100644 --- a/test/e2e/gateway/backend_tls_policy_test.go +++ b/test/e2e/gateway/backend_tls_policy_test.go @@ -20,19 +20,20 @@ import ( "encoding/json" certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" - certmanagermetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" + certmanagermeta_v1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/test/e2e" ) func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { @@ -42,7 +43,7 @@ func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { // Top level issuer. selfSignedIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "selfsigned", }, @@ -56,7 +57,7 @@ func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { // CA to sign backend certs with. caCertificate := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-cert", }, @@ -68,7 +69,7 @@ func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { }, CommonName: "ca-cert", SecretName: "ca-cert", - IssuerRef: certmanagermetav1.ObjectReference{ + IssuerRef: certmanagermeta_v1.ObjectReference{ Name: "selfsigned", }, }, @@ -77,7 +78,7 @@ func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { // Issuer based on CA to generate new certs with. basedOnCAIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-issuer", }, @@ -93,7 +94,7 @@ func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { // Backend server cert signed by CA. backendServerCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "backend-server-cert", }, @@ -104,19 +105,19 @@ func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { CommonName: "echo-secure", DNSNames: []string{"echo-secure"}, SecretName: "backend-server-cert", - IssuerRef: certmanagermetav1.ObjectReference{ + IssuerRef: certmanagermeta_v1.ObjectReference{ Name: "ca-issuer", }, }, } require.NoError(f.T(), f.Client.Create(context.TODO(), backendServerCert)) - f.Fixtures.EchoSecure.Deploy(namespace, "echo-secure", func(deployment *appsv1.Deployment, service *corev1.Service) { + f.Fixtures.EchoSecure.Deploy(namespace, "echo-secure", func(deployment *apps_v1.Deployment, service *core_v1.Service) { delete(service.Annotations, "projectcontour.io/upstream-protocol.tls") }) route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-route-1", }, @@ -138,7 +139,7 @@ func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { f.CreateHTTPRouteAndWaitFor(route, e2e.HTTPRouteAccepted) backendTLSPolicy := &gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "echo-secure-backend-tls-policy", Namespace: namespace, }, diff --git a/test/e2e/gateway/gateway_test.go b/test/e2e/gateway/gateway_test.go index d43dae2c6a5..40cf9d7f32b 100644 --- a/test/e2e/gateway/gateway_test.go +++ b/test/e2e/gateway/gateway_test.go @@ -22,20 +22,20 @@ import ( "os" "testing" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/onsi/gomega/gexec" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/pkg/config" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/pkg/config" + "github.com/projectcontour/contour/test/e2e" ) // ReconcileModeController means Contour should be configured @@ -78,7 +78,7 @@ var _ = Describe("Gateway API", func() { var ( contourCmd *gexec.Session contourConfig *config.Parameters - contourConfiguration *contour_api_v1alpha1.ContourConfiguration + contourConfiguration *contour_v1alpha1.ContourConfiguration contourConfigFile string additionalContourArgs []string @@ -107,9 +107,9 @@ var _ = Describe("Gateway API", func() { } // Update contour configuration to point to specified gateway. - contourConfiguration.Spec.Gateway = &contour_api_v1alpha1.GatewayConfig{} + contourConfiguration.Spec.Gateway = &contour_v1alpha1.GatewayConfig{} if reconcileMode == ReconcileModeGateway { - contourConfiguration.Spec.Gateway.GatewayRef = &contour_api_v1alpha1.NamespacedName{ + contourConfiguration.Spec.Gateway.GatewayRef = &contour_v1alpha1.NamespacedName{ Namespace: gateway.Namespace, Name: gateway.Name, } @@ -177,7 +177,7 @@ var _ = Describe("Gateway API", func() { testWithHTTPGateway := func(body e2e.NamespacedGatewayTestBody) e2e.NamespacedTestBody { gatewayClass := getGatewayClass() gw := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "http", }, Spec: gatewayapi_v1beta1.GatewaySpec{ @@ -218,7 +218,7 @@ var _ = Describe("Gateway API", func() { gatewayClass := getGatewayClass() gw := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "https", }, Spec: gatewayapi_v1beta1.GatewaySpec{ @@ -278,7 +278,7 @@ var _ = Describe("Gateway API", func() { testWithMultipleHTTPSListenersGateway := func(body e2e.NamespacedTestBody) e2e.NamespacedTestBody { gatewayClass := getGatewayClass() gateway := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "multiple-https-listeners", }, Spec: gatewayapi_v1beta1.GatewaySpec{ @@ -363,7 +363,7 @@ var _ = Describe("Gateway API", func() { testWithTCPGateway := func(body e2e.NamespacedGatewayTestBody) e2e.NamespacedTestBody { gatewayClass := getGatewayClass() gw := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tcp", }, Spec: gatewayapi_v1beta1.GatewaySpec{ @@ -402,7 +402,7 @@ func getGatewayClass() *gatewayapi_v1beta1.GatewayClass { randNumber := getRandomNumber() return &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: fmt.Sprintf("contour-class-%d", randNumber), }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ diff --git a/test/e2e/gateway/host_rewrite_test.go b/test/e2e/gateway/host_rewrite_test.go index aaf8a95c10d..8631562a446 100644 --- a/test/e2e/gateway/host_rewrite_test.go +++ b/test/e2e/gateway/host_rewrite_test.go @@ -17,15 +17,16 @@ package gateway import ( . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testHostRewrite(namespace string, gateway types.NamespacedName) { @@ -35,7 +36,7 @@ func testHostRewrite(namespace string, gateway types.NamespacedName) { f.Fixtures.Echo.Deploy(namespace, "echo") route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "host-rewrite", }, diff --git a/test/e2e/gateway/multiple_gateways_and_classes_test.go b/test/e2e/gateway/multiple_gateways_and_classes_test.go index 66d62eb2c14..6628df9a25e 100644 --- a/test/e2e/gateway/multiple_gateways_and_classes_test.go +++ b/test/e2e/gateway/multiple_gateways_and_classes_test.go @@ -22,16 +22,17 @@ import ( . "github.com/onsi/ginkgo/v2" "github.com/onsi/gomega/gexec" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/stretchr/testify/require" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" + gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/internal/status" "github.com/projectcontour/contour/pkg/config" "github.com/projectcontour/contour/test/e2e" - "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) // Tests in this block set up/tear down their own GatewayClasses and Gateways. @@ -39,7 +40,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { var ( contourCmd *gexec.Session contourConfig *config.Parameters - contourConfiguration *contour_api_v1alpha1.ContourConfiguration + contourConfiguration *contour_v1alpha1.ContourConfiguration contourConfigFile string additionalContourArgs []string controllerName string @@ -57,7 +58,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { // Update contour configuration to point to specified gateway. contourConfiguration = e2e.DefaultContourConfiguration() - contourConfiguration.Spec.Gateway = &contour_api_v1alpha1.GatewayConfig{ + contourConfiguration.Spec.Gateway = &contour_v1alpha1.GatewayConfig{ ControllerName: controllerName, } @@ -88,7 +89,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { Specify("only the oldest matching gatewayclass should be accepted", func() { newGatewayClass := func(name, controller string) *gatewayapi_v1beta1.GatewayClass { return &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -118,7 +119,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { _, notOldest := f.CreateGatewayClassAndWaitFor(secondOldest, func(gc *gatewayapi_v1beta1.GatewayClass) bool { for _, cond := range gc.Status.Conditions { if cond.Type == string(gatewayapi_v1.GatewayClassConditionStatusAccepted) && - cond.Status == metav1.ConditionFalse && + cond.Status == meta_v1.ConditionFalse && cond.Reason == string(status.ReasonOlderGatewayClassExists) && cond.Message == "Invalid GatewayClass: another older GatewayClass with the same Spec.Controller exists" { return true @@ -147,7 +148,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { Specify("only the oldest gateway for the accepted gatewayclass should be accepted", func() { // Create a matching gateway class. gc := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour-gatewayclass", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -159,7 +160,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { // Create a matching gateway and verify it's accepted. oldest := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "oldest", Namespace: namespace, }, @@ -184,7 +185,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { // Create another matching gateway and verify it's not accepted. secondOldest := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "second-oldest", Namespace: namespace, }, @@ -207,7 +208,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { _, notAccepted := f.CreateGatewayAndWaitFor(secondOldest, func(gw *gatewayapi_v1beta1.Gateway) bool { for _, cond := range gw.Status.Conditions { if cond.Type == string(gatewayapi_v1.GatewayConditionAccepted) && - cond.Status == metav1.ConditionFalse && + cond.Status == meta_v1.ConditionFalse && cond.Reason == "OlderGatewayExists" { return true } @@ -236,7 +237,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { Specify("gatewayclass and gateway admission transitions properly when older gatewayclasses are deleted", func() { // Create a matching gateway class. olderGC := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "older-gc", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -248,7 +249,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { // Create a matching gateway and verify it's accepted. olderGCGateway1 := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "older-gc-gw-1", Namespace: namespace, }, @@ -274,7 +275,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { // Create a second matching gatewayclass & 2 associated gateways // and verify none of them are accepted. newerGC := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "newer-gc", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -290,7 +291,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { }, 5*time.Second, time.Second) newerGCGateway1 := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "newer-gc-gw-1", Namespace: namespace, }, @@ -319,7 +320,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { }, 5*time.Second, time.Second) newerGCGateway2 := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "newer-gc-gw-2", Namespace: namespace, }, diff --git a/test/e2e/gateway/multiple_https_listeners_test.go b/test/e2e/gateway/multiple_https_listeners_test.go index 233ece22b17..f6438bebd32 100644 --- a/test/e2e/gateway/multiple_https_listeners_test.go +++ b/test/e2e/gateway/multiple_https_listeners_test.go @@ -21,14 +21,15 @@ import ( "fmt" . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/test/e2e" ) func testMultipleHTTPSListeners(namespace string) { @@ -40,7 +41,7 @@ func testMultipleHTTPSListeners(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo-"+tc) route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "httproute-" + tc, }, @@ -65,7 +66,7 @@ func testMultipleHTTPSListeners(namespace string) { // Make requests to each listener hostname and validate the response // and upstream service. for _, tc := range []string{"1", "2", "3"} { - certSecret := &corev1.Secret{} + certSecret := &core_v1.Secret{} key := client.ObjectKey{Namespace: namespace, Name: "tlscert-" + tc} require.NoError(t, f.Client.Get(context.Background(), key, certSecret)) diff --git a/test/e2e/gateway/query_param_match_test.go b/test/e2e/gateway/query_param_match_test.go index 9e76c873178..ef9faa284b9 100644 --- a/test/e2e/gateway/query_param_match_test.go +++ b/test/e2e/gateway/query_param_match_test.go @@ -17,13 +17,14 @@ package gateway import ( . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/test/e2e" ) func testGatewayMultipleQueryParamMatch(namespace string, gateway types.NamespacedName) { @@ -36,7 +37,7 @@ func testGatewayMultipleQueryParamMatch(namespace string, gateway types.Namespac f.Fixtures.Echo.Deploy(namespace, "echo-4") route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "httproute-1", }, diff --git a/test/e2e/gateway/request_header_modifier_test.go b/test/e2e/gateway/request_header_modifier_test.go index 95e68863099..fd3d40128ae 100644 --- a/test/e2e/gateway/request_header_modifier_test.go +++ b/test/e2e/gateway/request_header_modifier_test.go @@ -19,14 +19,15 @@ import ( "net/http" . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/test/e2e" ) func testRequestHeaderModifierBackendRef(namespace string, gateway types.NamespacedName) { @@ -37,7 +38,7 @@ func testRequestHeaderModifierBackendRef(namespace string, gateway types.Namespa f.Fixtures.Echo.Deploy(namespace, "echo-header-nofilter") route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-filter-1", }, diff --git a/test/e2e/gateway/request_redirect_test.go b/test/e2e/gateway/request_redirect_test.go index 7734f81f49c..91faade8e53 100644 --- a/test/e2e/gateway/request_redirect_test.go +++ b/test/e2e/gateway/request_redirect_test.go @@ -19,15 +19,16 @@ import ( "net/http" . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testRequestRedirectRule(namespace string, gateway types.NamespacedName) { @@ -37,7 +38,7 @@ func testRequestRedirectRule(namespace string, gateway types.NamespacedName) { f.Fixtures.Echo.Deploy(namespace, "echo") route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "httproute-redirect", }, diff --git a/test/e2e/gateway/response_header_modifier_test.go b/test/e2e/gateway/response_header_modifier_test.go index d59501eec6c..5bbee8124c1 100644 --- a/test/e2e/gateway/response_header_modifier_test.go +++ b/test/e2e/gateway/response_header_modifier_test.go @@ -19,14 +19,15 @@ import ( "net/http" . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/test/e2e" ) func testResponseHeaderModifierBackendRef(namespace string, gateway types.NamespacedName) { @@ -37,7 +38,7 @@ func testResponseHeaderModifierBackendRef(namespace string, gateway types.Namesp f.Fixtures.Echo.Deploy(namespace, "echo-header-nofilter") route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-filter-1", }, diff --git a/test/e2e/gateway/tcproute_test.go b/test/e2e/gateway/tcproute_test.go index 109d1f19e9c..6d954352722 100644 --- a/test/e2e/gateway/tcproute_test.go +++ b/test/e2e/gateway/tcproute_test.go @@ -17,15 +17,16 @@ package gateway import ( . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testTCPRoute(namespace string, gateway types.NamespacedName) { @@ -35,7 +36,7 @@ func testTCPRoute(namespace string, gateway types.NamespacedName) { f.Fixtures.Echo.Deploy(namespace, "echo") route := &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "tcproute-1", }, diff --git a/test/e2e/gateway/tls_gateway_test.go b/test/e2e/gateway/tls_gateway_test.go index d6ed72a3cd3..a4a98f15d2b 100644 --- a/test/e2e/gateway/tls_gateway_test.go +++ b/test/e2e/gateway/tls_gateway_test.go @@ -17,15 +17,16 @@ package gateway import ( . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testTLSGateway(namespace string, gateway types.NamespacedName) { @@ -36,7 +37,7 @@ func testTLSGateway(namespace string, gateway types.NamespacedName) { f.Fixtures.Echo.Deploy(namespace, "echo-secure") route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-route-1", }, @@ -62,7 +63,7 @@ func testTLSGateway(namespace string, gateway types.NamespacedName) { f.CreateHTTPRouteAndWaitFor(route, e2e.HTTPRouteAccepted) route = &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-route-2", }, diff --git a/test/e2e/gateway/tls_wildcard_host_test.go b/test/e2e/gateway/tls_wildcard_host_test.go index 853524d510f..ebb01334934 100644 --- a/test/e2e/gateway/tls_wildcard_host_test.go +++ b/test/e2e/gateway/tls_wildcard_host_test.go @@ -19,14 +19,15 @@ import ( "crypto/tls" . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testTLSWildcardHost(namespace string, gateway types.NamespacedName) { @@ -37,7 +38,7 @@ func testTLSWildcardHost(namespace string, gateway types.NamespacedName) { f.Fixtures.Echo.Deploy(namespace, "echo") route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-route-1", }, diff --git a/test/e2e/gatewayapi_predicates.go b/test/e2e/gatewayapi_predicates.go index 5f307b15e61..4ae3b5a69f8 100644 --- a/test/e2e/gatewayapi_predicates.go +++ b/test/e2e/gatewayapi_predicates.go @@ -16,7 +16,7 @@ package e2e import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -32,7 +32,7 @@ func GatewayClassAccepted(gatewayClass *gatewayapi_v1beta1.GatewayClass) bool { return conditionExists( gatewayClass.Status.Conditions, string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - metav1.ConditionTrue, + meta_v1.ConditionTrue, ) } @@ -46,7 +46,7 @@ func GatewayClassNotAccepted(gatewayClass *gatewayapi_v1beta1.GatewayClass) bool return conditionExists( gatewayClass.Status.Conditions, string(gatewayapi_v1.GatewayClassConditionStatusAccepted), - metav1.ConditionFalse, + meta_v1.ConditionFalse, ) } @@ -60,7 +60,7 @@ func GatewayAccepted(gateway *gatewayapi_v1beta1.Gateway) bool { return conditionExists( gateway.Status.Conditions, string(gatewayapi_v1.GatewayConditionAccepted), - metav1.ConditionTrue, + meta_v1.ConditionTrue, ) } @@ -74,7 +74,7 @@ func GatewayProgrammed(gateway *gatewayapi_v1beta1.Gateway) bool { return conditionExists( gateway.Status.Conditions, string(gatewayapi_v1.GatewayConditionProgrammed), - metav1.ConditionTrue, + meta_v1.ConditionTrue, ) } @@ -86,7 +86,7 @@ func ListenerAccepted(gateway *gatewayapi_v1beta1.Gateway, listener gatewayapi_v return conditionExists( listenerStatus.Conditions, string(gatewayapi_v1.ListenerConditionAccepted), - metav1.ConditionTrue, + meta_v1.ConditionTrue, ) } } @@ -112,7 +112,7 @@ func HTTPRouteAccepted(route *gatewayapi_v1beta1.HTTPRoute) bool { } for _, gw := range route.Status.Parents { - if conditionExists(gw.Conditions, string(gatewayapi_v1beta1.RouteConditionAccepted), metav1.ConditionTrue) { + if conditionExists(gw.Conditions, string(gatewayapi_v1beta1.RouteConditionAccepted), meta_v1.ConditionTrue) { return true } } @@ -137,7 +137,7 @@ func TCPRouteAccepted(route *gatewayapi_v1alpha2.TCPRoute) bool { } for _, gw := range route.Status.Parents { - if conditionExists(gw.Conditions, string(gatewayapi_v1beta1.RouteConditionAccepted), metav1.ConditionTrue) { + if conditionExists(gw.Conditions, string(gatewayapi_v1beta1.RouteConditionAccepted), meta_v1.ConditionTrue) { return true } } @@ -162,7 +162,7 @@ func TLSRouteAccepted(route *gatewayapi_v1alpha2.TLSRoute) bool { } for _, gw := range route.Status.Parents { - if conditionExists(gw.Conditions, string(gatewayapi_v1alpha2.RouteConditionAccepted), metav1.ConditionTrue) { + if conditionExists(gw.Conditions, string(gatewayapi_v1alpha2.RouteConditionAccepted), meta_v1.ConditionTrue) { return true } } @@ -178,7 +178,7 @@ func BackendTLSPolicyAccepted(btp *gatewayapi_v1alpha2.BackendTLSPolicy) bool { } for _, gw := range btp.Status.Ancestors { - if conditionExists(gw.Conditions, string(gatewayapi_v1alpha2.PolicyConditionAccepted), metav1.ConditionTrue) { + if conditionExists(gw.Conditions, string(gatewayapi_v1alpha2.PolicyConditionAccepted), meta_v1.ConditionTrue) { return true } } @@ -186,7 +186,7 @@ func BackendTLSPolicyAccepted(btp *gatewayapi_v1alpha2.BackendTLSPolicy) bool { return false } -func conditionExists(conditions []metav1.Condition, conditionType string, conditionStatus metav1.ConditionStatus) bool { +func conditionExists(conditions []meta_v1.Condition, conditionType string, conditionStatus meta_v1.ConditionStatus) bool { for _, cond := range conditions { if cond.Type == conditionType && cond.Status == conditionStatus { return true diff --git a/test/e2e/httpproxy/backend_tls_protocol_version_test.go b/test/e2e/httpproxy/backend_tls_protocol_version_test.go index 9d47fb227d4..b0de55f0a10 100644 --- a/test/e2e/httpproxy/backend_tls_protocol_version_test.go +++ b/test/e2e/httpproxy/backend_tls_protocol_version_test.go @@ -22,18 +22,19 @@ import ( certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" certmanagermetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testBackendTLSProtocolVersion(namespace, protocolVersion string) { Specify("backend connection uses configured TLS version", func() { // Backend server cert signed by CA. backendServerCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "backend-server-cert", }, @@ -52,22 +53,22 @@ func testBackendTLSProtocolVersion(namespace, protocolVersion string) { require.NoError(f.T(), f.Client.Create(context.TODO(), backendServerCert)) f.Fixtures.EchoSecure.Deploy(namespace, "echo-secure", nil) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "backend-tls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "backend-tls.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-secure", Port: 443, - UpstreamValidation: &contourv1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "backend-client-cert", SubjectName: "echo-secure", }, diff --git a/test/e2e/httpproxy/backend_tls_test.go b/test/e2e/httpproxy/backend_tls_test.go index d69dd450624..de5e7fcda0b 100644 --- a/test/e2e/httpproxy/backend_tls_test.go +++ b/test/e2e/httpproxy/backend_tls_test.go @@ -23,20 +23,21 @@ import ( certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" certmanagermetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testBackendTLS(namespace string) { Specify("mTLS to backends can be configured", func() { // Backend server cert signed by CA. backendServerCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "backend-server-cert", }, @@ -55,22 +56,22 @@ func testBackendTLS(namespace string) { require.NoError(f.T(), f.Client.Create(context.TODO(), backendServerCert)) f.Fixtures.EchoSecure.Deploy(namespace, "echo-secure", nil) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "backend-tls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "backend-tls.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-secure", Port: 443, - UpstreamValidation: &contourv1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "backend-client-cert", SubjectName: "echo-secure", }, @@ -103,7 +104,7 @@ func testBackendTLS(namespace string) { // Get value of client cert Envoy should have presented. clientSecretKey := client.ObjectKey{Namespace: namespace, Name: "backend-client-cert"} - clientSecret := &corev1.Secret{} + clientSecret := &core_v1.Secret{} require.NoError(f.T(), f.Client.Get(context.TODO(), clientSecretKey, clientSecret)) assert.Equal(f.T(), tlsInfo.TLS.PeerCertificates[0], string(clientSecret.Data["tls.crt"])) diff --git a/test/e2e/httpproxy/cel_validation_test.go b/test/e2e/httpproxy/cel_validation_test.go index 3de95a80d92..5dc6b2f6496 100644 --- a/test/e2e/httpproxy/cel_validation_test.go +++ b/test/e2e/httpproxy/cel_validation_test.go @@ -20,32 +20,33 @@ import ( "strings" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) func testCELValidation(namespace string) { Specify("UpstreamValidation is validated by CEL rule on creation", func() { t := f.T() - subjectNameNoMatch := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + subjectNameNoMatch := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "subjectname-no-match", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "any-service-name", Port: 80000, - UpstreamValidation: &contourv1.UpstreamValidation{ + UpstreamValidation: &contour_v1.UpstreamValidation{ CACertificate: "namespace/name", SubjectNames: []string{"wrong.com", "example.com"}, SubjectName: "example.com", diff --git a/test/e2e/httpproxy/client_cert_auth_test.go b/test/e2e/httpproxy/client_cert_auth_test.go index 85e0f74c753..3f3cad87dd0 100644 --- a/test/e2e/httpproxy/client_cert_auth_test.go +++ b/test/e2e/httpproxy/client_cert_auth_test.go @@ -23,11 +23,12 @@ import ( certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" certmanagermetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testClientCertAuth(namespace string) { @@ -36,7 +37,7 @@ func testClientCertAuth(namespace string) { // Create a self-signed Issuer. selfSignedIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "selfsigned", }, @@ -51,7 +52,7 @@ func testClientCertAuth(namespace string) { // Using the selfsigned issuer, create a CA signing certificate for the // test issuer. caSigningCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-projectcontour-io", }, @@ -80,7 +81,7 @@ func testClientCertAuth(namespace string) { // Create a local CA issuer with the CA certificate that the selfsigned // issuer gave us. localCAIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-projectcontour-io", }, @@ -97,7 +98,7 @@ func testClientCertAuth(namespace string) { // Using the selfsigned issuer, create a CA signing certificate for another // test issuer. caSigningCert2 := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-notprojectcontour-io", }, @@ -126,7 +127,7 @@ func testClientCertAuth(namespace string) { // Create a local CA issuer with the CA certificate that the selfsigned // issuer gave us. localCAIssuer2 := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-notprojectcontour-io", }, @@ -144,7 +145,7 @@ func testClientCertAuth(namespace string) { // Get a server certificate for echo-no-auth. echoNoAuthCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-no-auth-cert", }, @@ -165,7 +166,7 @@ func testClientCertAuth(namespace string) { // Get a server certificate for echo-with-auth. echoWithAuthCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-with-auth-cert", }, @@ -186,7 +187,7 @@ func testClientCertAuth(namespace string) { // Get a server certificate for echo-with-auth-skip-verify. echoWithAuthSkipVerifyCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-with-auth-skip-verify-cert", }, @@ -207,7 +208,7 @@ func testClientCertAuth(namespace string) { // Get a server certificate for echo-with-auth-skip-verify-with-ca. echoWithAuthSkipVerifyWithCACert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-with-auth-skip-verify-with-ca-cert", }, @@ -228,7 +229,7 @@ func testClientCertAuth(namespace string) { // Get a server certificate for echo-with-optional-auth. echoWithOptionalAuth := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-with-optional-auth-cert", }, @@ -249,7 +250,7 @@ func testClientCertAuth(namespace string) { // Get a server certificate for echo-with-optional-auth-no-ca. echoWithOptionalAuthNoCA := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-with-optional-auth-no-ca-cert", }, @@ -268,7 +269,7 @@ func testClientCertAuth(namespace string) { // Get a client certificate. clientCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-client-cert", }, @@ -292,7 +293,7 @@ func testClientCertAuth(namespace string) { // Get another client certificate. clientCertInvalid := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-client-cert-invalid", }, @@ -315,21 +316,21 @@ func testClientCertAuth(namespace string) { f.Certs.CreateCertAndWaitFor(clientCertInvalid, certIsReady) // This proxy does not require client certificate auth. - noAuthProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + noAuthProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-no-auth", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "echo-no-auth.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo-no-auth", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-no-auth", Port: 80, @@ -342,24 +343,24 @@ func testClientCertAuth(namespace string) { f.CreateHTTPProxyAndWaitFor(noAuthProxy, e2e.HTTPProxyValid) // This proxy requires client certificate auth. - authProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + authProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-with-auth", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "echo-with-auth.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo-with-auth", - ClientValidation: &contourv1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "echo-with-auth", }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-with-auth", Port: 80, @@ -372,24 +373,24 @@ func testClientCertAuth(namespace string) { f.CreateHTTPProxyAndWaitFor(authProxy, e2e.HTTPProxyValid) // This proxy does not verify client certs. - authSkipVerifyProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + authSkipVerifyProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-with-auth-skip-verify", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "echo-with-auth-skip-verify.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo-with-auth-skip-verify", - ClientValidation: &contourv1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ SkipClientCertValidation: true, }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-with-auth-skip-verify", Port: 80, @@ -402,25 +403,25 @@ func testClientCertAuth(namespace string) { f.CreateHTTPProxyAndWaitFor(authSkipVerifyProxy, e2e.HTTPProxyValid) // This proxy requires a client certificate but does not verify it. - authSkipVerifyWithCAProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + authSkipVerifyWithCAProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-with-auth-skip-verify-with-ca", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "echo-with-auth-skip-verify-with-ca.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo-with-auth-skip-verify-with-ca", - ClientValidation: &contourv1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ SkipClientCertValidation: true, CACertificate: "echo-with-auth", }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-with-auth-skip-verify-with-ca", Port: 80, @@ -433,25 +434,25 @@ func testClientCertAuth(namespace string) { f.CreateHTTPProxyAndWaitFor(authSkipVerifyWithCAProxy, e2e.HTTPProxyValid) // This proxy requests a client certificate but only verifies it if sent. - optionalAuthProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + optionalAuthProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-with-optional-auth", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "echo-with-optional-auth.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo-with-optional-auth", - ClientValidation: &contourv1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ OptionalClientCertificate: true, CACertificate: "echo-with-auth", }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-with-optional-auth", Port: 80, @@ -464,25 +465,25 @@ func testClientCertAuth(namespace string) { f.CreateHTTPProxyAndWaitFor(optionalAuthProxy, e2e.HTTPProxyValid) // This proxy requests a client certificate but doesn't verify it if sent. - optionalAuthNoCAProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + optionalAuthNoCAProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-with-optional-auth-no-ca", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "echo-with-optional-auth-no-ca.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo-with-optional-auth-no-ca", - ClientValidation: &contourv1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ OptionalClientCertificate: true, SkipClientCertValidation: true, }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-with-optional-auth-no-ca", Port: 80, diff --git a/test/e2e/httpproxy/client_cert_crl_test.go b/test/e2e/httpproxy/client_cert_crl_test.go index 8a226b6e051..108ae50276e 100644 --- a/test/e2e/httpproxy/client_cert_crl_test.go +++ b/test/e2e/httpproxy/client_cert_crl_test.go @@ -21,14 +21,15 @@ import ( "strings" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/dag" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/tsaarni/certyaml" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/dag" + "github.com/projectcontour/contour/test/e2e" ) func testClientCertRevocation(namespace string) { @@ -99,8 +100,8 @@ func testClientCertRevocation(namespace string) { // Create Secret for CA that is used to validate client certificates. require.NoError(t, f.Client.Create(context.TODO(), - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: namespace, }, @@ -112,23 +113,23 @@ func testClientCertRevocation(namespace string) { // Create Secret for server TLS credentials. require.NoError(t, f.Client.Create(context.TODO(), - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "server-cert", Namespace: namespace, }, - Type: corev1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{ - corev1.TLSCertKey: certPEMBytes(t, &server), - corev1.TLSPrivateKeyKey: keyPEMBytes(t, &server), + core_v1.TLSCertKey: certPEMBytes(t, &server), + core_v1.TLSPrivateKeyKey: keyPEMBytes(t, &server), }, }, )) // Create Secret with CRLs from all CAs, combined as a PEM bundle. require.NoError(t, f.Client.Create(context.TODO(), - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "all-crls", Namespace: namespace, }, @@ -140,8 +141,8 @@ func testClientCertRevocation(namespace string) { // Create Secret with CRL from sub-CA only. require.NoError(t, f.Client.Create(context.TODO(), - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "only-revoked-sub-ca-crl", Namespace: namespace, }, @@ -152,25 +153,25 @@ func testClientCertRevocation(namespace string) { )) // Create HTTPProxy that does full chain CRL check. - proxyWithFullCRLCheck := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWithFullCRLCheck := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "crl-check-full", Namespace: namespace, }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "crl-check-full.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "server-cert", - ClientValidation: &contourv1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "ca", CertificateRevocationList: "all-crls", }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -183,26 +184,26 @@ func testClientCertRevocation(namespace string) { f.CreateHTTPProxyAndWaitFor(proxyWithFullCRLCheck, e2e.HTTPProxyValid) // Create HTTPProxy that does CRL check for leaf-certificates only. - proxyWithCRLLeafOnly := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWithCRLLeafOnly := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "crl-check-leaf-only", Namespace: namespace, }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "crl-check-leaf-only.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "server-cert", - ClientValidation: &contourv1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "ca", CertificateRevocationList: "only-revoked-sub-ca-crl", OnlyVerifyLeafCertCrl: true, }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -215,25 +216,25 @@ func testClientCertRevocation(namespace string) { f.CreateHTTPProxyAndWaitFor(proxyWithCRLLeafOnly, e2e.HTTPProxyValid) // HTTPProxy with full chain revocation but refers to Secret with only partial set of CRLs. - proxyWithCRLMissing := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWithCRLMissing := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "crl-check-full-but-missing-crl", Namespace: namespace, }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "crl-check-full-but-missing-crl.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "server-cert", - ClientValidation: &contourv1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "ca", CertificateRevocationList: "only-revoked-sub-ca-crl", }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -349,23 +350,23 @@ func testClientCertRevocation(namespace string) { // Create Secret for server credentials. require.NoError(t, f.Client.Create(context.TODO(), - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "server-cert", Namespace: namespace, }, - Type: corev1.SecretTypeTLS, + Type: core_v1.SecretTypeTLS, Data: map[string][]byte{ - corev1.TLSCertKey: certPEMBytes(t, &server), - corev1.TLSPrivateKeyKey: keyPEMBytes(t, &server), + core_v1.TLSCertKey: certPEMBytes(t, &server), + core_v1.TLSPrivateKeyKey: keyPEMBytes(t, &server), }, }, )) // Create Secret for CA to validate client certificates. require.NoError(t, f.Client.Create(context.TODO(), - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "ca", Namespace: namespace, }, @@ -376,25 +377,25 @@ func testClientCertRevocation(namespace string) { )) // Create HTTPProxy with client validation and CRL check. - proxyWithCRLCheck := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWithCRLCheck := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "crl-rotate", Namespace: namespace, }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "crl-rotate.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "server-cert", - ClientValidation: &contourv1.DownstreamValidation{ + ClientValidation: &contour_v1.DownstreamValidation{ CACertificate: "ca", CertificateRevocationList: "crl", }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -410,8 +411,8 @@ func testClientCertRevocation(namespace string) { // Create Secret with CRL where client certificate is revoked. require.NoError(t, f.Client.Create(context.TODO(), - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "crl", Namespace: namespace, }, @@ -439,8 +440,8 @@ func testClientCertRevocation(namespace string) { // Update Secret with CRL where client certificate is not revoked. require.NoError(t, f.Client.Update(context.TODO(), - &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ + &core_v1.Secret{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "crl", Namespace: namespace, }, diff --git a/test/e2e/httpproxy/cookie_rewrite_test.go b/test/e2e/httpproxy/cookie_rewrite_test.go index d5cd40605ff..9d3bfccc2c0 100644 --- a/test/e2e/httpproxy/cookie_rewrite_test.go +++ b/test/e2e/httpproxy/cookie_rewrite_test.go @@ -23,16 +23,17 @@ import ( "strings" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testInvalidCookieRewriteFields(namespace string) { @@ -48,24 +49,24 @@ func testInvalidCookieRewriteFields(namespace string) { }, controlChars...) for _, c := range invalidNameChars { - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: fmt.Sprintf("invalid-cookie-name-%d", c), }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: fmt.Sprintf("invalid-cookie-name-%d.projectcontour.io", c), }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: fmt.Sprintf("invalid%cchar", c), - PathRewrite: &contourv1.CookiePathRewrite{Value: "/foo"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/foo"}, }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -81,24 +82,24 @@ func testInvalidCookieRewriteFields(namespace string) { // ;, DEL, and control chars. invalidPathChars := append([]rune{';', 127}, controlChars...) for _, c := range invalidPathChars { - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: fmt.Sprintf("invalid-path-%d", c), }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: fmt.Sprintf("invalid-path-%d.projectcontour.io", c), }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "invalidpath", - PathRewrite: &contourv1.CookiePathRewrite{Value: fmt.Sprintf("/invalid%cpath", c)}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: fmt.Sprintf("/invalid%cpath", c)}, }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -115,26 +116,26 @@ func testInvalidCookieRewriteFields(namespace string) { "*", "*.foo.com", "invalid.char&.com", } for i, d := range invalidDomains { - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: fmt.Sprintf("invalid-domain-%d", i), }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: fmt.Sprintf("invalid-domain-%d.projectcontour.io", i), }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "invaliddomain", - DomainRewrite: &contourv1.CookieDomainRewrite{ + DomainRewrite: &contour_v1.CookieDomainRewrite{ Value: d, }, }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -147,24 +148,24 @@ func testInvalidCookieRewriteFields(namespace string) { require.Error(f.T(), f.Client.Create(context.TODO(), p), "expected domain rewrite %q to be invalid", d) } - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "invalid-samesite", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "invalid-samesite.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "invalid-samesite", SameSite: ref.To("Invalid"), }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -183,21 +184,21 @@ func testAppCookieRewrite(namespace string) { deployEchoServer(f.T(), f.Client, namespace, "echo") deployEchoServer(f.T(), f.Client, namespace, "echo-other") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "app-cookie-rewrite", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "app-cookie-rewrite.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/no-rewrite"}, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -205,19 +206,19 @@ func testAppCookieRewrite(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/no-attributes"}, }, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "no-attributes", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/foo"}, - DomainRewrite: &contourv1.CookieDomainRewrite{Value: "foo.com"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/foo"}, + DomainRewrite: &contour_v1.CookieDomainRewrite{Value: "foo.com"}, Secure: ref.To(true), SameSite: ref.To("Strict"), }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -225,19 +226,19 @@ func testAppCookieRewrite(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/rewrite-all"}, }, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "rewrite-all", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/ra"}, - DomainRewrite: &contourv1.CookieDomainRewrite{Value: "ra.com"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/ra"}, + DomainRewrite: &contour_v1.CookieDomainRewrite{Value: "ra.com"}, Secure: ref.To(false), SameSite: ref.To("Lax"), }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -245,16 +246,16 @@ func testAppCookieRewrite(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/rewrite-some"}, }, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "rewrite-some", - DomainRewrite: &contourv1.CookieDomainRewrite{Value: "rs.com"}, + DomainRewrite: &contour_v1.CookieDomainRewrite{Value: "rs.com"}, }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -262,20 +263,20 @@ func testAppCookieRewrite(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/multi"}, }, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "multi-1", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/m1"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/m1"}, }, { Name: "multi-2", - DomainRewrite: &contourv1.CookieDomainRewrite{Value: "m2.com"}, + DomainRewrite: &contour_v1.CookieDomainRewrite{Value: "m2.com"}, }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -283,61 +284,61 @@ func testAppCookieRewrite(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/service"}, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "service", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/svc-new"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/svc-new"}, }, }, }, { Name: "echo-other", Port: 80, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "service", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/svc-new-other"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/svc-new-other"}, }, }, }, }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/route-and-service"}, }, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "route-service", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/route"}, - DomainRewrite: &contourv1.CookieDomainRewrite{Value: "route.com"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/route"}, + DomainRewrite: &contour_v1.CookieDomainRewrite{Value: "route.com"}, }, { Name: "route", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/route"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/route"}, }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "route-service", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/service"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/service"}, Secure: ref.To(true), SameSite: ref.To("Lax"), }, { Name: "service", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/service"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/service"}, }, }, }, @@ -438,27 +439,27 @@ func testHeaderGlobalRewriteCookieRewrite(namespace string) { Specify("cookies from global header rewrites can be rewritten", func() { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "global-header-rewrite-cookie-rewrite", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "global-header-rewrite-cookie-rewrite.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/global"}, }, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "global", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/global"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/global"}, }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -485,31 +486,31 @@ func testHeaderRewriteCookieRewrite(namespace string) { Specify("cookies from HTTPProxy header rewrites can be rewritten", func() { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "header-rewrite-cookie-rewrite", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "header-rewrite-cookie-rewrite.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/cookie-lb"}, }, - LoadBalancerPolicy: &contourv1.LoadBalancerPolicy{ + LoadBalancerPolicy: &contour_v1.LoadBalancerPolicy{ Strategy: "Cookie", }, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "X-Contour-Session-Affinity", Secure: ref.To(true), SameSite: ref.To("Strict"), }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -517,21 +518,21 @@ func testHeaderRewriteCookieRewrite(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/route-route"}, }, - ResponseHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ {Name: "Set-Cookie", Value: "route-route=foo"}, }, }, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "route-route", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/route-route"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/route-route"}, }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -539,65 +540,65 @@ func testHeaderRewriteCookieRewrite(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/route-service"}, }, - ResponseHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ {Name: "Set-Cookie", Value: "route-service=foo"}, }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "route-service", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/route-service"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/route-service"}, }, }, }, }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/service-service"}, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, - ResponseHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ {Name: "Set-Cookie", Value: "service-service=bar"}, }, }, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "service-service", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/service-service"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/service-service"}, }, }, }, }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ {Prefix: "/service-route"}, }, - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "service-route", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/service-route"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/service-route"}, }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, - ResponseHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ {Name: "Set-Cookie", Value: "service-route=bar"}, }, }, @@ -661,30 +662,30 @@ func testCookieRewriteTLS(namespace string) { deployEchoServer(f.T(), f.Client, namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo-cert", "echo", "cookie-rewrite-tls.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "cookie-rewrite-tls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "cookie-rewrite-tls.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - CookieRewritePolicies: []contourv1.CookieRewritePolicy{ + CookieRewritePolicies: []contour_v1.CookieRewritePolicy{ { Name: "a-cookie", - PathRewrite: &contourv1.CookiePathRewrite{Value: "/"}, - DomainRewrite: &contourv1.CookieDomainRewrite{Value: "cookie-rewrite-tls.projectcontour.io"}, + PathRewrite: &contour_v1.CookiePathRewrite{Value: "/"}, + DomainRewrite: &contour_v1.CookieDomainRewrite{Value: "cookie-rewrite-tls.projectcontour.io"}, Secure: ref.To(true), SameSite: ref.To("Strict"), }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -807,25 +808,25 @@ func requestSetCookieHeader(https bool, host, route string, setCookieValues ...s } func deployEchoServer(t require.TestingT, c client.Client, ns, name string) { - deployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployment := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, - Spec: appsv1.DeploymentSpec{ - Selector: &metav1.LabelSelector{ + Spec: apps_v1.DeploymentSpec{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"app.kubernetes.io/name": name}, }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ + Template: core_v1.PodTemplateSpec{ + ObjectMeta: meta_v1.ObjectMeta{ Labels: map[string]string{"app.kubernetes.io/name": name}, }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ + Spec: core_v1.PodSpec{ + Containers: []core_v1.Container{ { Name: "echo", Image: "docker.io/ealen/echo-server:0.5.1", - Env: []corev1.EnvVar{ + Env: []core_v1.EnvVar{ { Name: "INGRESS_NAME", Value: name, @@ -836,16 +837,16 @@ func deployEchoServer(t require.TestingT, c client.Client, ns, name string) { }, { Name: "POD_NAME", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ FieldPath: "metadata.name", }, }, }, { Name: "NAMESPACE", - ValueFrom: &corev1.EnvVarSource{ - FieldRef: &corev1.ObjectFieldSelector{ + ValueFrom: &core_v1.EnvVarSource{ + FieldRef: &core_v1.ObjectFieldSelector{ FieldPath: "metadata.namespace", }, }, @@ -855,15 +856,15 @@ func deployEchoServer(t require.TestingT, c client.Client, ns, name string) { Value: "3000", }, }, - Ports: []corev1.ContainerPort{ + Ports: []core_v1.ContainerPort{ { Name: "http", ContainerPort: 3000, }, }, - ReadinessProbe: &corev1.Probe{ - ProbeHandler: corev1.ProbeHandler{ - HTTPGet: &corev1.HTTPGetAction{ + ReadinessProbe: &core_v1.Probe{ + ProbeHandler: core_v1.ProbeHandler{ + HTTPGet: &core_v1.HTTPGetAction{ Path: "/ping", Port: intstr.FromInt(3000), }, @@ -877,13 +878,13 @@ func deployEchoServer(t require.TestingT, c client.Client, ns, name string) { } require.NoError(t, c.Create(context.TODO(), deployment)) - service := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + service := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: ns, Name: name, }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{ { Name: "http", Port: 80, diff --git a/test/e2e/httpproxy/default_global_rate_limiting_test.go b/test/e2e/httpproxy/default_global_rate_limiting_test.go index 7682d803745..90cb95dd44b 100644 --- a/test/e2e/httpproxy/default_global_rate_limiting_test.go +++ b/test/e2e/httpproxy/default_global_rate_limiting_test.go @@ -20,12 +20,13 @@ import ( "net/http" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testDefaultGlobalRateLimitingVirtualHostNonTLS(namespace string) { @@ -34,18 +35,18 @@ func testDefaultGlobalRateLimitingVirtualHostNonTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "defaultglobalratelimitvhostnontls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "defaultglobalratelimitvhostnontls.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -77,23 +78,23 @@ func testDefaultGlobalRateLimitingVirtualHostNonTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "defaultglobalratelimitvhostnontls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "defaultglobalratelimitvhostnontls.projectcontour.io", - RateLimitPolicy: &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: true, }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -139,21 +140,21 @@ func testDefaultGlobalRateLimitingVirtualHostNonTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "defaultglobalratelimitvhostnontls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "defaultglobalratelimitvhostnontls.projectcontour.io", - RateLimitPolicy: &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ - Descriptors: []contourv1.RateLimitDescriptor{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contourv1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contourv1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Value: "foo", }, }, @@ -163,9 +164,9 @@ func testDefaultGlobalRateLimitingVirtualHostNonTLS(namespace string) { }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -195,21 +196,21 @@ func testDefaultGlobalRateLimitingVirtualHostTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo-cert", "echo", "globalratelimitvhosttls.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "defaultglobalratelimitvhostnontls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "defaultglobalratelimitvhostnontls.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -242,26 +243,26 @@ func testDefaultGlobalRateLimitingVirtualHostTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo-cert", "echo", "globalratelimitroutetls.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "defaultglobalratelimitvhostnontls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "defaultglobalratelimitvhostnontls.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, - RateLimitPolicy: &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: true, }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -308,24 +309,24 @@ func testDefaultGlobalRateLimitingVirtualHostTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo-cert", "echo", "globalratelimitroutetls.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "defaultglobalratelimitvhostnontls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "defaultglobalratelimitvhostnontls.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, - RateLimitPolicy: &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ - Descriptors: []contourv1.RateLimitDescriptor{ + RateLimitPolicy: &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contourv1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RequestHeader: &contourv1.RequestHeaderDescriptor{ + RequestHeader: &contour_v1.RequestHeaderDescriptor{ HeaderName: "X-HTTPProxy-Descriptor", DescriptorKey: "customHeader", }, @@ -336,9 +337,9 @@ func testDefaultGlobalRateLimitingVirtualHostTLS(namespace string) { }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -372,24 +373,24 @@ func testDefaultGlobalRateLimitingWithVhRateLimitsIgnore(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "defaultglobalratelimitvhratelimits", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "defaultglobalratelimitvhratelimits.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/echo", }, @@ -421,8 +422,8 @@ func testDefaultGlobalRateLimitingWithVhRateLimitsIgnore(namespace string) { } // Add a global rate limit policy on the route. - p.Spec.Routes[0].RateLimitPolicy = &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ + p.Spec.Routes[0].RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: true, }, } diff --git a/test/e2e/httpproxy/direct_response_test.go b/test/e2e/httpproxy/direct_response_test.go index 254ac4f5548..cc18c3db604 100644 --- a/test/e2e/httpproxy/direct_response_test.go +++ b/test/e2e/httpproxy/direct_response_test.go @@ -16,13 +16,13 @@ package httpproxy import ( - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testDirectResponseRule(namespace string) { @@ -33,7 +33,7 @@ func testDirectResponseRule(namespace string) { }) } -func doDirectTest(namespace string, proxy *contour_api_v1.HTTPProxy, t GinkgoTInterface) { +func doDirectTest(namespace string, proxy *contour_v1.HTTPProxy, t GinkgoTInterface) { f.Fixtures.Echo.Deploy(namespace, "echo") _, ok := f.CreateHTTPProxyAndWaitFor(proxy, e2e.HTTPProxyValid) @@ -60,34 +60,34 @@ func assertDirectResponseRequest(t GinkgoTInterface, fqdn, path, expectedBody st assert.Equal(t, expectedBody, string(res.Body)) } -func getDirectResponseHTTPProxy(namespace string) *contour_api_v1.HTTPProxy { - return &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ +func getDirectResponseHTTPProxy(namespace string) *contour_v1.HTTPProxy { + return &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "direct-response", Namespace: namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "directresponse.projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/directresponse-nobody", }}, - DirectResponsePolicy: &contour_api_v1.HTTPDirectResponsePolicy{StatusCode: 200}, + DirectResponsePolicy: &contour_v1.HTTPDirectResponsePolicy{StatusCode: 200}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/directresponse", }}, - DirectResponsePolicy: &contour_api_v1.HTTPDirectResponsePolicy{ + DirectResponsePolicy: &contour_v1.HTTPDirectResponsePolicy{ StatusCode: 200, Body: "directResponse success", }, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/directresponse-notfound", }}, - DirectResponsePolicy: &contour_api_v1.HTTPDirectResponsePolicy{ + DirectResponsePolicy: &contour_v1.HTTPDirectResponsePolicy{ StatusCode: 404, Body: "not found", }, diff --git a/test/e2e/httpproxy/dynamic_headers_test.go b/test/e2e/httpproxy/dynamic_headers_test.go index 9e98c6bc631..0ea2b791ceb 100644 --- a/test/e2e/httpproxy/dynamic_headers_test.go +++ b/test/e2e/httpproxy/dynamic_headers_test.go @@ -20,11 +20,12 @@ import ( "strings" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testDynamicHeaders(namespace string) { @@ -33,23 +34,23 @@ func testDynamicHeaders(namespace string) { f.Fixtures.Echo.Deploy(namespace, "ingress-conformance-echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "dynamic-headers", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "dynamicheaders.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "ingress-conformance-echo", Port: 80, - RequestHeadersPolicy: &contourv1.HeadersPolicy{}, - ResponseHeadersPolicy: &contourv1.HeadersPolicy{}, + RequestHeadersPolicy: &contour_v1.HeadersPolicy{}, + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{}, }, }, }, @@ -94,7 +95,7 @@ func testDynamicHeaders(namespace string) { "X-Contour-Service": "%CONTOUR_SERVICE_NAME%:%CONTOUR_SERVICE_PORT%", } for k, v := range requestHeaders { - hv := contourv1.HeaderValue{ + hv := contour_v1.HeaderValue{ Name: k, Value: v, } @@ -136,7 +137,7 @@ func testDynamicHeaders(namespace string) { "X-Dynamic-Header-24": "%RESPONSE_CODE_DETAILS%", } for k, v := range responseHeaders { - hv := contourv1.HeaderValue{ + hv := contour_v1.HeaderValue{ Name: k, Value: v, } diff --git a/test/e2e/httpproxy/exact_path_condition_match_test.go b/test/e2e/httpproxy/exact_path_condition_match_test.go index d0b89ff0cb4..f1c722997df 100644 --- a/test/e2e/httpproxy/exact_path_condition_match_test.go +++ b/test/e2e/httpproxy/exact_path_condition_match_test.go @@ -18,10 +18,11 @@ package httpproxy import ( . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testExactPathCondition(namespace string) { @@ -35,89 +36,89 @@ func testExactPathCondition(namespace string) { f.Fixtures.Echo.Deploy(serviceNamespace, "echo-green") f.Fixtures.Echo.Deploy(serviceNamespace, "echo-default") - serviceProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + serviceProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: serviceNamespace, Name: "echo-exact", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "exactpathcondition.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-blue", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/blue", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-blue", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Exact: "/common/exact-blue", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-green", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/common/exact-blue/", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-green", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Exact: "/blue-exact-green", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-green", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Exact: "/blue/exact-green", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-default", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, diff --git a/test/e2e/httpproxy/external_auth_test.go b/test/e2e/httpproxy/external_auth_test.go index 5e40e7e32fe..c35bfb1226b 100644 --- a/test/e2e/httpproxy/external_auth_test.go +++ b/test/e2e/httpproxy/external_auth_test.go @@ -19,15 +19,16 @@ import ( "context" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contourv1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - appsv1 "k8s.io/api/apps/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/test/e2e" ) func testExternalAuth(namespace string) { @@ -40,28 +41,28 @@ func testExternalAuth(namespace string) { f.Certs.CreateSelfSignedCert(namespace, "testserver-cert", "testserver-cert", "testserver") // auth testserver - deployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployment := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "testserver", Labels: map[string]string{ "app.kubernetes.io/name": "testserver", }, }, - Spec: appsv1.DeploymentSpec{ - Selector: &metav1.LabelSelector{ + Spec: apps_v1.DeploymentSpec{ + Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"app.kubernetes.io/name": "testserver"}, }, - Template: corev1.PodTemplateSpec{ - ObjectMeta: metav1.ObjectMeta{ + Template: core_v1.PodTemplateSpec{ + ObjectMeta: meta_v1.ObjectMeta{ Labels: map[string]string{"app.kubernetes.io/name": "testserver"}, }, - Spec: corev1.PodSpec{ - Containers: []corev1.Container{ + Spec: core_v1.PodSpec{ + Containers: []core_v1.Container{ { Name: "testserver", Image: "ghcr.io/projectcontour/contour-authserver:v4", - ImagePullPolicy: corev1.PullIfNotPresent, + ImagePullPolicy: core_v1.PullIfNotPresent, Command: []string{ "/contour-authserver", }, @@ -72,14 +73,14 @@ func testExternalAuth(namespace string) { "--tls-cert-path=/tls/tls.crt", "--tls-key-path=/tls/tls.key", }, - Ports: []corev1.ContainerPort{ + Ports: []core_v1.ContainerPort{ { Name: "auth", ContainerPort: 9443, - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, }, }, - VolumeMounts: []corev1.VolumeMount{ + VolumeMounts: []core_v1.VolumeMount{ { Name: "tls", MountPath: "/tls", @@ -88,11 +89,11 @@ func testExternalAuth(namespace string) { }, }, }, - Volumes: []corev1.Volume{ + Volumes: []core_v1.Volume{ { Name: "tls", - VolumeSource: corev1.VolumeSource{ - Secret: &corev1.SecretVolumeSource{ + VolumeSource: core_v1.VolumeSource{ + Secret: &core_v1.SecretVolumeSource{ SecretName: "testserver-cert", }, }, @@ -104,19 +105,19 @@ func testExternalAuth(namespace string) { } require.NoError(t, f.Client.Create(context.TODO(), deployment)) - svc := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + svc := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "testserver", Namespace: namespace, Labels: map[string]string{ "app.kubernetes.io/name": "testserver", }, }, - Spec: corev1.ServiceSpec{ - Ports: []corev1.ServicePort{ + Spec: core_v1.ServiceSpec{ + Ports: []core_v1.ServicePort{ { Name: "auth", - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, Port: 9443, TargetPort: intstr.FromInt(9443), }, @@ -124,18 +125,18 @@ func testExternalAuth(namespace string) { Selector: map[string]string{ "app.kubernetes.io/name": "testserver", }, - Type: corev1.ServiceTypeClusterIP, + Type: core_v1.ServiceTypeClusterIP, }, } require.NoError(t, f.Client.Create(context.TODO(), svc)) - extSvc := &contourv1alpha1.ExtensionService{ - ObjectMeta: metav1.ObjectMeta{ + extSvc := &contour_v1alpha1.ExtensionService{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "testserver", Namespace: namespace, }, - Spec: contourv1alpha1.ExtensionServiceSpec{ - Services: []contourv1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ { Name: "testserver", Port: 9443, @@ -145,43 +146,43 @@ func testExternalAuth(namespace string) { } require.NoError(t, f.Client.Create(context.TODO(), extSvc)) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-auth", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "externalauth.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, - Authorization: &contourv1.AuthorizationServer{ + Authorization: &contour_v1.AuthorizationServer{ ResponseTimeout: "500ms", - ExtensionServiceRef: contourv1.ExtensionServiceReference{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Name: extSvc.Name, Namespace: extSvc.Namespace, }, - AuthPolicy: &contourv1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "hostname": "externalauth.projectcontour.io", }, }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/first", }, }, - AuthPolicy: &contourv1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "target": "first", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -190,15 +191,15 @@ func testExternalAuth(namespace string) { }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/second", }, }, - AuthPolicy: &contourv1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Disabled: true, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -207,12 +208,12 @@ func testExternalAuth(namespace string) { }, { - AuthPolicy: &contourv1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "target": "default", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, diff --git a/test/e2e/httpproxy/external_name_test.go b/test/e2e/httpproxy/external_name_test.go index 022a2a84853..3f322e08052 100644 --- a/test/e2e/httpproxy/external_name_test.go +++ b/test/e2e/httpproxy/external_name_test.go @@ -20,12 +20,13 @@ import ( "strings" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/stretchr/testify/require" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" - "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func testExternalNameServiceInsecure(namespace string) { @@ -34,15 +35,15 @@ func testExternalNameServiceInsecure(namespace string) { f.Fixtures.Echo.Deploy(namespace, "ingress-conformance-echo") - externalNameService := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + externalNameService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-name-service", }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceTypeExternalName, + Spec: core_v1.ServiceSpec{ + Type: core_v1.ServiceTypeExternalName, ExternalName: "ingress-conformance-echo." + namespace, - Ports: []corev1.ServicePort{ + Ports: []core_v1.ServicePort{ { Name: "http", Port: 80, @@ -52,25 +53,25 @@ func testExternalNameServiceInsecure(namespace string) { } require.NoError(t, f.Client.Create(context.TODO(), externalNameService)) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-name-proxy", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "externalnameservice.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: externalNameService.Name, Port: 80, }, }, - RequestHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ { Name: "Host", Value: externalNameService.Spec.ExternalName, @@ -103,45 +104,45 @@ func testExternalNameServiceTLS(namespace string) { f.Fixtures.EchoSecure.Deploy(namespace, "echo-tls", nil) - externalNameService := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + externalNameService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-name-service-tls", }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceTypeExternalName, + Spec: core_v1.ServiceSpec{ + Type: core_v1.ServiceTypeExternalName, ExternalName: "echo-tls." + namespace, - Ports: []corev1.ServicePort{ + Ports: []core_v1.ServicePort{ { Name: "https", Port: 443, - Protocol: corev1.ProtocolTCP, + Protocol: core_v1.ProtocolTCP, }, }, }, } require.NoError(t, f.Client.Create(context.TODO(), externalNameService)) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-name-proxy-tls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tls.externalnameservice.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: externalNameService.Name, Port: 443, Protocol: ref.To("tls"), }, }, - RequestHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ { Name: "Host", Value: externalNameService.Spec.ExternalName, @@ -172,17 +173,17 @@ func testExternalNameServiceLocalhostInvalid(namespace string) { f.Fixtures.Echo.Deploy(namespace, "ingress-conformance-echo") - externalNameService := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + externalNameService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-name-service-localhost", }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceTypeExternalName, + Spec: core_v1.ServiceSpec{ + Type: core_v1.ServiceTypeExternalName, // The unit tests test just `localhost`, so test another item from that // list. ExternalName: "localhost.localdomain", - Ports: []corev1.ServicePort{ + Ports: []core_v1.ServicePort{ { Name: "http", Port: 80, @@ -192,25 +193,25 @@ func testExternalNameServiceLocalhostInvalid(namespace string) { } require.NoError(t, f.Client.Create(context.TODO(), externalNameService)) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-name-proxy", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "externalnameservice.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: externalNameService.Name, Port: 80, }, }, - RequestHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ { Name: "Host", Value: externalNameService.Spec.ExternalName, @@ -224,17 +225,17 @@ func testExternalNameServiceLocalhostInvalid(namespace string) { // The HTTPProxy should be marked invalid due to the service // using localhost.localdomain. - _, invalid := f.CreateHTTPProxyAndWaitFor(p, func(proxy *contourv1.HTTPProxy) bool { - validCond := proxy.Status.GetConditionFor(contourv1.ValidConditionType) + _, invalid := f.CreateHTTPProxyAndWaitFor(p, func(proxy *contour_v1.HTTPProxy) bool { + validCond := proxy.Status.GetConditionFor(contour_v1.ValidConditionType) if validCond == nil { return false } - if validCond.Status != metav1.ConditionFalse { + if validCond.Status != meta_v1.ConditionFalse { return false } for _, err := range validCond.Errors { - if err.Type == contourv1.ConditionTypeServiceError && + if err.Type == contour_v1.ConditionTypeServiceError && err.Reason == "ServiceUnresolvedReference" && strings.Contains(err.Message, "is an ExternalName service that points to localhost") { return true diff --git a/test/e2e/httpproxy/fqdn_test.go b/test/e2e/httpproxy/fqdn_test.go index 881fed97b09..b113a48921e 100644 --- a/test/e2e/httpproxy/fqdn_test.go +++ b/test/e2e/httpproxy/fqdn_test.go @@ -19,30 +19,31 @@ import ( "context" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testWildcardFQDN(namespace string) { Specify("invalid wildcard fqdn", func() { t := f.T() - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "wildcard-subdomain", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "*", }, - Routes: []contourv1.Route{{ - Services: []contourv1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "ingress-conformance-echo", Port: 80, }}, @@ -64,17 +65,17 @@ func testWildcardSubdomainFQDN(namespace string) { f.Fixtures.Echo.Deploy(namespace, "domainio") f.Fixtures.Echo.Deploy(namespace, "bardomainio") - proxyWildcard := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyWildcard := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "wildcard", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "*.domain.io", }, - Routes: []contourv1.Route{{ - Services: []contourv1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ { Name: "wildcarddomainio", Port: 80, @@ -83,17 +84,17 @@ func testWildcardSubdomainFQDN(namespace string) { }}, }, } - proxyFullFQDN := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyFullFQDN := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "full-fqdn", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "domain.io", }, - Routes: []contourv1.Route{{ - Services: []contourv1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ { Name: "domainio", Port: 80, @@ -102,17 +103,17 @@ func testWildcardSubdomainFQDN(namespace string) { }}, }, } - proxyFullFQDNSubdomain := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxyFullFQDNSubdomain := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "fqdn-subdomain", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "bar.domain.io", }, - Routes: []contourv1.Route{{ - Services: []contourv1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ { Name: "bardomainio", Port: 80, @@ -187,25 +188,25 @@ func testIngressWildcardSubdomainFQDN(namespace string) { f.Fixtures.Echo.Deploy(namespace, "wildcarddomainio") f.Fixtures.Echo.Deploy(namespace, "bardomainio") - ingressWildcard := &networkingv1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + ingressWildcard := &networking_v1.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "wildcard-ingress", }, - Spec: networkingv1.IngressSpec{ - Rules: []networkingv1.IngressRule{ + Spec: networking_v1.IngressSpec{ + Rules: []networking_v1.IngressRule{ { Host: "*.wildcard-override.projectcontour.io", - IngressRuleValue: networkingv1.IngressRuleValue{ - HTTP: &networkingv1.HTTPIngressRuleValue{ - Paths: []networkingv1.HTTPIngressPath{ + IngressRuleValue: networking_v1.IngressRuleValue{ + HTTP: &networking_v1.HTTPIngressRuleValue{ + Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networkingv1.PathTypePrefix), + PathType: ref.To(networking_v1.PathTypePrefix), Path: "/", - Backend: networkingv1.IngressBackend{ - Service: &networkingv1.IngressServiceBackend{ + Backend: networking_v1.IngressBackend{ + Service: &networking_v1.IngressServiceBackend{ Name: "wildcarddomainio", - Port: networkingv1.ServiceBackendPort{ + Port: networking_v1.ServiceBackendPort{ Number: 80, }, }, @@ -220,17 +221,17 @@ func testIngressWildcardSubdomainFQDN(namespace string) { } require.NoError(t, f.Client.Create(context.TODO(), ingressWildcard)) - proxySubdomain := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxySubdomain := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "fqdn-subdomain", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "bar.wildcard-override.projectcontour.io", }, - Routes: []contourv1.Route{{ - Services: []contourv1.Service{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{ { Name: "bardomainio", Port: 80, diff --git a/test/e2e/httpproxy/global_external_auth_test.go b/test/e2e/httpproxy/global_external_auth_test.go index 666e820e479..c66407f31c1 100644 --- a/test/e2e/httpproxy/global_external_auth_test.go +++ b/test/e2e/httpproxy/global_external_auth_test.go @@ -18,10 +18,11 @@ package httpproxy import ( . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testGlobalExternalAuthVirtualHostNonTLS(namespace string) { @@ -30,23 +31,23 @@ func testGlobalExternalAuthVirtualHostNonTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-auth", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "http.globalexternalauth.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/first", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -54,15 +55,15 @@ func testGlobalExternalAuthVirtualHostNonTLS(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/second", }, }, - AuthPolicy: &contourv1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Disabled: true, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -70,12 +71,12 @@ func testGlobalExternalAuthVirtualHostNonTLS(namespace string) { }, }, { - AuthPolicy: &contourv1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "target": "default", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -125,26 +126,26 @@ func testGlobalExternalAuthTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo", "echo", "https.globalexternalauth.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-auth", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "https.globalexternalauth.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/first", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -152,15 +153,15 @@ func testGlobalExternalAuthTLS(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/second", }, }, - AuthPolicy: &contourv1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Disabled: true, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -168,12 +169,12 @@ func testGlobalExternalAuthTLS(namespace string) { }, }, { - AuthPolicy: &contourv1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Context: map[string]string{ "target": "default", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -222,28 +223,28 @@ func testGlobalExternalAuthNonTLSAuthDisabled(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-auth", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "disabled.http.globalexternalauth.projectcontour.io", - Authorization: &contourv1.AuthorizationServer{ - AuthPolicy: &contourv1.AuthorizationPolicy{ + Authorization: &contour_v1.AuthorizationServer{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Disabled: true, }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/first", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -251,12 +252,12 @@ func testGlobalExternalAuthNonTLSAuthDisabled(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/second", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -264,7 +265,7 @@ func testGlobalExternalAuthNonTLSAuthDisabled(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -311,31 +312,31 @@ func testGlobalExternalAuthTLSAuthDisabled(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo", "echo", "disabled.https.globalexternalauth.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-auth", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "disabled.https.globalexternalauth.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, - Authorization: &contourv1.AuthorizationServer{ - AuthPolicy: &contourv1.AuthorizationPolicy{ + Authorization: &contour_v1.AuthorizationServer{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Disabled: true, }, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/first", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -343,12 +344,12 @@ func testGlobalExternalAuthTLSAuthDisabled(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/second", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -356,7 +357,7 @@ func testGlobalExternalAuthTLSAuthDisabled(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, diff --git a/test/e2e/httpproxy/global_rate_limiting_test.go b/test/e2e/httpproxy/global_rate_limiting_test.go index d0e4788021a..35526283f70 100644 --- a/test/e2e/httpproxy/global_rate_limiting_test.go +++ b/test/e2e/httpproxy/global_rate_limiting_test.go @@ -19,12 +19,13 @@ import ( "context" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testGlobalRateLimitingVirtualHostNonTLS(namespace string) { @@ -33,18 +34,18 @@ func testGlobalRateLimitingVirtualHostNonTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "globalratelimitvhostnontls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "globalratelimitvhostnontls.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -71,13 +72,13 @@ func testGlobalRateLimitingVirtualHostNonTLS(namespace string) { } // Add a global rate limit policy on the virtual host. - p.Spec.VirtualHost.RateLimitPolicy = &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ - Descriptors: []contourv1.RateLimitDescriptor{ + p.Spec.VirtualHost.RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contourv1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contourv1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Value: "vhostlimit", }, }, @@ -116,18 +117,18 @@ func testGlobalRateLimitingRouteNonTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "globalratelimitroutenontls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "globalratelimitroutenontls.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -135,13 +136,13 @@ func testGlobalRateLimitingRouteNonTLS(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/unlimited", }, @@ -167,13 +168,13 @@ func testGlobalRateLimitingRouteNonTLS(namespace string) { return err } - p.Spec.Routes[0].RateLimitPolicy = &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ - Descriptors: []contourv1.RateLimitDescriptor{ + p.Spec.Routes[0].RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contourv1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contourv1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Key: "route_limit_key", Value: "routelimit", }, @@ -224,21 +225,21 @@ func testGlobalRateLimitingVirtualHostTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo-cert", "echo", "globalratelimitvhosttls.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "globalratelimitvhosttls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "globalratelimitvhosttls.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -265,13 +266,13 @@ func testGlobalRateLimitingVirtualHostTLS(namespace string) { return err } - p.Spec.VirtualHost.RateLimitPolicy = &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ - Descriptors: []contourv1.RateLimitDescriptor{ + p.Spec.VirtualHost.RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contourv1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contourv1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Value: "tlsvhostlimit", }, }, @@ -311,21 +312,21 @@ func testGlobalRateLimitingRouteTLS(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo-cert", "echo", "globalratelimitroutetls.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "globalratelimitroutetls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "globalratelimitroutetls.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -333,13 +334,13 @@ func testGlobalRateLimitingRouteTLS(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/unlimited", }, @@ -365,13 +366,13 @@ func testGlobalRateLimitingRouteTLS(namespace string) { return err } - p.Spec.Routes[0].RateLimitPolicy = &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ - Descriptors: []contourv1.RateLimitDescriptor{ + p.Spec.Routes[0].RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contourv1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contourv1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Value: "tlsroutelimit", }, }, @@ -420,24 +421,24 @@ func testDisableVirtualHostGlobalRateLimitingOnRoute(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "globalratelimitvhostnontls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "globalratelimitvhostnontls.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/echo", }, @@ -464,13 +465,13 @@ func testDisableVirtualHostGlobalRateLimitingOnRoute(namespace string) { } // Add a global rate limit policy on the virtual host. - p.Spec.VirtualHost.RateLimitPolicy = &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ - Descriptors: []contourv1.RateLimitDescriptor{ + p.Spec.VirtualHost.RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contourv1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contourv1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Value: "randomvalue", }, }, @@ -498,8 +499,8 @@ func testDisableVirtualHostGlobalRateLimitingOnRoute(namespace string) { } // Set disabled to false explicitly on the route. - p.Spec.Routes[0].RateLimitPolicy = &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ + p.Spec.Routes[0].RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: false, }, } @@ -522,24 +523,24 @@ func testDisableVirtualHostGlobalRateLimitingOnRoute(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "globalratelimitvhostnontls", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "globalratelimitvhostnontls.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/echo", }, @@ -566,13 +567,13 @@ func testDisableVirtualHostGlobalRateLimitingOnRoute(namespace string) { } // Add a global rate limit policy on the virtual host. - p.Spec.VirtualHost.RateLimitPolicy = &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ - Descriptors: []contourv1.RateLimitDescriptor{ + p.Spec.VirtualHost.RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contourv1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - GenericKey: &contourv1.GenericKeyDescriptor{ + GenericKey: &contour_v1.GenericKeyDescriptor{ Value: "randomvalue", }, }, @@ -600,8 +601,8 @@ func testDisableVirtualHostGlobalRateLimitingOnRoute(namespace string) { } // Disable Vhost global rate limit policy on the route. - p.Spec.Routes[0].RateLimitPolicy = &contourv1.RateLimitPolicy{ - Global: &contourv1.GlobalRateLimitPolicy{ + p.Spec.Routes[0].RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Global: &contour_v1.GlobalRateLimitPolicy{ Disabled: true, }, } diff --git a/test/e2e/httpproxy/grpc_test.go b/test/e2e/httpproxy/grpc_test.go index 962e163f003..28088948158 100644 --- a/test/e2e/httpproxy/grpc_test.go +++ b/test/e2e/httpproxy/grpc_test.go @@ -25,9 +25,6 @@ import ( grpc_retry "github.com/grpc-ecosystem/go-grpc-middleware/retry" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/projectcontour/yages/yages" "github.com/stretchr/testify/require" "google.golang.org/grpc" @@ -36,7 +33,11 @@ import ( "google.golang.org/grpc/credentials/insecure" "google.golang.org/grpc/status" "google.golang.org/protobuf/proto" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testGRPCServicePlaintext(namespace string) { @@ -46,30 +47,30 @@ func testGRPCServicePlaintext(namespace string) { f.Fixtures.GRPC.Deploy(namespace, "grpc-echo") f.Certs.CreateSelfSignedCert(namespace, "echo", "echo", "grpc-echo-plaintext.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "grpc-echo-plaintext", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "grpc-echo-plaintext.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { // So we can make TLS and non-TLs requests. PermitInsecure: true, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "grpc-echo", Port: 9000, Protocol: ref.To("h2c"), }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/yages.Echo/Ping", }, @@ -132,21 +133,21 @@ func testGRPCWeb(namespace string) { f.Fixtures.GRPC.Deploy(namespace, "grpc-echo") f.Certs.CreateSelfSignedCert(namespace, "echo", "echo", "grpc-web.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "grpc-web", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "grpc-web.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "grpc-echo", Port: 9000, diff --git a/test/e2e/httpproxy/header_condition_match_test.go b/test/e2e/httpproxy/header_condition_match_test.go index d2db431beeb..7b427db3274 100644 --- a/test/e2e/httpproxy/header_condition_match_test.go +++ b/test/e2e/httpproxy/header_condition_match_test.go @@ -20,13 +20,14 @@ import ( "net/http" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testHeaderConditionMatch(namespace string) { @@ -47,26 +48,26 @@ func testHeaderConditionMatch(namespace string) { // This HTTPProxy tests everything except the "notpresent" match type, // which is tested separately below. - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "header-conditions", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "headerconditions.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-present", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-Present", Present: true, }, @@ -74,15 +75,15 @@ func testHeaderConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-contains", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-Contains", Contains: "ContainsValue", }, @@ -90,15 +91,15 @@ func testHeaderConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-contains-case-insensitive", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-Contains", Contains: "cOnTainSvalue", IgnoreCase: true, @@ -107,15 +108,15 @@ func testHeaderConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-notcontains", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-NotContains", NotContains: "ContainsValue", }, @@ -123,15 +124,15 @@ func testHeaderConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-notcontains-set-missing-as-empty", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-NotContains", NotContains: "ContainsValue", TreatMissingAsEmpty: true, @@ -141,7 +142,7 @@ func testHeaderConditionMatch(namespace string) { // contains statement would match anything and make the tests // brittle. { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "X-Force-NotContains-Case", Exact: "True", }, @@ -149,15 +150,15 @@ func testHeaderConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-exact", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-Exact", Exact: "ExactValue", }, @@ -165,15 +166,15 @@ func testHeaderConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-exact-case-insensitive", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-Exact", Exact: "exactvalue", IgnoreCase: true, @@ -182,15 +183,15 @@ func testHeaderConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-notexact", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-NotExact", NotExact: "ExactValue", }, @@ -198,15 +199,15 @@ func testHeaderConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-notexact-set-missing-as-empty", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-NotExact", NotContains: "ExactValue", TreatMissingAsEmpty: true, @@ -216,7 +217,7 @@ func testHeaderConditionMatch(namespace string) { // contains statement would match anything and make the tests // brittle. { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "X-Force-NotExact-Case", Exact: "True", }, @@ -224,15 +225,15 @@ func testHeaderConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-regex", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-Regex", Regex: "Regex.*", }, @@ -369,17 +370,17 @@ func testHeaderConditionMatch(namespace string) { return err } - p.Spec.Routes = []contourv1.Route{ + p.Spec.Routes = []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-present", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-Present", Present: true, }, @@ -387,15 +388,15 @@ func testHeaderConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-header-notpresent", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - Header: &contourv1.HeaderMatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: "Target-Present", NotPresent: true, }, diff --git a/test/e2e/httpproxy/host_header_rewrite_test.go b/test/e2e/httpproxy/host_header_rewrite_test.go index ff59aad253d..3ce306b917f 100644 --- a/test/e2e/httpproxy/host_header_rewrite_test.go +++ b/test/e2e/httpproxy/host_header_rewrite_test.go @@ -20,12 +20,13 @@ import ( "net/http" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testHostRewriteLiteral(namespace string) { @@ -34,25 +35,25 @@ func testHostRewriteLiteral(namespace string) { f.Fixtures.Echo.Deploy(namespace, "ingress-conformance-echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "host-header-rewrite", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "hostheaderrewrite.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "ingress-conformance-echo", Port: 80, }, }, - RequestHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ { Name: "Host", Value: "rewritten.com", @@ -88,25 +89,25 @@ func testHostRewriteHeaderHTTPService(namespace string) { f.Fixtures.Echo.Deploy(namespace, "ingress-conformance-echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "host-header-rewrite", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "dynamichostrewrite.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "ingress-conformance-echo", Port: 80, }, }, - RequestHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ { Name: "Host", Value: "%REQ(x-host-rewrite)%", @@ -144,28 +145,28 @@ func testHostRewriteHeaderHTTPSService(namespace string) { f.Fixtures.Echo.Deploy(namespace, "ingress-conformance-echo") f.Certs.CreateSelfSignedCert(namespace, "ingress-conformance-echo", "ingress-conformance-echo", "https.hostheaderrewrite.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "host-header-rewrite", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "https.dynamichostrewrite.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "ingress-conformance-echo", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "ingress-conformance-echo", Port: 80, }, }, - RequestHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ { Name: "Host", Value: "%REQ(x-host-rewrite)%", @@ -203,15 +204,15 @@ func testHostRewriteHeaderExternalNameService(namespace string) { f.Fixtures.Echo.Deploy(namespace, "ingress-conformance-echo") - externalNameService := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + externalNameService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "external-name-service", }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceTypeExternalName, + Spec: core_v1.ServiceSpec{ + Type: core_v1.ServiceTypeExternalName, ExternalName: "ingress-conformance-echo." + namespace, - Ports: []corev1.ServicePort{ + Ports: []core_v1.ServicePort{ { Name: "http", Port: 80, @@ -221,25 +222,25 @@ func testHostRewriteHeaderExternalNameService(namespace string) { } require.NoError(t, f.Client.Create(context.TODO(), externalNameService)) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "host-header-rewrite", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "externalhostheaderrewrite.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: externalNameService.Name, Port: 80, }, }, - RequestHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + RequestHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ { Name: "Host", Value: "%REQ(x-host-rewrite)%", diff --git a/test/e2e/httpproxy/http_health_checks_test.go b/test/e2e/httpproxy/http_health_checks_test.go index 453657aa045..e743ed3dcf4 100644 --- a/test/e2e/httpproxy/http_health_checks_test.go +++ b/test/e2e/httpproxy/http_health_checks_test.go @@ -19,12 +19,13 @@ import ( "context" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testHTTPHealthChecks(namespace string) { @@ -33,18 +34,18 @@ func testHTTPHealthChecks(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "health-checks", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "healthchecks.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -69,7 +70,7 @@ func testHTTPHealthChecks(namespace string) { return err } - p.Spec.Routes[0].HealthCheckPolicy = &contourv1.HTTPHealthCheckPolicy{ + p.Spec.Routes[0].HealthCheckPolicy = &contour_v1.HTTPHealthCheckPolicy{ Path: "/status/418", } @@ -91,7 +92,7 @@ func testHTTPHealthChecks(namespace string) { return err } - p.Spec.Routes[0].HealthCheckPolicy = &contourv1.HTTPHealthCheckPolicy{ + p.Spec.Routes[0].HealthCheckPolicy = &contour_v1.HTTPHealthCheckPolicy{ Path: "/status/200", } diff --git a/test/e2e/httpproxy/httpproxy_test.go b/test/e2e/httpproxy/httpproxy_test.go index 7fdd2264a40..e5e9a87c6f9 100644 --- a/test/e2e/httpproxy/httpproxy_test.go +++ b/test/e2e/httpproxy/httpproxy_test.go @@ -26,13 +26,14 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/onsi/gomega/gexec" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/stretchr/testify/require" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/pkg/config" "github.com/projectcontour/contour/test/e2e" - "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var f = e2e.NewFramework(false) @@ -71,7 +72,7 @@ var _ = Describe("HTTPProxy", func() { var ( contourCmd *gexec.Session contourConfig *config.Parameters - contourConfiguration *contour_api_v1alpha1.ContourConfiguration + contourConfiguration *contour_v1alpha1.ContourConfiguration contourConfigFile string additionalContourArgs []string ) @@ -182,7 +183,7 @@ var _ = Describe("HTTPProxy", func() { Namespace: namespace, }, } - contourConfiguration.Spec.HTTPProxy.FallbackCertificate = &contour_api_v1alpha1.NamespacedName{ + contourConfiguration.Spec.HTTPProxy.FallbackCertificate = &contour_v1alpha1.NamespacedName{ Name: "fallback-cert", Namespace: namespace, } @@ -199,7 +200,7 @@ var _ = Describe("HTTPProxy", func() { BeforeEach(func() { // Top level issuer. selfSignedIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "selfsigned", }, @@ -213,7 +214,7 @@ var _ = Describe("HTTPProxy", func() { // CA to sign backend certs with. caCertificate := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-cert", }, @@ -234,7 +235,7 @@ var _ = Describe("HTTPProxy", func() { // Issuer based on CA to generate new certs with. basedOnCAIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-issuer", }, @@ -250,7 +251,7 @@ var _ = Describe("HTTPProxy", func() { // Backend client cert, can use for upstream validation as well. backendClientCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "backend-client-cert", }, @@ -274,7 +275,7 @@ var _ = Describe("HTTPProxy", func() { }, } - contourConfiguration.Spec.Envoy.ClientCertificate = &contour_api_v1alpha1.NamespacedName{ + contourConfiguration.Spec.Envoy.ClientCertificate = &contour_v1alpha1.NamespacedName{ Name: "backend-client-cert", Namespace: namespace, } @@ -288,7 +289,7 @@ var _ = Describe("HTTPProxy", func() { BeforeEach(func() { // Top level issuer. selfSignedIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "selfsigned", }, @@ -302,7 +303,7 @@ var _ = Describe("HTTPProxy", func() { // CA to sign backend certs with. caCertificate := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-cert", }, @@ -323,7 +324,7 @@ var _ = Describe("HTTPProxy", func() { // Issuer based on CA to generate new certs with. basedOnCAIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-issuer", }, @@ -339,7 +340,7 @@ var _ = Describe("HTTPProxy", func() { // Backend client cert, can use for upstream validation as well. backendClientCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "backend-client-cert", }, @@ -363,7 +364,7 @@ var _ = Describe("HTTPProxy", func() { }, } - contourConfiguration.Spec.Envoy.ClientCertificate = &contour_api_v1alpha1.NamespacedName{ + contourConfiguration.Spec.Envoy.ClientCertificate = &contour_v1alpha1.NamespacedName{ Name: "backend-client-cert", Namespace: namespace, } @@ -378,7 +379,7 @@ var _ = Describe("HTTPProxy", func() { // need to set this because it isn't set in the default config contourConfig.Cluster.DNSLookupFamily = "auto" - contourConfiguration.Spec.Envoy.Cluster.UpstreamTLS = &contour_api_v1alpha1.EnvoyTLS{ + contourConfiguration.Spec.Envoy.Cluster.UpstreamTLS = &contour_v1alpha1.EnvoyTLS{ MinimumProtocolVersion: protocolVersion, } }) @@ -427,7 +428,7 @@ var _ = Describe("HTTPProxy", func() { additionalContourArgs = []string{ "--ingress-class-name=contour,team1", } - contourConfiguration.Spec.Ingress = &contour_api_v1alpha1.IngressConfig{ + contourConfiguration.Spec.Ingress = &contour_v1alpha1.IngressConfig{ ClassNames: []string{"contour", "team1"}, } }) @@ -440,7 +441,7 @@ var _ = Describe("HTTPProxy", func() { additionalContourArgs = []string{ "--ingress-class-name=contour,team1", } - contourConfiguration.Spec.Ingress = &contour_api_v1alpha1.IngressConfig{ + contourConfiguration.Spec.Ingress = &contour_v1alpha1.IngressConfig{ ClassNames: []string{"contour", "team1"}, } }) @@ -491,8 +492,8 @@ var _ = Describe("HTTPProxy", func() { Domain: "contour", FailOpen: false, } - contourConfiguration.Spec.RateLimitService = &contour_api_v1alpha1.RateLimitServiceConfig{ - ExtensionService: contour_api_v1alpha1.NamespacedName{ + contourConfiguration.Spec.RateLimitService = &contour_v1alpha1.RateLimitServiceConfig{ + ExtensionService: contour_v1alpha1.NamespacedName{ Name: f.Deployment.RateLimitExtensionService.Name, Namespace: namespace, }, @@ -558,12 +559,12 @@ descriptors: ExtensionService: fmt.Sprintf("%s/%s", namespace, f.Deployment.RateLimitExtensionService.Name), Domain: "contour-default-global-rate-limit", FailOpen: false, - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RequestHeader: &contour_api_v1.RequestHeaderDescriptor{ + RequestHeader: &contour_v1.RequestHeaderDescriptor{ HeaderName: "X-Default-Header", DescriptorKey: "defaultHeader", }, @@ -571,9 +572,9 @@ descriptors: }, }, { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RequestHeader: &contour_api_v1.RequestHeaderDescriptor{ + RequestHeader: &contour_v1.RequestHeaderDescriptor{ HeaderName: "X-Another-Header", DescriptorKey: "anotherHeader", }, @@ -583,20 +584,20 @@ descriptors: }, }, } - contourConfiguration.Spec.RateLimitService = &contour_api_v1alpha1.RateLimitServiceConfig{ - ExtensionService: contour_api_v1alpha1.NamespacedName{ + contourConfiguration.Spec.RateLimitService = &contour_v1alpha1.RateLimitServiceConfig{ + ExtensionService: contour_v1alpha1.NamespacedName{ Name: f.Deployment.RateLimitExtensionService.Name, Namespace: namespace, }, Domain: "contour-default-global-rate-limit", FailOpen: ref.To(false), EnableXRateLimitHeaders: ref.To(false), - DefaultGlobalRateLimitPolicy: &contour_api_v1.GlobalRateLimitPolicy{ - Descriptors: []contour_api_v1.RateLimitDescriptor{ + DefaultGlobalRateLimitPolicy: &contour_v1.GlobalRateLimitPolicy{ + Descriptors: []contour_v1.RateLimitDescriptor{ { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RequestHeader: &contour_api_v1.RequestHeaderDescriptor{ + RequestHeader: &contour_v1.RequestHeaderDescriptor{ HeaderName: "X-Default-Header", DescriptorKey: "defaultHeader", }, @@ -604,9 +605,9 @@ descriptors: }, }, { - Entries: []contour_api_v1.RateLimitDescriptorEntry{ + Entries: []contour_v1.RateLimitDescriptorEntry{ { - RequestHeader: &contour_api_v1.RequestHeaderDescriptor{ + RequestHeader: &contour_v1.RequestHeaderDescriptor{ HeaderName: "X-Another-Header", DescriptorKey: "anotherHeader", }, @@ -665,8 +666,8 @@ descriptors: }, }, } - contourConfiguration.Spec.Policy = &contour_api_v1alpha1.PolicyConfig{ - ResponseHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + contourConfiguration.Spec.Policy = &contour_v1alpha1.PolicyConfig{ + ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{ "Set-Cookie": "global=foo", }, @@ -825,13 +826,13 @@ descriptors: }, ResponseTimeout: "10s", } - contourConfiguration.Spec.GlobalExternalAuthorization = &contour_api_v1.AuthorizationServer{ - ExtensionServiceRef: contour_api_v1.ExtensionServiceReference{ + contourConfiguration.Spec.GlobalExternalAuthorization = &contour_v1.AuthorizationServer{ + ExtensionServiceRef: contour_v1.ExtensionServiceReference{ Namespace: namespace, Name: "testserver", }, FailOpen: false, - AuthPolicy: &contour_api_v1.AuthorizationPolicy{ + AuthPolicy: &contour_v1.AuthorizationPolicy{ Disabled: false, Context: map[string]string{ "location": "global_config", diff --git a/test/e2e/httpproxy/https_fallback_certificate_test.go b/test/e2e/httpproxy/https_fallback_certificate_test.go index 8570a25dae3..c9532e1b794 100644 --- a/test/e2e/httpproxy/https_fallback_certificate_test.go +++ b/test/e2e/httpproxy/https_fallback_certificate_test.go @@ -19,11 +19,12 @@ import ( "crypto/tls" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testHTTPSFallbackCertificate(namespace string) { @@ -33,22 +34,22 @@ func testHTTPSFallbackCertificate(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo-cert", "echo", "fallback-cert-echo.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "fallback-cert-echo.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", EnableFallbackCertificate: true, }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, diff --git a/test/e2e/httpproxy/https_misdirected_request_test.go b/test/e2e/httpproxy/https_misdirected_request_test.go index aa6f443d023..6f13c63af60 100644 --- a/test/e2e/httpproxy/https_misdirected_request_test.go +++ b/test/e2e/httpproxy/https_misdirected_request_test.go @@ -19,11 +19,12 @@ import ( "crypto/tls" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testHTTPSMisdirectedRequest(namespace string) { @@ -33,21 +34,21 @@ func testHTTPSMisdirectedRequest(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo-cert", "echo", "https-misdirected-request.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "https-misdirected-request.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, diff --git a/test/e2e/httpproxy/https_sni_enforcement_test.go b/test/e2e/httpproxy/https_sni_enforcement_test.go index a6933c3f7f1..dbb0dbc204f 100644 --- a/test/e2e/httpproxy/https_sni_enforcement_test.go +++ b/test/e2e/httpproxy/https_sni_enforcement_test.go @@ -19,11 +19,12 @@ import ( "crypto/tls" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testHTTPSSNIEnforcement(namespace string) { @@ -33,21 +34,21 @@ func testHTTPSSNIEnforcement(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo-one") f.Certs.CreateSelfSignedCert(namespace, "echo-one-cert", "echo-one", "sni-enforcement-echo-one.projectcontour.io") - echoOneProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + echoOneProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-one", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "sni-enforcement-echo-one.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo-one", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-one", Port: 80, @@ -73,21 +74,21 @@ func testHTTPSSNIEnforcement(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo-two") f.Certs.CreateSelfSignedCert(namespace, "echo-two-cert", "echo-two", "sni-enforcement-echo-two.projectcontour.io") - echoTwoProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + echoTwoProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-two", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "sni-enforcement-echo-two.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo-two", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-two", Port: 80, diff --git a/test/e2e/httpproxy/include_exact_condition_test.go b/test/e2e/httpproxy/include_exact_condition_test.go index e6b94f40279..f2f24597c0b 100644 --- a/test/e2e/httpproxy/include_exact_condition_test.go +++ b/test/e2e/httpproxy/include_exact_condition_test.go @@ -20,11 +20,12 @@ import ( "context" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testIncludeExactCondition(namespace string) { @@ -43,34 +44,34 @@ func testIncludeExactCondition(namespace string) { f.Fixtures.Echo.Deploy(appNamespace, "echo-app") f.Fixtures.Echo.Deploy(adminNamespace, "echo-admin") - appProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + appProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: appNamespace, Name: "echo-app", }, - Spec: contourv1.HTTPProxySpec{ - Routes: []contourv1.Route{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-app", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Exact: "/foo", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-app", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/v1", }, @@ -83,34 +84,34 @@ func testIncludeExactCondition(namespace string) { // it to be valid. require.NoError(t, f.Client.Create(context.TODO(), appProxy)) - adminProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + adminProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: adminNamespace, Name: "echo-admin", }, - Spec: contourv1.HTTPProxySpec{ - Routes: []contourv1.Route{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-admin", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-admin", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Exact: "/portal", }, @@ -123,20 +124,20 @@ func testIncludeExactCondition(namespace string) { // it to be valid. require.NoError(t, f.Client.Create(context.TODO(), adminProxy)) - baseProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + baseProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "includeexactcondition.projectcontour.io", }, - Includes: []contourv1.Include{ + Includes: []contour_v1.Include{ { Name: appProxy.Name, Namespace: appProxy.Namespace, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/app", }, @@ -145,7 +146,7 @@ func testIncludeExactCondition(namespace string) { { Name: adminProxy.Name, Namespace: adminProxy.Namespace, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/app/", }, @@ -154,7 +155,7 @@ func testIncludeExactCondition(namespace string) { { Name: adminProxy.Name, Namespace: adminProxy.Namespace, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/admin", }, @@ -163,20 +164,20 @@ func testIncludeExactCondition(namespace string) { }, }, } - invalidRootProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + invalidRootProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-invalid", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "includeexactcondition-invalid.projectcontour.io", }, - Includes: []contourv1.Include{ + Includes: []contour_v1.Include{ { Name: appProxy.Name, Namespace: appProxy.Namespace, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Exact: "/app", }, diff --git a/test/e2e/httpproxy/include_prefix_condition_test.go b/test/e2e/httpproxy/include_prefix_condition_test.go index 488a2a18c06..7536f82f92e 100644 --- a/test/e2e/httpproxy/include_prefix_condition_test.go +++ b/test/e2e/httpproxy/include_prefix_condition_test.go @@ -19,11 +19,12 @@ import ( "context" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testIncludePrefixCondition(namespace string) { @@ -42,15 +43,15 @@ func testIncludePrefixCondition(namespace string) { f.Fixtures.Echo.Deploy(appNamespace, "echo-app") f.Fixtures.Echo.Deploy(adminNamespace, "echo-admin") - appProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + appProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: appNamespace, Name: "echo-app", }, - Spec: contourv1.HTTPProxySpec{ - Routes: []contourv1.Route{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-app", Port: 80, @@ -64,15 +65,15 @@ func testIncludePrefixCondition(namespace string) { // it to be valid. require.NoError(t, f.Client.Create(context.TODO(), appProxy)) - adminProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + adminProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: adminNamespace, Name: "echo-admin", }, - Spec: contourv1.HTTPProxySpec{ - Routes: []contourv1.Route{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-admin", Port: 80, @@ -86,20 +87,20 @@ func testIncludePrefixCondition(namespace string) { // it to be valid. require.NoError(t, f.Client.Create(context.TODO(), adminProxy)) - baseProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + baseProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "includeprefixcondition.projectcontour.io", }, - Includes: []contourv1.Include{ + Includes: []contour_v1.Include{ { Name: appProxy.Name, Namespace: appProxy.Namespace, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, @@ -108,7 +109,7 @@ func testIncludePrefixCondition(namespace string) { { Name: adminProxy.Name, Namespace: adminProxy.Namespace, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/admin", }, diff --git a/test/e2e/httpproxy/include_regex_path_condition_test.go b/test/e2e/httpproxy/include_regex_path_condition_test.go index 6b65b45cc30..24407bc3efa 100644 --- a/test/e2e/httpproxy/include_regex_path_condition_test.go +++ b/test/e2e/httpproxy/include_regex_path_condition_test.go @@ -19,11 +19,12 @@ import ( "context" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testIncludeRegexCondition(namespace string) { @@ -42,34 +43,34 @@ func testIncludeRegexCondition(namespace string) { f.Fixtures.Echo.Deploy(echo1Namespace, "echo-1") f.Fixtures.Echo.Deploy(echo2Namespace, "echo-2") - echo1Proxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + echo1Proxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: echo1Namespace, Name: "echo-1", }, - Spec: contourv1.HTTPProxySpec{ - Routes: []contourv1.Route{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-1", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Regex: "/us-west-3/.*", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-1", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Regex: "/us-west-1/.*", }, @@ -81,34 +82,34 @@ func testIncludeRegexCondition(namespace string) { require.NoError(t, f.Client.Create(context.TODO(), echo1Proxy)) - echo2Proxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + echo2Proxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: echo2Namespace, Name: "echo-2", }, - Spec: contourv1.HTTPProxySpec{ - Routes: []contourv1.Route{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-2", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-2", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Regex: "/(dev|staging)/.*", }, @@ -120,20 +121,20 @@ func testIncludeRegexCondition(namespace string) { require.NoError(t, f.Client.Create(context.TODO(), echo2Proxy)) - rootProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + rootProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "includeregexmatch.projectcontour.io", }, - Includes: []contourv1.Include{ + Includes: []contour_v1.Include{ { Name: echo1Proxy.Name, Namespace: echo1Proxy.Namespace, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/echo1", }, @@ -142,7 +143,7 @@ func testIncludeRegexCondition(namespace string) { { Name: echo2Proxy.Name, Namespace: echo2Proxy.Namespace, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/echo2", }, @@ -152,20 +153,20 @@ func testIncludeRegexCondition(namespace string) { }, } - invalidRootProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + invalidRootProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-invalid", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "regex-condition-invalid.projectcontour.io", }, - Includes: []contourv1.Include{ + Includes: []contour_v1.Include{ { Name: echo1Proxy.Name, Namespace: echo1Proxy.Namespace, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Regex: "/echo.*", }, diff --git a/test/e2e/httpproxy/internal_redirect_test.go b/test/e2e/httpproxy/internal_redirect_test.go index 7dfa147a75a..68d29259589 100644 --- a/test/e2e/httpproxy/internal_redirect_test.go +++ b/test/e2e/httpproxy/internal_redirect_test.go @@ -21,34 +21,35 @@ import ( "net/http" . "github.com/onsi/ginkgo/v2" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testInternalRedirectValidation(namespace string) { Specify("invalid cross scheme mode", func() { t := f.T() - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "invalid-cross-scheme", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "ingress-conformance-echo", Port: 80, }}, - InternalRedirectPolicy: &contour_api_v1.HTTPInternalRedirectPolicy{ + InternalRedirectPolicy: &contour_v1.HTTPInternalRedirectPolicy{ AllowCrossSchemeRedirect: "MaybeSafe", }, }}, @@ -63,22 +64,22 @@ func testInternalRedirectValidation(namespace string) { Specify("invalid redirect code", func() { t := f.T() - p := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "invalid-redirect-code", }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "example.com", }, - Routes: []contour_api_v1.Route{{ - Services: []contour_api_v1.Service{{ + Routes: []contour_v1.Route{{ + Services: []contour_v1.Service{{ Name: "ingress-conformance-echo", Port: 80, }}, - InternalRedirectPolicy: &contour_api_v1.HTTPInternalRedirectPolicy{ - RedirectResponseCodes: []contour_api_v1.RedirectResponseCode{301, 310}, + InternalRedirectPolicy: &contour_v1.HTTPInternalRedirectPolicy{ + RedirectResponseCodes: []contour_v1.RedirectResponseCode{301, 310}, }, }}, }, @@ -100,18 +101,18 @@ func testInternalRedirectPolicy(namespace string) { }) } -func doInternalRedirectTest(namespace string, proxy *contour_api_v1.HTTPProxy, t GinkgoTInterface) { +func doInternalRedirectTest(namespace string, proxy *contour_v1.HTTPProxy, t GinkgoTInterface) { f.Fixtures.Echo.Deploy(namespace, "echo") - envoyService := &corev1.Service{ - ObjectMeta: metav1.ObjectMeta{ + envoyService := &core_v1.Service{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "envoy-service", }, - Spec: corev1.ServiceSpec{ - Type: corev1.ServiceTypeExternalName, + Spec: core_v1.ServiceSpec{ + Type: core_v1.ServiceTypeExternalName, ExternalName: f.Deployment.EnvoyService.ObjectMeta.Name + "." + f.Deployment.EnvoyService.ObjectMeta.Namespace, - Ports: []corev1.ServicePort{ + Ports: []core_v1.ServicePort{ { Name: "http", Port: 80, @@ -161,69 +162,69 @@ func assertInternalRedirectRequest(t GinkgoTInterface, fqdn, path, expectedLocat assert.Equal(t, expectedLocation, res.Headers.Get("Location")) } -func getInternalRedirectHTTPProxy(namespace string) *contour_api_v1.HTTPProxy { +func getInternalRedirectHTTPProxy(namespace string) *contour_v1.HTTPProxy { fqdn := "internalredirectpolicy.projectcontour.io" - proxy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + proxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "internal-redirect", Namespace: namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: fqdn, }, - Routes: []contour_api_v1.Route{ + Routes: []contour_v1.Route{ // Simple route that forward request to echo service { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/echo", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "echo", Port: 80, }}, }, // Route that returns a 302 redirect to the /echo route { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/redirect", }}, - Services: []contour_api_v1.Service{}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + Services: []contour_v1.Service{}, + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Hostname: ref.To(fqdn), StatusCode: ref.To(302), Path: ref.To("/echo"), }, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/internal-redirect", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "envoy-service", Port: 80, }}, - PathRewritePolicy: &contour_api_v1.PathRewritePolicy{ - ReplacePrefix: []contour_api_v1.ReplacePrefix{ + PathRewritePolicy: &contour_v1.PathRewritePolicy{ + ReplacePrefix: []contour_v1.ReplacePrefix{ { Prefix: "/internal-redirect", Replacement: "/redirect", }, }, }, - InternalRedirectPolicy: &contour_api_v1.HTTPInternalRedirectPolicy{}, + InternalRedirectPolicy: &contour_v1.HTTPInternalRedirectPolicy{}, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/internal-redirect-301", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "envoy-service", Port: 80, }}, - PathRewritePolicy: &contour_api_v1.PathRewritePolicy{ - ReplacePrefix: []contour_api_v1.ReplacePrefix{ + PathRewritePolicy: &contour_v1.PathRewritePolicy{ + ReplacePrefix: []contour_v1.ReplacePrefix{ { Prefix: "/internal-redirect-301", Replacement: "/redirect", @@ -231,8 +232,8 @@ func getInternalRedirectHTTPProxy(namespace string) *contour_api_v1.HTTPProxy { }, }, // only allows 301 - InternalRedirectPolicy: &contour_api_v1.HTTPInternalRedirectPolicy{ - RedirectResponseCodes: []contour_api_v1.RedirectResponseCode{301}, + InternalRedirectPolicy: &contour_v1.HTTPInternalRedirectPolicy{ + RedirectResponseCodes: []contour_v1.RedirectResponseCode{301}, }, }, }, diff --git a/test/e2e/httpproxy/ip_filtering_test.go b/test/e2e/httpproxy/ip_filtering_test.go index 9d0e0795754..9b3681c488e 100644 --- a/test/e2e/httpproxy/ip_filtering_test.go +++ b/test/e2e/httpproxy/ip_filtering_test.go @@ -22,11 +22,11 @@ import ( . "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/test/e2e" ) @@ -38,18 +38,18 @@ func testIPFilterPolicy(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ipfilter1", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "ipfilter1.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -95,9 +95,9 @@ func testIPFilterPolicy(namespace string) { return err } - p.Spec.Routes[0].IPAllowFilterPolicy = []contourv1.IPFilterPolicy{ + p.Spec.Routes[0].IPAllowFilterPolicy = []contour_v1.IPFilterPolicy{ { - Source: contourv1.IPFilterSourceRemote, + Source: contour_v1.IPFilterSourceRemote, CIDR: "10.10.10.10/32", }, } @@ -136,21 +136,21 @@ func testIPFilterPolicy(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ipfilter2", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "ipfilter2.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contourv1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/one", }}, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -158,10 +158,10 @@ func testIPFilterPolicy(namespace string) { }, }, { - Conditions: []contourv1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/other", }}, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -209,9 +209,9 @@ func testIPFilterPolicy(namespace string) { return err } - p.Spec.Routes[0].IPAllowFilterPolicy = []contourv1.IPFilterPolicy{ + p.Spec.Routes[0].IPAllowFilterPolicy = []contour_v1.IPFilterPolicy{ { - Source: contourv1.IPFilterSourceRemote, + Source: contour_v1.IPFilterSourceRemote, CIDR: "10.10.10.10", }, } @@ -264,16 +264,16 @@ func testIPFilterPolicy(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - r := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + r := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ipfilter3-root", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "ipfilter3.projectcontour.io", }, - Includes: []contourv1.Include{{ + Includes: []contour_v1.Include{{ Namespace: namespace, Name: "ipfilter3-child", }}, @@ -282,15 +282,15 @@ func testIPFilterPolicy(namespace string) { // root will be missing an include when created r, _ = f.CreateHTTPProxyAndWaitFor(r, e2e.HTTPProxyInvalid) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ipfilter3-child", }, - Spec: contourv1.HTTPProxySpec{ - Routes: []contourv1.Route{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -336,9 +336,9 @@ func testIPFilterPolicy(namespace string) { return err } - p.Spec.Routes[0].IPAllowFilterPolicy = []contourv1.IPFilterPolicy{ + p.Spec.Routes[0].IPAllowFilterPolicy = []contour_v1.IPFilterPolicy{ { - Source: contourv1.IPFilterSourceRemote, + Source: contour_v1.IPFilterSourceRemote, CIDR: "10.10.10.10/32", }, } @@ -372,22 +372,22 @@ func testIPFilterPolicy(namespace string) { } // Needs IPv4 and IPv6 rules to ensure this test works in both types of clusters. -func ipFilterDenyAll() []contourv1.IPFilterPolicy { - return []contourv1.IPFilterPolicy{ +func ipFilterDenyAll() []contour_v1.IPFilterPolicy { + return []contour_v1.IPFilterPolicy{ { - Source: contourv1.IPFilterSourcePeer, + Source: contour_v1.IPFilterSourcePeer, CIDR: "10.8.8.8/0", }, { - Source: contourv1.IPFilterSourceRemote, + Source: contour_v1.IPFilterSourceRemote, CIDR: "10.8.8.8/0", }, { - Source: contourv1.IPFilterSourcePeer, + Source: contour_v1.IPFilterSourcePeer, CIDR: "::/0", }, { - Source: contourv1.IPFilterSourceRemote, + Source: contour_v1.IPFilterSourceRemote, CIDR: "::/0", }, } diff --git a/test/e2e/httpproxy/local_rate_limiting_test.go b/test/e2e/httpproxy/local_rate_limiting_test.go index ead9fa74bb7..c3be6a33804 100644 --- a/test/e2e/httpproxy/local_rate_limiting_test.go +++ b/test/e2e/httpproxy/local_rate_limiting_test.go @@ -19,12 +19,13 @@ import ( "context" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testLocalRateLimitingVirtualHost(namespace string) { @@ -33,18 +34,18 @@ func testLocalRateLimitingVirtualHost(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "vhostlocalratelimit", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "vhostlocalratelimit.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -71,8 +72,8 @@ func testLocalRateLimitingVirtualHost(namespace string) { return err } - p.Spec.VirtualHost.RateLimitPolicy = &contourv1.RateLimitPolicy{ - Local: &contourv1.LocalRateLimitPolicy{ + p.Spec.VirtualHost.RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 1, Unit: "hour", }, @@ -107,18 +108,18 @@ func testLocalRateLimitingRoute(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "routelocalratelimit", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "routelocalratelimit.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -126,13 +127,13 @@ func testLocalRateLimitingRoute(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/unlimited", }, @@ -158,8 +159,8 @@ func testLocalRateLimitingRoute(namespace string) { return err } - p.Spec.Routes[0].RateLimitPolicy = &contourv1.RateLimitPolicy{ - Local: &contourv1.LocalRateLimitPolicy{ + p.Spec.Routes[0].RateLimitPolicy = &contour_v1.RateLimitPolicy{ + Local: &contour_v1.LocalRateLimitPolicy{ Requests: 1, Unit: "hour", }, diff --git a/test/e2e/httpproxy/merge_slash_test.go b/test/e2e/httpproxy/merge_slash_test.go index 41df670cf84..41450edbe17 100644 --- a/test/e2e/httpproxy/merge_slash_test.go +++ b/test/e2e/httpproxy/merge_slash_test.go @@ -17,10 +17,11 @@ package httpproxy import ( . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testDisableMergeSlashes(disableMergeSlashes bool) e2e.NamespacedTestBody { @@ -44,37 +45,37 @@ func testDisableMergeSlashes(disableMergeSlashes bool) e2e.NamespacedTestBody { fqdn = "enable.mergeslashes.projectcontour.io" } - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: fqdn, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-1", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/foo", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-2", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, diff --git a/test/e2e/httpproxy/multiple_ingress_classes_test.go b/test/e2e/httpproxy/multiple_ingress_classes_test.go index f39a50eeffa..73a2a5518f3 100644 --- a/test/e2e/httpproxy/multiple_ingress_classes_test.go +++ b/test/e2e/httpproxy/multiple_ingress_classes_test.go @@ -17,10 +17,11 @@ package httpproxy import ( . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testMultipleIngressClassesField(namespace string) { @@ -30,18 +31,18 @@ func testMultipleIngressClassesField(namespace string) { f.Fixtures.Echo.Deploy(namespace, "ingress-conformance-echo") for _, class := range []string{"contour", "team1"} { - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "multiple-ingress-classes" + class + "-httpproxy", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: class + "httpproxy.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "ingress-conformance-echo", Port: 80, @@ -77,18 +78,18 @@ func testMultipleIngressClassesAnnotation(namespace string) { f.Fixtures.Echo.Deploy(namespace, "ingress-conformance-echo") for _, class := range []string{"contour", "team1"} { - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "multiple-ingress-classes" + class + "-httpproxy-annotation", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: class + "httpproxy-annotation.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "ingress-conformance-echo", Port: 80, diff --git a/test/e2e/httpproxy/namespaces_test.go b/test/e2e/httpproxy/namespaces_test.go index fed4d96669a..b8ebd183a86 100644 --- a/test/e2e/httpproxy/namespaces_test.go +++ b/test/e2e/httpproxy/namespaces_test.go @@ -20,11 +20,12 @@ import ( "time" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testWatchNamespaces(namespaces []string) e2e.NamespacedTestBody { @@ -50,7 +51,7 @@ func testWatchNamespaces(namespaces []string) e2e.NamespacedTestBody { err := f.CreateHTTPProxy(p) require.NoError(f.T(), err, "could not create httpproxy") require.Never(f.T(), func() bool { - res := &contourv1.HTTPProxy{} + res := &contour_v1.HTTPProxy{} if err := f.Client.Get(context.TODO(), client.ObjectKeyFromObject(p), res); err != nil { return false } @@ -85,15 +86,15 @@ func testWatchAndRootNamespaces(rootNamespaces []string, nonRootNamespace string require.Truef(f.T(), ok, "expected HTTPProxy to have status RootNamespaceError") // Leaf proxy in non-root (but watched) namespace should succeed - lp := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + lp := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: nonRootNamespace, Name: "leaf-proxy", }, - Spec: contourv1.HTTPProxySpec{ - Routes: []contourv1.Route{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -103,16 +104,16 @@ func testWatchAndRootNamespaces(rootNamespaces []string, nonRootNamespace string }, }, } - p = &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p = &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: rootNamespaces[0], Name: "root", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "root-" + rootNamespaces[0] + ".projectcontour.io", }, - Includes: []contourv1.Include{ + Includes: []contour_v1.Include{ { Name: "leaf-proxy", Namespace: nonRootNamespace, @@ -136,7 +137,7 @@ func testWatchAndRootNamespaces(rootNamespaces []string, nonRootNamespace string err = f.CreateHTTPProxy(p) require.NoError(f.T(), err, "could not create httpproxy") require.Never(f.T(), func() bool { - res := &contourv1.HTTPProxy{} + res := &contour_v1.HTTPProxy{} if err := f.Client.Get(context.TODO(), client.ObjectKeyFromObject(p), res); err != nil { return false } @@ -172,7 +173,7 @@ func testRootNamespaces(namespaces []string) e2e.NamespacedTestBody { } } -func httpProxyRootNotAllowedInNS(proxy *contourv1.HTTPProxy) bool { +func httpProxyRootNotAllowedInNS(proxy *contour_v1.HTTPProxy) bool { if proxy == nil { return false } @@ -192,19 +193,19 @@ func httpProxyRootNotAllowedInNS(proxy *contourv1.HTTPProxy) bool { return subCond.Status == "True" } -func newEchoProxy(name, namespace string) *contourv1.HTTPProxy { - return &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ +func newEchoProxy(name, namespace string) *contour_v1.HTTPProxy { + return &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: name, }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: name + "-" + namespace + ".projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, diff --git a/test/e2e/httpproxy/path_condition_match_test.go b/test/e2e/httpproxy/path_condition_match_test.go index 3c295356334..e9cfa717af0 100644 --- a/test/e2e/httpproxy/path_condition_match_test.go +++ b/test/e2e/httpproxy/path_condition_match_test.go @@ -17,10 +17,11 @@ package httpproxy import ( . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testPathConditionMatch(namespace string) { @@ -31,44 +32,44 @@ func testPathConditionMatch(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo-slash-noprefix") f.Fixtures.Echo.Deploy(namespace, "echo-slash-default") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "path-conditions", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "pathconditions.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-slash-prefix", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/path/prefix/", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-slash-noprefix", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/path/prefix", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-slash-default", Port: 80, diff --git a/test/e2e/httpproxy/path_rewrite_test.go b/test/e2e/httpproxy/path_rewrite_test.go index c2c3071ddac..693386e246b 100644 --- a/test/e2e/httpproxy/path_rewrite_test.go +++ b/test/e2e/httpproxy/path_rewrite_test.go @@ -17,10 +17,11 @@ package httpproxy import ( . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testPathPrefixRewrite(namespace string) { @@ -31,43 +32,43 @@ func testPathPrefixRewrite(namespace string) { f.Fixtures.Echo.Deploy(namespace, "prefix-rewrite") f.Fixtures.Echo.Deploy(namespace, "prefix-rewrite-to-root") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "prefix-rewrite", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "prefixrewrite.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "no-rewrite", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "prefix-rewrite", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/someprefix1", }, }, - PathRewritePolicy: &contourv1.PathRewritePolicy{ - ReplacePrefix: []contourv1.ReplacePrefix{ + PathRewritePolicy: &contour_v1.PathRewritePolicy{ + ReplacePrefix: []contour_v1.ReplacePrefix{ { Prefix: "/someprefix1", Replacement: "/someotherprefix", @@ -76,19 +77,19 @@ func testPathPrefixRewrite(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "prefix-rewrite-to-root", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/someprefix2", }, }, - PathRewritePolicy: &contourv1.PathRewritePolicy{ - ReplacePrefix: []contourv1.ReplacePrefix{ + PathRewritePolicy: &contour_v1.PathRewritePolicy{ + ReplacePrefix: []contour_v1.ReplacePrefix{ { Prefix: "/someprefix2", Replacement: "/", diff --git a/test/e2e/httpproxy/pod_restart_test.go b/test/e2e/httpproxy/pod_restart_test.go index 8a20a5c3f53..c0106299f2d 100644 --- a/test/e2e/httpproxy/pod_restart_test.go +++ b/test/e2e/httpproxy/pod_restart_test.go @@ -20,14 +20,15 @@ import ( "time" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/errors" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testPodRestart(namespace string) { @@ -36,18 +37,18 @@ func testPodRestart(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "pod-restart", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "podrestart.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -70,8 +71,8 @@ func testPodRestart(namespace string) { assert.Equal(t, namespace, body.Namespace) assert.Equal(t, "echo", body.Service) - pod := &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ + pod := &core_v1.Pod{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: body.Pod, }, @@ -81,7 +82,7 @@ func testPodRestart(namespace string) { // This step occasionally takes longer than the default 60s timeout // so give it 2 minutes to succeed. require.Eventually(t, func() bool { - var res corev1.Pod + var res core_v1.Pod err := f.Client.Get(context.TODO(), client.ObjectKeyFromObject(pod), &res) // we want a non-nil, "not found" error to confirm the pod was deleted diff --git a/test/e2e/httpproxy/query_parameter_condition_match_test.go b/test/e2e/httpproxy/query_parameter_condition_match_test.go index 02d9d2acb1e..d3474945ac7 100644 --- a/test/e2e/httpproxy/query_parameter_condition_match_test.go +++ b/test/e2e/httpproxy/query_parameter_condition_match_test.go @@ -19,10 +19,11 @@ import ( "net/http" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testQueryParameterConditionMatch(namespace string) { @@ -40,26 +41,26 @@ func testQueryParameterConditionMatch(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo-query-parameter-contains") f.Fixtures.Echo.Deploy(namespace, "echo-query-parameter-contains-ignorecase") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "query-parameter-conditions", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "queryparam.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-query-parameter-exact", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "targetExact", Exact: "ExactValue", }, @@ -67,15 +68,15 @@ func testQueryParameterConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-query-parameter-exact-ignorecase", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "targetExactIgnoreCase", Exact: "exactvalueIgnorecase", IgnoreCase: true, @@ -84,15 +85,15 @@ func testQueryParameterConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-query-parameter-prefix", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "targetPrefix", Prefix: "Prefix", }, @@ -100,15 +101,15 @@ func testQueryParameterConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-query-parameter-prefix-ignorecase", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "targetPrefixIgnoreCase", Prefix: "prefixval", IgnoreCase: true, @@ -117,15 +118,15 @@ func testQueryParameterConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-query-parameter-suffix", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "targetSuffix", Suffix: "ffixValue", }, @@ -133,15 +134,15 @@ func testQueryParameterConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-query-parameter-suffix-ignorecase", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "targetSuffixIgnoreCase", Suffix: "ffixvalueignorecase", IgnoreCase: true, @@ -150,15 +151,15 @@ func testQueryParameterConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-query-parameter-regex", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "targetRegex", Regex: "^RegexV.*", }, @@ -166,15 +167,15 @@ func testQueryParameterConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-query-parameter-contains", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "targetContains", Contains: "nsVal", }, @@ -182,15 +183,15 @@ func testQueryParameterConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-query-parameter-contains-ignorecase", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "targetContainsIgnoreCase", Contains: "svalueIgnorec", IgnoreCase: true, @@ -199,15 +200,15 @@ func testQueryParameterConditionMatch(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-query-parameter-present", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "targetPresent", Present: true, }, @@ -354,26 +355,26 @@ func testQueryParameterConditionMultiple(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo-1") f.Fixtures.Echo.Deploy(namespace, "echo-2") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "query-parameter-multiple", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "queryparam-multiple.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-1", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "animal", Exact: "whale", }, @@ -381,15 +382,15 @@ func testQueryParameterConditionMultiple(namespace string) { }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-2", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { - QueryParameter: &contourv1.QueryParameterMatchCondition{ + QueryParameter: &contour_v1.QueryParameterMatchCondition{ Name: "animal", Exact: "dolphin", }, diff --git a/test/e2e/httpproxy/regex_path_condition_test.go b/test/e2e/httpproxy/regex_path_condition_test.go index d0c30e55fd0..ada51205580 100644 --- a/test/e2e/httpproxy/regex_path_condition_test.go +++ b/test/e2e/httpproxy/regex_path_condition_test.go @@ -17,10 +17,11 @@ package httpproxy import ( . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testRegexPathCondition(namespace string) { @@ -34,89 +35,89 @@ func testRegexPathCondition(namespace string) { f.Fixtures.Echo.Deploy(serviceNamespace, "echo-2") f.Fixtures.Echo.Deploy(serviceNamespace, "echo-3") - serviceProxy := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + serviceProxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: serviceNamespace, Name: "regex", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "regexpath.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-2", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Regex: "/apiv1/prod-.+/", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-3", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Regex: "/(local|global)/.*/", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-1", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Regex: "/[a-zA-Z]+", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-3", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Regex: "/[\\d]+/.+/", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-1", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Regex: "/base/.*", }, }, }, { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo-1", Port: 80, }, }, - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Regex: "/", }, diff --git a/test/e2e/httpproxy/request_redirect_test.go b/test/e2e/httpproxy/request_redirect_test.go index d95d48564fe..df8569f33de 100644 --- a/test/e2e/httpproxy/request_redirect_test.go +++ b/test/e2e/httpproxy/request_redirect_test.go @@ -18,14 +18,14 @@ package httpproxy import ( "net/http" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/ref" - . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testRequestRedirectRuleNoService(namespace string) { @@ -51,7 +51,7 @@ func testRequestRedirectRuleInvalid(namespace string) { }) } -func doRedirectTest(namespace string, proxy *contour_api_v1.HTTPProxy, t GinkgoTInterface) { +func doRedirectTest(namespace string, proxy *contour_v1.HTTPProxy, t GinkgoTInterface) { f.Fixtures.Echo.Deploy(namespace, "echo") f.CreateHTTPProxyAndWaitFor(proxy, e2e.HTTPProxyValid) @@ -91,72 +91,72 @@ func assertRequest(t GinkgoTInterface, fqdn, path, expectedLocation string, expe assert.Equal(t, expectedLocation, res.Headers.Get("Location")) } -func getRedirectHTTPProxy(namespace string, removeServices bool) *contour_api_v1.HTTPProxy { - proxy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ +func getRedirectHTTPProxy(namespace string, removeServices bool) *contour_v1.HTTPProxy { + proxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "redirect", Namespace: namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "requestredirectrule.projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/basic-redirect", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "echo", Port: 80, }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Hostname: ref.To("projectcontour.io"), }, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/complex-redirect", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "echo", Port: 80, }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Scheme: ref.To("https"), Hostname: ref.To("envoyproxy.io"), Port: ref.To(int32(8080)), StatusCode: ref.To(301), }, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/path-rewrite", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "echo", Port: 80, }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Path: ref.To("/path"), }, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/prefix-rewrite", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "echo", Port: 80, }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Prefix: ref.To("/v2"), }, }, { - Conditions: []contour_api_v1.MatchCondition{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/prefix-rewrite-trailing-slash/", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "echo", Port: 80, }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Prefix: ref.To("/v2"), }, }}, @@ -166,32 +166,32 @@ func getRedirectHTTPProxy(namespace string, removeServices bool) *contour_api_v1 if removeServices { // Remove the services from the proxy. for i := range proxy.Spec.Routes { - proxy.Spec.Routes[i].Services = []contour_api_v1.Service{} + proxy.Spec.Routes[i].Services = []contour_v1.Service{} } } return proxy } -func getRedirectHTTPProxyInvalid(namespace string) *contour_api_v1.HTTPProxy { - proxy := &contour_api_v1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ +func getRedirectHTTPProxyInvalid(namespace string) *contour_v1.HTTPProxy { + proxy := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "invalid", Namespace: namespace, }, - Spec: contour_api_v1.HTTPProxySpec{ - VirtualHost: &contour_api_v1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "requestredirectrule.projectcontour.io", }, - Routes: []contour_api_v1.Route{{ - Conditions: []contour_api_v1.MatchCondition{{ + Routes: []contour_v1.Route{{ + Conditions: []contour_v1.MatchCondition{{ Prefix: "/basic-redirect", }}, - Services: []contour_api_v1.Service{{ + Services: []contour_v1.Service{{ Name: "echo", Port: 80, }}, - RequestRedirectPolicy: &contour_api_v1.HTTPRequestRedirectPolicy{ + RequestRedirectPolicy: &contour_v1.HTTPRequestRedirectPolicy{ Path: ref.To("/path"), Prefix: ref.To("/path"), }, diff --git a/test/e2e/httpproxy/required_field_validation_test.go b/test/e2e/httpproxy/required_field_validation_test.go index eab3c9a4bf5..9e6f3eee042 100644 --- a/test/e2e/httpproxy/required_field_validation_test.go +++ b/test/e2e/httpproxy/required_field_validation_test.go @@ -20,11 +20,12 @@ import ( "strings" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) func testRequiredFieldValidation(namespace string) { @@ -135,18 +136,18 @@ func testRequiredFieldValidation(namespace string) { } assert.True(t, isExpectedErr(err)) - servicePortRange := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + servicePortRange := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "service-port-range", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "ports.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "any-service-name", Port: 80000, diff --git a/test/e2e/httpproxy/retry_policy_validation_test.go b/test/e2e/httpproxy/retry_policy_validation_test.go index d3e8d66eba6..512d1728622 100644 --- a/test/e2e/httpproxy/retry_policy_validation_test.go +++ b/test/e2e/httpproxy/retry_policy_validation_test.go @@ -20,32 +20,33 @@ import ( "strings" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" ) func testRetryPolicyValidation(namespace string) { Specify("retry policy is validated on create", func() { t := f.T() - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "invalid-retry-on-condition", }, - Spec: contourv1.HTTPProxySpec{ - Routes: []contourv1.Route{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "foo", Port: 80, }, }, - RetryPolicy: &contourv1.RetryPolicy{ - RetryOn: []contourv1.RetryOn{ + RetryPolicy: &contour_v1.RetryPolicy{ + RetryOn: []contour_v1.RetryOn{ "foobar", }, }, diff --git a/test/e2e/httpproxy/tcproute_https_termination_test.go b/test/e2e/httpproxy/tcproute_https_termination_test.go index 6535c381f8f..a52a1baed3d 100644 --- a/test/e2e/httpproxy/tcproute_https_termination_test.go +++ b/test/e2e/httpproxy/tcproute_https_termination_test.go @@ -20,12 +20,13 @@ import ( "crypto/tls" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testTCPRouteHTTPSTermination(namespace string) { @@ -35,20 +36,20 @@ func testTCPRouteHTTPSTermination(namespace string) { f.Fixtures.Echo.Deploy(namespace, "ingress-conformance-echo") f.Certs.CreateSelfSignedCert(namespace, "echo-cert", "echo-cert", "tcp-route-https-termination.projectcontour.io") - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo-tcpproxy", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "tcp-route-https-termination.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: "echo-cert", }, }, - TCPProxy: &contourv1.TCPProxy{ - Services: []contourv1.Service{ + TCPProxy: &contour_v1.TCPProxy{ + Services: []contour_v1.Service{ { Name: "ingress-conformance-echo", Port: 80, @@ -59,7 +60,7 @@ func testTCPRouteHTTPSTermination(namespace string) { } f.CreateHTTPProxyAndWaitFor(p, e2e.HTTPProxyValid) - certSecret := &corev1.Secret{} + certSecret := &core_v1.Secret{} key := client.ObjectKey{Namespace: namespace, Name: "echo-cert"} require.NoError(t, f.Client.Get(context.TODO(), key, certSecret)) diff --git a/test/e2e/incluster/incluster_test.go b/test/e2e/incluster/incluster_test.go index a4621ea95df..50801b6b7b0 100644 --- a/test/e2e/incluster/incluster_test.go +++ b/test/e2e/incluster/incluster_test.go @@ -24,13 +24,14 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" "k8s.io/apimachinery/pkg/labels" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/test/e2e" ) var f = e2e.NewFramework(true) @@ -64,7 +65,7 @@ var _ = AfterSuite(func() { }) var _ = Describe("Incluster", func() { - var contourConfig *contour_api_v1alpha1.ContourConfiguration + var contourConfig *contour_v1alpha1.ContourConfiguration BeforeEach(func() { contourConfig = e2e.DefaultContourConfiguration() @@ -87,7 +88,7 @@ var _ = Describe("Incluster", func() { require.NoError(f.T(), f.Deployment.EnsureDeleted(f.Deployment.ContourDeployment)) require.NoError(f.T(), f.Deployment.EnsureDeleted(contourConfig)) require.Eventually(f.T(), func() bool { - pods := new(v1.PodList) + pods := new(core_v1.PodList) podListOptions := &client.ListOptions{ LabelSelector: labels.SelectorFromSet(f.Deployment.ContourDeployment.Spec.Selector.MatchLabels), Namespace: f.Deployment.ContourDeployment.Namespace, @@ -125,13 +126,13 @@ var _ = Describe("Incluster", func() { }) Context("contour with memory limits", func() { - var originalResourceReq v1.ResourceRequirements + var originalResourceReq core_v1.ResourceRequirements BeforeEach(func() { originalResourceReq = f.Deployment.ContourDeployment.Spec.Template.Spec.Containers[0].Resources // Set memory limit low so we can check if Contour is OOM-killed. - f.Deployment.ContourDeployment.Spec.Template.Spec.Containers[0].Resources = v1.ResourceRequirements{ - Limits: v1.ResourceList{ - v1.ResourceMemory: resource.MustParse("100Mi"), + f.Deployment.ContourDeployment.Spec.Template.Spec.Containers[0].Resources = core_v1.ResourceRequirements{ + Limits: core_v1.ResourceList{ + core_v1.ResourceMemory: resource.MustParse("100Mi"), }, } }) diff --git a/test/e2e/incluster/leaderelection_test.go b/test/e2e/incluster/leaderelection_test.go index 2f42aa3c1f0..70b8d060bb5 100644 --- a/test/e2e/incluster/leaderelection_test.go +++ b/test/e2e/incluster/leaderelection_test.go @@ -22,12 +22,13 @@ import ( "time" . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/ref" "github.com/stretchr/testify/require" - coordinationv1 "k8s.io/api/coordination/v1" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + coordination_v1 "k8s.io/api/coordination/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/projectcontour/contour/internal/ref" ) func testLeaderElection() { @@ -39,8 +40,8 @@ func testLeaderElection() { // has set status on an object. Specify("leader election resources are created as expected", func() { getLeaderID := func() (string, error) { - leaderElectionLease := &coordinationv1.Lease{ - ObjectMeta: metav1.ObjectMeta{ + leaderElectionLease := &coordination_v1.Lease{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "leader-elect", Namespace: f.Deployment.Namespace.Name, }, @@ -70,7 +71,7 @@ func testLeaderElection() { findEventsForLeader := func(leader string) func() bool { return func() bool { - events := &corev1.EventList{} + events := &core_v1.EventList{} listOptions := &client.ListOptions{ Namespace: f.Deployment.Namespace.Name, } @@ -89,8 +90,8 @@ func testLeaderElection() { require.Eventually(f.T(), findEventsForLeader(originalLeader), f.RetryTimeout, f.RetryInterval) // Delete contour leader pod. - leaderPod := &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ + leaderPod := &core_v1.Pod{ + ObjectMeta: meta_v1.ObjectMeta{ // Chop off _UUID suffix Name: podNameFromLeaderID(originalLeader), Namespace: f.Deployment.Namespace.Name, @@ -111,8 +112,8 @@ func testLeaderElection() { require.Eventually(f.T(), findEventsForLeader(newLeader), f.RetryTimeout, f.RetryInterval) // Check leader pod exists. - leaderPod = &corev1.Pod{ - ObjectMeta: metav1.ObjectMeta{ + leaderPod = &core_v1.Pod{ + ObjectMeta: meta_v1.ObjectMeta{ Name: podNameFromLeaderID(newLeader), Namespace: f.Deployment.Namespace.Name, }, diff --git a/test/e2e/incluster/memory_usage_test.go b/test/e2e/incluster/memory_usage_test.go index c4b325f3401..ccc6a137e0f 100644 --- a/test/e2e/incluster/memory_usage_test.go +++ b/test/e2e/incluster/memory_usage_test.go @@ -22,26 +22,27 @@ import ( "time" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - v1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testHeaderMatchIncludesMemoryUsage(namespace string) { Specify("many includes with header match conditions do not cause a spike in memory usage", func() { f.Fixtures.Echo.Deploy(namespace, "echo") - root := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + root := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "root", Namespace: namespace, }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "root-header-include-memory-usage.com", }, }, @@ -53,12 +54,12 @@ func testHeaderMatchIncludesMemoryUsage(namespace string) { ) for i := 0; i < numChildren; i++ { - include := contourv1.Include{ + include := contour_v1.Include{ Name: fmt.Sprintf("child-%d", i), } for h := 0; h < numHeaderMatches; h++ { - include.Conditions = append(include.Conditions, contourv1.MatchCondition{ - Header: &contourv1.HeaderMatchCondition{ + include.Conditions = append(include.Conditions, contour_v1.MatchCondition{ + Header: &contour_v1.HeaderMatchCondition{ Name: fmt.Sprintf("X-Foo-Child-%d-Header-%d", i, h), Exact: "foo-XXXXXXXXXXXXXXXXXXXXXX", }, @@ -66,15 +67,15 @@ func testHeaderMatchIncludesMemoryUsage(namespace string) { } root.Spec.Includes = append(root.Spec.Includes, include) - child := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + child := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Name: fmt.Sprintf("child-%d", i), Namespace: namespace, }, - Spec: contourv1.HTTPProxySpec{ - Routes: []contourv1.Route{ + Spec: contour_v1.HTTPProxySpec{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -93,7 +94,7 @@ func testHeaderMatchIncludesMemoryUsage(namespace string) { // Ensure there are no container restarts. require.Never(f.T(), func() bool { - pods := new(v1.PodList) + pods := new(core_v1.PodList) podListOptions := &client.ListOptions{ LabelSelector: labels.SelectorFromSet(f.Deployment.ContourDeployment.Spec.Selector.MatchLabels), Namespace: f.Deployment.ContourDeployment.Namespace, diff --git a/test/e2e/incluster/rbac_test.go b/test/e2e/incluster/rbac_test.go index 5456bf6c68c..d3e0d68a738 100644 --- a/test/e2e/incluster/rbac_test.go +++ b/test/e2e/incluster/rbac_test.go @@ -20,16 +20,17 @@ import ( "time" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contourv1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testProjectcontourResourcesRBAC(namespace string) { @@ -42,13 +43,13 @@ func testProjectcontourResourcesRBAC(namespace string) { f.Certs.CreateSelfSignedCert(otherNS, "delegated-cert", "delegated-cert", "rbac-test.projectcontour.io") // HTTPProxy and TLSCertificateDelegation - t := &contourv1.TLSCertificateDelegation{ - ObjectMeta: metav1.ObjectMeta{ + t := &contour_v1.TLSCertificateDelegation{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: otherNS, Name: "rbac", }, - Spec: contourv1.TLSCertificateDelegationSpec{ - Delegations: []contourv1.CertificateDelegation{ + Spec: contour_v1.TLSCertificateDelegationSpec{ + Delegations: []contour_v1.CertificateDelegation{ { SecretName: "delegated-cert", TargetNamespaces: []string{namespace}, @@ -58,21 +59,21 @@ func testProjectcontourResourcesRBAC(namespace string) { } require.NoError(f.T(), f.Client.Create(context.TODO(), t)) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "rbac", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "rbac-test.projectcontour.io", - TLS: &contourv1.TLS{ + TLS: &contour_v1.TLS{ SecretName: otherNS + "/delegated-cert", }, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ {Name: "invalid-service", Port: 80}, }, }, @@ -107,13 +108,13 @@ func testProjectcontourResourcesRBAC(namespace string) { assert.Truef(f.T(), ok, "expected %d response code, got %d", 200, res.StatusCode) // ExtensionService - e := &contourv1alpha1.ExtensionService{ - ObjectMeta: metav1.ObjectMeta{ + e := &contour_v1alpha1.ExtensionService{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "rbac", }, - Spec: contourv1alpha1.ExtensionServiceSpec{ - Services: []contourv1alpha1.ExtensionServiceTarget{ + Spec: contour_v1alpha1.ExtensionServiceSpec{ + Services: []contour_v1alpha1.ExtensionServiceTarget{ {Name: "invalid-service", Port: 80}, }, }, @@ -132,25 +133,25 @@ func testIngressResourceRBAC(namespace string) { Specify("Contour ClusterRole is set up to allow access to Ingress v1 resources and resource status", func() { f.Fixtures.Echo.Deploy(namespace, "echo") - i := &networkingv1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + i := &networking_v1.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "rbac", }, - Spec: networkingv1.IngressSpec{ - Rules: []networkingv1.IngressRule{ + Spec: networking_v1.IngressSpec{ + Rules: []networking_v1.IngressRule{ { Host: "rbac-test-ingress.projectcontour.io", - IngressRuleValue: networkingv1.IngressRuleValue{ - HTTP: &networkingv1.HTTPIngressRuleValue{ - Paths: []networkingv1.HTTPIngressPath{ + IngressRuleValue: networking_v1.IngressRuleValue{ + HTTP: &networking_v1.HTTPIngressRuleValue{ + Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networkingv1.PathTypePrefix), + PathType: ref.To(networking_v1.PathTypePrefix), Path: "/", - Backend: networkingv1.IngressBackend{ - Service: &networkingv1.IngressServiceBackend{ + Backend: networking_v1.IngressBackend{ + Service: &networking_v1.IngressServiceBackend{ Name: "echo", - Port: networkingv1.ServiceBackendPort{Number: 80}, + Port: networking_v1.ServiceBackendPort{Number: 80}, }, }, }, diff --git a/test/e2e/incluster/smoke_test.go b/test/e2e/incluster/smoke_test.go index 7db2315990b..86042d4189c 100644 --- a/test/e2e/incluster/smoke_test.go +++ b/test/e2e/incluster/smoke_test.go @@ -19,10 +19,11 @@ import ( "fmt" . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/test/e2e" ) func testSimpleSmoke(namespace string) { @@ -35,18 +36,18 @@ func testSimpleSmoke(namespace string) { for i := 0; i < 20; i++ { f.Fixtures.Echo.Deploy(namespace, fmt.Sprintf("echo-%d", i)) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: fmt.Sprintf("smoke-test-%d", i), }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: fmt.Sprintf("smoke-test-%d.projectcontour.io", i), }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: fmt.Sprintf("echo-%d", i), Port: 80, diff --git a/test/e2e/infra/admin_test.go b/test/e2e/infra/admin_test.go index 29bf0a2bc86..bbeceaf67d5 100644 --- a/test/e2e/infra/admin_test.go +++ b/test/e2e/infra/admin_test.go @@ -17,8 +17,9 @@ package infra import ( . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" + + "github.com/projectcontour/contour/test/e2e" ) func testAdminInterface() { diff --git a/test/e2e/infra/endpointslice_test.go b/test/e2e/infra/endpointslice_test.go index 8b12b923133..8b6591458ee 100644 --- a/test/e2e/infra/endpointslice_test.go +++ b/test/e2e/infra/endpointslice_test.go @@ -19,37 +19,37 @@ import ( "slices" "sort" - envoy_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/admin/v3" + envoy_config_cluster_v3 "github.com/envoyproxy/go-control-plane/envoy/admin/v3" + . "github.com/onsi/ginkgo/v2" "github.com/stretchr/testify/require" "google.golang.org/protobuf/encoding/protojson" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - . "github.com/onsi/ginkgo/v2" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/test/e2e" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func testSimpleEndpointSlice(namespace string) { Specify("test endpoint slices", func() { f.Fixtures.Echo.DeployN(namespace, "echo", 1) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "endpoint-slice", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: "eps.projectcontour.io", }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Conditions: []contourv1.MatchCondition{ + Conditions: []contour_v1.MatchCondition{ { Prefix: "/", }, }, - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, @@ -117,7 +117,7 @@ func GetIPsFromAdminRequest() ([]string, error) { ips := make([]string, 0) - clusters := &envoy_cluster_v3.Clusters{} + clusters := &envoy_config_cluster_v3.Clusters{} err := protojson.Unmarshal(resp.Body, clusters) if err != nil { return nil, err diff --git a/test/e2e/infra/infra_test.go b/test/e2e/infra/infra_test.go index 22726a9f21a..d18ea99c234 100644 --- a/test/e2e/infra/infra_test.go +++ b/test/e2e/infra/infra_test.go @@ -18,15 +18,15 @@ package infra import ( "testing" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - v1 "k8s.io/api/core/v1" - . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/onsi/gomega/gexec" + "github.com/stretchr/testify/require" + core_v1 "k8s.io/api/core/v1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/pkg/config" "github.com/projectcontour/contour/test/e2e" - "github.com/stretchr/testify/require" ) var ( @@ -44,14 +44,14 @@ func TestInfra(t *testing.T) { var _ = BeforeSuite(func() { // Add volume mount for the Envoy deployment for certificate and key, // used only for testing metrics over HTTPS. - f.Deployment.EnvoyExtraVolumeMounts = []v1.VolumeMount{{ + f.Deployment.EnvoyExtraVolumeMounts = []core_v1.VolumeMount{{ Name: "metrics-certs", MountPath: "/metrics-certs", }} - f.Deployment.EnvoyExtraVolumes = []v1.Volume{{ + f.Deployment.EnvoyExtraVolumes = []core_v1.Volume{{ Name: "metrics-certs", - VolumeSource: v1.VolumeSource{ - Secret: &v1.SecretVolumeSource{ + VolumeSource: core_v1.VolumeSource{ + Secret: &core_v1.SecretVolumeSource{ SecretName: "metrics-server", }, }, @@ -83,7 +83,7 @@ var _ = Describe("Infra", func() { contourCmd *gexec.Session kubectlCmd *gexec.Session contourConfig *config.Parameters - contourConfiguration *contour_api_v1alpha1.ContourConfiguration + contourConfiguration *contour_v1alpha1.ContourConfiguration contourConfigFile string additionalContourArgs []string ) @@ -136,10 +136,10 @@ var _ = Describe("Infra", func() { CABundle: "/metrics-certs/ca.crt", } - contourConfiguration.Spec.Envoy.Metrics = &contour_api_v1alpha1.MetricsConfig{ + contourConfiguration.Spec.Envoy.Metrics = &contour_v1alpha1.MetricsConfig{ Address: "0.0.0.0", Port: 8003, - TLS: &contour_api_v1alpha1.MetricsTLS{ + TLS: &contour_v1alpha1.MetricsTLS{ CertFile: "/metrics-certs/tls.crt", KeyFile: "/metrics-certs/tls.key", CAFile: "/metrics-certs/ca.crt", diff --git a/test/e2e/infra/metrics_test.go b/test/e2e/infra/metrics_test.go index 09c524e8562..05e2502d4d7 100644 --- a/test/e2e/infra/metrics_test.go +++ b/test/e2e/infra/metrics_test.go @@ -22,8 +22,9 @@ import ( . "github.com/onsi/ginkgo/v2" "github.com/onsi/gomega" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" + + "github.com/projectcontour/contour/test/e2e" ) func testMetrics() { diff --git a/test/e2e/ingress/backend_tls_test.go b/test/e2e/ingress/backend_tls_test.go index 0a862a58588..be0517e92ea 100644 --- a/test/e2e/ingress/backend_tls_test.go +++ b/test/e2e/ingress/backend_tls_test.go @@ -22,21 +22,22 @@ import ( certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" certmanagermetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - corev1 "k8s.io/api/core/v1" - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + core_v1 "k8s.io/api/core/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testBackendTLS(namespace string) { Specify("simple TLS to backends can be configured", func() { // Backend server cert signed by CA. backendServerCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "backend-server-cert", }, @@ -55,25 +56,25 @@ func testBackendTLS(namespace string) { require.NoError(f.T(), f.Client.Create(context.TODO(), backendServerCert)) f.Fixtures.EchoSecure.Deploy(namespace, "echo-secure", nil) - i := &networkingv1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + i := &networking_v1.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "backend-tls", }, - Spec: networkingv1.IngressSpec{ - Rules: []networkingv1.IngressRule{ + Spec: networking_v1.IngressSpec{ + Rules: []networking_v1.IngressRule{ { Host: "backend-tls.ingress.projectcontour.io", - IngressRuleValue: networkingv1.IngressRuleValue{ - HTTP: &networkingv1.HTTPIngressRuleValue{ - Paths: []networkingv1.HTTPIngressPath{ + IngressRuleValue: networking_v1.IngressRuleValue{ + HTTP: &networking_v1.HTTPIngressRuleValue{ + Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networkingv1.PathTypePrefix), + PathType: ref.To(networking_v1.PathTypePrefix), Path: "/", - Backend: networkingv1.IngressBackend{ - Service: &networkingv1.IngressServiceBackend{ + Backend: networking_v1.IngressBackend{ + Service: &networking_v1.IngressServiceBackend{ Name: "echo-secure", - Port: networkingv1.ServiceBackendPort{ + Port: networking_v1.ServiceBackendPort{ Number: 443, }, }, @@ -109,7 +110,7 @@ func testBackendTLS(namespace string) { // Get value of client cert Envoy should have presented. clientSecretKey := client.ObjectKey{Namespace: namespace, Name: "backend-client-cert"} - clientSecret := &corev1.Secret{} + clientSecret := &core_v1.Secret{} require.NoError(f.T(), f.Client.Get(context.TODO(), clientSecretKey, clientSecret)) assert.Equal(f.T(), tlsInfo.TLS.PeerCertificates[0], string(clientSecret.Data["tls.crt"])) diff --git a/test/e2e/ingress/headers_policy_test.go b/test/e2e/ingress/headers_policy_test.go index 9aa9f1d3741..8126c3ac5e3 100644 --- a/test/e2e/ingress/headers_policy_test.go +++ b/test/e2e/ingress/headers_policy_test.go @@ -19,12 +19,13 @@ import ( "context" . "github.com/onsi/ginkgo/v2" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) func testGlobalHeadersPolicy(applyToIngress bool) e2e.NamespacedTestBody { @@ -48,25 +49,25 @@ func testGlobalHeadersPolicy(applyToIngress bool) e2e.NamespacedTestBody { host = "global-headers-policy-apply-to-ingress-true.ingress.projectcontour.io" } - i := &networkingv1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + i := &networking_v1.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "global-headers-policy", }, - Spec: networkingv1.IngressSpec{ - Rules: []networkingv1.IngressRule{ + Spec: networking_v1.IngressSpec{ + Rules: []networking_v1.IngressRule{ { Host: host, - IngressRuleValue: networkingv1.IngressRuleValue{ - HTTP: &networkingv1.HTTPIngressRuleValue{ - Paths: []networkingv1.HTTPIngressPath{ + IngressRuleValue: networking_v1.IngressRuleValue{ + HTTP: &networking_v1.HTTPIngressRuleValue{ + Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networkingv1.PathTypePrefix), + PathType: ref.To(networking_v1.PathTypePrefix), Path: "/", - Backend: networkingv1.IngressBackend{ - Service: &networkingv1.IngressServiceBackend{ + Backend: networking_v1.IngressBackend{ + Service: &networking_v1.IngressServiceBackend{ Name: "echo", - Port: networkingv1.ServiceBackendPort{ + Port: networking_v1.ServiceBackendPort{ Number: 80, }, }, diff --git a/test/e2e/ingress/ingress_class_test.go b/test/e2e/ingress/ingress_class_test.go index 3d120800597..df16f298be9 100644 --- a/test/e2e/ingress/ingress_class_test.go +++ b/test/e2e/ingress/ingress_class_test.go @@ -19,11 +19,12 @@ import ( "context" . "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/require" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" - "github.com/stretchr/testify/require" - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func testIngressClass(namespace, class string) { @@ -33,26 +34,26 @@ func testIngressClass(namespace, class string) { f.Fixtures.Echo.Deploy(namespace, "echo") - i := &networkingv1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + i := &networking_v1.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: name, }, - Spec: networkingv1.IngressSpec{ + Spec: networking_v1.IngressSpec{ IngressClassName: ref.To(class), - Rules: []networkingv1.IngressRule{ + Rules: []networking_v1.IngressRule{ { Host: name + ".projectcontour.io", - IngressRuleValue: networkingv1.IngressRuleValue{ - HTTP: &networkingv1.HTTPIngressRuleValue{ - Paths: []networkingv1.HTTPIngressPath{ + IngressRuleValue: networking_v1.IngressRuleValue{ + HTTP: &networking_v1.HTTPIngressRuleValue{ + Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networkingv1.PathTypePrefix), + PathType: ref.To(networking_v1.PathTypePrefix), Path: "/", - Backend: networkingv1.IngressBackend{ - Service: &networkingv1.IngressServiceBackend{ + Backend: networking_v1.IngressBackend{ + Service: &networking_v1.IngressServiceBackend{ Name: "echo", - Port: networkingv1.ServiceBackendPort{ + Port: networking_v1.ServiceBackendPort{ Number: 80, }, }, diff --git a/test/e2e/ingress/ingress_test.go b/test/e2e/ingress/ingress_test.go index 761dea5185b..a27db459b3d 100644 --- a/test/e2e/ingress/ingress_test.go +++ b/test/e2e/ingress/ingress_test.go @@ -19,18 +19,18 @@ import ( "context" "testing" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/ref" - certmanagerv1 "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1" certmanagermetav1 "github.com/cert-manager/cert-manager/pkg/apis/meta/v1" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/onsi/gomega/gexec" + "github.com/stretchr/testify/require" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/pkg/config" "github.com/projectcontour/contour/test/e2e" - "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) var f = e2e.NewFramework(false) @@ -56,7 +56,7 @@ var _ = Describe("Ingress", func() { var ( contourCmd *gexec.Session contourConfig *config.Parameters - contourConfiguration *contour_api_v1alpha1.ContourConfiguration + contourConfiguration *contour_v1alpha1.ContourConfiguration contourConfigFile string additionalContourArgs []string ) @@ -97,7 +97,7 @@ var _ = Describe("Ingress", func() { BeforeEach(func() { // Top level issuer. selfSignedIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "selfsigned", }, @@ -111,7 +111,7 @@ var _ = Describe("Ingress", func() { // CA to sign backend certs with. caCertificate := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-cert", }, @@ -132,7 +132,7 @@ var _ = Describe("Ingress", func() { // Issuer based on CA to generate new certs with. basedOnCAIssuer := &certmanagerv1.Issuer{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "ca-issuer", }, @@ -148,7 +148,7 @@ var _ = Describe("Ingress", func() { // Backend client cert, can use for upstream validation as well. backendClientCert := &certmanagerv1.Certificate{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "backend-client-cert", }, @@ -171,7 +171,7 @@ var _ = Describe("Ingress", func() { Name: "backend-client-cert", }, } - contourConfiguration.Spec.Envoy.ClientCertificate = &contour_api_v1alpha1.NamespacedName{ + contourConfiguration.Spec.Envoy.ClientCertificate = &contour_v1alpha1.NamespacedName{ Namespace: namespace, Name: "backend-client-cert", } @@ -187,7 +187,7 @@ var _ = Describe("Ingress", func() { additionalContourArgs = []string{ "--ingress-class-name=contour,team1", } - contourConfiguration.Spec.Ingress = &contour_api_v1alpha1.IngressConfig{ + contourConfiguration.Spec.Ingress = &contour_v1alpha1.IngressConfig{ ClassNames: []string{"contour", "team1"}, } }) @@ -201,7 +201,7 @@ var _ = Describe("Ingress", func() { additionalContourArgs = []string{ "--ingress-class-name=contour,team1", } - contourConfiguration.Spec.Ingress = &contour_api_v1alpha1.IngressConfig{ + contourConfiguration.Spec.Ingress = &contour_v1alpha1.IngressConfig{ ClassNames: []string{"contour", "team1"}, } }) @@ -220,13 +220,13 @@ var _ = Describe("Ingress", func() { "X-Contour-GlobalResponseHeader": "bar", } - contourConfiguration.Spec.Policy = &contour_api_v1alpha1.PolicyConfig{ - RequestHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + contourConfiguration.Spec.Policy = &contour_v1alpha1.PolicyConfig{ + RequestHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{ "X-Contour-GlobalRequestHeader": "foo", }, }, - ResponseHeadersPolicy: &contour_api_v1alpha1.HeadersPolicy{ + ResponseHeadersPolicy: &contour_v1alpha1.HeadersPolicy{ Set: map[string]string{ "X-Contour-GlobalResponseHeader": "bar", }, diff --git a/test/e2e/ingress/long_path_match_test.go b/test/e2e/ingress/long_path_match_test.go index e7232a58071..d945d69b371 100644 --- a/test/e2e/ingress/long_path_match_test.go +++ b/test/e2e/ingress/long_path_match_test.go @@ -21,11 +21,12 @@ import ( "strings" . "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/require" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" - "github.com/stretchr/testify/require" - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func testLongPathMatch(namespace string) { @@ -37,49 +38,49 @@ func testLongPathMatch(namespace string) { reallyLongPrefixMatch := "/" + strings.Repeat("b", 500) longRegexMatch := "/" + strings.Repeat("c", 200) + ".*" - i := &networkingv1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + i := &networking_v1.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "long-patch-match", }, - Spec: networkingv1.IngressSpec{ - Rules: []networkingv1.IngressRule{ + Spec: networking_v1.IngressSpec{ + Rules: []networking_v1.IngressRule{ { Host: "long-patch-match.ingress.projectcontour.io", - IngressRuleValue: networkingv1.IngressRuleValue{ - HTTP: &networkingv1.HTTPIngressRuleValue{ - Paths: []networkingv1.HTTPIngressPath{ + IngressRuleValue: networking_v1.IngressRuleValue{ + HTTP: &networking_v1.HTTPIngressRuleValue{ + Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networkingv1.PathTypePrefix), + PathType: ref.To(networking_v1.PathTypePrefix), Path: longPrefixMatch, - Backend: networkingv1.IngressBackend{ - Service: &networkingv1.IngressServiceBackend{ + Backend: networking_v1.IngressBackend{ + Service: &networking_v1.IngressServiceBackend{ Name: "echo", - Port: networkingv1.ServiceBackendPort{ + Port: networking_v1.ServiceBackendPort{ Number: 80, }, }, }, }, { - PathType: ref.To(networkingv1.PathTypePrefix), + PathType: ref.To(networking_v1.PathTypePrefix), Path: reallyLongPrefixMatch, - Backend: networkingv1.IngressBackend{ - Service: &networkingv1.IngressServiceBackend{ + Backend: networking_v1.IngressBackend{ + Service: &networking_v1.IngressServiceBackend{ Name: "echo", - Port: networkingv1.ServiceBackendPort{ + Port: networking_v1.ServiceBackendPort{ Number: 80, }, }, }, }, { - PathType: ref.To(networkingv1.PathTypeImplementationSpecific), + PathType: ref.To(networking_v1.PathTypeImplementationSpecific), Path: longRegexMatch, - Backend: networkingv1.IngressBackend{ - Service: &networkingv1.IngressServiceBackend{ + Backend: networking_v1.IngressBackend{ + Service: &networking_v1.IngressServiceBackend{ Name: "echo", - Port: networkingv1.ServiceBackendPort{ + Port: networking_v1.ServiceBackendPort{ Number: 80, }, }, diff --git a/test/e2e/ingress/tls_wildcard_host_test.go b/test/e2e/ingress/tls_wildcard_host_test.go index 3c9e1376c6f..f0c7223582a 100644 --- a/test/e2e/ingress/tls_wildcard_host_test.go +++ b/test/e2e/ingress/tls_wildcard_host_test.go @@ -20,11 +20,12 @@ import ( "crypto/tls" . "github.com/onsi/ginkgo/v2" + "github.com/stretchr/testify/require" + networking_v1 "k8s.io/api/networking/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/projectcontour/contour/internal/ref" "github.com/projectcontour/contour/test/e2e" - "github.com/stretchr/testify/require" - networkingv1 "k8s.io/api/networking/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) func testTLSWildcardHost(namespace string) { @@ -35,31 +36,31 @@ func testTLSWildcardHost(namespace string) { f.Fixtures.Echo.Deploy(namespace, "echo") f.Certs.CreateSelfSignedCert(namespace, "echo-one-cert", "echo-one-cert", "*."+hostSuffix) - i := &networkingv1.Ingress{ - ObjectMeta: metav1.ObjectMeta{ + i := &networking_v1.Ingress{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "wildcard-ingress", }, - Spec: networkingv1.IngressSpec{ - TLS: []networkingv1.IngressTLS{ + Spec: networking_v1.IngressSpec{ + TLS: []networking_v1.IngressTLS{ { Hosts: []string{"*.wildcardhost.ingress.projectcontour.io"}, SecretName: "echo-one-cert", }, }, - Rules: []networkingv1.IngressRule{ + Rules: []networking_v1.IngressRule{ { Host: "*.wildcardhost.ingress.projectcontour.io", - IngressRuleValue: networkingv1.IngressRuleValue{ - HTTP: &networkingv1.HTTPIngressRuleValue{ - Paths: []networkingv1.HTTPIngressPath{ + IngressRuleValue: networking_v1.IngressRuleValue{ + HTTP: &networking_v1.HTTPIngressRuleValue{ + Paths: []networking_v1.HTTPIngressPath{ { - PathType: ref.To(networkingv1.PathTypePrefix), + PathType: ref.To(networking_v1.PathTypePrefix), Path: "/", - Backend: networkingv1.IngressBackend{ - Service: &networkingv1.IngressServiceBackend{ + Backend: networking_v1.IngressBackend{ + Service: &networking_v1.IngressServiceBackend{ Name: "echo", - Port: networkingv1.ServiceBackendPort{ + Port: networking_v1.ServiceBackendPort{ Number: 80, }, }, diff --git a/test/e2e/provisioner.go b/test/e2e/provisioner.go index f51ae78a164..9401a897899 100644 --- a/test/e2e/provisioner.go +++ b/test/e2e/provisioner.go @@ -28,7 +28,7 @@ import ( "time" apps_v1 "k8s.io/api/apps/v1" - v1 "k8s.io/api/core/v1" + core_v1 "k8s.io/api/core/v1" rbac_v1 "k8s.io/api/rbac/v1" api_errors "k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/util/wait" @@ -45,8 +45,8 @@ type Provisioner struct { contourImage string - Namespace *v1.Namespace - ServiceAccount *v1.ServiceAccount + Namespace *core_v1.Namespace + ServiceAccount *core_v1.ServiceAccount ProvisionerClusterRole *rbac_v1.ClusterRole LeaderElectionRole *rbac_v1.Role LeaderElectionRoleBinding *rbac_v1.RoleBinding @@ -81,8 +81,8 @@ func (p *Provisioner) UnmarshalResources() error { decoder := apimachinery_util_yaml.NewYAMLToJSONDecoder(bytes.NewBuffer(yaml)) - p.Namespace = new(v1.Namespace) - p.ServiceAccount = new(v1.ServiceAccount) + p.Namespace = new(core_v1.Namespace) + p.ServiceAccount = new(core_v1.ServiceAccount) p.ProvisionerClusterRole = new(rbac_v1.ClusterRole) p.LeaderElectionRole = new(rbac_v1.Role) p.LeaderElectionRoleBinding = new(rbac_v1.RoleBinding) @@ -116,9 +116,9 @@ func (p *Provisioner) ensureResource(new, existing client.Object) error { return err } new.SetResourceVersion(existing.GetResourceVersion()) - // If a v1.Service, pass along existing cluster IP and healthcheck node port. - if newS, ok := new.(*v1.Service); ok { - existingS := existing.(*v1.Service) + // If a core_v1.Service, pass along existing cluster IP and healthcheck node port. + if newS, ok := new.(*core_v1.Service); ok { + existingS := existing.(*core_v1.Service) newS.Spec.ClusterIP = existingS.Spec.ClusterIP newS.Spec.ClusterIPs = existingS.Spec.ClusterIPs newS.Spec.HealthCheckNodePort = existingS.Spec.HealthCheckNodePort @@ -136,8 +136,8 @@ func (p *Provisioner) EnsureResourcesForInclusterProvisioner() error { } resources := []resource{ - {new: p.Namespace, existing: new(v1.Namespace)}, - {new: p.ServiceAccount, existing: new(v1.ServiceAccount)}, + {new: p.Namespace, existing: new(core_v1.Namespace)}, + {new: p.ServiceAccount, existing: new(core_v1.ServiceAccount)}, {new: p.ProvisionerClusterRole, existing: new(rbac_v1.ClusterRole)}, {new: p.LeaderElectionRole, existing: new(rbac_v1.Role)}, {new: p.LeaderElectionRoleBinding, existing: new(rbac_v1.RoleBinding)}, @@ -150,7 +150,7 @@ func (p *Provisioner) EnsureResourcesForInclusterProvisioner() error { } p.Deployment.Spec.Template.Spec.Containers[0].Image = p.contourImage - p.Deployment.Spec.Template.Spec.Containers[0].ImagePullPolicy = v1.PullIfNotPresent + p.Deployment.Spec.Template.Spec.Containers[0].ImagePullPolicy = core_v1.PullIfNotPresent // Set the --contour-image flag to the CI image diff --git a/test/e2e/provisioner/provisioner_test.go b/test/e2e/provisioner/provisioner_test.go index 9390eb16bab..775972bb7da 100644 --- a/test/e2e/provisioner/provisioner_test.go +++ b/test/e2e/provisioner/provisioner_test.go @@ -25,20 +25,21 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - contour_api_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" - contour_api_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" - "github.com/projectcontour/contour/internal/gatewayapi" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" + "github.com/projectcontour/contour/internal/gatewayapi" + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) var f = e2e.NewFramework(true) @@ -52,7 +53,7 @@ var _ = BeforeSuite(func() { require.NoError(f.T(), f.Provisioner.EnsureResourcesForInclusterProvisioner()) gc := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -67,12 +68,12 @@ var _ = BeforeSuite(func() { // cluster we will still have a basic GatewayClass without any // parameters to ensure that case is covered. if runtimeSettings != nil { - params := &contour_api_v1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params := &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "basic-contour", }, - Spec: contour_api_v1alpha1.ContourDeploymentSpec{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ RuntimeSettings: runtimeSettings, }, } @@ -89,14 +90,14 @@ var _ = BeforeSuite(func() { _, ok := f.CreateGatewayClassAndWaitFor(gc, e2e.GatewayClassAccepted) require.True(f.T(), ok) - paramsEnvoyDeployment := &contour_api_v1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + paramsEnvoyDeployment := &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-with-envoy-deployment", }, - Spec: contour_api_v1alpha1.ContourDeploymentSpec{ - Envoy: &contour_api_v1alpha1.EnvoySettings{ - WorkloadType: contour_api_v1alpha1.WorkloadTypeDeployment, + Spec: contour_v1alpha1.ContourDeploymentSpec{ + Envoy: &contour_v1alpha1.EnvoySettings{ + WorkloadType: contour_v1alpha1.WorkloadTypeDeployment, }, RuntimeSettings: runtimeSettings, }, @@ -104,7 +105,7 @@ var _ = BeforeSuite(func() { require.NoError(f.T(), f.Client.Create(context.Background(), paramsEnvoyDeployment)) gcWithEnvoyDeployment := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour-with-envoy-deployment", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -129,7 +130,7 @@ var _ = AfterSuite(func() { for _, name := range []string{"contour", "contour-with-envoy-deployment"} { gc := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: name, }, } @@ -146,7 +147,7 @@ var _ = Describe("Gateway provisioner", func() { // forget to update the supported version we check for. require.Eventually(f.T(), func() bool { gc := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, } @@ -155,7 +156,7 @@ var _ = Describe("Gateway provisioner", func() { } for _, cond := range gc.Status.Conditions { if cond.Type == string(gatewayapi_v1.GatewayClassConditionStatusSupportedVersion) && - cond.Status == metav1.ConditionTrue { + cond.Status == meta_v1.ConditionTrue { return true } } @@ -168,7 +169,7 @@ var _ = Describe("Gateway provisioner", func() { // Create GatewayClass with a reference to a nonexistent ContourDeployment, // it should be set to "Accepted: false" since the ref is invalid. gatewayClass := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "contour-with-params", }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -187,7 +188,7 @@ var _ = Describe("Gateway provisioner", func() { // Create a Gateway using that GatewayClass, it should not be accepted // since the GatewayClass is not accepted. gateway := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "http", Namespace: namespace, }, @@ -219,12 +220,12 @@ var _ = Describe("Gateway provisioner", func() { }, 10*time.Second, time.Second) // Now create the ContourDeployment to match the parametersRef. - params := &contour_api_v1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params := &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "contour-params", }, - Spec: contour_api_v1alpha1.ContourDeploymentSpec{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ RuntimeSettings: contourDeploymentRuntimeSettings(), }, } @@ -257,7 +258,7 @@ var _ = Describe("Gateway provisioner", func() { f.NamespacedTest("gateway-with-envoy-deployment", func(namespace string) { Specify("A gateway with Envoy as a deployment can be provisioned and routes traffic correctly", func() { gateway := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "http", Namespace: namespace, }, @@ -286,7 +287,7 @@ var _ = Describe("Gateway provisioner", func() { f.Fixtures.Echo.Deploy(namespace, "echo") route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "httproute-1", }, @@ -329,7 +330,7 @@ var _ = Describe("Gateway provisioner", func() { f.Certs.CreateSelfSignedCert(namespace, "https-2-cert", "https-2-cert", "https-2.provisioner.projectcontour.io") gateway := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "many-listeners", Namespace: namespace, }, @@ -405,7 +406,7 @@ var _ = Describe("Gateway provisioner", func() { // This HTTPRoute will attach to all of the HTTP and HTTPS Listeners. httpRoute := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "httproute-1", }, @@ -466,7 +467,7 @@ var _ = Describe("Gateway provisioner", func() { // This TCPRoute will attach to both TCP Listeners. tcpRoute := &gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "tcproute-1", }, @@ -521,7 +522,7 @@ var _ = Describe("Gateway provisioner", func() { BeforeEach(func() { By("create gatewayclass that reference contourDeployment with watchNamespace value") gatewayClass := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: objectTestName, }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -538,15 +539,15 @@ var _ = Describe("Gateway provisioner", func() { require.True(f.T(), ok) // Now create the ContourDeployment to match the parametersRef. - params := &contour_api_v1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params := &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: objectTestName, }, - Spec: contour_api_v1alpha1.ContourDeploymentSpec{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ RuntimeSettings: contourDeploymentRuntimeSettings(), - Contour: &contour_api_v1alpha1.ContourSettings{ - WatchNamespaces: []contour_api_v1.Namespace{"testns-1", "testns-2"}, + Contour: &contour_v1alpha1.ContourSettings{ + WatchNamespaces: []contour_v1.Namespace{"testns-1", "testns-2"}, }, }, } @@ -564,7 +565,7 @@ var _ = Describe("Gateway provisioner", func() { }) AfterEach(func() { require.NoError(f.T(), f.DeleteGatewayClass(&gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: objectTestName, }, }, false)) @@ -573,7 +574,7 @@ var _ = Describe("Gateway provisioner", func() { By("This tests deploy 3 dev namespaces testns-1, testns-2, testns-3") By("Deploy gateway that referencing above gatewayclass") gateway := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "http-for-watchnamespaces", Namespace: namespace, }, @@ -624,7 +625,7 @@ var _ = Describe("Gateway provisioner", func() { f.Fixtures.Echo.Deploy(t.namespace, "echo") route := &gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: t.namespace, Name: "httproute-1", }, @@ -689,7 +690,7 @@ var _ = Describe("Gateway provisioner", func() { BeforeEach(func() { By("create gatewayclass that reference contourDeployment with disabled-features value") gatewayClass := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: objectTestName, }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -706,15 +707,15 @@ var _ = Describe("Gateway provisioner", func() { require.True(f.T(), ok) // Now create the ContourDeployment to match the parametersRef. - params := &contour_api_v1alpha1.ContourDeployment{ - ObjectMeta: metav1.ObjectMeta{ + params := &contour_v1alpha1.ContourDeployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: objectTestName, }, - Spec: contour_api_v1alpha1.ContourDeploymentSpec{ + Spec: contour_v1alpha1.ContourDeploymentSpec{ RuntimeSettings: contourDeploymentRuntimeSettings(), - Contour: &contour_api_v1alpha1.ContourSettings{ - DisabledFeatures: []contour_api_v1.Feature{"tlsroutes"}, + Contour: &contour_v1alpha1.ContourSettings{ + DisabledFeatures: []contour_v1.Feature{"tlsroutes"}, }, }, } @@ -732,7 +733,7 @@ var _ = Describe("Gateway provisioner", func() { }) AfterEach(func() { require.NoError(f.T(), f.DeleteGatewayClass(&gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: objectTestName, }, }, false)) @@ -740,7 +741,7 @@ var _ = Describe("Gateway provisioner", func() { Specify("A gateway can be provisioned that ignore CRDs in disabledFeatures", func() { By("Deploy gateway that referencing above gatewayclass") gateway := &gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: namespace, }, @@ -772,7 +773,7 @@ var _ = Describe("Gateway provisioner", func() { By("Skip reconciling the TLSRoute if disabledFeatures includes it") f.Fixtures.EchoSecure.Deploy(namespace, "echo-secure", nil) route := &gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "tlsroute-1", }, @@ -807,35 +808,35 @@ var _ = Describe("Gateway provisioner", func() { }) }) -func contourDeploymentRuntimeSettings() *contour_api_v1alpha1.ContourConfigurationSpec { +func contourDeploymentRuntimeSettings() *contour_v1alpha1.ContourConfigurationSpec { if os.Getenv("IPV6_CLUSTER") != "true" { return nil } - return &contour_api_v1alpha1.ContourConfigurationSpec{ - XDSServer: &contour_api_v1alpha1.XDSServerConfig{ + return &contour_v1alpha1.ContourConfigurationSpec{ + XDSServer: &contour_v1alpha1.XDSServerConfig{ Address: "::", }, - Debug: &contour_api_v1alpha1.DebugConfig{ + Debug: &contour_v1alpha1.DebugConfig{ Address: "::1", }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: "::", }, - Metrics: &contour_api_v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: "::", }, - Envoy: &contour_api_v1alpha1.EnvoyConfig{ - HTTPListener: &contour_api_v1alpha1.EnvoyListener{ + Envoy: &contour_v1alpha1.EnvoyConfig{ + HTTPListener: &contour_v1alpha1.EnvoyListener{ Address: "::", }, - HTTPSListener: &contour_api_v1alpha1.EnvoyListener{ + HTTPSListener: &contour_v1alpha1.EnvoyListener{ Address: "::", }, - Health: &contour_api_v1alpha1.HealthConfig{ + Health: &contour_v1alpha1.HealthConfig{ Address: "::", }, - Metrics: &contour_api_v1alpha1.MetricsConfig{ + Metrics: &contour_v1alpha1.MetricsConfig{ Address: "::", }, }, diff --git a/test/e2e/upgrade/upgrade_test.go b/test/e2e/upgrade/upgrade_test.go index 8aed3611564..ab444444407 100644 --- a/test/e2e/upgrade/upgrade_test.go +++ b/test/e2e/upgrade/upgrade_test.go @@ -26,16 +26,17 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/onsi/gomega/gexec" - contourv1 "github.com/projectcontour/contour/apis/projectcontour/v1" - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/ref" - "github.com/projectcontour/contour/test/e2e" "github.com/stretchr/testify/require" - appsv1 "k8s.io/api/apps/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apps_v1 "k8s.io/api/apps/v1" + meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" + "github.com/projectcontour/contour/internal/k8s" + "github.com/projectcontour/contour/internal/ref" + "github.com/projectcontour/contour/test/e2e" ) var ( @@ -84,23 +85,23 @@ var _ = Describe("When upgrading", func() { Specify("applications remain routable after the upgrade", func() { By("deploying an app") f.Fixtures.Echo.DeployN(namespace, "echo", 2) - p := &contourv1.HTTPProxy{ - ObjectMeta: metav1.ObjectMeta{ + p := &contour_v1.HTTPProxy{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo", }, - Spec: contourv1.HTTPProxySpec{ - VirtualHost: &contourv1.VirtualHost{ + Spec: contour_v1.HTTPProxySpec{ + VirtualHost: &contour_v1.VirtualHost{ Fqdn: appHost, }, - Routes: []contourv1.Route{ + Routes: []contour_v1.Route{ { - Services: []contourv1.Service{ + Services: []contour_v1.Service{ { Name: "echo", Port: 80, - ResponseHeadersPolicy: &contourv1.HeadersPolicy{ - Set: []contourv1.HeaderValue{ + ResponseHeadersPolicy: &contour_v1.HeadersPolicy{ + Set: []contour_v1.HeaderValue{ { Name: "X-Envoy-Response-Flags", Value: "%RESPONSE_FLAGS%", @@ -148,7 +149,7 @@ var _ = Describe("When upgrading", func() { Eventually(sess, f.RetryTimeout, f.RetryInterval).Should(gexec.Exit(0)) gc, ok := f.CreateGatewayClassAndWaitFor(&gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: gatewayClassName, }, Spec: gatewayapi_v1beta1.GatewayClassSpec{ @@ -164,7 +165,7 @@ var _ = Describe("When upgrading", func() { require.NoError(f.T(), f.Provisioner.DeleteResourcesForInclusterProvisioner()) gc := &gatewayapi_v1beta1.GatewayClass{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Name: gatewayClassName, }, } @@ -179,7 +180,7 @@ var _ = Describe("When upgrading", func() { appHost := "upgrade.provisioner.projectcontour.io" gateway, ok := f.CreateGatewayAndWaitFor(&gatewayapi_v1beta1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "upgrade-gateway", }, @@ -205,7 +206,7 @@ var _ = Describe("When upgrading", func() { f.Fixtures.Echo.DeployN(namespace, "echo", 2) f.CreateHTTPRouteAndWaitFor(&gatewayapi_v1beta1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo", }, @@ -255,8 +256,8 @@ var _ = Describe("When upgrading", func() { require.NoError(f.T(), f.Provisioner.EnsureResourcesForInclusterProvisioner()) By("waiting for Gateway's Contour deployment to upgrade") - deployment := &appsv1.Deployment{ - ObjectMeta: metav1.ObjectMeta{ + deployment := &apps_v1.Deployment{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: fmt.Sprintf("contour-%s", gateway.Name), }, @@ -265,8 +266,8 @@ var _ = Describe("When upgrading", func() { require.NoError(t, e2e.WaitForContourDeploymentUpdated(deployment, f.Client, os.Getenv("CONTOUR_E2E_IMAGE"))) By("waiting for Gateway's Envoy daemonset to upgrade") - daemonset := &appsv1.DaemonSet{ - ObjectMeta: metav1.ObjectMeta{ + daemonset := &apps_v1.DaemonSet{ + ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: fmt.Sprintf("envoy-%s", gateway.Name), }, diff --git a/test/e2e/waiter.go b/test/e2e/waiter.go index 5d46c1ddcf3..6d9e4988496 100644 --- a/test/e2e/waiter.go +++ b/test/e2e/waiter.go @@ -20,15 +20,16 @@ import ( "errors" "time" - "github.com/projectcontour/contour/internal/k8s" - appsv1 "k8s.io/api/apps/v1" - v1 "k8s.io/api/core/v1" + apps_v1 "k8s.io/api/apps/v1" + core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/wait" "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/projectcontour/contour/internal/k8s" ) -func WaitForContourDeploymentUpdated(deployment *appsv1.Deployment, cli client.Client, image string) error { +func WaitForContourDeploymentUpdated(deployment *apps_v1.Deployment, cli client.Client, image string) error { // List pods with app label "contour" and check that pods are updated // with expected container image and in ready state. // We do this instead of checking Deployment status as it is possible @@ -47,11 +48,11 @@ func WaitForContourDeploymentUpdated(deployment *appsv1.Deployment, cli client.C return wait.PollUntilContextTimeout(context.Background(), time.Millisecond*50, time.Minute*3, true, updatedPods) } -func WaitForEnvoyDaemonSetUpdated(daemonset *appsv1.DaemonSet, cli client.Client, image string) error { +func WaitForEnvoyDaemonSetUpdated(daemonset *apps_v1.DaemonSet, cli client.Client, image string) error { labelSelectAppEnvoy := labels.SelectorFromSet(daemonset.Spec.Selector.MatchLabels) updatedPods := func(ctx context.Context) (bool, error) { - ds := &appsv1.DaemonSet{} + ds := &apps_v1.DaemonSet{} if err := cli.Get(ctx, k8s.NamespacedNameOf(daemonset), ds); err != nil { return false, err } @@ -66,11 +67,11 @@ func WaitForEnvoyDaemonSetUpdated(daemonset *appsv1.DaemonSet, cli client.Client return wait.PollUntilContextTimeout(context.Background(), time.Millisecond*50, time.Minute*3, true, updatedPods) } -func WaitForEnvoyDeploymentUpdated(deployment *appsv1.Deployment, cli client.Client, image string) error { +func WaitForEnvoyDeploymentUpdated(deployment *apps_v1.Deployment, cli client.Client, image string) error { labelSelectAppEnvoy := labels.SelectorFromSet(deployment.Spec.Selector.MatchLabels) updatedPods := func(ctx context.Context) (bool, error) { - dp := new(appsv1.Deployment) + dp := new(apps_v1.Deployment) if err := cli.Get(ctx, client.ObjectKeyFromObject(deployment), dp); err != nil { return false, err } @@ -86,7 +87,7 @@ func WaitForEnvoyDeploymentUpdated(deployment *appsv1.Deployment, cli client.Cli } func getPodsUpdatedWithContourImage(ctx context.Context, labelSelector labels.Selector, namespace, image string, cli client.Client) int { - pods := new(v1.PodList) + pods := new(core_v1.PodList) opts := &client.ListOptions{ LabelSelector: labelSelector, Namespace: namespace, @@ -107,7 +108,7 @@ func getPodsUpdatedWithContourImage(ctx context.Context, labelSelector labels.Se } for _, cond := range pod.Status.Conditions { - if cond.Type == v1.PodReady && cond.Status == v1.ConditionTrue { + if cond.Type == core_v1.PodReady && cond.Status == core_v1.ConditionTrue { updatedPods++ } } From 1a91962ca3b7130d6cca21e166a97109a075d12d Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Mon, 12 Feb 2024 15:08:54 -0700 Subject: [PATCH 24/83] drop Kubernetes version vars from patch release process (#6186) They don't need to be set since the changelog is now generated manually for patch releases, one less thing to have to look up/fill in. Signed-off-by: Steve Kriss --- site/content/resources/release-process.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/site/content/resources/release-process.md b/site/content/resources/release-process.md index ed67adf1f25..4a3057c4d52 100644 --- a/site/content/resources/release-process.md +++ b/site/content/resources/release-process.md @@ -47,7 +47,7 @@ export CONTOUR_UPSTREAM_REMOTE_NAME=upstream 1. Check out `main`, ensure it's up to date, and ensure you have a clean working directory. 1. Create a new local feature branch from `main`. 1. Generate a new set of versioned docs, plus a changelog: - + ```bash go run ./hack/release/prepare-release.go $CONTOUR_RELEASE_VERSION $KUBERNETES_MIN_VERSION $KUBERNETES_MAX_VERSION ``` @@ -144,9 +144,6 @@ export CONTOUR_RELEASE_VERSION_MAJOR=1 export CONTOUR_RELEASE_VERSION_MINOR=11 export CONTOUR_PREVIOUS_VERSION=v1.11.0 -export KUBERNETES_MIN_VERSION=1.20 -export KUBERNETES_MAX_VERSION=1.22 - export CONTOUR_UPSTREAM_REMOTE_NAME=upstream ``` From f1318822c118e64aa0d9aee8e7bb769a19ee93c5 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Mon, 12 Feb 2024 17:40:23 -0500 Subject: [PATCH 25/83] Fixes BackendTLSPolicy Status Update data race (#6185) DAG cache objects were being written to when StatusUpdater fetched resource to perform update on since status updates held a reference to them. Signed-off-by: Sunjay Bhatia --- changelogs/unreleased/6185-sunjayBhatia-small.md | 1 + internal/dag/gatewayapi_processor.go | 1 - internal/dag/status_test.go | 1 - internal/status/backendtlspolicyconditions.go | 1 - internal/status/cache.go | 6 +++--- 5 files changed, 4 insertions(+), 6 deletions(-) create mode 100644 changelogs/unreleased/6185-sunjayBhatia-small.md diff --git a/changelogs/unreleased/6185-sunjayBhatia-small.md b/changelogs/unreleased/6185-sunjayBhatia-small.md new file mode 100644 index 00000000000..5a566ce3562 --- /dev/null +++ b/changelogs/unreleased/6185-sunjayBhatia-small.md @@ -0,0 +1 @@ +Fix data race in BackendTlSPolicy status update logic. diff --git a/internal/dag/gatewayapi_processor.go b/internal/dag/gatewayapi_processor.go index 355d9eb6dd7..632be8b3256 100644 --- a/internal/dag/gatewayapi_processor.go +++ b/internal/dag/gatewayapi_processor.go @@ -2098,7 +2098,6 @@ func (p *GatewayAPIProcessor) computeBackendTLSPolicies(routeNamespace string, b backendTLSPolicyAccessor, commit := p.dag.StatusCache.BackendTLSPolicyConditionsAccessor( k8s.NamespacedNameOf(backendTLSPolicy), backendTLSPolicy.GetGeneration(), - backendTLSPolicy, ) defer commit() backendTLSPolicyAncestorStatus := backendTLSPolicyAccessor.StatusUpdateFor(routeParentRef) diff --git a/internal/dag/status_test.go b/internal/dag/status_test.go index fb64351ec8e..5f0c86b3360 100644 --- a/internal/dag/status_test.go +++ b/internal/dag/status_test.go @@ -11471,7 +11471,6 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "GatewayRef"), cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "Generation"), cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "TransitionTime"), - cmpopts.IgnoreFields(status.BackendTLSPolicyStatusUpdate{}, "Resource"), cmpopts.SortSlices(func(i, j meta_v1.Condition) bool { return i.Message < j.Message }), diff --git a/internal/status/backendtlspolicyconditions.go b/internal/status/backendtlspolicyconditions.go index 174582b66fa..8c53554fe0a 100644 --- a/internal/status/backendtlspolicyconditions.go +++ b/internal/status/backendtlspolicyconditions.go @@ -33,7 +33,6 @@ type BackendTLSPolicyStatusUpdate struct { PolicyAncestorStatuses []*gatewayapi_v1alpha2.PolicyAncestorStatus GatewayRef types.NamespacedName GatewayController gatewayapi_v1beta1.GatewayController - Resource client.Object Generation int64 TransitionTime meta_v1.Time } diff --git a/internal/status/cache.go b/internal/status/cache.go index d3579d12c93..7ea7c0cacbe 100644 --- a/internal/status/cache.go +++ b/internal/status/cache.go @@ -21,6 +21,7 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" @@ -102,7 +103,7 @@ func (c *Cache) GetStatusUpdates() []k8s.StatusUpdate { for fullname, backendTLSPolicyUpdate := range c.backendTLSPolicyUpdates { update := k8s.StatusUpdate{ NamespacedName: fullname, - Resource: backendTLSPolicyUpdate.Resource, + Resource: &gatewayapi_v1alpha2.BackendTLSPolicy{}, Mutator: backendTLSPolicyUpdate, } @@ -269,14 +270,13 @@ func (c *Cache) RouteConditionsAccessor(nsName types.NamespacedName, generation // to build up a list of metav1.Conditions as well as a function to commit the change back to the // cache when everything is done. The commit function pattern is used so that the // BackendTLSPolicyStatusUpdate does not need to know anything the cache internals. -func (c *Cache) BackendTLSPolicyConditionsAccessor(nsName types.NamespacedName, generation int64, resource client.Object) (*BackendTLSPolicyStatusUpdate, func()) { +func (c *Cache) BackendTLSPolicyConditionsAccessor(nsName types.NamespacedName, generation int64) (*BackendTLSPolicyStatusUpdate, func()) { pu := &BackendTLSPolicyStatusUpdate{ FullName: nsName, GatewayRef: c.gatewayRef, GatewayController: c.gatewayController, Generation: generation, TransitionTime: meta_v1.NewTime(time.Now()), - Resource: resource, } return pu, func() { From bd003fbf91989f21c82fc154f6105325966d76e2 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Mon, 12 Feb 2024 18:17:51 -0500 Subject: [PATCH 26/83] Inform on and use Gateway API v1 types where possible (#6153) Only files that set up an API client scheme or use ReferenceGrant should have the v1beta1 import Signed-off-by: Sunjay Bhatia --- .../unreleased/6153-sunjayBhatia-major.md | 5 + cmd/contour/ingressstatus.go | 6 +- cmd/contour/serve.go | 5 +- internal/controller/gateway.go | 41 +- internal/controller/gatewayclass.go | 34 +- internal/controller/httproute.go | 8 +- internal/dag/builder.go | 4 +- internal/dag/builder_test.go | 1028 ++++----- internal/dag/cache.go | 31 +- internal/dag/cache_test.go | 187 +- internal/dag/gatewayapi_processor.go | 219 +- internal/dag/gatewayapi_processor_test.go | 225 +- internal/dag/policy.go | 5 +- internal/dag/status_test.go | 1906 ++++++++--------- internal/featuretests/v3/cluster_test.go | 31 +- internal/featuretests/v3/httproute_test.go | 39 +- internal/featuretests/v3/listeners_test.go | 47 +- .../v3/routesourcemetadata_test.go | 13 +- internal/featuretests/v3/routeweight_test.go | 59 +- internal/featuretests/v3/tcproute_test.go | 69 +- internal/featuretests/v3/tlsroute_test.go | 49 +- internal/featuretests/v3/upstreamtls_test.go | 29 +- internal/gatewayapi/helpers.go | 87 +- internal/gatewayapi/listeners.go | 9 +- internal/gatewayapi/listeners_test.go | 107 +- internal/k8s/helpers.go | 19 +- internal/k8s/helpers_test.go | 7 +- internal/k8s/kind.go | 9 +- internal/k8s/kind_test.go | 8 +- internal/k8s/scheme.go | 2 + internal/k8s/statusaddress.go | 13 +- internal/k8s/statusaddress_test.go | 99 +- internal/provisioner/controller/gateway.go | 29 +- .../provisioner/controller/gateway_test.go | 187 +- .../provisioner/controller/gatewayclass.go | 19 +- .../controller/gatewayclass_test.go | 137 +- internal/provisioner/scheme.go | 2 + internal/status/backendtlspolicyconditions.go | 10 +- internal/status/cache.go | 12 +- internal/status/cache_test.go | 4 +- internal/status/gatewayclass.go | 4 +- internal/status/gatewayclassconditions.go | 5 +- .../status/gatewayclassconditions_test.go | 3 +- internal/status/gatewaystatus.go | 54 +- internal/status/gatewaystatus_test.go | 61 +- internal/status/routeconditions.go | 38 +- internal/status/routeconditions_test.go | 6 +- test/e2e/framework.go | 14 +- test/e2e/gateway/backend_tls_policy_test.go | 13 +- test/e2e/gateway/gateway_test.go | 123 +- test/e2e/gateway/host_rewrite_test.go | 23 +- .../multiple_gateways_and_classes_test.go | 103 +- .../gateway/multiple_https_listeners_test.go | 11 +- test/e2e/gateway/query_param_match_test.go | 18 +- .../gateway/request_header_modifier_test.go | 25 +- test/e2e/gateway/request_redirect_test.go | 21 +- .../gateway/response_header_modifier_test.go | 27 +- test/e2e/gateway/tcproute_test.go | 8 +- test/e2e/gateway/tls_gateway_test.go | 37 +- test/e2e/gateway/tls_wildcard_host_test.go | 19 +- test/e2e/gatewayapi_predicates.go | 21 +- test/e2e/provisioner/provisioner_test.go | 203 +- test/e2e/upgrade/upgrade_test.go | 49 +- 63 files changed, 2834 insertions(+), 2852 deletions(-) create mode 100644 changelogs/unreleased/6153-sunjayBhatia-major.md diff --git a/changelogs/unreleased/6153-sunjayBhatia-major.md b/changelogs/unreleased/6153-sunjayBhatia-major.md new file mode 100644 index 00000000000..c35c6e25bbe --- /dev/null +++ b/changelogs/unreleased/6153-sunjayBhatia-major.md @@ -0,0 +1,5 @@ +## Gateway API: Inform on v1 types + +Contour no longer informs on v1beta1 resources that have graduated to v1. +This includes the "core" resources GatewayClass, Gateway, and HTTPRoute. +This means that users should ensure they have updated CRDs to Gateway API v1.0.0 or newer, which introduced the v1 version with compatibility with v1beta1. diff --git a/cmd/contour/ingressstatus.go b/cmd/contour/ingressstatus.go index 2827765a28a..2204f4c2a22 100644 --- a/cmd/contour/ingressstatus.go +++ b/cmd/contour/ingressstatus.go @@ -24,7 +24,7 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/k8s" @@ -91,7 +91,7 @@ func (isw *loadBalancerStatusWriter) Start(ctx context.Context) error { // Only create Gateway informer if a controller or specific gateway was provided, // otherwise the API may not exist in the cluster. if len(isw.gatewayControllerName) > 0 || isw.gatewayRef != nil { - resources = append(resources, &gatewayapi_v1beta1.Gateway{}) + resources = append(resources, &gatewayapi_v1.Gateway{}) } for _, r := range resources { @@ -142,7 +142,7 @@ func (isw *loadBalancerStatusWriter) Start(ctx context.Context) error { // Only list Gateways if a controller or specific gateway was configured, // otherwise the API may not exist in the cluster. if len(isw.gatewayControllerName) > 0 || isw.gatewayRef != nil { - var gatewayList gatewayapi_v1beta1.GatewayList + var gatewayList gatewayapi_v1.GatewayList if err := isw.cache.List(context.Background(), &gatewayList); err != nil { isw.log.WithError(err).WithField("kind", "Gateway").Error("failed to list objects") } else { diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index 7a2a44b142f..1b6142f32f5 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -42,6 +42,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/manager/signals" controller_runtime_metrics "sigs.k8s.io/controller-runtime/pkg/metrics" controller_runtime_metrics_server "sigs.k8s.io/controller-runtime/pkg/metrics/server" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" @@ -1040,12 +1041,12 @@ func (s *Server) setupGatewayAPI(contourConfiguration contour_v1alpha1.ContourCo // to process, we just need informers to get events. case contourConfiguration.Gateway.GatewayRef != nil: // Inform on GatewayClasses. - if err := s.informOnResource(&gatewayapi_v1beta1.GatewayClass{}, eventHandler); err != nil { + if err := s.informOnResource(&gatewayapi_v1.GatewayClass{}, eventHandler); err != nil { s.log.WithError(err).WithField("resource", "gatewayclasses").Fatal("failed to create informer") } // Inform on Gateways. - if err := s.informOnResource(&gatewayapi_v1beta1.Gateway{}, eventHandler); err != nil { + if err := s.informOnResource(&gatewayapi_v1.Gateway{}, eventHandler); err != nil { s.log.WithError(err).WithField("resource", "gateways").Fatal("failed to create informer") } // Otherwise, run the GatewayClass and Gateway controllers to determine diff --git a/internal/controller/gateway.go b/internal/controller/gateway.go index 0b8ae8a6b66..7200dd5b64c 100644 --- a/internal/controller/gateway.go +++ b/internal/controller/gateway.go @@ -31,7 +31,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/leadership" @@ -43,7 +42,7 @@ type gatewayReconciler struct { statusUpdater k8s.StatusUpdater log logrus.FieldLogger // gatewayClassControllerName is the configured controller of managed gatewayclasses. - gatewayClassControllerName gatewayapi_v1beta1.GatewayController + gatewayClassControllerName gatewayapi_v1.GatewayController eventSource chan event.GenericEvent } @@ -61,7 +60,7 @@ func RegisterGatewayController( client: mgr.GetClient(), eventHandler: eventHandler, statusUpdater: statusUpdater, - gatewayClassControllerName: gatewayapi_v1beta1.GatewayController(gatewayClassControllerName), + gatewayClassControllerName: gatewayapi_v1.GatewayController(gatewayClassControllerName), // Set up a source.Channel that will trigger reconciles // for all GatewayClasses when this Contour process is // elected leader, to ensure that their statuses are up @@ -77,7 +76,7 @@ func RegisterGatewayController( } if err := c.Watch( - source.Kind(mgr.GetCache(), &gatewayapi_v1beta1.Gateway{}), + source.Kind(mgr.GetCache(), &gatewayapi_v1.Gateway{}), &handler.EnqueueRequestForObject{}, predicate.NewPredicateFuncs(r.hasMatchingController), ); err != nil { @@ -87,7 +86,7 @@ func RegisterGatewayController( // Watch GatewayClasses and reconcile their associated Gateways // to handle changes in the GatewayClasses' "Accepted" conditions. if err := c.Watch( - source.Kind(mgr.GetCache(), &gatewayapi_v1beta1.GatewayClass{}), + source.Kind(mgr.GetCache(), &gatewayapi_v1.GatewayClass{}), handler.EnqueueRequestsFromMapFunc(r.mapGatewayClassToGateways), predicate.NewPredicateFuncs(r.gatewayClassHasMatchingController), ); err != nil { @@ -112,7 +111,7 @@ func RegisterGatewayController( func (r *gatewayReconciler) OnElectedLeader() { r.log.Info("elected leader, triggering reconciles for all gateways") - var gateways gatewayapi_v1beta1.GatewayList + var gateways gatewayapi_v1.GatewayList if err := r.client.List(context.Background(), &gateways); err != nil { r.log.WithError(err).Error("error listing gateways") return @@ -124,7 +123,7 @@ func (r *gatewayReconciler) OnElectedLeader() { } func (r *gatewayReconciler) mapGatewayClassToGateways(ctx context.Context, gatewayClass client.Object) []reconcile.Request { - var gateways gatewayapi_v1beta1.GatewayList + var gateways gatewayapi_v1.GatewayList if err := r.client.List(ctx, &gateways); err != nil { r.log.WithError(err).Error("error listing gateways") return nil @@ -154,13 +153,13 @@ func (r *gatewayReconciler) hasMatchingController(obj client.Object) bool { "name": obj.GetName(), }) - gw, ok := obj.(*gatewayapi_v1beta1.Gateway) + gw, ok := obj.(*gatewayapi_v1.Gateway) if !ok { log.Debugf("unexpected object type %T, bypassing reconciliation.", obj) return false } - gc := &gatewayapi_v1beta1.GatewayClass{} + gc := &gatewayapi_v1.GatewayClass{} if err := r.client.Get(context.Background(), types.NamespacedName{Name: string(gw.Spec.GatewayClassName)}, gc); err != nil { log.WithError(err).Errorf("failed to get gatewayclass %s", gw.Spec.GatewayClassName) return false @@ -174,7 +173,7 @@ func (r *gatewayReconciler) hasMatchingController(obj client.Object) bool { } func (r *gatewayReconciler) gatewayClassHasMatchingController(obj client.Object) bool { - gc, ok := obj.(*gatewayapi_v1beta1.GatewayClass) + gc, ok := obj.(*gatewayapi_v1.GatewayClass) if !ok { r.log.Infof("expected GatewayClass, got %T", obj) return false @@ -189,13 +188,13 @@ func (r *gatewayReconciler) gatewayClassHasMatchingController(obj client.Object) func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { r.log.WithField("namespace", request.Namespace).WithField("name", request.Name).Info("reconciling gateway") - var gatewayClasses gatewayapi_v1beta1.GatewayClassList + var gatewayClasses gatewayapi_v1.GatewayClassList if err := r.client.List(ctx, &gatewayClasses); err != nil { return reconcile.Result{}, fmt.Errorf("error listing gateway classes") } // Find the GatewayClass for this controller with Accepted=true. - var acceptedGatewayClass *gatewayapi_v1beta1.GatewayClass + var acceptedGatewayClass *gatewayapi_v1.GatewayClass for i := range gatewayClasses.Items { gatewayClass := &gatewayClasses.Items[i] @@ -212,7 +211,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Req if acceptedGatewayClass == nil { r.log.Info("No accepted gateway class found") - r.eventHandler.OnDelete(&gatewayapi_v1beta1.Gateway{ + r.eventHandler.OnDelete(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: request.Namespace, Name: request.Name, @@ -221,13 +220,13 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Req return reconcile.Result{}, nil } - var allGateways gatewayapi_v1beta1.GatewayList + var allGateways gatewayapi_v1.GatewayList if err := r.client.List(ctx, &allGateways); err != nil { return reconcile.Result{}, fmt.Errorf("error listing gateways") } // Get all the Gateways for the Accepted=true GatewayClass. - var gatewaysForClass []*gatewayapi_v1beta1.Gateway + var gatewaysForClass []*gatewayapi_v1.Gateway for i := range allGateways.Items { if string(allGateways.Items[i].Spec.GatewayClassName) == acceptedGatewayClass.Name { gatewaysForClass = append(gatewaysForClass, &allGateways.Items[i]) @@ -236,7 +235,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Req if len(gatewaysForClass) == 0 { r.log.Info("No gateways found for accepted gateway class") - r.eventHandler.OnDelete(&gatewayapi_v1beta1.Gateway{ + r.eventHandler.OnDelete(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: request.Namespace, Name: request.Name, @@ -247,7 +246,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Req // Find the oldest Gateway, using alphabetical order // as a tiebreaker. - var oldest *gatewayapi_v1beta1.Gateway + var oldest *gatewayapi_v1.Gateway for _, gw := range gatewaysForClass { switch { case oldest == nil: @@ -272,9 +271,9 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Req if r.statusUpdater != nil { r.statusUpdater.Send(k8s.StatusUpdate{ NamespacedName: k8s.NamespacedNameOf(gw), - Resource: &gatewayapi_v1beta1.Gateway{}, + Resource: &gatewayapi_v1.Gateway{}, Mutator: k8s.StatusMutatorFunc(func(obj client.Object) client.Object { - gw, ok := obj.(*gatewayapi_v1beta1.Gateway) + gw, ok := obj.(*gatewayapi_v1.Gateway) if !ok { panic(fmt.Sprintf("unsupported object type %T", obj)) } @@ -300,7 +299,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Req return reconcile.Result{}, nil } -func isAccepted(gatewayClass *gatewayapi_v1beta1.GatewayClass) bool { +func isAccepted(gatewayClass *gatewayapi_v1.GatewayClass) bool { for _, cond := range gatewayClass.Status.Conditions { if cond.Type == string(gatewayapi_v1.GatewayClassConditionStatusAccepted) && cond.Status == meta_v1.ConditionTrue { return true @@ -310,7 +309,7 @@ func isAccepted(gatewayClass *gatewayapi_v1beta1.GatewayClass) bool { return false } -func setGatewayNotAccepted(gateway *gatewayapi_v1beta1.Gateway) *gatewayapi_v1beta1.Gateway { +func setGatewayNotAccepted(gateway *gatewayapi_v1.Gateway) *gatewayapi_v1.Gateway { newCond := meta_v1.Condition{ Type: string(gatewayapi_v1.GatewayConditionAccepted), Status: meta_v1.ConditionFalse, diff --git a/internal/controller/gatewayclass.go b/internal/controller/gatewayclass.go index 9c16e44d9b3..460b043671b 100644 --- a/internal/controller/gatewayclass.go +++ b/internal/controller/gatewayclass.go @@ -29,7 +29,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/predicate" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/leadership" @@ -41,7 +41,7 @@ type gatewayClassReconciler struct { eventHandler cache.ResourceEventHandler statusUpdater k8s.StatusUpdater log logrus.FieldLogger - controller gatewayapi_v1beta1.GatewayController + controller gatewayapi_v1.GatewayController eventSource chan event.GenericEvent } @@ -60,7 +60,7 @@ func RegisterGatewayClassController( eventHandler: eventHandler, statusUpdater: statusUpdater, log: log, - controller: gatewayapi_v1beta1.GatewayController(name), + controller: gatewayapi_v1.GatewayController(name), // Set up a source.Channel that will trigger reconciles // for all GatewayClasses when this Contour process is // elected leader, to ensure that their statuses are up @@ -78,7 +78,7 @@ func RegisterGatewayClassController( // Only enqueue GatewayClass objects that match name. if err := c.Watch( - source.Kind(mgr.GetCache(), &gatewayapi_v1beta1.GatewayClass{}), + source.Kind(mgr.GetCache(), &gatewayapi_v1.GatewayClass{}), &handler.EnqueueRequestForObject{}, predicate.NewPredicateFuncs(r.hasMatchingController), ); err != nil { @@ -99,7 +99,7 @@ func RegisterGatewayClassController( func (r *gatewayClassReconciler) OnElectedLeader() { r.log.Info("elected leader, triggering reconciles for all gatewayclasses") - var gatewayClasses gatewayapi_v1beta1.GatewayClassList + var gatewayClasses gatewayapi_v1.GatewayClassList if err := r.client.List(context.Background(), &gatewayClasses); err != nil { r.log.WithError(err).Error("error listing gatewayclasses") return @@ -118,7 +118,7 @@ func (r *gatewayClassReconciler) hasMatchingController(obj client.Object) bool { "name": obj.GetName(), }) - gc, ok := obj.(*gatewayapi_v1beta1.GatewayClass) + gc, ok := obj.(*gatewayapi_v1.GatewayClass) if !ok { log.Debugf("unexpected object type %T, bypassing reconciliation.", obj) return false @@ -136,7 +136,7 @@ func (r *gatewayClassReconciler) hasMatchingController(obj client.Object) bool { func (r *gatewayClassReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { r.log.WithField("name", request.Name).Info("reconciling gatewayclass") - var gatewayClasses gatewayapi_v1beta1.GatewayClassList + var gatewayClasses gatewayapi_v1.GatewayClassList if err := r.client.List(ctx, &gatewayClasses); err != nil { return reconcile.Result{}, fmt.Errorf("error listing gatewayclasses: %w", err) } @@ -159,7 +159,7 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, request reconcil if controlledClasses.len() == 0 { r.log.WithField("name", request.Name).Info("failed to find gatewayclass") - r.eventHandler.OnDelete(&gatewayapi_v1beta1.GatewayClass{ + r.eventHandler.OnDelete(&gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: request.Namespace, Name: request.Name, @@ -168,13 +168,13 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, request reconcil return reconcile.Result{}, nil } - updater := func(gc *gatewayapi_v1beta1.GatewayClass, accepted bool) error { + updater := func(gc *gatewayapi_v1.GatewayClass, accepted bool) error { if r.statusUpdater != nil { r.statusUpdater.Send(k8s.StatusUpdate{ NamespacedName: types.NamespacedName{Name: gc.Name}, - Resource: &gatewayapi_v1beta1.GatewayClass{}, + Resource: &gatewayapi_v1.GatewayClass{}, Mutator: k8s.StatusMutatorFunc(func(obj client.Object) client.Object { - gwc, ok := obj.(*gatewayapi_v1beta1.GatewayClass) + gwc, ok := obj.(*gatewayapi_v1.GatewayClass) if !ok { panic(fmt.Sprintf("unsupported object type %T", obj)) } @@ -211,15 +211,15 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, request reconcil // controlledClasses helps organize a list of GatewayClasses // with the same controller string. type controlledClasses struct { - allClasses []*gatewayapi_v1beta1.GatewayClass - oldestClass *gatewayapi_v1beta1.GatewayClass + allClasses []*gatewayapi_v1.GatewayClass + oldestClass *gatewayapi_v1.GatewayClass } func (cc *controlledClasses) len() int { return len(cc.allClasses) } -func (cc *controlledClasses) add(class *gatewayapi_v1beta1.GatewayClass) { +func (cc *controlledClasses) add(class *gatewayapi_v1.GatewayClass) { cc.allClasses = append(cc.allClasses, class) switch { @@ -233,12 +233,12 @@ func (cc *controlledClasses) add(class *gatewayapi_v1beta1.GatewayClass) { } } -func (cc *controlledClasses) acceptedClass() *gatewayapi_v1beta1.GatewayClass { +func (cc *controlledClasses) acceptedClass() *gatewayapi_v1.GatewayClass { return cc.oldestClass } -func (cc *controlledClasses) notAcceptedClasses() []*gatewayapi_v1beta1.GatewayClass { - var res []*gatewayapi_v1beta1.GatewayClass +func (cc *controlledClasses) notAcceptedClasses() []*gatewayapi_v1.GatewayClass { + var res []*gatewayapi_v1.GatewayClass for _, gc := range cc.allClasses { // skip the oldest one since it will be accepted. if gc.Name != cc.oldestClass.Name { diff --git a/internal/controller/httproute.go b/internal/controller/httproute.go index 04e9bb96e9e..b5fa12afb05 100644 --- a/internal/controller/httproute.go +++ b/internal/controller/httproute.go @@ -26,7 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/manager" "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" ) type httpRouteReconciler struct { @@ -51,15 +51,15 @@ func RegisterHTTPRouteController(log logrus.FieldLogger, mgr manager.Manager, ev return err } - return c.Watch(source.Kind(mgr.GetCache(), &gatewayapi_v1beta1.HTTPRoute{}), &handler.EnqueueRequestForObject{}) + return c.Watch(source.Kind(mgr.GetCache(), &gatewayapi_v1.HTTPRoute{}), &handler.EnqueueRequestForObject{}) } func (r *httpRouteReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { // Fetch the HTTPRoute from the cache. - httpRoute := &gatewayapi_v1beta1.HTTPRoute{} + httpRoute := &gatewayapi_v1.HTTPRoute{} err := r.client.Get(ctx, request.NamespacedName, httpRoute) if errors.IsNotFound(err) { - r.eventHandler.OnDelete(&gatewayapi_v1beta1.HTTPRoute{ + r.eventHandler.OnDelete(&gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: request.Name, Namespace: request.Namespace, diff --git a/internal/dag/builder.go b/internal/dag/builder.go index 192e65ec8c1..3cf610a8a96 100644 --- a/internal/dag/builder.go +++ b/internal/dag/builder.go @@ -18,7 +18,7 @@ import ( "github.com/prometheus/client_golang/prometheus" "k8s.io/apimachinery/pkg/types" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/metrics" @@ -61,7 +61,7 @@ func (b *Builder) Build() *DAG { if b.Source.gateway != nil { gatewayNSName = k8s.NamespacedNameOf(b.Source.gateway) } - var gatewayController gatewayapi_v1beta1.GatewayController + var gatewayController gatewayapi_v1.GatewayController if b.Source.gatewayclass != nil { gatewayController = b.Source.gatewayclass.Spec.ControllerName } diff --git a/internal/dag/builder_test.go b/internal/dag/builder_test.go index 56b565e7c10..8715b6e9694 100644 --- a/internal/dag/builder_test.go +++ b/internal/dag/builder_test.go @@ -112,15 +112,15 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - validClass := &gatewayapi_v1beta1.GatewayClass{ + validClass := &gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: meta_v1.ObjectMeta{ Name: "test-validClass", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -130,19 +130,19 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - gatewayHTTPAllNamespaces := &gatewayapi_v1beta1.Gateway{ + gatewayHTTPAllNamespaces := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -150,19 +150,19 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - gatewayHTTPSameNamespace := &gatewayapi_v1beta1.Gateway{ + gatewayHTTPSameNamespace := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -170,18 +170,18 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - gatewayHTTPNamespaceSelector := &gatewayapi_v1beta1.Gateway{ + gatewayHTTPNamespaceSelector := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ @@ -199,22 +199,22 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - hostname := gatewayapi_v1beta1.Hostname("gateway.projectcontour.io") - wildcardHostname := gatewayapi_v1beta1.Hostname("*.projectcontour.io") + hostname := gatewayapi_v1.Hostname("gateway.projectcontour.io") + wildcardHostname := gatewayapi_v1.Hostname("*.projectcontour.io") - gatewayHTTPWithHostname := &gatewayapi_v1beta1.Gateway{ + gatewayHTTPWithHostname := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Hostname: &hostname, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -222,19 +222,19 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - gatewayHTTPWithWildcardHostname := &gatewayapi_v1beta1.Gateway{ + gatewayHTTPWithWildcardHostname := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Hostname: &wildcardHostname, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -242,25 +242,25 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - gatewayHTTPWithAddresses := &gatewayapi_v1beta1.Gateway{ + gatewayHTTPWithAddresses := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Addresses: []gatewayapi_v1beta1.GatewayAddress{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Addresses: []gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1.IPAddressType), Value: "1.2.3.4", }, }, - Listeners: []gatewayapi_v1beta1.Listener{{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -268,21 +268,21 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - gatewayTLSPassthroughAllNamespaces := &gatewayapi_v1beta1.Gateway{ + gatewayTLSPassthroughAllNamespaces := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -290,21 +290,21 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - gatewayTLSPassthroughSameNamespace := &gatewayapi_v1beta1.Gateway{ + gatewayTLSPassthroughSameNamespace := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -312,21 +312,21 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - gatewayTLSPassthroughNamespaceSelector := &gatewayapi_v1beta1.Gateway{ + gatewayTLSPassthroughNamespaceSelector := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{"matching-label-key": "matching-label-value"}, @@ -386,25 +386,25 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Data: secretdata(fixture.CERTIFICATE, fixture.RSA_PRIVATE_KEY), } - gatewayTLSTerminateCertInDifferentNamespace := &gatewayapi_v1beta1.Gateway{ + gatewayTLSTerminateCertInDifferentNamespace := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef(sec2.Name, sec2.Namespace), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -412,23 +412,23 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - gatewayHTTPSAllNamespaces := &gatewayapi_v1beta1.Gateway{ + gatewayHTTPSAllNamespaces := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef(sec1.Name, sec1.Namespace), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -436,20 +436,20 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - gatewayHTTPAndHTTPS := &gatewayapi_v1beta1.Gateway{ + gatewayHTTPAndHTTPS := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "http-listener", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -458,13 +458,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { Name: "https-listener", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef(sec1.Name, sec1.Namespace), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -473,19 +473,19 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - basicHTTPRoute := &gatewayapi_v1beta1.HTTPRoute{ + basicHTTPRoute := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, @@ -527,15 +527,15 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, } - crossNSBackendHTTPRoute := makeHTTPRoute("basic", "default", "", gatewayapi_v1beta1.HTTPRouteRule{ + crossNSBackendHTTPRoute := makeHTTPRoute("basic", "default", "", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{{ - BackendRef: gatewayapi_v1beta1.BackendRef{ - BackendObjectReference: gatewayapi_v1beta1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1beta1.Namespace(kuardService.Namespace)), - Name: gatewayapi_v1beta1.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + BackendRefs: []gatewayapi_v1.HTTPBackendRef{{ + BackendRef: gatewayapi_v1.BackendRef{ + BackendObjectReference: gatewayapi_v1.BackendObjectReference{ + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), + Name: gatewayapi_v1.ObjectName(kuardService.Name), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, Weight: ref.To(int32(1)), }, @@ -544,8 +544,8 @@ func TestDAGInsertGatewayAPI(t *testing.T) { tests := map[string]struct { objs []any - gatewayclass *gatewayapi_v1beta1.GatewayClass - gateway *gatewayapi_v1beta1.Gateway + gatewayclass *gatewayapi_v1.GatewayClass + gateway *gatewayapi_v1.Gateway upstreamTLS *UpstreamTLS want []*Listener }{ @@ -656,22 +656,22 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("projectcontour", "some-other-gateway"), gatewayapi.GatewayParentRef("projectcontour", "some-other-gateway-2"), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, @@ -889,23 +889,23 @@ func TestDAGInsertGatewayAPI(t *testing.T) { "TLS Listener with TLS.Mode=Passthrough is invalid if certificateRef is specified": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef(sec1.Name, sec1.Namespace), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -920,21 +920,21 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "TLS Listener with TLS.Mode=Terminate is invalid if certificateRef is not specified": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(validClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(validClass.Name), + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -950,17 +950,17 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "TLS Listener with TLS not defined is invalid": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: gatewayapi_v1.TLSProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -975,20 +975,20 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "TLSRoute with invalid listener protocol of HTTP": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -1031,23 +1031,23 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "insert gateway with selector kind that doesn't match": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + Kinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), - Kind: gatewayapi_v1beta1.Kind("INVALID-KIND"), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Kind: gatewayapi_v1.Kind("INVALID-KIND"), }, }, }, @@ -1062,23 +1062,23 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "insert gateway with selector group that doesn't match": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + Kinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group("invalid-group-name")), - Kind: gatewayapi_v1beta1.Kind("HTTPRoute"), + Group: ref.To(gatewayapi_v1.Group("invalid-group-name")), + Kind: gatewayapi_v1.Kind("HTTPRoute"), }, }, }, @@ -1100,10 +1100,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/", "kuard", 8080, 1), makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/blog", "blogsvc", 80, 1), - gatewayapi_v1beta1.HTTPRouteRule{ + gatewayapi_v1.HTTPRouteRule{ Matches: append( gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/another"), - gatewayapi_v1beta1.HTTPRouteMatch{ + gatewayapi_v1.HTTPRouteMatch{ Headers: gatewayapi.HTTPHeaderMatch(gatewayapi_v1.HeaderMatchExact, "X-Foo-Header", "some_value"), }, ), @@ -1146,22 +1146,22 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", "test2.projectcontour.io", "test3.projectcontour.io", "test4.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, @@ -1264,13 +1264,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gatewayclass: validClass, gateway: gatewayHTTPAllNamespaces, objs: []any{ - makeHTTPRoute("basic", "default", "", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "default", "", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ - BackendObjectReference: gatewayapi_v1beta1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), + BackendRef: gatewayapi_v1.BackendRef{ + BackendObjectReference: gatewayapi_v1.BackendObjectReference{ + Kind: ref.To(gatewayapi_v1.Kind("Service")), Name: "kuard", }, }, @@ -1314,7 +1314,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "HTTPRoute", Namespace: "default", }}, @@ -1342,13 +1342,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "HTTPRoute", Namespace: "default", }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Service", - Name: ref.To(gatewayapi_v1beta1.ObjectName(kuardService.Name)), + Name: ref.To(gatewayapi_v1.ObjectName(kuardService.Name)), }}, }, }, @@ -1371,7 +1371,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "TLSRoute", Namespace: "default", }}, @@ -1401,7 +1401,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "HTTPRoute", Namespace: "default", }}, @@ -1431,7 +1431,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "HTTPRoute", Namespace: "some-other-namespace", // would need to be "default" to be valid }}, @@ -1461,13 +1461,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "HTTPRoute", Namespace: "default", }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Service", - Name: ref.To(gatewayapi_v1beta1.ObjectName("some-other-service")), // would need to be "kuard" to be valid. + Name: ref.To(gatewayapi_v1.ObjectName("some-other-service")), // would need to be "kuard" to be valid. }}, }, }, @@ -1520,19 +1520,19 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", - gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, }, { - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/blog"), }, }, { - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/tech"), }, @@ -1554,22 +1554,22 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "insert basic single route, single hostname, gateway with TLS, HTTP protocol is ignored": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 443, Protocol: gatewayapi_v1.HTTPProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef(sec1.Name, sec1.Namespace), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -1597,17 +1597,17 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "insert basic single route, single hostname, gateway with TLS, HTTPS protocol missing certificateRef": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -1701,26 +1701,26 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "TLS Listener Gateway CertificateRef must be type core.Secret": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ { - Group: ref.To(gatewayapi_v1beta1.Group("custom")), - Kind: ref.To(gatewayapi_v1beta1.Kind("shhhh")), - Name: gatewayapi_v1beta1.ObjectName(sec1.Name), + Group: ref.To(gatewayapi_v1.Group("custom")), + Kind: ref.To(gatewayapi_v1.Kind("shhhh")), + Name: gatewayapi_v1.ObjectName(sec1.Name), }, }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -1736,18 +1736,18 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "TLS Listener Gateway CertificateRef must be specified": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{}, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + TLS: &gatewayapi_v1.GatewayTLSConfig{}, + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -1775,9 +1775,9 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), + Namespace: gatewayapi_v1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", @@ -1824,13 +1824,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), + Namespace: gatewayapi_v1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", - Name: ref.To(gatewayapi_v1beta1.ObjectName(sec2.Name)), + Name: ref.To(gatewayapi_v1.ObjectName(sec2.Name)), }}, }, }, @@ -1864,9 +1864,9 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), + Namespace: gatewayapi_v1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", @@ -1890,9 +1890,9 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace("wrong-namespace"), + Namespace: gatewayapi_v1.Namespace("wrong-namespace"), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", @@ -1916,9 +1916,9 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "WrongKind", - Namespace: gatewayapi_v1beta1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), + Namespace: gatewayapi_v1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", @@ -1942,9 +1942,9 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), + Namespace: gatewayapi_v1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "WrongKind", @@ -1968,13 +1968,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), + Namespace: gatewayapi_v1.Namespace(gatewayTLSTerminateCertInDifferentNamespace.Namespace), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", - Name: ref.To(gatewayapi_v1beta1.ObjectName("wrong-name")), + Name: ref.To(gatewayapi_v1.ObjectName("wrong-name")), }}, }, }, @@ -1996,17 +1996,17 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "Invalid listener protocol type (TCP)": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: gatewayapi_v1.TCPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -2018,17 +2018,17 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "Invalid listener protocol type (UDP)": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: gatewayapi_v1.UDPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -2040,17 +2040,17 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, "Invalid listener protocol type (custom)": { gatewayclass: validClass, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: "projectcontour.io/HTTPUDP", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -2067,41 +2067,41 @@ func TestDAGInsertGatewayAPI(t *testing.T) { sec1, kuardService, blogService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "http-listener", 0), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, }, }, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basictls", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "https-listener", 0), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("blogsvc", 80, 1), }}, @@ -2134,9 +2134,9 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, @@ -2165,15 +2165,15 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{ { - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/blog"), }, }, { - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/tech"), }, @@ -2207,8 +2207,8 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ Headers: gatewayapi.HTTPHeaderMatch(gatewayapi_v1.HeaderMatchRegularExpression, "foo", "^abc$"), }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -2234,9 +2234,9 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Headers: []gatewayapi_v1beta1.HTTPHeaderMatch{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Headers: []gatewayapi_v1.HTTPHeaderMatch{ {Name: "header-1", Value: "value-1"}, {Name: "header-2", Value: "value-2"}, {Name: "header-1", Value: "value-3"}, @@ -2267,9 +2267,9 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, @@ -2298,13 +2298,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - QueryParams: []gatewayapi_v1beta1.HTTPQueryParamMatch{ + QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { Name: "param-1", Value: "value-1", @@ -2334,13 +2334,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - QueryParams: []gatewayapi_v1beta1.HTTPQueryParamMatch{ + QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { Type: ref.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-1", @@ -2371,13 +2371,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - QueryParams: []gatewayapi_v1beta1.HTTPQueryParamMatch{ + QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { Type: ref.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-1", @@ -2425,13 +2425,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - QueryParams: []gatewayapi_v1beta1.HTTPQueryParamMatch{ + QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { Type: ref.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-1", @@ -2481,13 +2481,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - QueryParams: []gatewayapi_v1beta1.HTTPQueryParamMatch{ + QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { Type: ref.To(gatewayapi_v1.QueryParamMatchExact), Name: "param-1", @@ -2525,13 +2525,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - QueryParams: []gatewayapi_v1beta1.HTTPQueryParamMatch{ + QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { Type: ref.To(gatewayapi_v1.QueryParamMatchRegularExpression), Name: "query-param-regex", @@ -2563,18 +2563,18 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "foo-bar"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "custom-header-add", Value: "foo-bar"}, }, Remove: []string{"x-remove"}, @@ -2583,12 +2583,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { // Second instance of filter should be ignored. Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "ignored"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar-ignored.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "custom-header-add", Value: "ignored"}, }, Remove: []string{"x-remove-ignored"}, @@ -2624,18 +2624,18 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "foo-bar"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "custom-header-add", Value: "foo-bar"}, }, Remove: []string{"x-remove"}, @@ -2644,12 +2644,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { // Second instance of filter should be ignored. Type: gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "ignored"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar-ignored.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "custom-header-add", Value: "ignored"}, }, Remove: []string{"x-remove-ignored"}, @@ -2685,23 +2685,23 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), Weight: ref.To(int32(1)), }, Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "foo-bar"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "custom-header-add", Value: "foo-bar"}, }, Remove: []string{"x-remove"}, @@ -2710,12 +2710,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { // Second instance of filter should be ignored. Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "ignored"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar-ignored.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "custom-header-add", Value: "ignored"}, }, Remove: []string{"x-remove-ignored"}, @@ -2743,23 +2743,23 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), Weight: ref.To(int32(1)), }, Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "foo-bar"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "custom-header-add", Value: "foo-bar"}, }, Remove: []string{"x-remove"}, @@ -2768,12 +2768,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { { // Second instance of filter should be ignored. Type: gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "ignored"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar-ignored.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "custom-header-add", Value: "ignored"}, }, Remove: []string{"x-remove-ignored"}, @@ -2801,17 +2801,17 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "foo-bar"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "!invalid-header-add", Value: "foo-bar"}, }, }, @@ -2840,22 +2840,22 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), Weight: ref.To(int32(1)), }, Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "foo-bar"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "!invalid-header-add", Value: "foo-bar"}, }, }, @@ -2881,22 +2881,22 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), Weight: ref.To(int32(1)), }, Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("custom-header-set"), Value: "foo-bar"}, {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "bar.com"}, }, - Add: []gatewayapi_v1beta1.HTTPHeader{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "!invalid-header-add", Value: "foo-bar"}, }, }, @@ -2922,14 +2922,14 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestRedirect, - RequestRedirect: &gatewayapi_v1beta1.HTTPRequestRedirectFilter{ + RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ Scheme: ref.To("https"), - Hostname: ref.To(gatewayapi_v1beta1.PreciseHostname("envoyproxy.io")), - Port: ref.To(gatewayapi_v1beta1.PortNumber(443)), + Hostname: ref.To(gatewayapi_v1.PreciseHostname("envoyproxy.io")), + Port: ref.To(gatewayapi_v1.PortNumber(443)), StatusCode: ref.To(301), }, }}, @@ -2957,17 +2957,17 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: append( gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/another-match")..., ), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestRedirect, - RequestRedirect: &gatewayapi_v1beta1.HTTPRequestRedirectFilter{ + RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ Scheme: ref.To("https"), - Hostname: ref.To(gatewayapi_v1beta1.PreciseHostname("envoyproxy.io")), - Port: ref.To(gatewayapi_v1beta1.PortNumber(443)), + Hostname: ref.To(gatewayapi_v1.PreciseHostname("envoyproxy.io")), + Port: ref.To(gatewayapi_v1.PortNumber(443)), StatusCode: ref.To(301), }, }}, @@ -3004,12 +3004,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/prefix"), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestRedirect, - RequestRedirect: &gatewayapi_v1beta1.HTTPRequestRedirectFilter{ - Path: &gatewayapi_v1beta1.HTTPPathModifier{ + RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ + Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.PrefixMatchHTTPPathModifier, ReplacePrefixMatch: ref.To("/replacement"), }, @@ -3039,12 +3039,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/prefix"), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestRedirect, - RequestRedirect: &gatewayapi_v1beta1.HTTPRequestRedirectFilter{ - Path: &gatewayapi_v1beta1.HTTPPathModifier{ + RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ + Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.PrefixMatchHTTPPathModifier, ReplacePrefixMatch: ref.To("/"), }, @@ -3074,12 +3074,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/prefix"), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestRedirect, - RequestRedirect: &gatewayapi_v1beta1.HTTPRequestRedirectFilter{ - Path: &gatewayapi_v1beta1.HTTPPathModifier{ + RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ + Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.FullPathHTTPPathModifier, ReplaceFullPath: ref.To("/replacement"), }, @@ -3110,12 +3110,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, kuardService2, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi.ServiceBackendObjectRef("kuard2", 8080), }, }}, @@ -3136,19 +3136,19 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, kuardService2, kuardService3, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi.ServiceBackendObjectRef("kuard2", 8080), }, }, { Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi.ServiceBackendObjectRef("kuard3", 8080), }, }, @@ -3169,7 +3169,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { objs: []any{ kuardService, kuardService2, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: append( gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/another-match")..., @@ -3177,7 +3177,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi.ServiceBackendObjectRef("kuard2", 8080), }, }}, @@ -3198,12 +3198,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/prefix"), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterURLRewrite, - URLRewrite: &gatewayapi_v1beta1.HTTPURLRewriteFilter{ - Path: &gatewayapi_v1beta1.HTTPPathModifier{ + URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ + Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.PrefixMatchHTTPPathModifier, ReplacePrefixMatch: ref.To("/replacement"), }, @@ -3232,12 +3232,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/prefix"), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterURLRewrite, - URLRewrite: &gatewayapi_v1beta1.HTTPURLRewriteFilter{ - Path: &gatewayapi_v1beta1.HTTPPathModifier{ + URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ + Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.PrefixMatchHTTPPathModifier, ReplacePrefixMatch: ref.To("/"), }, @@ -3266,12 +3266,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/prefix"), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterURLRewrite, - URLRewrite: &gatewayapi_v1beta1.HTTPURLRewriteFilter{ - Path: &gatewayapi_v1beta1.HTTPPathModifier{ + URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ + Path: &gatewayapi_v1.HTTPPathModifier{ Type: gatewayapi_v1.FullPathHTTPPathModifier, ReplaceFullPath: ref.To("/replacement"), }, @@ -3300,12 +3300,12 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/prefix"), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterURLRewrite, - URLRewrite: &gatewayapi_v1beta1.HTTPURLRewriteFilter{ - Hostname: ref.To(gatewayapi_v1beta1.PreciseHostname("rewritten.com")), + URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ + Hostname: ref.To(gatewayapi_v1.PreciseHostname("rewritten.com")), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -3329,13 +3329,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { gateway: gatewayHTTPAllNamespaces, objs: []any{ kuardService, - makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "test.projectcontour.io", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/prefix"), Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ { Name: "Host", Value: "requestheader.rewritten.com", @@ -3345,8 +3345,8 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, { Type: gatewayapi_v1.HTTPRouteFilterURLRewrite, - URLRewrite: &gatewayapi_v1beta1.HTTPURLRewriteFilter{ - Hostname: ref.To(gatewayapi_v1beta1.PreciseHostname("url.rewritten.com")), + URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ + Hostname: ref.To(gatewayapi_v1.PreciseHostname("url.rewritten.com")), }, }, }, @@ -3643,16 +3643,16 @@ func TestDAGInsertGatewayAPI(t *testing.T) { tlsAndNonTLSService, cert1, makeHTTPRoute("tls-basic", "projectcontour", "", makeHTTPRouteRule(gatewayapi_v1.PathMatchPathPrefix, "/tls", "tlsandnontlssvc", 443, 1)), - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "non-tls-basic", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/non-tls"), BackendRefs: gatewayapi.HTTPBackendRefs( gatewayapi.HTTPBackendRef("tlsandnontlssvc", 80, 1), @@ -3911,7 +3911,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, kuardService2, kuardService3, - makeHTTPRoute("basic", "projectcontour", "", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRefs( gatewayapi.HTTPBackendRef("kuard", 8080, 5), @@ -3964,7 +3964,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { kuardService, kuardService2, kuardService3, - makeHTTPRoute("basic", "projectcontour", "", gatewayapi_v1beta1.HTTPRouteRule{ + makeHTTPRoute("basic", "projectcontour", "", gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRefs( gatewayapi.HTTPBackendRef("kuard", 8080, 5), @@ -4115,10 +4115,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1beta1.Namespace(kuardService.Namespace)), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, Weight: ref.To(int32(1)), }, @@ -4133,7 +4133,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "TLSRoute", Namespace: "default", }}, @@ -4178,10 +4178,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1beta1.Namespace(kuardService.Namespace)), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, Weight: ref.To(int32(1)), }, @@ -4196,13 +4196,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "TLSRoute", Namespace: "default", }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Service", - Name: ref.To(gatewayapi_v1beta1.ObjectName(kuardService.Name)), + Name: ref.To(gatewayapi_v1.ObjectName(kuardService.Name)), }}, }, }, @@ -4242,10 +4242,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1beta1.Namespace(kuardService.Namespace)), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, Weight: ref.To(int32(1)), }, @@ -4260,7 +4260,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "HTTPRoute", // would need to be TLSRoute to be valid Namespace: "default", }}, @@ -4291,10 +4291,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1beta1.Namespace(kuardService.Namespace)), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, Weight: ref.To(int32(1)), }, @@ -4309,7 +4309,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "TLSRoute", Namespace: "default", }}, @@ -4340,10 +4340,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1beta1.Namespace(kuardService.Namespace)), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, Weight: ref.To(int32(1)), }, @@ -4358,7 +4358,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "TLSRoute", Namespace: "some-other-namespace", // would have to be "default" to be valid }}, @@ -4389,10 +4389,10 @@ func TestDAGInsertGatewayAPI(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1beta1.Namespace(kuardService.Namespace)), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, Weight: ref.To(int32(1)), }, @@ -4407,13 +4407,13 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "TLSRoute", Namespace: "default", }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Service", - Name: ref.To(gatewayapi_v1beta1.ObjectName("some-other-service")), // would have to be "kuard" to be valid + Name: ref.To(gatewayapi_v1.ObjectName("some-other-service")), // would have to be "kuard" to be valid }}, }, }, @@ -5319,7 +5319,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { CommonRouteSpec: gatewayapi_v1alpha2.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{ @@ -5476,7 +5476,7 @@ func TestDAGInsertGatewayAPI(t *testing.T) { }}, BackendRefs: []gatewayapi_v1alpha2.GRPCBackendRef{{ BackendRef: gatewayapi_v1alpha2.BackendRef{ - BackendObjectReference: gatewayapi_v1beta1.BackendObjectReference{ + BackendObjectReference: gatewayapi_v1.BackendObjectReference{ Kind: ref.To(gatewayapi_v1alpha2.Kind("Service")), Namespace: ref.To(gatewayapi_v1alpha2.Namespace(kuardService.Namespace)), Name: gatewayapi_v1alpha2.ObjectName(kuardService.Name), @@ -13919,25 +13919,25 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { } tests := map[string]struct { - gateway *gatewayapi_v1beta1.Gateway + gateway *gatewayapi_v1.Gateway objs []any want []*Listener }{ "HTTPProxy attached to HTTP-only Gateway": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -13984,20 +13984,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { ), }, "HTTPProxy attached to Gateway with multiple HTTP listeners": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14006,8 +14006,8 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Name: "http-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 81, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14047,20 +14047,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { want: nil, }, "HTTPProxy attached to Gateway with HTTP and HTTPS listener": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14069,12 +14069,12 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, }, @@ -14120,20 +14120,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { ), }, "HTTPProxy with TLS attached to Gateway with HTTP and HTTPS listener": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14142,12 +14142,12 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, }, @@ -14203,20 +14203,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { ), }, "HTTPProxy with TLS attached to Gateway with HTTP and HTTPS listener using projectcontour.io/https protocol": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14225,8 +14225,8 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Name: "https-1", Protocol: gatewayapi.ContourHTTPSProtocolType, Port: 443, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14283,20 +14283,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { ), }, "HTTPProxy with TLS attached to Gateway with no HTTPS listener": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14341,20 +14341,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { }, "Ingress attached to HTTP-only Gateway": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14397,20 +14397,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { ), }, "Ingress attached to Gateway with multiple HTTP listeners": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14419,8 +14419,8 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Name: "http-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 81, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14456,20 +14456,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { want: nil, }, "Ingress attached to Gateway with HTTP and HTTPS listener": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14478,12 +14478,12 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, }, @@ -14525,20 +14525,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { ), }, "Ingress with TLS attached to Gateway with HTTP and HTTPS listener": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14547,12 +14547,12 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, }, @@ -14607,20 +14607,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { ), }, "Ingress with TLS attached to Gateway with HTTP and HTTPS listener using projectcontour.io/https protocol": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14629,8 +14629,8 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { Name: "https-1", Protocol: gatewayapi.ContourHTTPSProtocolType, Port: 443, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14686,20 +14686,20 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { ), }, "Ingress with TLS (with HTTP not allowed) attached to Gateway with no HTTPS listener": { - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -14748,11 +14748,11 @@ func TestGatewayWithHTTPProxyAndIngress(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - gc := &gatewayapi_v1beta1.GatewayClass{ + gc := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour-gc", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, } @@ -16003,20 +16003,20 @@ func makeHTTPRouteTimeouts(request, backendRequest string) *gatewayapi_v1.HTTPRo return httpRouteTimeouts } -func makeHTTPRouteWithTimeouts(request, backendRequest string) *gatewayapi_v1beta1.HTTPRoute { - return &gatewayapi_v1beta1.HTTPRoute{ +func makeHTTPRouteWithTimeouts(request, backendRequest string) *gatewayapi_v1.HTTPRoute { + return &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Timeouts: makeHTTPRouteTimeouts(request, backendRequest), @@ -16025,25 +16025,25 @@ func makeHTTPRouteWithTimeouts(request, backendRequest string) *gatewayapi_v1bet } } -func makeHTTPRoute(name, namespace, hostname string, firstRule gatewayapi_v1beta1.HTTPRouteRule, additionalRules ...gatewayapi_v1beta1.HTTPRouteRule) *gatewayapi_v1beta1.HTTPRoute { - rules := []gatewayapi_v1beta1.HTTPRouteRule{firstRule} +func makeHTTPRoute(name, namespace, hostname string, firstRule gatewayapi_v1.HTTPRouteRule, additionalRules ...gatewayapi_v1.HTTPRouteRule) *gatewayapi_v1.HTTPRoute { + rules := []gatewayapi_v1.HTTPRouteRule{firstRule} if len(additionalRules) > 0 { rules = append(rules, additionalRules...) } - var hostnames []gatewayapi_v1beta1.Hostname + var hostnames []gatewayapi_v1.Hostname if hostname != "" { - hostnames = []gatewayapi_v1beta1.Hostname{ - gatewayapi_v1beta1.Hostname(hostname), + hostnames = []gatewayapi_v1.Hostname{ + gatewayapi_v1.Hostname(hostname), } } - return &gatewayapi_v1beta1.HTTPRoute{ + return &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, Hostnames: hostnames, Rules: rules, @@ -16051,8 +16051,8 @@ func makeHTTPRoute(name, namespace, hostname string, firstRule gatewayapi_v1beta } } -func makeHTTPRouteRule(pathType gatewayapi_v1beta1.PathMatchType, pathValue, serviceName string, port int, weight int32) gatewayapi_v1beta1.HTTPRouteRule { - return gatewayapi_v1beta1.HTTPRouteRule{ +func makeHTTPRouteRule(pathType gatewayapi_v1.PathMatchType, pathValue, serviceName string, port int, weight int32) gatewayapi_v1.HTTPRouteRule { + return gatewayapi_v1.HTTPRouteRule{ Matches: gatewayapi.HTTPRouteMatch(pathType, pathValue), BackendRefs: gatewayapi.HTTPBackendRef(serviceName, port, weight), } diff --git a/internal/dag/cache.go b/internal/dag/cache.go index 387e33f153e..59d4b4c2ec4 100644 --- a/internal/dag/cache.go +++ b/internal/dag/cache.go @@ -27,6 +27,7 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/client-go/tools/cache" "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -67,9 +68,9 @@ type KubernetesCache struct { tlscertificatedelegations map[types.NamespacedName]*contour_v1.TLSCertificateDelegation services map[types.NamespacedName]*core_v1.Service namespaces map[string]*core_v1.Namespace - gatewayclass *gatewayapi_v1beta1.GatewayClass - gateway *gatewayapi_v1beta1.Gateway - httproutes map[types.NamespacedName]*gatewayapi_v1beta1.HTTPRoute + gatewayclass *gatewayapi_v1.GatewayClass + gateway *gatewayapi_v1.Gateway + httproutes map[types.NamespacedName]*gatewayapi_v1.HTTPRoute tlsroutes map[types.NamespacedName]*gatewayapi_v1alpha2.TLSRoute grpcroutes map[types.NamespacedName]*gatewayapi_v1alpha2.GRPCRoute tcproutes map[types.NamespacedName]*gatewayapi_v1alpha2.TCPRoute @@ -105,7 +106,7 @@ func (kc *KubernetesCache) init() { kc.tlscertificatedelegations = make(map[types.NamespacedName]*contour_v1.TLSCertificateDelegation) kc.services = make(map[types.NamespacedName]*core_v1.Service) kc.namespaces = make(map[string]*core_v1.Namespace) - kc.httproutes = make(map[types.NamespacedName]*gatewayapi_v1beta1.HTTPRoute) + kc.httproutes = make(map[types.NamespacedName]*gatewayapi_v1.HTTPRoute) kc.referencegrants = make(map[types.NamespacedName]*gatewayapi_v1beta1.ReferenceGrant) kc.tlsroutes = make(map[types.NamespacedName]*gatewayapi_v1alpha2.TLSRoute) kc.grpcroutes = make(map[types.NamespacedName]*gatewayapi_v1alpha2.GRPCRoute) @@ -181,7 +182,7 @@ func (kc *KubernetesCache) Insert(obj any) bool { kc.tlscertificatedelegations[k8s.NamespacedNameOf(obj)] = obj return true, len(kc.tlscertificatedelegations) - case *gatewayapi_v1beta1.GatewayClass: + case *gatewayapi_v1.GatewayClass: switch { // Specific gateway configured: make sure the incoming gateway class // matches that gateway's. @@ -201,7 +202,7 @@ func (kc *KubernetesCache) Insert(obj any) bool { return true, 1 } - case *gatewayapi_v1beta1.Gateway: + case *gatewayapi_v1.Gateway: switch { // Specific gateway configured: make sure the incoming gateway // matches, and get its gateway class. @@ -215,7 +216,7 @@ func (kc *KubernetesCache) Insert(obj any) bool { kc.gateway = obj - gatewayClass := &gatewayapi_v1beta1.GatewayClass{} + gatewayClass := &gatewayapi_v1.GatewayClass{} if err := kc.Client.Get(context.Background(), client.ObjectKey{Name: string(kc.gateway.Spec.GatewayClassName)}, gatewayClass); err != nil { kc.WithError(err).Errorf("error getting gatewayclass for gateway %s/%s", kc.gateway.Namespace, kc.gateway.Name) } else { @@ -229,7 +230,7 @@ func (kc *KubernetesCache) Insert(obj any) bool { return true, 1 } - case *gatewayapi_v1beta1.HTTPRoute: + case *gatewayapi_v1.HTTPRoute: kc.httproutes[k8s.NamespacedNameOf(obj)] = obj return kc.routeTriggersRebuild(obj.Spec.ParentRefs), len(kc.httproutes) @@ -353,7 +354,7 @@ func (kc *KubernetesCache) remove(obj any) (bool, int) { delete(kc.tlscertificatedelegations, m) return ok, len(kc.tlscertificatedelegations) - case *gatewayapi_v1beta1.GatewayClass: + case *gatewayapi_v1.GatewayClass: switch { case kc.ConfiguredGatewayToCache != nil: if kc.gatewayclass == nil { @@ -370,7 +371,7 @@ func (kc *KubernetesCache) remove(obj any) (bool, int) { return true, 0 } - case *gatewayapi_v1beta1.Gateway: + case *gatewayapi_v1.Gateway: switch { case kc.ConfiguredGatewayToCache != nil: if kc.gateway == nil { @@ -385,7 +386,7 @@ func (kc *KubernetesCache) remove(obj any) (bool, int) { kc.gateway = nil return true, 0 } - case *gatewayapi_v1beta1.HTTPRoute: + case *gatewayapi_v1.HTTPRoute: m := k8s.NamespacedNameOf(obj) delete(kc.httproutes, m) return kc.routeTriggersRebuild(obj.Spec.ParentRefs), len(kc.httproutes) @@ -519,7 +520,7 @@ func (kc *KubernetesCache) serviceTriggersRebuild(service *core_v1.Service) bool return false } -func isRefToService(ref gatewayapi_v1beta1.BackendObjectReference, service *core_v1.Service, routeNamespace string) bool { +func isRefToService(ref gatewayapi_v1.BackendObjectReference, service *core_v1.Service, routeNamespace string) bool { return ref.Group != nil && *ref.Group == "" && ref.Kind != nil && *ref.Kind == "Service" && ((ref.Namespace != nil && string(*ref.Namespace) == service.Namespace) || (ref.Namespace == nil && routeNamespace == service.Namespace)) && @@ -600,10 +601,10 @@ func (kc *KubernetesCache) secretTriggersRebuild(secretObj *core_v1.Secret) bool return false } -func isRefToSecret(ref gatewayapi_v1beta1.SecretObjectReference, secret *core_v1.Secret, gatewayNamespace string) bool { +func isRefToSecret(ref gatewayapi_v1.SecretObjectReference, secret *core_v1.Secret, gatewayNamespace string) bool { return ref.Group != nil && *ref.Group == "" && ref.Kind != nil && *ref.Kind == "Secret" && - ((ref.Namespace != nil && *ref.Namespace == gatewayapi_v1beta1.Namespace(secret.Namespace)) || (ref.Namespace == nil && gatewayNamespace == secret.Namespace)) && + ((ref.Namespace != nil && *ref.Namespace == gatewayapi_v1.Namespace(secret.Namespace)) || (ref.Namespace == nil && gatewayNamespace == secret.Namespace)) && string(ref.Name) == secret.Name } @@ -634,7 +635,7 @@ func (kc *KubernetesCache) configMapTriggersRebuild(configMapObj *core_v1.Config } // routeTriggersRebuild returns true if this route references gateway in this cache. -func (kc *KubernetesCache) routeTriggersRebuild(parentRefs []gatewayapi_v1beta1.ParentReference) bool { +func (kc *KubernetesCache) routeTriggersRebuild(parentRefs []gatewayapi_v1.ParentReference) bool { if kc.gateway == nil { return false } diff --git a/internal/dag/cache_test.go b/internal/dag/cache_test.go index 3041b1e99a0..0a7556fd070 100644 --- a/internal/dag/cache_test.go +++ b/internal/dag/cache_test.go @@ -27,6 +27,7 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -948,7 +949,7 @@ func TestKubernetesCacheInsert(t *testing.T) { // invalid gatewayclass test case is unneeded since the controller // uses a predicate to filter events before they're given to the EventHandler. "insert valid gatewayclass": { - obj: &gatewayapi_v1beta1.GatewayClass{ + obj: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, @@ -956,7 +957,7 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert gateway-api Gateway": { - obj: &gatewayapi_v1beta1.Gateway{ + obj: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", @@ -965,7 +966,7 @@ func TestKubernetesCacheInsert(t *testing.T) { want: true, }, "insert gateway-api HTTPRoute, no reference to Gateway": { - obj: &gatewayapi_v1beta1.HTTPRoute{ + obj: &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", @@ -975,21 +976,21 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert gateway-api HTTPRoute, has reference to Gateway": { pre: []any{ - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, }, }, - obj: &gatewayapi_v1beta1.HTTPRoute{ + obj: &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("gateway-namespace", "gateway-name"), }, }, @@ -1008,7 +1009,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert gateway-api TLSRoute, has reference to Gateway": { pre: []any{ - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", @@ -1041,7 +1042,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert gateway-api GRPCRoute, has reference to Gateway": { pre: []any{ - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", @@ -1074,7 +1075,7 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert gateway-api TCPRoute, has reference to Gateway": { pre: []any{ - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", @@ -1124,18 +1125,18 @@ func TestKubernetesCacheInsert(t *testing.T) { }, "insert backendtlspolicy targeting backend Service": { pre: []any{ - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ + Spec: gatewayapi_v1.HTTPRouteSpec{ CommonRouteSpec: gatewayapi_v1alpha2.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{ gatewayapi.GatewayParentRef("projectcontour", "contour"), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ BackendRefs: gatewayapi.HTTPBackendRef("service", 80, 1), }}, }, @@ -1171,7 +1172,7 @@ func TestKubernetesCacheInsert(t *testing.T) { Namespace: "gateway-namespace", Name: "gateway-name", }, - obj: &gatewayapi_v1beta1.GatewayClass{ + obj: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, @@ -1184,17 +1185,17 @@ func TestKubernetesCacheInsert(t *testing.T) { Name: "gateway-name", }, pre: []any{ - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("some-other-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("some-other-gatewayclass"), }, }, }, - obj: &gatewayapi_v1beta1.GatewayClass{ + obj: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, @@ -1207,17 +1208,17 @@ func TestKubernetesCacheInsert(t *testing.T) { Name: "gateway-name", }, pre: []any{ - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("gatewayclass-1"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("gatewayclass-1"), }, }, }, - obj: &gatewayapi_v1beta1.GatewayClass{ + obj: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, @@ -1229,7 +1230,7 @@ func TestKubernetesCacheInsert(t *testing.T) { Namespace: "gateway-namespace", Name: "gateway-name", }, - obj: &gatewayapi_v1beta1.Gateway{ + obj: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "some-other-gateway-name", @@ -1242,7 +1243,7 @@ func TestKubernetesCacheInsert(t *testing.T) { Namespace: "gateway-namespace", Name: "gateway-name", }, - obj: &gatewayapi_v1beta1.Gateway{ + obj: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", @@ -1531,12 +1532,12 @@ func TestKubernetesCacheRemove(t *testing.T) { want: false, }, "remove gatewayclass": { - cache: cache(&gatewayapi_v1beta1.GatewayClass{ + cache: cache(&gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, }), - obj: &gatewayapi_v1beta1.GatewayClass{ + obj: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, @@ -1544,13 +1545,13 @@ func TestKubernetesCacheRemove(t *testing.T) { want: true, }, "remove gateway-api Gateway": { - cache: cache(&gatewayapi_v1beta1.Gateway{ + cache: cache(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, }), - obj: &gatewayapi_v1beta1.Gateway{ + obj: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", @@ -1559,20 +1560,20 @@ func TestKubernetesCacheRemove(t *testing.T) { want: true, }, "remove gateway-api HTTPRoute with no parentRef": { - cache: cache(&gatewayapi_v1beta1.Gateway{ + cache: cache(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "Gateway", Namespace: "default", }, }, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, }, ), - obj: &gatewayapi_v1beta1.HTTPRoute{ + obj: &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", @@ -1581,34 +1582,34 @@ func TestKubernetesCacheRemove(t *testing.T) { want: false, }, "remove gateway-api HTTPRoute with parentRef": { - cache: cache(&gatewayapi_v1beta1.Gateway{ + cache: cache(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gateway", Namespace: "default", }, }, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("default", "gateway"), }, }, }, }, ), - obj: &gatewayapi_v1beta1.HTTPRoute{ + obj: &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("default", "gateway"), }, }, @@ -1617,7 +1618,7 @@ func TestKubernetesCacheRemove(t *testing.T) { want: true, }, "remove gateway-api TLSRoute with no parentRef": { - cache: cache(&gatewayapi_v1beta1.Gateway{ + cache: cache(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "Gateway", Namespace: "default", @@ -1638,7 +1639,7 @@ func TestKubernetesCacheRemove(t *testing.T) { want: false, }, "remove gateway-api TLSRoute with parentRef": { - cache: cache(&gatewayapi_v1beta1.Gateway{ + cache: cache(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gateway", Namespace: "default", @@ -1674,7 +1675,7 @@ func TestKubernetesCacheRemove(t *testing.T) { want: true, }, "remove gateway-api GRPCRoute with no parentRef": { - cache: cache(&gatewayapi_v1beta1.Gateway{ + cache: cache(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "Gateway", Namespace: "default", @@ -1695,7 +1696,7 @@ func TestKubernetesCacheRemove(t *testing.T) { want: false, }, "remove gateway-api GRPCRoute with parentRef": { - cache: cache(&gatewayapi_v1beta1.Gateway{ + cache: cache(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gateway", Namespace: "default", @@ -1731,7 +1732,7 @@ func TestKubernetesCacheRemove(t *testing.T) { want: true, }, "remove gateway-api TCPRoute with no parentRef": { - cache: cache(&gatewayapi_v1beta1.Gateway{ + cache: cache(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "Gateway", Namespace: "default", @@ -1752,7 +1753,7 @@ func TestKubernetesCacheRemove(t *testing.T) { want: false, }, "remove gateway-api TCPRoute with parentRef": { - cache: cache(&gatewayapi_v1beta1.Gateway{ + cache: cache(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gateway", Namespace: "default", @@ -1826,7 +1827,7 @@ func TestKubernetesCacheRemove(t *testing.T) { }, Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ - CACertRefs: []gatewayapi_v1beta1.LocalObjectReference{ + CACertRefs: []gatewayapi_v1.LocalObjectReference{ { Kind: "Secret", Name: "ca", @@ -1867,7 +1868,7 @@ func TestKubernetesCacheRemove(t *testing.T) { }, Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ - CACertRefs: []gatewayapi_v1beta1.LocalObjectReference{ + CACertRefs: []gatewayapi_v1.LocalObjectReference{ { Kind: "ConfigMap", Name: "configmap", @@ -1912,7 +1913,7 @@ func TestKubernetesCacheRemove(t *testing.T) { cache: &KubernetesCache{ ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, }, - obj: &gatewayapi_v1beta1.GatewayClass{ + obj: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, @@ -1922,13 +1923,13 @@ func TestKubernetesCacheRemove(t *testing.T) { "specific gateway configured, remove gatewayclass, non-matching name": { cache: &KubernetesCache{ ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, - gatewayclass: &gatewayapi_v1beta1.GatewayClass{ + gatewayclass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, }, }, - obj: &gatewayapi_v1beta1.GatewayClass{ + obj: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "some-other-gatewayclass", }, @@ -1938,13 +1939,13 @@ func TestKubernetesCacheRemove(t *testing.T) { "specific gateway configured, remove gatewayclass, matching name": { cache: &KubernetesCache{ ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, - gatewayclass: &gatewayapi_v1beta1.GatewayClass{ + gatewayclass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, }, }, - obj: &gatewayapi_v1beta1.GatewayClass{ + obj: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, @@ -1955,7 +1956,7 @@ func TestKubernetesCacheRemove(t *testing.T) { cache: &KubernetesCache{ ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, }, - obj: &gatewayapi_v1beta1.Gateway{ + obj: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", @@ -1966,14 +1967,14 @@ func TestKubernetesCacheRemove(t *testing.T) { "specific gateway configured, remove gateway, non-matching namespace/name": { cache: &KubernetesCache{ ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, }, }, - obj: &gatewayapi_v1beta1.Gateway{ + obj: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "some-other-gateway", @@ -1984,14 +1985,14 @@ func TestKubernetesCacheRemove(t *testing.T) { "specific gateway configured, remove gateway, matching namespace/name": { cache: &KubernetesCache{ ConfiguredGatewayToCache: &types.NamespacedName{Namespace: "gateway-namespace", Name: "gateway-name"}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", }, }, }, - obj: &gatewayapi_v1beta1.Gateway{ + obj: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-namespace", Name: "gateway-name", @@ -2212,14 +2213,14 @@ func TestServiceTriggersRebuild(t *testing.T) { } } - httpRoute := func(namespace, name string) *gatewayapi_v1beta1.HTTPRoute { - return &gatewayapi_v1beta1.HTTPRoute{ + httpRoute := func(namespace, name string) *gatewayapi_v1.HTTPRoute { + return &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ BackendRefs: gatewayapi.HTTPBackendRef(name, 80, 1), }}, }, @@ -2637,13 +2638,13 @@ func TestSecretTriggersRebuild(t *testing.T) { }, "gateway does not define TLS on listener, does not trigger rebuild": { cache: cache( - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ TLS: nil, }}, }, @@ -2654,14 +2655,14 @@ func TestSecretTriggersRebuild(t *testing.T) { }, "gateway does not define TLS.CertificateRef on listener, does not trigger rebuild": { cache: cache( - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ CertificateRefs: nil, }, }}, @@ -2673,15 +2674,15 @@ func TestSecretTriggersRebuild(t *testing.T) { }, "gateway listener references secret, triggers rebuild (core Group)": { cache: cache( - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, @@ -2694,15 +2695,15 @@ func TestSecretTriggersRebuild(t *testing.T) { }, "gateway listener references secret, triggers rebuild (v1 Group)": { cache: cache( - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, @@ -2745,19 +2746,19 @@ func TestRouteTriggersRebuild(t *testing.T) { return &cache } - httpRoute := func(namespace, name, parentRefNamespace, parentRefName string) *gatewayapi_v1beta1.HTTPRoute { - return &gatewayapi_v1beta1.HTTPRoute{ + httpRoute := func(namespace, name, parentRefNamespace, parentRefName string) *gatewayapi_v1.HTTPRoute { + return &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef(parentRefNamespace, parentRefName), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ BackendRefs: gatewayapi.HTTPBackendRef(name, 80, 1), }}, }, @@ -2783,8 +2784,8 @@ func TestRouteTriggersRebuild(t *testing.T) { } } - gateway := func(namespace, name string) *gatewayapi_v1beta1.Gateway { - return &gatewayapi_v1beta1.Gateway{ + gateway := func(namespace, name string) *gatewayapi_v1.Gateway { + return &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: name, Namespace: namespace, @@ -2794,7 +2795,7 @@ func TestRouteTriggersRebuild(t *testing.T) { tests := map[string]struct { cache *KubernetesCache - httproute *gatewayapi_v1beta1.HTTPRoute + httproute *gatewayapi_v1.HTTPRoute tlsroute *gatewayapi_v1alpha2.TLSRoute want bool }{ @@ -2807,13 +2808,13 @@ func TestRouteTriggersRebuild(t *testing.T) { cache: cache( gateway("default", "gateway"), ), - httproute: &gatewayapi_v1beta1.HTTPRoute{ + httproute: &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ BackendRefs: gatewayapi.HTTPBackendRef("httproute", 80, 1), }}, }, @@ -3023,7 +3024,7 @@ func TestLookupBackendTLSPolicyByTargetRef(t *testing.T) { Spec: gatewayapi_v1alpha2.BackendTLSPolicySpec{ TargetRef: targetRef("", "Service", serviceName, targetNamespace, sectionName), TLS: gatewayapi_v1alpha2.BackendTLSPolicyConfig{ - CACertRefs: []gatewayapi_v1beta1.LocalObjectReference{ + CACertRefs: []gatewayapi_v1.LocalObjectReference{ { Group: "", Kind: "Secret", diff --git a/internal/dag/gatewayapi_processor.go b/internal/dag/gatewayapi_processor.go index 632be8b3256..e37880dba27 100644 --- a/internal/dag/gatewayapi_processor.go +++ b/internal/dag/gatewayapi_processor.go @@ -31,7 +31,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/gatewayapi" @@ -139,9 +138,9 @@ func (p *GatewayAPIProcessor) Run(dag *DAG, source *KubernetesCache) { for name, cond := range validateListenersResult.InvalidListenerConditions { gwAccessor.AddListenerCondition( string(name), - gatewayapi_v1beta1.ListenerConditionType(cond.Type), + gatewayapi_v1.ListenerConditionType(cond.Type), cond.Status, - gatewayapi_v1beta1.ListenerConditionReason(cond.Reason), + gatewayapi_v1.ListenerConditionReason(cond.Reason), cond.Message, ) } @@ -158,7 +157,7 @@ func (p *GatewayAPIProcessor) Run(dag *DAG, source *KubernetesCache) { // Process HTTPRoutes. for _, httpRoute := range p.source.httproutes { - p.processRoute(KindHTTPRoute, httpRoute, httpRoute.Spec.ParentRefs, gatewayNotProgrammedCondition, listenerInfos, listenerAttachedRoutes, &gatewayapi_v1beta1.HTTPRoute{}) + p.processRoute(KindHTTPRoute, httpRoute, httpRoute.Spec.ParentRefs, gatewayNotProgrammedCondition, listenerInfos, listenerAttachedRoutes, &gatewayapi_v1.HTTPRoute{}) } // Process TLSRoutes. @@ -184,9 +183,9 @@ func (p *GatewayAPIProcessor) Run(dag *DAG, source *KubernetesCache) { } func (p *GatewayAPIProcessor) processRoute( - routeKind gatewayapi_v1beta1.Kind, + routeKind gatewayapi_v1.Kind, route client.Object, - parentRefs []gatewayapi_v1beta1.ParentReference, + parentRefs []gatewayapi_v1.ParentReference, gatewayNotProgrammedCondition *meta_v1.Condition, listeners []*listenerInfo, listenerAttachedRoutes map[string]int, @@ -208,7 +207,7 @@ func (p *GatewayAPIProcessor) processRoute( routeParentStatus := routeStatus.StatusUpdateFor(routeParentRef) // If the Gateway is invalid, set status on the route and we're done. if gatewayNotProgrammedCondition != nil { - routeParentStatus.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, status.ReasonInvalidGateway, "Invalid Gateway") + routeParentStatus.AddCondition(gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, status.ReasonInvalidGateway, "Invalid Gateway") continue } @@ -233,10 +232,10 @@ func (p *GatewayAPIProcessor) processRoute( // TCPRoutes don't have hostnames. if routeKind != KindTCPRoute { - var routeHostnames []gatewayapi_v1beta1.Hostname + var routeHostnames []gatewayapi_v1.Hostname switch route := route.(type) { - case *gatewayapi_v1beta1.HTTPRoute: + case *gatewayapi_v1.HTTPRoute: routeHostnames = route.Spec.Hostnames case *gatewayapi_v1alpha2.TLSRoute: routeHostnames = route.Spec.Hostnames @@ -250,7 +249,7 @@ func (p *GatewayAPIProcessor) processRoute( // invalid hostnames make it through, we're using our best judgment here. // Theoretically these should be prevented by the combination of kubebuilder // and admission webhook validations. - routeParentStatus.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, err.Error()) + routeParentStatus.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, err.Error()) } // If there were no intersections between the listener hostname and the @@ -261,7 +260,7 @@ func (p *GatewayAPIProcessor) processRoute( } switch route := route.(type) { - case *gatewayapi_v1beta1.HTTPRoute: + case *gatewayapi_v1.HTTPRoute: p.computeHTTPRouteForListener(route, routeParentStatus, routeParentRef, listener, hosts) case *gatewayapi_v1alpha2.TLSRoute: p.computeTLSRouteForListener(route, routeParentStatus, listener, hosts) @@ -274,32 +273,32 @@ func (p *GatewayAPIProcessor) processRoute( hostCount += hosts.Len() } - if routeKind != KindTCPRoute && hostCount == 0 && !routeParentStatus.ConditionExists(gatewayapi_v1beta1.RouteConditionAccepted) { + if routeKind != KindTCPRoute && hostCount == 0 && !routeParentStatus.ConditionExists(gatewayapi_v1.RouteConditionAccepted) { routeParentStatus.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, - gatewayapi_v1beta1.RouteReasonNoMatchingListenerHostname, + gatewayapi_v1.RouteReasonNoMatchingListenerHostname, "No intersecting hostnames were found between the listener and the route.", ) } // Check for an existing "ResolvedRefs" condition, add one if one does // not already exist. - if !routeParentStatus.ConditionExists(gatewayapi_v1beta1.RouteConditionResolvedRefs) { + if !routeParentStatus.ConditionExists(gatewayapi_v1.RouteConditionResolvedRefs) { routeParentStatus.AddCondition( - gatewayapi_v1beta1.RouteConditionResolvedRefs, + gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionTrue, - gatewayapi_v1beta1.RouteReasonResolvedRefs, + gatewayapi_v1.RouteReasonResolvedRefs, "References resolved") } // Check for an existing "Accepted" condition, add one if one does // not already exist. - if !routeParentStatus.ConditionExists(gatewayapi_v1beta1.RouteConditionAccepted) { + if !routeParentStatus.ConditionExists(gatewayapi_v1.RouteConditionAccepted) { routeParentStatus.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionTrue, - gatewayapi_v1beta1.RouteReasonAccepted, + gatewayapi_v1.RouteReasonAccepted, fmt.Sprintf("Accepted %s", routeKind), ) } @@ -307,9 +306,9 @@ func (p *GatewayAPIProcessor) processRoute( } func (p *GatewayAPIProcessor) getListenersForRouteParentRef( - routeParentRef gatewayapi_v1beta1.ParentReference, + routeParentRef gatewayapi_v1.ParentReference, routeNamespace string, - routeKind gatewayapi_v1beta1.Kind, + routeKind gatewayapi_v1.Kind, listeners []*listenerInfo, attachedRoutes map[string]int, routeParentStatusAccessor *status.RouteParentStatusUpdate, @@ -362,7 +361,7 @@ func (p *GatewayAPIProcessor) getListenersForRouteParentRef( } if readyListenerCount == 0 { routeParentStatusAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1.RouteReasonNoMatchingParent, "No listeners match this parent ref", @@ -372,9 +371,9 @@ func (p *GatewayAPIProcessor) getListenersForRouteParentRef( if len(allowedListeners) == 0 { routeParentStatusAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, - gatewayapi_v1beta1.RouteReasonNotAllowedByListeners, + gatewayapi_v1.RouteReasonNotAllowedByListeners, "No listeners included by this parent ref allowed this attachment.", ) return nil @@ -384,15 +383,15 @@ func (p *GatewayAPIProcessor) getListenersForRouteParentRef( } type listenerInfo struct { - listener gatewayapi_v1beta1.Listener + listener gatewayapi_v1.Listener dagListenerName string - allowedKinds []gatewayapi_v1beta1.Kind + allowedKinds []gatewayapi_v1.Kind namespaceSelector labels.Selector tlsSecret *Secret ready bool } -func (l *listenerInfo) AllowsKind(kind gatewayapi_v1beta1.Kind) bool { +func (l *listenerInfo) AllowsKind(kind gatewayapi_v1.Kind) bool { for _, allowedKind := range l.allowedKinds { if allowedKind == kind { return true @@ -404,7 +403,7 @@ func (l *listenerInfo) AllowsKind(kind gatewayapi_v1beta1.Kind) bool { // isAddressAssigned returns true if either there are no addresses requested in specAddresses, // or if at least one address from specAddresses appears in statusAddresses. -func isAddressAssigned(specAddresses []gatewayapi_v1beta1.GatewayAddress, statusAddresses []gatewayapi_v1.GatewayStatusAddress) bool { +func isAddressAssigned(specAddresses []gatewayapi_v1.GatewayAddress, statusAddresses []gatewayapi_v1.GatewayStatusAddress) bool { if len(specAddresses) == 0 { return true } @@ -412,7 +411,7 @@ func isAddressAssigned(specAddresses []gatewayapi_v1beta1.GatewayAddress, status for _, specAddress := range specAddresses { for _, statusAddress := range statusAddresses { // Types must match - if ref.Val(specAddress.Type, gatewayapi_v1beta1.IPAddressType) != ref.Val(statusAddress.Type, gatewayapi_v1beta1.IPAddressType) { + if ref.Val(specAddress.Type, gatewayapi_v1.IPAddressType) != ref.Val(statusAddress.Type, gatewayapi_v1.IPAddressType) { continue } @@ -434,7 +433,7 @@ func isAddressAssigned(specAddresses []gatewayapi_v1beta1.GatewayAddress, status // the Gateway's .status.listeners. It returns a listenerInfo struct with // the allowed route kinds and TLS secret (if any). func (p *GatewayAPIProcessor) computeListener( - listener gatewayapi_v1beta1.Listener, + listener gatewayapi_v1.Listener, gwAccessor *status.GatewayStatusUpdate, validateListenersResult gatewayapi.ValidateListenersResult, ) *listenerInfo { @@ -620,32 +619,32 @@ func (p *GatewayAPIProcessor) computeListener( // getListenerRouteKinds gets a list of the valid route kinds that // the listener accepts. -func (p *GatewayAPIProcessor) getListenerRouteKinds(listener gatewayapi_v1beta1.Listener, gwAccessor *status.GatewayStatusUpdate) []gatewayapi_v1beta1.Kind { +func (p *GatewayAPIProcessor) getListenerRouteKinds(listener gatewayapi_v1.Listener, gwAccessor *status.GatewayStatusUpdate) []gatewayapi_v1.Kind { // None specified on the listener: return the default based on // the listener's protocol. if len(listener.AllowedRoutes.Kinds) == 0 { switch listener.Protocol { case gatewayapi_v1.HTTPProtocolType: - return []gatewayapi_v1beta1.Kind{KindHTTPRoute, KindGRPCRoute} + return []gatewayapi_v1.Kind{KindHTTPRoute, KindGRPCRoute} case gatewayapi_v1.HTTPSProtocolType: - return []gatewayapi_v1beta1.Kind{KindHTTPRoute, KindGRPCRoute} + return []gatewayapi_v1.Kind{KindHTTPRoute, KindGRPCRoute} case gatewayapi_v1.TLSProtocolType: - return []gatewayapi_v1beta1.Kind{KindTLSRoute, KindTCPRoute} + return []gatewayapi_v1.Kind{KindTLSRoute, KindTCPRoute} case gatewayapi_v1.TCPProtocolType: - return []gatewayapi_v1beta1.Kind{KindTCPRoute} + return []gatewayapi_v1.Kind{KindTCPRoute} } } - var routeKinds []gatewayapi_v1beta1.Kind + var routeKinds []gatewayapi_v1.Kind for _, routeKind := range listener.AllowedRoutes.Kinds { - if routeKind.Group != nil && *routeKind.Group != gatewayapi_v1beta1.GroupName { + if routeKind.Group != nil && *routeKind.Group != gatewayapi_v1.GroupName { gwAccessor.AddListenerCondition( string(listener.Name), gatewayapi_v1.ListenerConditionResolvedRefs, meta_v1.ConditionFalse, gatewayapi_v1.ListenerReasonInvalidRouteKinds, - fmt.Sprintf("Group %q is not supported, group must be %q", *routeKind.Group, gatewayapi_v1beta1.GroupName), + fmt.Sprintf("Group %q is not supported, group must be %q", *routeKind.Group, gatewayapi_v1.GroupName), ) continue } @@ -691,7 +690,7 @@ func (p *GatewayAPIProcessor) getListenerRouteKinds(listener gatewayapi_v1beta1. // certificate ref, to a core_v1.Secret, that exists, is allowed to be referenced // based on namespace and ReferenceGrants, and is a valid TLS secret. // Conditions are set if any of these requirements are not met. -func (p *GatewayAPIProcessor) resolveListenerSecret(certificateRefs []gatewayapi_v1beta1.SecretObjectReference, listenerName string, gwAccessor *status.GatewayStatusUpdate) *Secret { +func (p *GatewayAPIProcessor) resolveListenerSecret(certificateRefs []gatewayapi_v1.SecretObjectReference, listenerName string, gwAccessor *status.GatewayStatusUpdate) *Secret { if len(certificateRefs) != 1 { gwAccessor.AddListenerCondition( listenerName, @@ -723,7 +722,7 @@ func (p *GatewayAPIProcessor) resolveListenerSecret(certificateRefs []gatewayapi if certificateRef.Namespace != nil && string(*certificateRef.Namespace) != p.source.gateway.Namespace { if !p.validCrossNamespaceRef( crossNamespaceFrom{ - group: gatewayapi_v1beta1.GroupName, + group: gatewayapi_v1.GroupName, kind: KindGateway, namespace: p.source.gateway.Namespace, }, @@ -822,7 +821,7 @@ func (p *GatewayAPIProcessor) validCrossNamespaceRef(from crossNamespaceFrom, to return false } -func isSecretRef(certificateRef gatewayapi_v1beta1.SecretObjectReference) bool { +func isSecretRef(certificateRef gatewayapi_v1.SecretObjectReference) bool { return certificateRef.Group != nil && *certificateRef.Group == "" && certificateRef.Kind != nil && *certificateRef.Kind == "Secret" } @@ -836,7 +835,7 @@ func isSecretRef(certificateRef gatewayapi_v1beta1.SecretObjectReference) bool { // invalid and some condition should be added to the route. This shouldn't be // possible because of kubebuilder+admission webhook validation but we're being // defensive here. -func (p *GatewayAPIProcessor) computeHosts(routeHostnames []gatewayapi_v1beta1.Hostname, listenerHostname string) (sets.Set[string], []error) { +func (p *GatewayAPIProcessor) computeHosts(routeHostnames []gatewayapi_v1.Hostname, listenerHostname string) (sets.Set[string], []error) { // The listener hostname is assumed to be valid because it's been run // through the `gatewayapi.ValidateListeners` logic, so we don't need // to validate it here. @@ -908,7 +907,7 @@ func hostnameMatchesWildcardHostname(hostname, wildcardHostname string) bool { // namespaceMatches returns true if namespaces allows // the provided route namespace. -func (p *GatewayAPIProcessor) namespaceMatches(namespaces *gatewayapi_v1beta1.RouteNamespaces, namespaceSelector labels.Selector, routeNamespace string) bool { +func (p *GatewayAPIProcessor) namespaceMatches(namespaces *gatewayapi_v1.RouteNamespaces, namespaceSelector labels.Selector, routeNamespace string) bool { // From indicates where Routes will be selected for this Gateway. // Possible values are: // * All: Routes in all namespaces may be used by this Gateway. @@ -949,9 +948,9 @@ func (p *GatewayAPIProcessor) computeGatewayConditions(gwAccessor *status.Gatewa switch { case gatewayNotProgrammedCondition != nil: gwAccessor.AddCondition( - gatewayapi_v1beta1.GatewayConditionType(gatewayNotProgrammedCondition.Type), + gatewayapi_v1.GatewayConditionType(gatewayNotProgrammedCondition.Type), gatewayNotProgrammedCondition.Status, - gatewayapi_v1beta1.GatewayConditionReason(gatewayNotProgrammedCondition.Reason), + gatewayapi_v1.GatewayConditionReason(gatewayNotProgrammedCondition.Reason), gatewayNotProgrammedCondition.Message, ) default: @@ -989,7 +988,7 @@ func (p *GatewayAPIProcessor) computeTLSRouteForListener(route *gatewayapi_v1alp var programmed bool for _, rule := range route.Spec.Rules { if len(rule.BackendRefs) == 0 { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") continue } @@ -1000,7 +999,7 @@ func (p *GatewayAPIProcessor) computeTLSRouteForListener(route *gatewayapi_v1alp service, cond := p.validateBackendRef(backendRef, KindTLSRoute, route.Namespace) if cond != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1beta1.RouteConditionReason(cond.Reason), cond.Message) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message) continue } @@ -1058,13 +1057,13 @@ func (p *GatewayAPIProcessor) computeTLSRouteForListener(route *gatewayapi_v1alp // Resolve route references for a route and do not program any routes. func (p *GatewayAPIProcessor) resolveRouteRefs(route any, routeAccessor *status.RouteParentStatusUpdate) { switch route := route.(type) { - case *gatewayapi_v1beta1.HTTPRoute: + case *gatewayapi_v1.HTTPRoute: for _, r := range route.Spec.Rules { for _, f := range r.Filters { if f.Type == gatewayapi_v1.HTTPRouteFilterRequestMirror && f.RequestMirror != nil { _, cond := p.validateBackendObjectRef(f.RequestMirror.BackendRef, "Spec.Rules.Filters.RequestMirror.BackendRef", KindHTTPRoute, route.Namespace) if cond != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1beta1.RouteConditionReason(cond.Reason), cond.Message) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message) } } } @@ -1074,7 +1073,7 @@ func (p *GatewayAPIProcessor) resolveRouteRefs(route any, routeAccessor *status. for _, br := range r.BackendRefs { _, cond := p.validateBackendRef(br.BackendRef, KindHTTPRoute, route.Namespace) if cond != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1beta1.RouteConditionReason(cond.Reason), cond.Message) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message) } // RequestMirror filter is not supported so we don't check it here @@ -1087,7 +1086,7 @@ func (p *GatewayAPIProcessor) resolveRouteRefs(route any, routeAccessor *status. for _, b := range r.BackendRefs { _, cond := p.validateBackendRef(b, KindTLSRoute, route.Namespace) if cond != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1beta1.RouteConditionReason(cond.Reason), cond.Message) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message) } } } @@ -1097,7 +1096,7 @@ func (p *GatewayAPIProcessor) resolveRouteRefs(route any, routeAccessor *status. if f.Type == gatewayapi_v1alpha2.GRPCRouteFilterRequestMirror && f.RequestMirror != nil { _, cond := p.validateBackendObjectRef(f.RequestMirror.BackendRef, "Spec.Rules.Filters.RequestMirror.BackendRef", KindGRPCRoute, route.Namespace) if cond != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1beta1.RouteConditionReason(cond.Reason), cond.Message) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message) } } } @@ -1107,7 +1106,7 @@ func (p *GatewayAPIProcessor) resolveRouteRefs(route any, routeAccessor *status. for _, br := range r.BackendRefs { _, cond := p.validateBackendRef(br.BackendRef, KindGRPCRoute, route.Namespace) if cond != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1beta1.RouteConditionReason(cond.Reason), cond.Message) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message) } // RequestMirror filter is not supported so we don't check it here @@ -1145,9 +1144,9 @@ func parseHTTPRouteTimeouts(httpRouteTimeouts *gatewayapi_v1.HTTPRouteTimeouts) } func (p *GatewayAPIProcessor) computeHTTPRouteForListener( - route *gatewayapi_v1beta1.HTTPRoute, + route *gatewayapi_v1.HTTPRoute, routeAccessor *status.RouteParentStatusUpdate, - routeParentRef gatewayapi_v1beta1.ParentReference, + routeParentRef gatewayapi_v1.ParentReference, listener *listenerInfo, hosts sets.Set[string], ) { @@ -1162,7 +1161,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( headerMatches, err := gatewayHeaderMatchConditions(match.Headers) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1.RouteReasonUnsupportedValue, err.Error()) continue } @@ -1178,7 +1177,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( queryParamMatches, err := gatewayQueryParamMatchConditions(match.QueryParams) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1.RouteReasonUnsupportedValue, err.Error()) continue } @@ -1203,7 +1202,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( timeoutPolicy, err = parseHTTPRouteTimeouts(rule.Timeouts) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1.RouteReasonUnsupportedValue, err.Error()) continue } @@ -1222,7 +1221,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( var err error requestHeaderPolicy, err = headersPolicyGatewayAPI(filter.RequestHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) } case gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier: if filter.ResponseHeaderModifier == nil || responseHeaderPolicy != nil { @@ -1232,7 +1231,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( var err error responseHeaderPolicy, err = headersPolicyGatewayAPI(filter.ResponseHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) } case gatewayapi_v1.HTTPRouteFilterRequestRedirect: if filter.RequestRedirect == nil || redirect != nil { @@ -1279,9 +1278,9 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( } default: routeAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, - gatewayapi_v1beta1.RouteReasonUnsupportedValue, + gatewayapi_v1.RouteReasonUnsupportedValue, fmt.Sprintf("HTTPRoute.Spec.Rules.Filters.RequestRedirect.Path.Type: invalid type %q: only ReplacePrefixMatch and ReplaceFullPath are supported.", filter.RequestRedirect.Path.Type), ) continue @@ -1307,7 +1306,7 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( mirrorService, cond := p.validateBackendObjectRef(filter.RequestMirror.BackendRef, "Spec.Rules.Filters.RequestMirror.BackendRef", KindHTTPRoute, route.Namespace) if cond != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1beta1.RouteConditionReason(cond.Reason), cond.Message) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message) continue } mirrorPolicies = append(mirrorPolicies, &MirrorPolicy{ @@ -1346,9 +1345,9 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( } default: routeAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, - gatewayapi_v1beta1.RouteReasonUnsupportedValue, + gatewayapi_v1.RouteReasonUnsupportedValue, fmt.Sprintf("HTTPRoute.Spec.Rules.Filters.URLRewrite.Path.Type: invalid type %q: only ReplacePrefixMatch and ReplaceFullPath are supported.", filter.URLRewrite.Path.Type), ) continue @@ -1360,9 +1359,9 @@ func (p *GatewayAPIProcessor) computeHTTPRouteForListener( } default: routeAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, - gatewayapi_v1beta1.RouteReasonUnsupportedValue, + gatewayapi_v1.RouteReasonUnsupportedValue, fmt.Sprintf("HTTPRoute.Spec.Rules.Filters: invalid type %q: only RequestHeaderModifier, ResponseHeaderModifier, RequestRedirect, RequestMirror and URLRewrite are supported.", filter.Type), ) } @@ -1458,7 +1457,7 @@ func (p *GatewayAPIProcessor) computeGRPCRouteForListener(route *gatewayapi_v1al headerMatches, err := gatewayGRPCHeaderMatchConditions(match.Headers) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1alpha2.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, err.Error()) + routeAccessor.AddCondition(gatewayapi_v1alpha2.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1.RouteReasonUnsupportedValue, err.Error()) continue } @@ -1496,7 +1495,7 @@ func (p *GatewayAPIProcessor) computeGRPCRouteForListener(route *gatewayapi_v1al var err error requestHeaderPolicy, err = headersPolicyGatewayAPI(filter.RequestHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) } case gatewayapi_v1alpha2.GRPCRouteFilterResponseHeaderModifier: if filter.ResponseHeaderModifier == nil || responseHeaderPolicy != nil { @@ -1506,7 +1505,7 @@ func (p *GatewayAPIProcessor) computeGRPCRouteForListener(route *gatewayapi_v1al var err error responseHeaderPolicy, err = headersPolicyGatewayAPI(filter.ResponseHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) } case gatewayapi_v1alpha2.GRPCRouteFilterRequestMirror: if filter.RequestMirror == nil { @@ -1515,7 +1514,7 @@ func (p *GatewayAPIProcessor) computeGRPCRouteForListener(route *gatewayapi_v1al mirrorService, cond := p.validateBackendObjectRef(filter.RequestMirror.BackendRef, "Spec.Rules.Filters.RequestMirror.BackendRef", KindGRPCRoute, route.Namespace) if cond != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1beta1.RouteConditionReason(cond.Reason), cond.Message) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message) continue } // If protocol is not set on the service, need to set a default one based on listener's protocol type. @@ -1528,9 +1527,9 @@ func (p *GatewayAPIProcessor) computeGRPCRouteForListener(route *gatewayapi_v1al }) default: routeAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, - gatewayapi_v1beta1.RouteReasonUnsupportedValue, + gatewayapi_v1.RouteReasonUnsupportedValue, fmt.Sprintf("GRPCRoute.Spec.Rules.Filters: invalid type %q: only RequestHeaderModifier, ResponseHeaderModifier and RequestMirror are supported.", filter.Type), ) } @@ -1602,12 +1601,12 @@ func gatewayGRPCMethodMatchCondition(match *gatewayapi_v1alpha2.GRPCMethodMatch, // Support "Exact" match type only. If match type is not specified, use "Exact" as default. if match.Type != nil && *match.Type != gatewayapi_v1alpha2.GRPCMethodMatchExact { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1beta1.RouteReasonUnsupportedValue, "GRPCRoute.Spec.Rules.Matches.Method: Only Exact match type is supported.") + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, gatewayapi_v1.RouteReasonUnsupportedValue, "GRPCRoute.Spec.Rules.Matches.Method: Only Exact match type is supported.") return nil, false } if match.Service == nil || isBlank(*match.Service) || match.Method == nil || isBlank(*match.Method) { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionFalse, status.ReasonInvalidMethodMatch, "GRPCRoute.Spec.Rules.Matches.Method: Both Service and Method need be configured.") + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, status.ReasonInvalidMethodMatch, "GRPCRoute.Spec.Rules.Matches.Method: Both Service and Method need be configured.") return nil, false } @@ -1657,7 +1656,7 @@ func gatewayGRPCHeaderMatchConditions(matches []gatewayapi_v1alpha2.GRPCHeaderMa func (p *GatewayAPIProcessor) computeTCPRouteForListener(route *gatewayapi_v1alpha2.TCPRoute, routeAccessor *status.RouteParentStatusUpdate, listener *listenerInfo) bool { if len(route.Spec.Rules) != 1 { routeAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, "InvalidRouteRules", "TCPRoute must have only a single rule defined", @@ -1670,7 +1669,7 @@ func (p *GatewayAPIProcessor) computeTCPRouteForListener(route *gatewayapi_v1alp if len(rule.BackendRefs) == 0 { routeAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionResolvedRefs, + gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.", @@ -1685,9 +1684,9 @@ func (p *GatewayAPIProcessor) computeTCPRouteForListener(route *gatewayapi_v1alp service, cond := p.validateBackendRef(backendRef, KindTCPRoute, route.Namespace) if cond != nil { routeAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionType(cond.Type), + gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, - gatewayapi_v1beta1.RouteConditionReason(cond.Reason), + gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message, ) continue @@ -1746,13 +1745,13 @@ func (p *GatewayAPIProcessor) computeTCPRouteForListener(route *gatewayapi_v1alp // validateBackendRef verifies that the specified BackendRef is valid. // Returns a meta_v1.Condition for the route if any errors are detected. -func (p *GatewayAPIProcessor) validateBackendRef(backendRef gatewayapi_v1beta1.BackendRef, routeKind, routeNamespace string) (*Service, *meta_v1.Condition) { +func (p *GatewayAPIProcessor) validateBackendRef(backendRef gatewayapi_v1.BackendRef, routeKind, routeNamespace string) (*Service, *meta_v1.Condition) { return p.validateBackendObjectRef(backendRef.BackendObjectReference, "Spec.Rules.BackendRef", routeKind, routeNamespace) } -func resolvedRefsFalse(reason gatewayapi_v1beta1.RouteConditionReason, msg string) meta_v1.Condition { +func resolvedRefsFalse(reason gatewayapi_v1.RouteConditionReason, msg string) meta_v1.Condition { return meta_v1.Condition{ - Type: string(gatewayapi_v1beta1.RouteConditionResolvedRefs), + Type: string(gatewayapi_v1.RouteConditionResolvedRefs), Status: meta_v1.ConditionFalse, Reason: string(reason), Message: msg, @@ -1764,17 +1763,17 @@ func resolvedRefsFalse(reason gatewayapi_v1beta1.RouteConditionReason, msg strin // As BackendObjectReference is used in multiple fields, the given field is used // to build the message in meta_v1.Condition. func (p *GatewayAPIProcessor) validateBackendObjectRef( - backendObjectRef gatewayapi_v1beta1.BackendObjectReference, + backendObjectRef gatewayapi_v1.BackendObjectReference, field string, routeKind string, routeNamespace string, ) (*Service, *meta_v1.Condition) { if !(backendObjectRef.Group == nil || *backendObjectRef.Group == "") { - return nil, ref.To(resolvedRefsFalse(gatewayapi_v1beta1.RouteReasonInvalidKind, fmt.Sprintf("%s.Group must be \"\"", field))) + return nil, ref.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonInvalidKind, fmt.Sprintf("%s.Group must be \"\"", field))) } if !(backendObjectRef.Kind != nil && *backendObjectRef.Kind == "Service") { - return nil, ref.To(resolvedRefsFalse(gatewayapi_v1beta1.RouteReasonInvalidKind, fmt.Sprintf("%s.Kind must be 'Service'", field))) + return nil, ref.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonInvalidKind, fmt.Sprintf("%s.Kind must be 'Service'", field))) } if backendObjectRef.Name == "" { @@ -1790,7 +1789,7 @@ func (p *GatewayAPIProcessor) validateBackendObjectRef( if backendObjectRef.Namespace != nil && string(*backendObjectRef.Namespace) != routeNamespace { if !p.validCrossNamespaceRef( crossNamespaceFrom{ - group: string(gatewayapi_v1beta1.GroupName), + group: string(gatewayapi_v1.GroupName), kind: routeKind, namespace: routeNamespace, }, @@ -1801,7 +1800,7 @@ func (p *GatewayAPIProcessor) validateBackendObjectRef( name: string(backendObjectRef.Name), }, ) { - return nil, ref.To(resolvedRefsFalse(gatewayapi_v1beta1.RouteReasonRefNotPermitted, fmt.Sprintf("%s.Namespace must match the route's namespace or be covered by a ReferenceGrant", field))) + return nil, ref.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonRefNotPermitted, fmt.Sprintf("%s.Namespace must match the route's namespace or be covered by a ReferenceGrant", field))) } } @@ -1814,7 +1813,7 @@ func (p *GatewayAPIProcessor) validateBackendObjectRef( service, err := p.dag.EnsureService(meta, int(*backendObjectRef.Port), int(*backendObjectRef.Port), p.source, p.EnableExternalNameService) if err != nil { - return nil, ref.To(resolvedRefsFalse(gatewayapi_v1beta1.RouteReasonBackendNotFound, fmt.Sprintf("service %q is invalid: %s", meta.Name, err))) + return nil, ref.To(resolvedRefsFalse(gatewayapi_v1.RouteReasonBackendNotFound, fmt.Sprintf("service %q is invalid: %s", meta.Name, err))) } service = serviceCircuitBreakerPolicy(service, p.GlobalCircuitBreakerDefaults) @@ -1835,7 +1834,7 @@ func validateAppProtocol(svc *core_v1.ServicePort) error { return fmt.Errorf("AppProtocol: \"%s\" is unsupported", *svc.AppProtocol) } -func gatewayPathMatchCondition(match *gatewayapi_v1beta1.HTTPPathMatch, routeAccessor *status.RouteParentStatusUpdate) MatchCondition { +func gatewayPathMatchCondition(match *gatewayapi_v1.HTTPPathMatch, routeAccessor *status.RouteParentStatusUpdate) MatchCondition { if match == nil { return &PrefixMatchCondition{Prefix: "/"} } @@ -1883,15 +1882,15 @@ func gatewayPathMatchCondition(match *gatewayapi_v1beta1.HTTPPathMatch, routeAcc } routeAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, - gatewayapi_v1beta1.RouteReasonUnsupportedValue, + gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.PathMatch: Only Prefix match type, Exact match type and RegularExpression match type are supported.", ) return nil } -func gatewayHeaderMatchConditions(matches []gatewayapi_v1beta1.HTTPHeaderMatch) ([]HeaderMatchCondition, error) { +func gatewayHeaderMatchConditions(matches []gatewayapi_v1.HTTPHeaderMatch) ([]HeaderMatchCondition, error) { var headerMatchConditions []HeaderMatchCondition seenNames := sets.New[string]() @@ -1928,7 +1927,7 @@ func gatewayHeaderMatchConditions(matches []gatewayapi_v1beta1.HTTPHeaderMatch) return headerMatchConditions, nil } -func gatewayQueryParamMatchConditions(matches []gatewayapi_v1beta1.HTTPQueryParamMatch) ([]QueryParamMatchCondition, error) { +func gatewayQueryParamMatchConditions(matches []gatewayapi_v1.HTTPQueryParamMatch) ([]QueryParamMatchCondition, error) { var dagMatchConditions []QueryParamMatchCondition seenNames := sets.New[gatewayapi_v1.HTTPHeaderName]() @@ -1964,11 +1963,11 @@ func gatewayQueryParamMatchConditions(matches []gatewayapi_v1beta1.HTTPQueryPara } // httpClusters builds clusters from backendRef. -func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs []gatewayapi_v1beta1.HTTPBackendRef, routeAccessor *status.RouteParentStatusUpdate, routeParentRef gatewayapi_v1beta1.ParentReference) ([]*Cluster, uint32, bool) { +func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs []gatewayapi_v1.HTTPBackendRef, routeAccessor *status.RouteParentStatusUpdate, routeParentRef gatewayapi_v1.ParentReference) ([]*Cluster, uint32, bool) { totalWeight := uint32(0) if len(backendRefs) == 0 { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") return nil, totalWeight, false } @@ -1978,7 +1977,7 @@ func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs [] for _, backendRef := range backendRefs { service, cond := p.validateBackendRef(backendRef.BackendRef, KindHTTPRoute, routeNamespace) if cond != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1beta1.RouteConditionReason(cond.Reason), cond.Message) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message) continue } @@ -2005,7 +2004,7 @@ func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs [] var err error clusterRequestHeaderPolicy, err = headersPolicyGatewayAPI(filter.RequestHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) } case gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier: if filter.ResponseHeaderModifier == nil || clusterResponseHeaderPolicy != nil { @@ -2015,13 +2014,13 @@ func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs [] var err error clusterResponseHeaderPolicy, err = headersPolicyGatewayAPI(filter.ResponseHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) } default: routeAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, - gatewayapi_v1beta1.RouteReasonUnsupportedValue, + gatewayapi_v1.RouteReasonUnsupportedValue, "HTTPRoute.Spec.Rules.BackendRef.Filters: Only RequestHeaderModifier and ResponseHeaderModifier type is supported.", ) } @@ -2061,7 +2060,7 @@ func (p *GatewayAPIProcessor) httpClusters(routeNamespace string, backendRefs [] // // If no BackendTLSPolicy is found or the BackendTLSPolicy is invalid then nil // is returned for both fields. -func (p *GatewayAPIProcessor) computeBackendTLSPolicies(routeNamespace string, backendRef gatewayapi_v1beta1.HTTPBackendRef, service *Service, routeParentRef gatewayapi_v1beta1.ParentReference) (*PeerValidationContext, *UpstreamTLS) { +func (p *GatewayAPIProcessor) computeBackendTLSPolicies(routeNamespace string, backendRef gatewayapi_v1.HTTPBackendRef, service *Service, routeParentRef gatewayapi_v1.ParentReference) (*PeerValidationContext, *UpstreamTLS) { var upstreamValidation *PeerValidationContext var upstreamTLS *UpstreamTLS @@ -2170,11 +2169,11 @@ func (p *GatewayAPIProcessor) computeBackendTLSPolicies(routeNamespace string, b } // grpcClusters builds clusters from backendRef. -func (p *GatewayAPIProcessor) grpcClusters(routeNamespace string, backendRefs []gatewayapi_v1alpha2.GRPCBackendRef, routeAccessor *status.RouteParentStatusUpdate, protocolType gatewayapi_v1beta1.ProtocolType) ([]*Cluster, uint32, bool) { +func (p *GatewayAPIProcessor) grpcClusters(routeNamespace string, backendRefs []gatewayapi_v1alpha2.GRPCBackendRef, routeAccessor *status.RouteParentStatusUpdate, protocolType gatewayapi_v1.ProtocolType) ([]*Cluster, uint32, bool) { totalWeight := uint32(0) if len(backendRefs) == 0 { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, "At least one Spec.Rules.BackendRef must be specified.") return nil, totalWeight, false } @@ -2184,7 +2183,7 @@ func (p *GatewayAPIProcessor) grpcClusters(routeNamespace string, backendRefs [] for _, backendRef := range backendRefs { service, cond := p.validateBackendRef(backendRef.BackendRef, KindGRPCRoute, routeNamespace) if cond != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1beta1.RouteConditionReason(cond.Reason), cond.Message) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionType(cond.Type), cond.Status, gatewayapi_v1.RouteConditionReason(cond.Reason), cond.Message) continue } @@ -2205,7 +2204,7 @@ func (p *GatewayAPIProcessor) grpcClusters(routeNamespace string, backendRefs [] var err error clusterRequestHeaderPolicy, err = headersPolicyGatewayAPI(filter.RequestHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on request headers", err)) } case gatewayapi_v1alpha2.GRPCRouteFilterResponseHeaderModifier: if filter.ResponseHeaderModifier == nil || clusterResponseHeaderPolicy != nil { @@ -2215,13 +2214,13 @@ func (p *GatewayAPIProcessor) grpcClusters(routeNamespace string, backendRefs [] var err error clusterResponseHeaderPolicy, err = headersPolicyGatewayAPI(filter.ResponseHeaderModifier, string(filter.Type)) if err != nil { - routeAccessor.AddCondition(gatewayapi_v1beta1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) + routeAccessor.AddCondition(gatewayapi_v1.RouteConditionResolvedRefs, meta_v1.ConditionFalse, status.ReasonDegraded, fmt.Sprintf("%s on response headers", err)) } default: routeAccessor.AddCondition( - gatewayapi_v1beta1.RouteConditionAccepted, + gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionFalse, - gatewayapi_v1beta1.RouteReasonUnsupportedValue, + gatewayapi_v1.RouteReasonUnsupportedValue, "GRPCRoute.Spec.Rules.BackendRef.Filters: Only RequestHeaderModifier and ResponseHeaderModifier type is supported.", ) } @@ -2322,7 +2321,7 @@ func (p *GatewayAPIProcessor) clusterRoutes( return routes } -func setDefaultServiceProtocol(service *Service, protocolType gatewayapi_v1beta1.ProtocolType) { +func setDefaultServiceProtocol(service *Service, protocolType gatewayapi_v1.ProtocolType) { // For GRPCRoute, if the protocol is not set on the Service via annotation, // we should assume a protocol that matches what listener the route was attached to if isBlank(service.Protocol) { diff --git a/internal/dag/gatewayapi_processor_test.go b/internal/dag/gatewayapi_processor_test.go index 2ded545331c..ccf5ed0adc2 100644 --- a/internal/dag/gatewayapi_processor_test.go +++ b/internal/dag/gatewayapi_processor_test.go @@ -24,7 +24,6 @@ import ( "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/util/sets" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/fixture" "github.com/projectcontour/contour/internal/gatewayapi" @@ -35,13 +34,13 @@ import ( func TestComputeHosts(t *testing.T) { tests := map[string]struct { listenerHost string - hostnames []gatewayapi_v1beta1.Hostname + hostnames []gatewayapi_v1.Hostname want sets.Set[string] wantError []error }{ "single host": { listenerHost: "", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, want: sets.New("test.projectcontour.io"), @@ -49,7 +48,7 @@ func TestComputeHosts(t *testing.T) { }, "single DNS label hostname": { listenerHost: "", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "projectcontour", }, want: sets.New("projectcontour"), @@ -57,7 +56,7 @@ func TestComputeHosts(t *testing.T) { }, "multiple hosts": { listenerHost: "", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", "test1.projectcontour.io", "test2.projectcontour.io", @@ -73,13 +72,13 @@ func TestComputeHosts(t *testing.T) { }, "no host": { listenerHost: "", - hostnames: []gatewayapi_v1beta1.Hostname{}, + hostnames: []gatewayapi_v1.Hostname{}, want: sets.New("*"), wantError: []error(nil), }, "IP in host": { listenerHost: "", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "1.2.3.4", }, want: nil, @@ -89,7 +88,7 @@ func TestComputeHosts(t *testing.T) { }, "valid wildcard hostname": { listenerHost: "", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "*.projectcontour.io", }, want: sets.New("*.projectcontour.io"), @@ -97,7 +96,7 @@ func TestComputeHosts(t *testing.T) { }, "invalid wildcard hostname": { listenerHost: "", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "*.*.projectcontour.io", }, want: nil, @@ -107,7 +106,7 @@ func TestComputeHosts(t *testing.T) { }, "invalid wildcard hostname *": { listenerHost: "", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "*", }, want: nil, @@ -115,7 +114,7 @@ func TestComputeHosts(t *testing.T) { }, "invalid hostname": { listenerHost: "", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "#projectcontour.io", }, want: nil, @@ -125,7 +124,7 @@ func TestComputeHosts(t *testing.T) { }, "listener host & hostnames host do not exactly match": { listenerHost: "listener.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "http.projectcontour.io", }, want: nil, @@ -133,7 +132,7 @@ func TestComputeHosts(t *testing.T) { }, "listener host & hostnames host exactly match": { listenerHost: "http.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "http.projectcontour.io", }, want: sets.New("http.projectcontour.io"), @@ -141,7 +140,7 @@ func TestComputeHosts(t *testing.T) { }, "listener host & multi hostnames host exactly match one host": { listenerHost: "http.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "http.projectcontour.io", "http2.projectcontour.io", "http3.projectcontour.io", @@ -151,7 +150,7 @@ func TestComputeHosts(t *testing.T) { }, "listener host & hostnames host match wildcard host": { listenerHost: "*.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "http.projectcontour.io", }, want: sets.New("http.projectcontour.io"), @@ -159,7 +158,7 @@ func TestComputeHosts(t *testing.T) { }, "listener host & hostnames host do not match wildcard host": { listenerHost: "*.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "http.example.com", }, want: nil, @@ -167,7 +166,7 @@ func TestComputeHosts(t *testing.T) { }, "listener host & wildcard hostnames host do not match": { listenerHost: "http.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "*.projectcontour.io", }, want: sets.New("http.projectcontour.io"), @@ -175,7 +174,7 @@ func TestComputeHosts(t *testing.T) { }, "listener host & wildcard hostname and matching hostname match": { listenerHost: "http.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "*.projectcontour.io", "http.projectcontour.io", }, @@ -184,7 +183,7 @@ func TestComputeHosts(t *testing.T) { }, "listener host & wildcard hostname and non-matching hostname don't match": { listenerHost: "http.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "*.projectcontour.io", "not.matching.io", }, @@ -193,7 +192,7 @@ func TestComputeHosts(t *testing.T) { }, "listener host wildcard & wildcard hostnames host match": { listenerHost: "*.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "*.projectcontour.io", }, want: sets.New("*.projectcontour.io"), @@ -201,13 +200,13 @@ func TestComputeHosts(t *testing.T) { }, "listener host & hostname not defined match": { listenerHost: "http.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{}, + hostnames: []gatewayapi_v1.Hostname{}, want: sets.New("http.projectcontour.io"), wantError: nil, }, "listener host with many labels matches hostnames wildcard host": { listenerHost: "very.many.labels.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "*.projectcontour.io", }, want: sets.New("very.many.labels.projectcontour.io"), @@ -215,7 +214,7 @@ func TestComputeHosts(t *testing.T) { }, "listener wildcard host matches hostnames with many labels host": { listenerHost: "*.projectcontour.io", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "very.many.labels.projectcontour.io", }, want: sets.New("very.many.labels.projectcontour.io"), @@ -223,7 +222,7 @@ func TestComputeHosts(t *testing.T) { }, "listener wildcard host doesn't match bare hostname": { listenerHost: "*.foo", - hostnames: []gatewayapi_v1beta1.Hostname{ + hostnames: []gatewayapi_v1.Hostname{ "foo", }, want: nil, @@ -246,7 +245,7 @@ func TestComputeHosts(t *testing.T) { func TestNamespaceMatches(t *testing.T) { tests := map[string]struct { - namespaces *gatewayapi_v1beta1.RouteNamespaces + namespaces *gatewayapi_v1.RouteNamespaces namespace string valid bool }{ @@ -256,35 +255,35 @@ func TestNamespaceMatches(t *testing.T) { valid: true, }, "nil From matches all": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: nil, }, namespace: "projectcontour", valid: true, }, "From.NamespacesFromAll matches all": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, namespace: "projectcontour", valid: true, }, "From.NamespacesFromSame matches": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, namespace: "projectcontour", valid: true, }, "From.NamespacesFromSame doesn't match": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, namespace: "custom", valid: false, }, "From.NamespacesFromSelector matches labels, same ns as gateway": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ @@ -296,7 +295,7 @@ func TestNamespaceMatches(t *testing.T) { valid: true, }, "From.NamespacesFromSelector matches labels, different ns as gateway": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ @@ -308,7 +307,7 @@ func TestNamespaceMatches(t *testing.T) { valid: true, }, "From.NamespacesFromSelector doesn't matches labels, different ns as gateway": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchLabels: map[string]string{ @@ -320,7 +319,7 @@ func TestNamespaceMatches(t *testing.T) { valid: false, }, "From.NamespacesFromSelector matches expression 'In', different ns as gateway": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ @@ -334,7 +333,7 @@ func TestNamespaceMatches(t *testing.T) { valid: true, }, "From.NamespacesFromSelector matches expression 'DoesNotExist', different ns as gateway": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ @@ -347,7 +346,7 @@ func TestNamespaceMatches(t *testing.T) { valid: true, }, "From.NamespacesFromSelector doesn't match expression 'DoesNotExist', different ns as gateway": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ @@ -360,7 +359,7 @@ func TestNamespaceMatches(t *testing.T) { valid: false, }, "From.NamespacesFromSelector matches expression 'Exists', different ns as gateway": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ @@ -373,7 +372,7 @@ func TestNamespaceMatches(t *testing.T) { valid: false, }, "From.NamespacesFromSelector doesn't match expression 'Exists', different ns as gateway": { - namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ @@ -392,7 +391,7 @@ func TestNamespaceMatches(t *testing.T) { processor := &GatewayAPIProcessor{ FieldLogger: fixture.NewTestLogger(t), source: &KubernetesCache{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", @@ -444,7 +443,7 @@ func TestNamespaceMatches(t *testing.T) { func TestGetListenersForRouteParentRef(t *testing.T) { tests := map[string]struct { - routeParentRef gatewayapi_v1beta1.ParentReference + routeParentRef gatewayapi_v1.ParentReference routeNamespace string routeKind string listeners []*listenerInfo @@ -456,27 +455,27 @@ func TestGetListenersForRouteParentRef(t *testing.T) { routeKind: "HTTPRoute", listeners: []*listenerInfo{ { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-1", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, ready: true, }, { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-2", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, ready: true, }, }, @@ -488,26 +487,26 @@ func TestGetListenersForRouteParentRef(t *testing.T) { routeKind: "HTTPRoute", listeners: []*listenerInfo{ { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-1", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, }, { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-2", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, }, }, want: nil, @@ -518,27 +517,27 @@ func TestGetListenersForRouteParentRef(t *testing.T) { routeKind: "HTTPRoute", listeners: []*listenerInfo{ { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-1", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, ready: true, }, { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-2", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, ready: true, }, }, @@ -550,26 +549,26 @@ func TestGetListenersForRouteParentRef(t *testing.T) { routeKind: "HTTPRoute", listeners: []*listenerInfo{ { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-1", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, }, { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-2", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, }, }, want: nil, @@ -581,27 +580,27 @@ func TestGetListenersForRouteParentRef(t *testing.T) { routeKind: "HTTPRoute", listeners: []*listenerInfo{ { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-1", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, ready: true, }, { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-2", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, ready: true, }, }, @@ -613,27 +612,27 @@ func TestGetListenersForRouteParentRef(t *testing.T) { routeKind: "HTTPRoute", listeners: []*listenerInfo{ { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-1", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, ready: true, }, { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-2", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, ready: true, }, }, @@ -645,26 +644,26 @@ func TestGetListenersForRouteParentRef(t *testing.T) { routeKind: "HTTPRoute", listeners: []*listenerInfo{ { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-1", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, }, { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-2", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, }, }, want: nil, @@ -675,27 +674,27 @@ func TestGetListenersForRouteParentRef(t *testing.T) { routeKind: "HTTPRoute", listeners: []*listenerInfo{ { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-1", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"TLSRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"TLSRoute"}, ready: true, }, { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-2", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, ready: true, }, }, @@ -707,27 +706,27 @@ func TestGetListenersForRouteParentRef(t *testing.T) { routeKind: "GRPCRoute", listeners: []*listenerInfo{ { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-1", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"GRPCRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"GRPCRoute"}, ready: true, }, { - listener: gatewayapi_v1beta1.Listener{ + listener: gatewayapi_v1.Listener{ Name: "http-2", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, }, - allowedKinds: []gatewayapi_v1beta1.Kind{"HTTPRoute"}, + allowedKinds: []gatewayapi_v1.Kind{"HTTPRoute"}, ready: true, }, }, @@ -740,7 +739,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { processor := &GatewayAPIProcessor{ FieldLogger: fixture.NewTestLogger(t), source: &KubernetesCache{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", @@ -755,7 +754,7 @@ func TestGetListenersForRouteParentRef(t *testing.T) { got := processor.getListenersForRouteParentRef( tc.routeParentRef, tc.routeNamespace, - gatewayapi_v1beta1.Kind(tc.routeKind), + gatewayapi_v1.Kind(tc.routeKind), tc.listeners, map[string]int{}, rpsu) diff --git a/internal/dag/policy.go b/internal/dag/policy.go index 27d7e9273fc..9550a646416 100644 --- a/internal/dag/policy.go +++ b/internal/dag/policy.go @@ -28,7 +28,6 @@ import ( "k8s.io/apimachinery/pkg/util/validation" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -238,14 +237,14 @@ func extractHostRewriteHeaderValue(s string) string { // headersPolicyGatewayAPI builds a *HeaderPolicy for the supplied HTTPHeaderFilter. // TODO: Take care about the order of operators once https://github.com/kubernetes-sigs/gateway-api/issues/480 was solved. -func headersPolicyGatewayAPI(hf *gatewayapi_v1beta1.HTTPHeaderFilter, headerPolicyType string) (*HeadersPolicy, error) { +func headersPolicyGatewayAPI(hf *gatewayapi_v1.HTTPHeaderFilter, headerPolicyType string) (*HeadersPolicy, error) { var ( remove = sets.NewString() hostRewrite = "" errlist = []error{} ) - addOrSetHeader := func(headers []gatewayapi_v1beta1.HTTPHeader, op string) map[string]string { + addOrSetHeader := func(headers []gatewayapi_v1.HTTPHeader, op string) map[string]string { m := make(map[string]string, len(headers)) for _, header := range headers { diff --git a/internal/dag/status_test.go b/internal/dag/status_test.go index 5f0c86b3360..79b9a066b12 100644 --- a/internal/dag/status_test.go +++ b/internal/dag/status_test.go @@ -4755,20 +4755,20 @@ func TestDAGStatus(t *testing.T) { run(t, "HTTPProxy cannot attach to a Gateway with >1 HTTP Listener", testcase{ objs: []any{ - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -4777,8 +4777,8 @@ func TestDAGStatus(t *testing.T) { Name: "http-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 81, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -4834,24 +4834,24 @@ func TestDAGStatus(t *testing.T) { run(t, "HTTPProxy cannot attach to a Gateway with no HTTP Listener", testcase{ objs: []any{ - &gatewayapi_v1beta1.Gateway{ + &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour-gc", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, }, @@ -5167,36 +5167,36 @@ func TestDAGStatus(t *testing.T) { }) } -func validGatewayStatusUpdate(listenerName string, listenerProtocol gatewayapi_v1beta1.ProtocolType, attachedRoutes int) []*status.GatewayStatusUpdate { - var supportedKinds []gatewayapi_v1beta1.RouteGroupKind +func validGatewayStatusUpdate(listenerName string, listenerProtocol gatewayapi_v1.ProtocolType, attachedRoutes int) []*status.GatewayStatusUpdate { + var supportedKinds []gatewayapi_v1.RouteGroupKind switch listenerProtocol { case gatewayapi_v1.HTTPProtocolType, gatewayapi_v1.HTTPSProtocolType: supportedKinds = append(supportedKinds, - gatewayapi_v1beta1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + gatewayapi_v1.RouteGroupKind{ + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: KindHTTPRoute, }, - gatewayapi_v1beta1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + gatewayapi_v1.RouteGroupKind{ + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: KindGRPCRoute, }, ) case gatewayapi_v1.TLSProtocolType: supportedKinds = append(supportedKinds, - gatewayapi_v1beta1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + gatewayapi_v1.RouteGroupKind{ + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: KindTLSRoute, }, - gatewayapi_v1beta1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + gatewayapi_v1.RouteGroupKind{ + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: KindTCPRoute, }, ) case gatewayapi_v1.TCPProtocolType: supportedKinds = append(supportedKinds, - gatewayapi_v1beta1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + gatewayapi_v1.RouteGroupKind{ + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: KindTCPRoute, }, ) @@ -5214,9 +5214,9 @@ func validGatewayStatusUpdate(listenerName string, listenerProtocol gatewayapi_v Message: status.MessageValidGateway, }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ listenerName: { - Name: gatewayapi_v1beta1.SectionName(listenerName), + Name: gatewayapi_v1.SectionName(listenerName), AttachedRoutes: int32(attachedRoutes), SupportedKinds: supportedKinds, Conditions: listenerValidConditions(), @@ -5229,7 +5229,7 @@ func validGatewayStatusUpdate(listenerName string, listenerProtocol gatewayapi_v func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { type testcase struct { objs []any - gateway *gatewayapi_v1beta1.Gateway + gateway *gatewayapi_v1.Gateway wantRouteConditions []*status.RouteStatusUpdate wantGatewayStatusUpdate []*status.GatewayStatusUpdate } @@ -5242,15 +5242,15 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Source: KubernetesCache{ RootNamespaces: []string{"roots", "marketing"}, FieldLogger: fixture.NewTestLogger(t), - gatewayclass: &gatewayapi_v1beta1.GatewayClass{ + gatewayclass: &gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: meta_v1.ObjectMeta{ Name: "test-gc", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -5275,18 +5275,18 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { // Set a default gateway if not defined by a test if tc.gateway == nil { - builder.Source.gateway = &gatewayapi_v1beta1.Gateway{ + builder.Source.gateway = &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -5396,19 +5396,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "simple httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, @@ -5417,7 +5417,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5433,28 +5433,28 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "simple httproute with backendref namespace matching route's explicitly specified", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ - BackendObjectReference: gatewayapi_v1beta1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1beta1.Namespace(kuardService.Namespace)), - Name: gatewayapi_v1beta1.ObjectName(kuardService.Name), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + BackendRef: gatewayapi_v1.BackendRef{ + BackendObjectReference: gatewayapi_v1.BackendObjectReference{ + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Namespace: ref.To(gatewayapi_v1.Namespace(kuardService.Namespace)), + Name: gatewayapi_v1.ObjectName(kuardService.Name), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, Weight: ref.To(int32(1)), }, @@ -5466,7 +5466,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{{ ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ routeResolvedRefsCondition(), @@ -5480,37 +5480,37 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "multiple httproutes", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, }, }, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic-2", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, @@ -5520,7 +5520,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { wantRouteConditions: []*status.RouteStatusUpdate{ { FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5532,7 +5532,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, { FullName: types.NamespacedName{Namespace: "default", Name: "basic-2"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5549,21 +5549,21 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "prefix path match not starting with '/' for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("doesnt-start-with-slash"), }, @@ -5575,7 +5575,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5596,21 +5596,21 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "exact path match not starting with '/' for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchExact), Value: ref.To("doesnt-start-with-slash"), }, @@ -5622,7 +5622,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5644,19 +5644,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "regular expression path match with invalid value for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchRegularExpression, "invalid-regex???"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, @@ -5665,7 +5665,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5687,21 +5687,21 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "prefix path match with consecutive '/' characters for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/foo///bar"), }, @@ -5713,7 +5713,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5735,21 +5735,21 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "exact path match with consecutive '/' characters for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchExact), Value: ref.To("//foo/bar"), }, @@ -5761,7 +5761,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5783,22 +5783,22 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "invalid path match type for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ - Type: ref.To(gatewayapi_v1beta1.PathMatchType("UNKNOWN")), // <---- unknown type to break the test + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ + Type: ref.To(gatewayapi_v1.PathMatchType("UNKNOWN")), // <---- unknown type to break the test Value: ref.To("/"), }, }}, @@ -5809,7 +5809,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5825,27 +5825,27 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "invalid header match type not supported for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - Headers: []gatewayapi_v1beta1.HTTPHeaderMatch{ + Headers: []gatewayapi_v1.HTTPHeaderMatch{ { - Type: ref.To(gatewayapi_v1beta1.HeaderMatchType("UNKNOWN")), // <---- unknown type to break the test + Type: ref.To(gatewayapi_v1.HeaderMatchType("UNKNOWN")), // <---- unknown type to break the test Name: gatewayapi_v1.HTTPHeaderName("foo"), Value: "bar", }, @@ -5858,7 +5858,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5874,25 +5874,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "regular expression header match with invalid value for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - Headers: []gatewayapi_v1beta1.HTTPHeaderMatch{ + Headers: []gatewayapi_v1.HTTPHeaderMatch{ { Type: ref.To(gatewayapi_v1.HeaderMatchRegularExpression), Name: gatewayapi_v1.HTTPHeaderName("foo"), @@ -5907,7 +5907,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5923,25 +5923,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "regular expression query param match with valid value for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - QueryParams: []gatewayapi_v1beta1.HTTPQueryParamMatch{ + QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { Type: ref.To(gatewayapi_v1.QueryParamMatchRegularExpression), Name: "param-1", @@ -5956,7 +5956,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -5977,25 +5977,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "regular expression query param match with invalid value for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - QueryParams: []gatewayapi_v1beta1.HTTPQueryParamMatch{ + QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { Type: ref.To(gatewayapi_v1.QueryParamMatchRegularExpression), Name: "param-1", @@ -6010,7 +6010,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -6026,27 +6026,27 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "query param match with invalid type for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, - QueryParams: []gatewayapi_v1beta1.HTTPQueryParamMatch{ + QueryParams: []gatewayapi_v1.HTTPQueryParamMatch{ { - Type: ref.To(gatewayapi_v1beta1.QueryParamMatchType("Invalid")), + Type: ref.To(gatewayapi_v1.QueryParamMatchType("Invalid")), Name: "param-1", Value: "invalid query param type", }, @@ -6059,7 +6059,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -6075,26 +6075,26 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "spec.rules.backendRef.name not specified", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ - BackendObjectReference: gatewayapi_v1beta1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + BackendRef: gatewayapi_v1.BackendRef{ + BackendObjectReference: gatewayapi_v1.BackendObjectReference{ + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, }, }, @@ -6105,7 +6105,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -6121,29 +6121,29 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "spec.rules.backendRef.serviceName invalid on two matches", testcase{ objs: []any{ - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, }}, BackendRefs: gatewayapi.HTTPBackendRef("invalid-one", 8080, 1), }, { - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/blog"), }, @@ -6155,7 +6155,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -6172,25 +6172,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "spec.rules.backendRef.port not specified", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ - BackendObjectReference: gatewayapi_v1beta1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), + BackendRef: gatewayapi_v1.BackendRef{ + BackendObjectReference: gatewayapi_v1.BackendObjectReference{ + Kind: ref.To(gatewayapi_v1.Kind("Service")), Name: "kuard", }, }, @@ -6202,7 +6202,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -6219,19 +6219,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "spec.rules.backendRefs not specified", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), }}, }, @@ -6239,7 +6239,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -6255,28 +6255,28 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "spec.rules.backendRef.namespace does not match route", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ - BackendObjectReference: gatewayapi_v1beta1.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1beta1.Namespace("some-other-namespace")), + BackendRef: gatewayapi_v1.BackendRef{ + BackendObjectReference: gatewayapi_v1.BackendObjectReference{ + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Namespace: ref.To(gatewayapi_v1.Namespace("some-other-namespace")), Name: "service", - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, }, }, @@ -6287,7 +6287,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -6305,25 +6305,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { // BEGIN TLS CertificateRef + ReferenceGrant tests run(t, "Gateway references TLS cert in different namespace, with valid ReferenceGrant", testcase{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("projectcontour.io/contour"), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("projectcontour.io/contour"), + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -6346,9 +6346,9 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace("projectcontour"), + Namespace: gatewayapi_v1.Namespace("projectcontour"), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", @@ -6360,25 +6360,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }) run(t, "Gateway references TLS cert in different namespace, with no ReferenceGrant", testcase{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("projectcontour.io/contour"), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("projectcontour.io/contour"), + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -6406,16 +6406,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "https": { Name: "https", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6440,25 +6440,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }) run(t, "Gateway references TLS cert in different namespace, with valid ReferenceGrant (secret-specific)", testcase{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("projectcontour.io/contour"), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("projectcontour.io/contour"), + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -6481,13 +6481,13 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace("projectcontour"), + Namespace: gatewayapi_v1.Namespace("projectcontour"), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", - Name: ref.To(gatewayapi_v1beta1.ObjectName("secret")), + Name: ref.To(gatewayapi_v1.ObjectName("secret")), }}, }, }, @@ -6496,25 +6496,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }) run(t, "Gateway references TLS cert in different namespace, with invalid ReferenceGrant (policy in wrong namespace)", testcase{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("projectcontour.io/contour"), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("projectcontour.io/contour"), + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -6537,9 +6537,9 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace("projectcontour"), + Namespace: gatewayapi_v1.Namespace("projectcontour"), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", @@ -6558,16 +6558,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "https": { Name: "https", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6592,25 +6592,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }) run(t, "Gateway references TLS cert in different namespace, with invalid ReferenceGrant (wrong From namespace)", testcase{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("projectcontour.io/contour"), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("projectcontour.io/contour"), + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -6633,9 +6633,9 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace("wrong-namespace"), + Namespace: gatewayapi_v1.Namespace("wrong-namespace"), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", @@ -6654,16 +6654,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "https": { Name: "https", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6688,25 +6688,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }) run(t, "Gateway references TLS cert in different namespace, with invalid ReferenceGrant (wrong From kind)", testcase{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("projectcontour.io/contour"), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("projectcontour.io/contour"), + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -6729,9 +6729,9 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "WrongKind", - Namespace: gatewayapi_v1beta1.Namespace("projectontour"), + Namespace: gatewayapi_v1.Namespace("projectontour"), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", @@ -6750,16 +6750,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "https": { Name: "https", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6784,25 +6784,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }) run(t, "Gateway references TLS cert in different namespace, with invalid ReferenceGrant (wrong To kind)", testcase{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("projectcontour.io/contour"), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("projectcontour.io/contour"), + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -6825,9 +6825,9 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace("projectcontour"), + Namespace: gatewayapi_v1.Namespace("projectcontour"), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "WrongKind", @@ -6846,16 +6846,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "https": { Name: "https", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6880,25 +6880,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }) run(t, "Gateway references TLS cert in different namespace, with invalid ReferenceGrant (wrong secret name)", testcase{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("projectcontour.io/contour"), - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("projectcontour.io/contour"), + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("secret", "tls-cert-namespace"), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -6921,13 +6921,13 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, Spec: gatewayapi_v1beta1.ReferenceGrantSpec{ From: []gatewayapi_v1beta1.ReferenceGrantFrom{{ - Group: gatewayapi_v1beta1.GroupName, + Group: gatewayapi_v1.GroupName, Kind: "Gateway", - Namespace: gatewayapi_v1beta1.Namespace("projectcontour"), + Namespace: gatewayapi_v1.Namespace("projectcontour"), }}, To: []gatewayapi_v1beta1.ReferenceGrantTo{{ Kind: "Secret", - Name: ref.To(gatewayapi_v1beta1.ObjectName("wrong-name")), + Name: ref.To(gatewayapi_v1.ObjectName("wrong-name")), }}, }, }, @@ -6943,16 +6943,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "https": { Name: "https", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -6981,19 +6981,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "spec.rules.hostname: invalid wildcard", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "*.*.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), }}, }, @@ -7001,7 +7001,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -7024,19 +7024,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "spec.rules.hostname: invalid hostname", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "#projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), }}, }, @@ -7044,7 +7044,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -7067,19 +7067,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "spec.rules.hostname: invalid hostname, ip address", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "1.2.3.4", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), }}, }, @@ -7087,7 +7087,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -7108,58 +7108,58 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "two HTTP listeners, route's hostname intersects with one of them", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{"foo.projectcontour.io"}, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Hostnames: []gatewayapi_v1.Hostname{"foo.projectcontour.io"}, + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, }, }, }, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "listener-1", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-2", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("specific.hostname.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("specific.hostname.io")), }, }, }, }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -7181,32 +7181,32 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: status.MessageValidGateway, }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "listener-1": { - Name: gatewayapi_v1beta1.SectionName("listener-1"), + Name: gatewayapi_v1.SectionName("listener-1"), AttachedRoutes: int32(1), - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, Conditions: listenerValidConditions(), }, "listener-2": { - Name: gatewayapi_v1beta1.SectionName("listener-2"), + Name: gatewayapi_v1.SectionName("listener-2"), AttachedRoutes: int32(1), - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7220,58 +7220,58 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "two HTTP listeners, route's hostname intersects with neither of them", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{"foo.randomdomain.io"}, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Hostnames: []gatewayapi_v1.Hostname{"foo.randomdomain.io"}, + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, }, }, }, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "listener-1", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-2", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("specific.hostname.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("specific.hostname.io")), }, }, }, }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -7298,32 +7298,32 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: status.MessageValidGateway, }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "listener-1": { - Name: gatewayapi_v1beta1.SectionName("listener-1"), + Name: gatewayapi_v1.SectionName("listener-1"), AttachedRoutes: int32(1), - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, Conditions: listenerValidConditions(), }, "listener-2": { - Name: gatewayapi_v1beta1.SectionName("listener-2"), + Name: gatewayapi_v1.SectionName("listener-2"), AttachedRoutes: int32(1), - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7337,47 +7337,47 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTP listener, route's parent ref sectionname does not match", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "nonexistent", 0)}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "nonexistent", 0)}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{"foo.projectcontour.io"}, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Hostnames: []gatewayapi_v1.Hostname{"foo.projectcontour.io"}, + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, }, }, }, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "listener-1", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, }, }, }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "nonexistent", 0), Conditions: []meta_v1.Condition{ @@ -7404,17 +7404,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: status.MessageValidGateway, }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "listener-1": { - Name: gatewayapi_v1beta1.SectionName("listener-1"), + Name: gatewayapi_v1.SectionName("listener-1"), AttachedRoutes: int32(0), - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7428,47 +7428,47 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTP listener, route's parent ref port does not match", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "", 443)}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "", 443)}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{"foo.projectcontour.io"}, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Hostnames: []gatewayapi_v1.Hostname{"foo.projectcontour.io"}, + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, }, }, }, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "listener-1", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, }, }, }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "", 443), Conditions: []meta_v1.Condition{ @@ -7495,17 +7495,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: status.MessageValidGateway, }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "listener-1": { - Name: gatewayapi_v1beta1.SectionName("listener-1"), + Name: gatewayapi_v1.SectionName("listener-1"), AttachedRoutes: int32(0), - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7519,72 +7519,72 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTP listener, route's parent ref section name and port both must match", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "nonexistent", 80)}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "nonexistent", 80)}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{"foo.projectcontour.io"}, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Hostnames: []gatewayapi_v1.Hostname{"foo.projectcontour.io"}, + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, }, }, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic-2", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 443)}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 443)}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{"foo.projectcontour.io"}, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Hostnames: []gatewayapi_v1.Hostname{"foo.projectcontour.io"}, + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, }, }, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic-3", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 80)}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 80)}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{"foo.projectcontour.io"}, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Hostnames: []gatewayapi_v1.Hostname{"foo.projectcontour.io"}, + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, }, }, }, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "listener-1", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, }, }, @@ -7592,7 +7592,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { wantRouteConditions: []*status.RouteStatusUpdate{ { FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "nonexistent", 80), Conditions: []meta_v1.Condition{ @@ -7609,7 +7609,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, { FullName: types.NamespacedName{Namespace: "default", Name: "basic-2"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 443), Conditions: []meta_v1.Condition{ @@ -7626,7 +7626,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, { FullName: types.NamespacedName{Namespace: "default", Name: "basic-3"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 80), Conditions: []meta_v1.Condition{ @@ -7649,17 +7649,17 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: status.MessageValidGateway, }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "listener-1": { - Name: gatewayapi_v1beta1.SectionName("listener-1"), + Name: gatewayapi_v1.SectionName("listener-1"), AttachedRoutes: int32(1), - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -7673,40 +7673,40 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTPRoute: backendrefs still validated when route not accepted", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 81)}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 81)}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{"foo.projectcontour.io"}, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Hostnames: []gatewayapi_v1.Hostname{"foo.projectcontour.io"}, + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("invalid", 8080, 1), }}, }, }, }, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "listener-1", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, }, }, @@ -7714,7 +7714,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { wantRouteConditions: []*status.RouteStatusUpdate{ { FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 81), Conditions: []meta_v1.Condition{ @@ -7743,30 +7743,30 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { kuardService, kuardService2, kuardService3, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi.ServiceBackendObjectRef("kuard2", 8080), }, }, { Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi.ServiceBackendObjectRef("kuard3", 8080), }, }, @@ -7777,7 +7777,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -7794,28 +7794,28 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, kuardService2, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ - BackendRef: gatewayapi_v1beta1.BackendObjectReference{ - Group: ref.To(gatewayapi_v1beta1.Group("")), - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ + BackendRef: gatewayapi_v1.BackendObjectReference{ + Group: ref.To(gatewayapi_v1.Group("")), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, }, }}, @@ -7825,7 +7825,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -7843,28 +7843,28 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, kuardService2, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ - BackendRef: gatewayapi_v1beta1.BackendObjectReference{ - Group: ref.To(gatewayapi_v1beta1.Group("")), - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Name: gatewayapi_v1beta1.ObjectName("kuard2"), + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ + BackendRef: gatewayapi_v1.BackendObjectReference{ + Group: ref.To(gatewayapi_v1.Group("")), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Name: gatewayapi_v1.ObjectName("kuard2"), }, }, }}, @@ -7874,7 +7874,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -7892,21 +7892,21 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, kuardService2, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, @@ -7914,21 +7914,21 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi.ServiceBackendObjectRef("invalid-one", 8080), }, }}, }, { BackendRefs: gatewayapi.HTTPBackendRef("kuard2", 8080, 1), - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{{ - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Matches: []gatewayapi_v1.HTTPRouteMatch{{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/blog"), }, }}, Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi.ServiceBackendObjectRef("invalid-two", 8080), }, }}, @@ -7938,7 +7938,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -7958,30 +7958,30 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { objs: []any{ kuardService, kuardService2, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ - BackendRef: gatewayapi_v1beta1.BackendObjectReference{ - Group: ref.To(gatewayapi_v1beta1.Group("")), - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Namespace: ref.To(gatewayapi_v1beta1.Namespace("some-other-namespace")), - Name: gatewayapi_v1beta1.ObjectName("kuard2"), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ + BackendRef: gatewayapi_v1.BackendObjectReference{ + Group: ref.To(gatewayapi_v1.Group("")), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Namespace: ref.To(gatewayapi_v1.Namespace("some-other-namespace")), + Name: gatewayapi_v1.ObjectName("kuard2"), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, }, }}, @@ -7991,7 +7991,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -8010,23 +8010,23 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTPRouteFilterRequestMirror not yet supported for httproute backendref", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), }, Filters: []gatewayapi_v1.HTTPRouteFilter{{ @@ -8040,7 +8040,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -8057,25 +8057,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTPRouteFilterURLRewrite with custom HTTPPathModifierType is not supported", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterURLRewrite, - URLRewrite: &gatewayapi_v1beta1.HTTPURLRewriteFilter{ - Path: &gatewayapi_v1beta1.HTTPPathModifier{ + URLRewrite: &gatewayapi_v1.HTTPURLRewriteFilter{ + Path: &gatewayapi_v1.HTTPPathModifier{ Type: "custom", }, }, @@ -8086,7 +8086,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -8103,25 +8103,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Invalid RequestHeaderModifier due to duplicated headers", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: "custom", Value: "duplicated"}, {Name: "Custom", Value: "duplicated"}, }, @@ -8133,7 +8133,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -8150,29 +8150,29 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Invalid RequestHeaderModifier after forward due to invalid headers", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), }, Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: "!invalid-header", Value: "foo"}, }, }, @@ -8185,7 +8185,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -8204,25 +8204,25 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Invalid ResponseHeaderModifier due to duplicated headers", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: "custom", Value: "duplicated"}, {Name: "Custom", Value: "duplicated"}, }, @@ -8234,7 +8234,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -8251,29 +8251,29 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Invalid ResponseHeaderModifier on backend due to invalid headers", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), }, Filters: []gatewayapi_v1.HTTPRouteFilter{{ Type: gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: "!invalid-header", Value: "foo"}, }, }, @@ -8286,7 +8286,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -8305,19 +8305,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "custom filter type is not supported", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1.HTTPRouteFilter{{ @@ -8329,7 +8329,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -8345,21 +8345,21 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "gateway.spec.addresses results in invalid gateway", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Addresses: []gatewayapi_v1beta1.GatewayAddress{{ + Spec: gatewayapi_v1.GatewaySpec{ + Addresses: []gatewayapi_v1.GatewayAddress{{ Value: "1.2.3.4", }}, - Listeners: []gatewayapi_v1beta1.Listener{{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -8377,16 +8377,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "None of the addresses in Spec.Addresses have been assigned to the Gateway", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "http": { Name: "http", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -8398,24 +8398,24 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "invalid allowedroutes API group results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Kinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group("invalid-group")), + Group: ref.To(gatewayapi_v1.Group("invalid-group")), Kind: "HTTPRoute", }, }, - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -8433,7 +8433,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "http": { Name: "http", SupportedKinds: nil, @@ -8459,21 +8459,21 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "invalid allowedroutes API kind results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Kinds: []gatewayapi_v1.RouteGroupKind{ {Kind: "FooRoute"}, }, - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -8491,7 +8491,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "http": { Name: "http", SupportedKinds: nil, @@ -8517,21 +8517,21 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "allowedroute of TLSRoute on a non-TLS listener results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Kinds: []gatewayapi_v1.RouteGroupKind{ {Kind: "TLSRoute"}, }, - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -8549,7 +8549,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "http": { Name: "http", SupportedKinds: nil, @@ -8575,26 +8575,26 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "TLS certificate ref to a non-secret on an HTTPS listener results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ { - Group: ref.To(gatewayapi_v1beta1.Group("invalid-group")), - Kind: ref.To(gatewayapi_v1beta1.Kind("NotASecret")), + Group: ref.To(gatewayapi_v1.Group("invalid-group")), + Kind: ref.To(gatewayapi_v1.Kind("NotASecret")), Name: "foo", }, }, @@ -8613,16 +8613,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "https": { Name: "https", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -8648,23 +8648,23 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "nonexistent TLS certificate ref on an HTTPS listener results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("nonexistent-secret", "projectcontour"), }, }, @@ -8682,16 +8682,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "https": { Name: "https", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -8717,18 +8717,18 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "invalid listener protocol results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: "invalid", - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -8746,7 +8746,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "http": { Name: "http", SupportedKinds: nil, @@ -8772,18 +8772,18 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTPS listener without TLS defined results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -8801,16 +8801,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "https": { Name: "https", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -8831,18 +8831,18 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "TLS listener without TLS defined results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "tls", Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -8860,16 +8860,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "tls": { Name: "tls", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TCPRoute", }, }, @@ -8890,24 +8890,24 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "TLS Passthrough listener with a TLS certificate ref defined results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "tls", Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", "projectcontour"), }, }, @@ -8925,16 +8925,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "tls": { Name: "tls", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TCPRoute", }, }, @@ -8955,22 +8955,22 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "TLS listener with TLS.Mode=Terminate without a certificate ref results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "tls", Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), }, }}, @@ -8987,16 +8987,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "tls": { Name: "tls", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TCPRoute", }, }, @@ -9017,22 +9017,22 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTPS listener with TLS.Mode=Passthrough results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, }}, @@ -9049,16 +9049,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "https": { Name: "https", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -9079,19 +9079,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Listener with FromNamespaces=Selector, no selector specified", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: nil, }, @@ -9111,16 +9111,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "http": { Name: "http", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -9141,19 +9141,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Listener with FromNamespaces=Selector, invalid selector (can't specify values with Exists operator)", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{ MatchExpressions: []meta_v1.LabelSelectorRequirement{{ @@ -9179,16 +9179,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "http": { Name: "http", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -9209,19 +9209,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "Listener with FromNamespaces=Selector, invalid selector (must specify MatchLabels and/or MatchExpressions)", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSelector), Selector: &meta_v1.LabelSelector{}, }, @@ -9241,16 +9241,16 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "http": { Name: "http", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "GRPCRoute", }, }, @@ -9272,19 +9272,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "service with supported app protocol: h2c", testcase{ objs: []any{ kuardService4, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard4", 8080, 1), @@ -9295,7 +9295,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9311,19 +9311,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "service with unsupported app protocol: wss", testcase{ objs: []any{ kuardService5, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard5", 8444, 1), @@ -9334,7 +9334,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9350,54 +9350,54 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "HTTP listener with invalid AllowedRoute kind referenced by route parent ref", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 80)}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 80)}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{"foo.projectcontour.io"}, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Hostnames: []gatewayapi_v1.Hostname{"foo.projectcontour.io"}, + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), }}, }, }, }, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "listener-1", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Kinds: []gatewayapi_v1.RouteGroupKind{ {Kind: "FooRoute"}, }, }, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, }, }, }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "listener-1", 80), Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.RouteConditionAccepted), Status: contour_v1.ConditionFalse, - Reason: string(gatewayapi_v1beta1.RouteReasonNotAllowedByListeners), + Reason: string(gatewayapi_v1.RouteReasonNotAllowedByListeners), Message: "No listeners included by this parent ref allowed this attachment.", }, routeResolvedRefsCondition(), @@ -9417,9 +9417,9 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "listener-1": { - Name: gatewayapi_v1beta1.SectionName("listener-1"), + Name: gatewayapi_v1.SectionName("listener-1"), AttachedRoutes: int32(0), Conditions: []meta_v1.Condition{ { @@ -9445,19 +9445,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "route rule with timeouts.request and timeouts.backendRequest specified", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -9473,7 +9473,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9490,19 +9490,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "route rule with only timeouts.backendRequest specified", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), @@ -9516,7 +9516,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9532,19 +9532,19 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { run(t, "timeouts with invalid request for httproute", testcase{ objs: []any{ kuardService, - &gatewayapi_v1beta1.HTTPRoute{ + &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ BackendRefs: gatewayapi.HTTPBackendRef("kuard", 8080, 1), Timeouts: &gatewayapi_v1.HTTPRouteTimeouts{ Request: ref.To(gatewayapi_v1.Duration("invalid")), @@ -9555,7 +9555,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9572,7 +9572,7 @@ func TestGatewayAPIHTTPRouteDAGStatus(t *testing.T) { func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { type testcase struct { objs []any - gateway *gatewayapi_v1beta1.Gateway + gateway *gatewayapi_v1.Gateway wantRouteConditions []*status.RouteStatusUpdate wantGatewayStatusUpdate []*status.GatewayStatusUpdate } @@ -9586,15 +9586,15 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { RootNamespaces: []string{"roots", "marketing"}, FieldLogger: fixture.NewTestLogger(t), gateway: tc.gateway, - gatewayclass: &gatewayapi_v1beta1.GatewayClass{ + gatewayclass: &gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: meta_v1.ObjectMeta{ Name: "test-gc", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -9661,21 +9661,21 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }) } - gw := &gatewayapi_v1beta1.Gateway{ + gw := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "tls-passthrough", Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -9713,8 +9713,8 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, }, }, @@ -9724,7 +9724,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9766,7 +9766,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9806,7 +9806,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { BackendRefs: []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), + Kind: ref.To(gatewayapi_v1.Kind("Service")), Name: "kuard", }, }, @@ -9817,7 +9817,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9859,7 +9859,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9901,7 +9901,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9945,7 +9945,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -9989,7 +9989,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10031,7 +10031,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10080,7 +10080,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef(gw.Namespace, gw.Name, "tls-passthrough", 444), Conditions: []meta_v1.Condition{ @@ -10104,21 +10104,21 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }) run(t, "TLS Listener with invalid TLS mode", testcase{ - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "tls", Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeType("invalid-mode")), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -10147,7 +10147,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef(gw.Namespace, gw.Name, "tls", 443), Conditions: []meta_v1.Condition{ @@ -10173,16 +10173,16 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "tls": { Name: "tls", - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute", }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TCPRoute", }, }, @@ -10206,7 +10206,7 @@ func TestGatewayAPITLSRouteDAGStatus(t *testing.T) { func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { type testcase struct { objs []any - gateway *gatewayapi_v1beta1.Gateway + gateway *gatewayapi_v1.Gateway wantRouteConditions []*status.RouteStatusUpdate wantGatewayStatusUpdate []*status.GatewayStatusUpdate } @@ -10219,15 +10219,15 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Source: KubernetesCache{ RootNamespaces: []string{"roots", "marketing"}, FieldLogger: fixture.NewTestLogger(t), - gatewayclass: &gatewayapi_v1beta1.GatewayClass{ + gatewayclass: &gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: meta_v1.ObjectMeta{ Name: "test-gc", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -10252,18 +10252,18 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { // Set a default gateway if not defined by a test if tc.gateway == nil { - builder.Source.gateway = &gatewayapi_v1beta1.Gateway{ + builder.Source.gateway = &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -10356,10 +10356,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10373,7 +10373,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10395,10 +10395,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10413,7 +10413,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10440,10 +10440,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10457,7 +10457,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10484,10 +10484,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10501,7 +10501,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10528,10 +10528,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10543,7 +10543,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, Headers: []gatewayapi_v1alpha2.GRPCHeaderMatch{ { - Type: ref.To(gatewayapi_v1beta1.HeaderMatchType("UNKNOWN")), // <---- unknown type to break the test + Type: ref.To(gatewayapi_v1.HeaderMatchType("UNKNOWN")), // <---- unknown type to break the test Name: gatewayapi_v1alpha2.GRPCHeaderName("foo"), Value: "bar", }, @@ -10556,7 +10556,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10583,10 +10583,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10611,7 +10611,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10638,10 +10638,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10651,8 +10651,8 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { BackendRefs: gatewayapi.GRPCRouteBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1alpha2.GRPCRouteFilter{{ Type: gatewayapi_v1alpha2.GRPCRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: "custom", Value: "duplicated"}, {Name: "Custom", Value: "duplicated"}, }, @@ -10664,7 +10664,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10687,10 +10687,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10700,8 +10700,8 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { BackendRefs: gatewayapi.GRPCRouteBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1alpha2.GRPCRouteFilter{{ Type: gatewayapi_v1alpha2.GRPCRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Add: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: "!invalid-header", Value: "foo"}, }, }, @@ -10712,7 +10712,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10739,10 +10739,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10753,12 +10753,12 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Filters: []gatewayapi_v1alpha2.GRPCRouteFilter{ { Type: gatewayapi_v1alpha2.GRPCRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi.ServiceBackendObjectRef("kuard2", 8080), }, }, { Type: gatewayapi_v1alpha2.GRPCRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ BackendRef: gatewayapi.ServiceBackendObjectRef("kuard3", 8080), }, }, @@ -10769,7 +10769,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10792,10 +10792,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10805,11 +10805,11 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { BackendRefs: gatewayapi.GRPCRouteBackendRef("kuard", 8080, 1), Filters: []gatewayapi_v1alpha2.GRPCRouteFilter{{ Type: gatewayapi_v1alpha2.GRPCRouteFilterRequestMirror, - RequestMirror: &gatewayapi_v1beta1.HTTPRequestMirrorFilter{ - BackendRef: gatewayapi_v1beta1.BackendObjectReference{ - Group: ref.To(gatewayapi_v1beta1.Group("")), - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + RequestMirror: &gatewayapi_v1.HTTPRequestMirrorFilter{ + BackendRef: gatewayapi_v1.BackendObjectReference{ + Group: ref.To(gatewayapi_v1.Group("")), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, }, }}, @@ -10819,7 +10819,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10842,10 +10842,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10862,7 +10862,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10890,10 +10890,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{ @@ -10909,7 +10909,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -10931,13 +10931,13 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{ // Wrong port. gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "http", 900), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -10951,7 +10951,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "http", 900), Conditions: []meta_v1.Condition{ @@ -10983,10 +10983,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{ @@ -10996,13 +10996,13 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }}, BackendRefs: []gatewayapi_v1alpha2.GRPCBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), }, Filters: []gatewayapi_v1alpha2.GRPCRouteFilter{{ Type: gatewayapi_v1alpha2.GRPCRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: "custom", Value: "duplicated"}, {Name: "Custom", Value: "duplicated"}, }, @@ -11017,7 +11017,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -11040,10 +11040,10 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.GRPCRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.GRPCRouteRule{{ @@ -11052,13 +11052,13 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }}, BackendRefs: []gatewayapi_v1alpha2.GRPCBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("kuard", 8080), }, Filters: []gatewayapi_v1alpha2.GRPCRouteFilter{{ Type: gatewayapi_v1alpha2.GRPCRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: "!invalid-header", Value: "foo"}, }, }, @@ -11071,7 +11071,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -11091,7 +11091,7 @@ func TestGatewayAPIGRPCRouteDAGStatus(t *testing.T) { func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { type testcase struct { objs []any - gateway *gatewayapi_v1beta1.Gateway + gateway *gatewayapi_v1.Gateway wantRouteConditions []*status.RouteStatusUpdate wantGatewayStatusUpdate []*status.GatewayStatusUpdate } @@ -11104,15 +11104,15 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { Source: KubernetesCache{ RootNamespaces: []string{"roots", "marketing"}, FieldLogger: fixture.NewTestLogger(t), - gatewayclass: &gatewayapi_v1beta1.GatewayClass{ + gatewayclass: &gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: meta_v1.ObjectMeta{ Name: "test-gc", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -11137,18 +11137,18 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { // Set a default gateway if not defined by a test if tc.gateway == nil { - builder.Source.gateway = &gatewayapi_v1beta1.Gateway{ + builder.Source.gateway = &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "tcp", Port: 10000, Protocol: gatewayapi_v1.TCPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -11224,21 +11224,21 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { run(t, "allowedroute of TCPRoute on a non-TCP listener results in a listener condition", testcase{ objs: []any{}, - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Kinds: []gatewayapi_v1.RouteGroupKind{ {Kind: "TCPRoute"}, }, - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -11256,7 +11256,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { Message: "Listeners are not valid", }, }, - ListenerStatus: map[string]*gatewayapi_v1beta1.ListenerStatus{ + ListenerStatus: map[string]*gatewayapi_v1.ListenerStatus{ "http": { Name: "http", SupportedKinds: nil, @@ -11290,8 +11290,8 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.TCPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, Rules: []gatewayapi_v1alpha2.TCPRouteRule{ { @@ -11306,7 +11306,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -11332,8 +11332,8 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.TCPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, Rules: []gatewayapi_v1alpha2.TCPRouteRule{ {}, @@ -11343,7 +11343,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -11364,8 +11364,8 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.TCPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{gatewayapi.GatewayParentRef("projectcontour", "contour")}, }, Rules: []gatewayapi_v1alpha2.TCPRouteRule{ { @@ -11377,7 +11377,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { }, wantRouteConditions: []*status.RouteStatusUpdate{{ FullName: types.NamespacedName{Namespace: "default", Name: "basic"}, - RouteParentStatuses: []*gatewayapi_v1beta1.RouteParentStatus{ + RouteParentStatuses: []*gatewayapi_v1.RouteParentStatus{ { ParentRef: gatewayapi.GatewayParentRef("projectcontour", "contour"), Conditions: []meta_v1.Condition{ @@ -11394,7 +11394,7 @@ func TestGatewayAPITCPRouteDAGStatus(t *testing.T) { func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { type testcase struct { objs []any - gateway *gatewayapi_v1beta1.Gateway + gateway *gatewayapi_v1.Gateway wantBackendTLSPolicyConditions []*status.BackendTLSPolicyStatusUpdate } @@ -11406,15 +11406,15 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { Source: KubernetesCache{ RootNamespaces: []string{"roots", "marketing"}, FieldLogger: fixture.NewTestLogger(t), - gatewayclass: &gatewayapi_v1beta1.GatewayClass{ + gatewayclass: &gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: meta_v1.ObjectMeta{ Name: "test-gc", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -11439,18 +11439,18 @@ func TestGatewayAPIBackendTLSPolicyDAGStatus(t *testing.T) { // Set a default gateway if not defined by a test if tc.gateway == nil { - builder.Source.gateway = &gatewayapi_v1beta1.Gateway{ + builder.Source.gateway = &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, diff --git a/internal/featuretests/v3/cluster_test.go b/internal/featuretests/v3/cluster_test.go index 5ea19360b91..40a22336ed7 100644 --- a/internal/featuretests/v3/cluster_test.go +++ b/internal/featuretests/v3/cluster_test.go @@ -26,7 +26,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -691,14 +690,14 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { Annotate("projectcontour.io/max-retries", "7"). WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromString("8080")}) - gc := &gatewayapi_v1beta1.GatewayClass{ + gc := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -708,20 +707,20 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { }, } - gt := &gatewayapi_v1beta1.Gateway{ + gt := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(gc.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(gc.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -732,21 +731,21 @@ func TestClusterCircuitbreakerAnnotationsGateway(t *testing.T) { rh.OnAdd(gc) rh.OnAdd(gt) - rh.OnAdd(&gatewayapi_v1beta1.HTTPRoute{ + rh.OnAdd(&gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("projectcontour", "contour"), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 80, 1), diff --git a/internal/featuretests/v3/httproute_test.go b/internal/featuretests/v3/httproute_test.go index ce8f69ac72c..949ee33346a 100644 --- a/internal/featuretests/v3/httproute_test.go +++ b/internal/featuretests/v3/httproute_test.go @@ -23,7 +23,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" @@ -33,14 +32,14 @@ import ( ) var ( - gc = &gatewayapi_v1beta1.GatewayClass{ + gc = &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -50,20 +49,20 @@ var ( }, } - gateway = &gatewayapi_v1beta1.Gateway{ + gateway = &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(gc.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(gc.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -72,14 +71,14 @@ var ( Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -109,21 +108,21 @@ func TestGateway_TLS(t *testing.T) { rh.OnAdd(gateway) - rh.OnAdd(&gatewayapi_v1beta1.HTTPRoute{ + rh.OnAdd(&gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("projectcontour", "contour"), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/blog"), BackendRefs: gatewayapi.HTTPBackendRef("svc2", 80, 1), }, { diff --git a/internal/featuretests/v3/listeners_test.go b/internal/featuretests/v3/listeners_test.go index 195b4add6b4..6b60ce72860 100644 --- a/internal/featuretests/v3/listeners_test.go +++ b/internal/featuretests/v3/listeners_test.go @@ -26,7 +26,6 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -1285,20 +1284,20 @@ func TestGatewayListenersSetAddress(t *testing.T) { rh.OnAdd(gc) - rh.OnAdd(&gatewayapi_v1beta1.Gateway{ + rh.OnAdd(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(gc.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(gc.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -1307,14 +1306,14 @@ func TestGatewayListenersSetAddress(t *testing.T) { Name: "https", Port: 443, Protocol: gatewayapi_v1.HTTPSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -1323,11 +1322,11 @@ func TestGatewayListenersSetAddress(t *testing.T) { Name: "tls", Port: 8443, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -1336,8 +1335,8 @@ func TestGatewayListenersSetAddress(t *testing.T) { Name: "tcp", Port: 27017, Protocol: gatewayapi_v1.TCPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -1346,22 +1345,22 @@ func TestGatewayListenersSetAddress(t *testing.T) { }, }) - rh.OnAdd(&gatewayapi_v1beta1.HTTPRoute{ + rh.OnAdd(&gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "basic", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "http", 0), gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "https", 0), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("svc1", 80, 10), }}, @@ -1386,8 +1385,8 @@ func TestGatewayListenersSetAddress(t *testing.T) { rh.OnAdd(&gatewayapi_v1alpha2.TCPRoute{ ObjectMeta: fixture.ObjectMeta("tcproute-1"), Spec: gatewayapi_v1alpha2.TCPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "tcp", 0), }, }, diff --git a/internal/featuretests/v3/routesourcemetadata_test.go b/internal/featuretests/v3/routesourcemetadata_test.go index bcd7fd2049e..e03305851a6 100644 --- a/internal/featuretests/v3/routesourcemetadata_test.go +++ b/internal/featuretests/v3/routesourcemetadata_test.go @@ -25,7 +25,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/dag" @@ -153,21 +152,21 @@ func TestRouteSourceMetadataIsSet(t *testing.T) { // Test a Gateway API HTTPRoute route gets it source metadata set correctly. rh.OnAdd(gc) rh.OnAdd(gateway) - httpRoute := &gatewayapi_v1beta1.HTTPRoute{ + httpRoute := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "httproute-kuard", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayListenerParentRef("projectcontour", "contour", "http", 80), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "gatewayapi.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("kuard", 80, 1), }}, diff --git a/internal/featuretests/v3/routeweight_test.go b/internal/featuretests/v3/routeweight_test.go index 98b50f49ef7..c062a42a311 100644 --- a/internal/featuretests/v3/routeweight_test.go +++ b/internal/featuretests/v3/routeweight_test.go @@ -26,7 +26,6 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" @@ -342,13 +341,13 @@ func TestHTTPRoute_RouteWithAServiceWeight(t *testing.T) { rh.OnAdd(fixture.NewService("svc2"). WithPorts(core_v1.ServicePort{Port: 80, TargetPort: intstr.FromInt(8080)})) - rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ + rh.OnAdd(&gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -358,17 +357,17 @@ func TestHTTPRoute_RouteWithAServiceWeight(t *testing.T) { }, }) - rh.OnAdd(&gatewayapi_v1beta1.Gateway{ + rh.OnAdd(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -377,21 +376,21 @@ func TestHTTPRoute_RouteWithAServiceWeight(t *testing.T) { }) // HTTPRoute with a single weight. - route1 := &gatewayapi_v1beta1.HTTPRoute{ + route1 := &gatewayapi_v1.HTTPRoute{ ObjectMeta: fixture.ObjectMetaWithAnnotations("basic", map[string]string{ "app": "contour", "type": "controller", }), - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("projectcontour", "contour"), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/blog"), BackendRefs: gatewayapi.HTTPBackendRef("svc1", 80, 1), }}, @@ -410,21 +409,21 @@ func TestHTTPRoute_RouteWithAServiceWeight(t *testing.T) { }) // HTTPRoute with multiple weights. - route2 := &gatewayapi_v1beta1.HTTPRoute{ + route2 := &gatewayapi_v1.HTTPRoute{ ObjectMeta: fixture.ObjectMetaWithAnnotations("basic", map[string]string{ "app": "contour", "type": "controller", }), - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("projectcontour", "contour"), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/blog"), BackendRefs: gatewayapi.HTTPBackendRefs( gatewayapi.HTTPBackendRef("svc1", 80, 60), @@ -459,13 +458,13 @@ func TestTLSRoute_RouteWithAServiceWeight(t *testing.T) { rh.OnAdd(fixture.NewService("svc2"). WithPorts(core_v1.ServicePort{Port: 443, TargetPort: intstr.FromInt(8443)})) - rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ + rh.OnAdd(&gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -475,20 +474,20 @@ func TestTLSRoute_RouteWithAServiceWeight(t *testing.T) { }, }) - rh.OnAdd(&gatewayapi_v1beta1.Gateway{ + rh.OnAdd(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, diff --git a/internal/featuretests/v3/tcproute_test.go b/internal/featuretests/v3/tcproute_test.go index 63111d6ee00..fce4cddd5f5 100644 --- a/internal/featuretests/v3/tcproute_test.go +++ b/internal/featuretests/v3/tcproute_test.go @@ -24,7 +24,6 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" @@ -46,13 +45,13 @@ func TestTCPRoute(t *testing.T) { rh.OnAdd(svc1) rh.OnAdd(svc2) - rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ + rh.OnAdd(&gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -62,15 +61,15 @@ func TestTCPRoute(t *testing.T) { }, }) - gateway := &gatewayapi_v1beta1.Gateway{ + gateway := &gatewayapi_v1.Gateway{ ObjectMeta: fixture.ObjectMeta("projectcontour/contour"), - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "tcp-1", Port: 10000, Protocol: gatewayapi_v1.TCPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -82,12 +81,12 @@ func TestTCPRoute(t *testing.T) { route1 := &gatewayapi_v1alpha2.TCPRoute{ ObjectMeta: fixture.ObjectMeta("tcproute-1"), Spec: gatewayapi_v1alpha2.TCPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ { - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), - Name: gatewayapi_v1beta1.ObjectName("contour"), - SectionName: ref.To(gatewayapi_v1beta1.SectionName("tcp-1")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Name: gatewayapi_v1.ObjectName("contour"), + SectionName: ref.To(gatewayapi_v1.SectionName("tcp-1")), }, }, }, @@ -118,12 +117,12 @@ func TestTCPRoute(t *testing.T) { // check that there is no route config require.Empty(t, c.Request(routeType).Resources) - gateway.Spec.Listeners = append(gateway.Spec.Listeners, gatewayapi_v1beta1.Listener{ + gateway.Spec.Listeners = append(gateway.Spec.Listeners, gatewayapi_v1.Listener{ Name: "tcp-2", Port: 10001, Protocol: gatewayapi_v1.TCPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -136,9 +135,9 @@ func TestTCPRoute(t *testing.T) { CommonRouteSpec: gatewayapi_v1alpha2.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{ { - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), - Name: gatewayapi_v1beta1.ObjectName("contour"), - SectionName: ref.To(gatewayapi_v1beta1.SectionName("tcp-2")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Name: gatewayapi_v1.ObjectName("contour"), + SectionName: ref.To(gatewayapi_v1.SectionName("tcp-2")), }, }, }, @@ -192,13 +191,13 @@ func TestTCPRoute_TLSTermination(t *testing.T) { sec1 := featuretests.TLSSecret(t, "projectcontour/tlscert", &featuretests.ServerCertificate) rh.OnAdd(sec1) - rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ + rh.OnAdd(&gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -208,22 +207,22 @@ func TestTCPRoute_TLSTermination(t *testing.T) { }, }) - gateway := &gatewayapi_v1beta1.Gateway{ + gateway := &gatewayapi_v1.Gateway{ ObjectMeta: fixture.ObjectMeta("projectcontour/contour"), - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{ { Name: "tls", Port: 5000, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -236,12 +235,12 @@ func TestTCPRoute_TLSTermination(t *testing.T) { route1 := &gatewayapi_v1alpha2.TCPRoute{ ObjectMeta: fixture.ObjectMeta("tcproute-1"), Spec: gatewayapi_v1alpha2.TCPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ { - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), - Name: gatewayapi_v1beta1.ObjectName("contour"), - SectionName: ref.To(gatewayapi_v1beta1.SectionName("tls")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), + Name: gatewayapi_v1.ObjectName("contour"), + SectionName: ref.To(gatewayapi_v1.SectionName("tls")), }, }, }, diff --git a/internal/featuretests/v3/tlsroute_test.go b/internal/featuretests/v3/tlsroute_test.go index 4cd9bcfe55b..26a80bd0e85 100644 --- a/internal/featuretests/v3/tlsroute_test.go +++ b/internal/featuretests/v3/tlsroute_test.go @@ -24,7 +24,6 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" "github.com/projectcontour/contour/internal/featuretests" @@ -46,13 +45,13 @@ func TestTLSRoute_TLSPassthrough(t *testing.T) { rh.OnAdd(svc) rh.OnAdd(svcAnother) - rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ + rh.OnAdd(&gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -62,17 +61,17 @@ func TestTLSRoute_TLSPassthrough(t *testing.T) { }, }) - gatewayPassthrough := &gatewayapi_v1beta1.Gateway{ + gatewayPassthrough := &gatewayapi_v1.Gateway{ ObjectMeta: fixture.ObjectMeta("projectcontour/contour"), - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Port: 443, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModePassthrough), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -258,27 +257,27 @@ func TestTLSRoute_TLSTermination(t *testing.T) { rh.OnAdd(gc) - gateway := &gatewayapi_v1beta1.Gateway{ + gateway := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", Namespace: "projectcontour", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(gc.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(gc.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "tls", Port: 5000, Protocol: gatewayapi_v1.TLSProtocolType, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -295,12 +294,12 @@ func TestTLSRoute_TLSTermination(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.TLSRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("projectcontour", "contour"), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test1.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.TLSRouteRule{{ @@ -332,12 +331,12 @@ func TestTLSRoute_TLSTermination(t *testing.T) { Namespace: "default", }, Spec: gatewayapi_v1alpha2.TLSRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("projectcontour", "contour"), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test2.projectcontour.io", }, Rules: []gatewayapi_v1alpha2.TLSRouteRule{{ diff --git a/internal/featuretests/v3/upstreamtls_test.go b/internal/featuretests/v3/upstreamtls_test.go index 0865ab5f82a..c965fc72826 100644 --- a/internal/featuretests/v3/upstreamtls_test.go +++ b/internal/featuretests/v3/upstreamtls_test.go @@ -27,7 +27,6 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -245,13 +244,13 @@ func TestUpstreamTLSWithHTTPRoute(t *testing.T) { rh.OnAdd(sec1) rh.OnAdd(sec2) - rh.OnAdd(&gatewayapi_v1beta1.GatewayClass{ + rh.OnAdd(&gatewayapi_v1.GatewayClass{ TypeMeta: meta_v1.TypeMeta{}, ObjectMeta: fixture.ObjectMeta("test-gc"), - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/contour", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -261,15 +260,15 @@ func TestUpstreamTLSWithHTTPRoute(t *testing.T) { }, }) - gateway := &gatewayapi_v1beta1.Gateway{ + gateway := &gatewayapi_v1.Gateway{ ObjectMeta: fixture.ObjectMeta("projectcontour/contour"), - Spec: gatewayapi_v1beta1.GatewaySpec{ - Listeners: []gatewayapi_v1beta1.Listener{{ + Spec: gatewayapi_v1.GatewaySpec{ + Listeners: []gatewayapi_v1.Listener{{ Name: "http", Port: 80, Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, @@ -282,21 +281,21 @@ func TestUpstreamTLSWithHTTPRoute(t *testing.T) { WithPorts(core_v1.ServicePort{Name: "http", Port: 443}) rh.OnAdd(svc) - rh.OnAdd(&gatewayapi_v1beta1.HTTPRoute{ + rh.OnAdd(&gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Name: "authenticated", Namespace: "default", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("projectcontour", "contour"), }, }, - Hostnames: []gatewayapi_v1beta1.Hostname{ + Hostnames: []gatewayapi_v1.Hostname{ "test.projectcontour.io", }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{{ + Rules: []gatewayapi_v1.HTTPRouteRule{{ Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("backend", 443, 1), }}, diff --git a/internal/gatewayapi/helpers.go b/internal/gatewayapi/helpers.go index 2e54b303939..ac73077b849 100644 --- a/internal/gatewayapi/helpers.go +++ b/internal/gatewayapi/helpers.go @@ -17,66 +17,65 @@ import ( "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/ref" ) -func CertificateRef(name, namespace string) gatewayapi_v1beta1.SecretObjectReference { - secretRef := gatewayapi_v1beta1.SecretObjectReference{ - Group: ref.To(gatewayapi_v1beta1.Group("")), - Kind: ref.To(gatewayapi_v1beta1.Kind("Secret")), - Name: gatewayapi_v1beta1.ObjectName(name), +func CertificateRef(name, namespace string) gatewayapi_v1.SecretObjectReference { + secretRef := gatewayapi_v1.SecretObjectReference{ + Group: ref.To(gatewayapi_v1.Group("")), + Kind: ref.To(gatewayapi_v1.Kind("Secret")), + Name: gatewayapi_v1.ObjectName(name), } if namespace != "" { - secretRef.Namespace = ref.To(gatewayapi_v1beta1.Namespace(namespace)) + secretRef.Namespace = ref.To(gatewayapi_v1.Namespace(namespace)) } return secretRef } -func GatewayParentRef(namespace, name string) gatewayapi_v1beta1.ParentReference { - parentRef := gatewayapi_v1beta1.ParentReference{ - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), - Kind: ref.To(gatewayapi_v1beta1.Kind("Gateway")), - Name: gatewayapi_v1beta1.ObjectName(name), +func GatewayParentRef(namespace, name string) gatewayapi_v1.ParentReference { + parentRef := gatewayapi_v1.ParentReference{ + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Kind: ref.To(gatewayapi_v1.Kind("Gateway")), + Name: gatewayapi_v1.ObjectName(name), } if namespace != "" { - parentRef.Namespace = ref.To(gatewayapi_v1beta1.Namespace(namespace)) + parentRef.Namespace = ref.To(gatewayapi_v1.Namespace(namespace)) } return parentRef } -func GatewayListenerParentRef(namespace, name, listener string, port int) gatewayapi_v1beta1.ParentReference { +func GatewayListenerParentRef(namespace, name, listener string, port int) gatewayapi_v1.ParentReference { parentRef := GatewayParentRef(namespace, name) if listener != "" { - parentRef.SectionName = ref.To(gatewayapi_v1beta1.SectionName(listener)) + parentRef.SectionName = ref.To(gatewayapi_v1.SectionName(listener)) } if port != 0 { - parentRef.Port = ref.To(gatewayapi_v1beta1.PortNumber(port)) + parentRef.Port = ref.To(gatewayapi_v1.PortNumber(port)) } return parentRef } -func ServiceBackendObjectRef(name string, port int) gatewayapi_v1beta1.BackendObjectReference { - return gatewayapi_v1beta1.BackendObjectReference{ - Group: ref.To(gatewayapi_v1beta1.Group("")), - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), - Name: gatewayapi_v1beta1.ObjectName(name), - Port: ref.To(gatewayapi_v1beta1.PortNumber(port)), +func ServiceBackendObjectRef(name string, port int) gatewayapi_v1.BackendObjectReference { + return gatewayapi_v1.BackendObjectReference{ + Group: ref.To(gatewayapi_v1.Group("")), + Kind: ref.To(gatewayapi_v1.Kind("Service")), + Name: gatewayapi_v1.ObjectName(name), + Port: ref.To(gatewayapi_v1.PortNumber(port)), } } -func HTTPRouteMatch(pathType gatewayapi_v1beta1.PathMatchType, value string) []gatewayapi_v1beta1.HTTPRouteMatch { - return []gatewayapi_v1beta1.HTTPRouteMatch{ +func HTTPRouteMatch(pathType gatewayapi_v1.PathMatchType, value string) []gatewayapi_v1.HTTPRouteMatch { + return []gatewayapi_v1.HTTPRouteMatch{ { - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(pathType), Value: ref.To(value), }, @@ -84,8 +83,8 @@ func HTTPRouteMatch(pathType gatewayapi_v1beta1.PathMatchType, value string) []g } } -func HTTPHeaderMatch(matchType gatewayapi_v1beta1.HeaderMatchType, name, value string) []gatewayapi_v1beta1.HTTPHeaderMatch { - return []gatewayapi_v1beta1.HTTPHeaderMatch{ +func HTTPHeaderMatch(matchType gatewayapi_v1.HeaderMatchType, name, value string) []gatewayapi_v1.HTTPHeaderMatch { + return []gatewayapi_v1.HTTPHeaderMatch{ { Type: ref.To(matchType), Name: gatewayapi_v1.HTTPHeaderName(name), @@ -94,11 +93,11 @@ func HTTPHeaderMatch(matchType gatewayapi_v1beta1.HeaderMatchType, name, value s } } -func HTTPQueryParamMatches(namesAndValues map[string]string) []gatewayapi_v1beta1.HTTPQueryParamMatch { - var matches []gatewayapi_v1beta1.HTTPQueryParamMatch +func HTTPQueryParamMatches(namesAndValues map[string]string) []gatewayapi_v1.HTTPQueryParamMatch { + var matches []gatewayapi_v1.HTTPQueryParamMatch for name, val := range namesAndValues { - matches = append(matches, gatewayapi_v1beta1.HTTPQueryParamMatch{ + matches = append(matches, gatewayapi_v1.HTTPQueryParamMatch{ Type: ref.To(gatewayapi_v1.QueryParamMatchExact), Name: gatewayapi_v1.HTTPHeaderName(name), Value: val, @@ -108,8 +107,8 @@ func HTTPQueryParamMatches(namesAndValues map[string]string) []gatewayapi_v1beta return matches } -func HTTPBackendRefs(backendRefs ...[]gatewayapi_v1beta1.HTTPBackendRef) []gatewayapi_v1beta1.HTTPBackendRef { - var res []gatewayapi_v1beta1.HTTPBackendRef +func HTTPBackendRefs(backendRefs ...[]gatewayapi_v1.HTTPBackendRef) []gatewayapi_v1.HTTPBackendRef { + var res []gatewayapi_v1.HTTPBackendRef for _, ref := range backendRefs { res = append(res, ref...) @@ -117,10 +116,10 @@ func HTTPBackendRefs(backendRefs ...[]gatewayapi_v1beta1.HTTPBackendRef) []gatew return res } -func HTTPBackendRef(serviceName string, port int, weight int32) []gatewayapi_v1beta1.HTTPBackendRef { - return []gatewayapi_v1beta1.HTTPBackendRef{ +func HTTPBackendRef(serviceName string, port int, weight int32) []gatewayapi_v1.HTTPBackendRef { + return []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: ServiceBackendObjectRef(serviceName, port), Weight: &weight, }, @@ -141,10 +140,10 @@ func TLSRouteBackendRef(serviceName string, port int, weight *int32) []gatewayap return []gatewayapi_v1alpha2.BackendRef{ { BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Group: ref.To(gatewayapi_v1beta1.Group("")), - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), + Group: ref.To(gatewayapi_v1.Group("")), + Kind: ref.To(gatewayapi_v1.Kind("Service")), Name: gatewayapi_v1alpha2.ObjectName(serviceName), - Port: ref.To(gatewayapi_v1beta1.PortNumber(port)), + Port: ref.To(gatewayapi_v1.PortNumber(port)), }, Weight: weight, }, @@ -156,10 +155,10 @@ func GRPCRouteBackendRef(serviceName string, port int, weight int32) []gatewayap { BackendRef: gatewayapi_v1alpha2.BackendRef{ BackendObjectReference: gatewayapi_v1alpha2.BackendObjectReference{ - Group: ref.To(gatewayapi_v1beta1.Group("")), - Kind: ref.To(gatewayapi_v1beta1.Kind("Service")), + Group: ref.To(gatewayapi_v1.Group("")), + Kind: ref.To(gatewayapi_v1.Kind("Service")), Name: gatewayapi_v1alpha2.ObjectName(serviceName), - Port: ref.To(gatewayapi_v1beta1.PortNumber(port)), + Port: ref.To(gatewayapi_v1.PortNumber(port)), }, Weight: &weight, }, @@ -176,7 +175,7 @@ func GRPCMethodMatch(matchType gatewayapi_v1alpha2.GRPCMethodMatchType, service, } } -func GRPCHeaderMatch(matchType gatewayapi_v1beta1.HeaderMatchType, name, value string) []gatewayapi_v1alpha2.GRPCHeaderMatch { +func GRPCHeaderMatch(matchType gatewayapi_v1.HeaderMatchType, name, value string) []gatewayapi_v1alpha2.GRPCHeaderMatch { return []gatewayapi_v1alpha2.GRPCHeaderMatch{ { Type: ref.To(matchType), @@ -190,8 +189,8 @@ func GRPCHeaderMatch(matchType gatewayapi_v1beta1.HeaderMatchType, name, value s // to a Gateway with the given namespace/name, irrespective of whether a // section/listener name has been specified (i.e. a parent ref to a listener // on the specified gateway will return "true"). -func IsRefToGateway(parentRef gatewayapi_v1beta1.ParentReference, gateway types.NamespacedName) bool { - if parentRef.Group != nil && string(*parentRef.Group) != gatewayapi_v1beta1.GroupName { +func IsRefToGateway(parentRef gatewayapi_v1.ParentReference, gateway types.NamespacedName) bool { + if parentRef.Group != nil && string(*parentRef.Group) != gatewayapi_v1.GroupName { return false } diff --git a/internal/gatewayapi/listeners.go b/internal/gatewayapi/listeners.go index e4355b0f0c2..1e5d34d0b07 100644 --- a/internal/gatewayapi/listeners.go +++ b/internal/gatewayapi/listeners.go @@ -22,7 +22,6 @@ import ( "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/validation" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/ref" ) @@ -45,7 +44,7 @@ type ValidateListenersResult struct { // InvalidListenerConditions is a map from Gateway Listener name // to a condition to set, if the Listener is invalid. - InvalidListenerConditions map[gatewayapi_v1beta1.SectionName]meta_v1.Condition + InvalidListenerConditions map[gatewayapi_v1.SectionName]meta_v1.Condition } type ListenerPort struct { @@ -74,7 +73,7 @@ func conflictedCondition(reason gatewayapi_v1.ListenerConditionReason, msg strin // It returns a Listener name map, the ports to use, and conditions for all invalid listeners. // If a listener is not in the "InvalidListenerConditions" map, it is assumed to be valid according // to the above rules. -func ValidateListeners(listeners []gatewayapi_v1beta1.Listener) ValidateListenersResult { +func ValidateListeners(listeners []gatewayapi_v1.Listener) ValidateListenersResult { // TLS-based protocols that can all exist on the same port. compatibleTLSProtocols := sets.New( gatewayapi_v1.HTTPSProtocolType, @@ -84,7 +83,7 @@ func ValidateListeners(listeners []gatewayapi_v1beta1.Listener) ValidateListener result := ValidateListenersResult{ ListenerNames: map[string]string{}, - InvalidListenerConditions: map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{}, + InvalidListenerConditions: map[gatewayapi_v1.SectionName]meta_v1.Condition{}, } for i, listener := range listeners { @@ -209,7 +208,7 @@ func ValidateListeners(listeners []gatewayapi_v1beta1.Listener) ValidateListener return result } -func toContainerPort(listenerPort gatewayapi_v1beta1.PortNumber) int32 { +func toContainerPort(listenerPort gatewayapi_v1.PortNumber) int32 { // Add 8000 to the Listener port, wrapping around if needed, // and skipping over privileged ports 1-1023. diff --git a/internal/gatewayapi/listeners_test.go b/internal/gatewayapi/listeners_test.go index 2fe5c6ce8df..422e0b37d2a 100644 --- a/internal/gatewayapi/listeners_test.go +++ b/internal/gatewayapi/listeners_test.go @@ -19,14 +19,13 @@ import ( "github.com/stretchr/testify/assert" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/ref" ) func TestValidateListeners(t *testing.T) { t.Run("All HTTP listeners are valid on a single port, some non-HTTP listeners as well", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -36,25 +35,25 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-4", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.envoyproxy.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "non-http-listener-1", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -67,7 +66,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("HTTP listeners on multiple ports, some non-HTTP listeners as well", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -77,25 +76,25 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-4", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 8080, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "non-http-listener-1", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -109,7 +108,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("Two HTTP listeners with the same hostname, some HTTP listeners on another port, some non-HTTP listeners as well", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -119,31 +118,31 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), // duplicate hostname + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), // duplicate hostname }, { Name: "listener-4", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.envoyproxy.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "listener-5", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 8080, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.envoyproxy.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "non-http-listener-1", Protocol: gatewayapi_v1.TLSProtocolType, // non-HTTP Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -153,7 +152,7 @@ func TestValidateListeners(t *testing.T) { {Name: "http-8080", Port: 8080, ContainerPort: 16080, Protocol: "http"}, {Name: "https-443", Port: 443, ContainerPort: 8443, Protocol: "https"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ + assert.Equal(t, map[gatewayapi_v1.SectionName]meta_v1.Condition{ "listener-3": { Type: string(gatewayapi_v1.ListenerConditionConflicted), Status: meta_v1.ConditionTrue, @@ -164,7 +163,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("All HTTPS/TLS listeners are valid, some non-HTTPS/TLS listeners as well", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPSProtocolType, @@ -174,25 +173,25 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-4", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.envoyproxy.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "non-http-listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -205,7 +204,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("HTTPS listeners on two different ports, some non-HTTPS listeners as well", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPSProtocolType, @@ -215,25 +214,25 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.projectcontour.io")), }, { Name: "listener-4", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 8443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "http-listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -247,7 +246,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("Two HTTPS/TLS listeners on same port with the same hostname, some HTTPS/TLS listeners on another port, some HTTP listeners as well", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPSProtocolType, @@ -257,31 +256,31 @@ func TestValidateListeners(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), // duplicate hostname + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), // duplicate hostname }, { Name: "listener-4", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.envoyproxy.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "listener-5", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 8443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.envoyproxy.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.envoyproxy.io")), }, { Name: "http-listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("local.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("local.projectcontour.io")), }, } @@ -291,7 +290,7 @@ func TestValidateListeners(t *testing.T) { {Name: "https-443", Port: 443, ContainerPort: 8443, Protocol: "https"}, {Name: "https-8443", Port: 8443, ContainerPort: 16443, Protocol: "https"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ + assert.Equal(t, map[gatewayapi_v1.SectionName]meta_v1.Condition{ "listener-3": { Type: string(gatewayapi_v1.ListenerConditionConflicted), Status: meta_v1.ConditionTrue, @@ -302,30 +301,30 @@ func TestValidateListeners(t *testing.T) { }) t.Run("Two HTTP and one HTTPS listeners, each with an invalid hostname", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("192.168.1.1")), + Hostname: ref.To(gatewayapi_v1.Hostname("192.168.1.1")), }, { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("*.*.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("*.*.projectcontour.io")), }, { Name: "listener-3", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname(".invalid.$.")), + Hostname: ref.To(gatewayapi_v1.Hostname(".invalid.$.")), }, } res := ValidateListeners(listeners) assert.Empty(t, res.Ports) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ + assert.Equal(t, map[gatewayapi_v1.SectionName]meta_v1.Condition{ "listener-1": { Type: string(gatewayapi_v1.ListenerConditionProgrammed), Status: meta_v1.ConditionFalse, @@ -348,23 +347,23 @@ func TestValidateListeners(t *testing.T) { }) t.Run("Three HTTPS listeners on the same port, each with a different hostname", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("https-1.gateway.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("https-1.gateway.projectcontour.io")), Port: 443, }, { Name: "https-2", Protocol: gatewayapi_v1.HTTPSProtocolType, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("https-2.gateway.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("https-2.gateway.projectcontour.io")), Port: 443, }, { Name: "https-3", Protocol: gatewayapi_v1.HTTPSProtocolType, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("https-3.gateway.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("https-3.gateway.projectcontour.io")), Port: 443, }, } @@ -376,7 +375,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("Conflicting protocols on a port", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -417,7 +416,7 @@ func TestValidateListeners(t *testing.T) { {Name: "http-9999", Port: 9999, ContainerPort: 17999, Protocol: "http"}, {Name: "tcp-11111", Port: 11111, ContainerPort: 19111, Protocol: "tcp"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ + assert.Equal(t, map[gatewayapi_v1.SectionName]meta_v1.Condition{ "https": { Type: string(gatewayapi_v1.ListenerConditionConflicted), Status: meta_v1.ConditionTrue, @@ -440,7 +439,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("Conflicting protocols on a port (reverse order)", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "https", Protocol: gatewayapi_v1.HTTPSProtocolType, @@ -481,7 +480,7 @@ func TestValidateListeners(t *testing.T) { {Name: "https-9999", Port: 9999, ContainerPort: 17999, Protocol: "https"}, {Name: "https-11111", Port: 11111, ContainerPort: 19111, Protocol: "https"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ + assert.Equal(t, map[gatewayapi_v1.SectionName]meta_v1.Condition{ "http": { Type: string(gatewayapi_v1.ListenerConditionConflicted), Status: meta_v1.ConditionTrue, @@ -504,7 +503,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("Three TCP listeners on different ports", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "tcp-1", Protocol: gatewayapi_v1.TCPProtocolType, @@ -528,7 +527,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("Listeners with various edge-case port numbers", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -556,7 +555,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("Listeners with ports that map to the same container ports", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -573,7 +572,7 @@ func TestValidateListeners(t *testing.T) { assert.ElementsMatch(t, res.Ports, []ListenerPort{ {Name: "http-58000", Port: 58000, ContainerPort: 1488, Protocol: "http"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ + assert.Equal(t, map[gatewayapi_v1.SectionName]meta_v1.Condition{ "http-2": { Type: string(gatewayapi_v1.ListenerConditionAccepted), Status: meta_v1.ConditionFalse, @@ -584,7 +583,7 @@ func TestValidateListeners(t *testing.T) { }) t.Run("Listeners with ports that map to the same container ports, reverse order", func(t *testing.T) { - listeners := []gatewayapi_v1beta1.Listener{ + listeners := []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -601,7 +600,7 @@ func TestValidateListeners(t *testing.T) { assert.ElementsMatch(t, res.Ports, []ListenerPort{ {Name: "http-59000", Port: 59000, ContainerPort: 1465, Protocol: "http"}, }) - assert.Equal(t, map[gatewayapi_v1beta1.SectionName]meta_v1.Condition{ + assert.Equal(t, map[gatewayapi_v1.SectionName]meta_v1.Condition{ "http-2": { Type: string(gatewayapi_v1.ListenerConditionAccepted), Status: meta_v1.ConditionFalse, diff --git a/internal/k8s/helpers.go b/internal/k8s/helpers.go index 5439e90a45b..adbcfd242d0 100644 --- a/internal/k8s/helpers.go +++ b/internal/k8s/helpers.go @@ -24,6 +24,7 @@ import ( apiequality "k8s.io/apimachinery/pkg/api/equality" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -59,22 +60,22 @@ func isStatusEqual(objA, objB any) bool { return true } } - case *gatewayapi_v1beta1.GatewayClass: - if b, ok := objB.(*gatewayapi_v1beta1.GatewayClass); ok { + case *gatewayapi_v1.GatewayClass: + if b, ok := objB.(*gatewayapi_v1.GatewayClass); ok { if cmp.Equal(a.Status, b.Status, cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime")) { return true } } - case *gatewayapi_v1beta1.Gateway: - if b, ok := objB.(*gatewayapi_v1beta1.Gateway); ok { + case *gatewayapi_v1.Gateway: + if b, ok := objB.(*gatewayapi_v1.Gateway); ok { if cmp.Equal(a.Status, b.Status, cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime")) { return true } } - case *gatewayapi_v1beta1.HTTPRoute: - if b, ok := objB.(*gatewayapi_v1beta1.HTTPRoute); ok { + case *gatewayapi_v1.HTTPRoute: + if b, ok := objB.(*gatewayapi_v1.HTTPRoute); ok { if cmp.Equal(a.Status, b.Status, cmpopts.IgnoreFields(meta_v1.Condition{}, "LastTransitionTime")) { return true @@ -111,10 +112,10 @@ func IsObjectEqual(oldObj, newObj client.Object) (bool, error) { *contour_v1.TLSCertificateDelegation: return isGenerationEqual(oldObj, newObj), nil - case *gatewayapi_v1beta1.GatewayClass, - *gatewayapi_v1beta1.Gateway, + case *gatewayapi_v1.GatewayClass, + *gatewayapi_v1.Gateway, *gatewayapi_v1beta1.ReferenceGrant, - *gatewayapi_v1beta1.HTTPRoute, + *gatewayapi_v1.HTTPRoute, *gatewayapi_v1alpha2.TLSRoute, *gatewayapi_v1alpha2.GRPCRoute, *gatewayapi_v1alpha2.TCPRoute, diff --git a/internal/k8s/helpers_test.go b/internal/k8s/helpers_test.go index 9cabc99208e..bd303656f50 100644 --- a/internal/k8s/helpers_test.go +++ b/internal/k8s/helpers_test.go @@ -26,6 +26,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -202,9 +203,9 @@ func TestIsEqualForGeneration(t *testing.T) { run(t, &contour_v1.HTTPProxy{}) run(t, &contour_v1alpha1.ExtensionService{}) run(t, &contour_v1.TLSCertificateDelegation{}) - run(t, &gatewayapi_v1beta1.GatewayClass{}) - run(t, &gatewayapi_v1beta1.Gateway{}) - run(t, &gatewayapi_v1beta1.HTTPRoute{}) + run(t, &gatewayapi_v1.GatewayClass{}) + run(t, &gatewayapi_v1.Gateway{}) + run(t, &gatewayapi_v1.HTTPRoute{}) run(t, &gatewayapi_v1alpha2.TLSRoute{}) run(t, &gatewayapi_v1beta1.ReferenceGrant{}) run(t, &gatewayapi_v1alpha2.GRPCRoute{}) diff --git a/internal/k8s/kind.go b/internal/k8s/kind.go index 9142879b7be..1e4d420910e 100644 --- a/internal/k8s/kind.go +++ b/internal/k8s/kind.go @@ -19,6 +19,7 @@ import ( "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/scheme" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -49,7 +50,7 @@ func KindOf(obj any) string { return "Ingress" case *contour_v1.HTTPProxy: return "HTTPProxy" - case *gatewayapi_v1beta1.HTTPRoute: + case *gatewayapi_v1.HTTPRoute: return "HTTPRoute" case *gatewayapi_v1alpha2.GRPCRoute: return "GRPCRoute" @@ -57,12 +58,14 @@ func KindOf(obj any) string { return "TLSRoute" case *gatewayapi_v1alpha2.TCPRoute: return "TCPRoute" - case *gatewayapi_v1beta1.Gateway: + case *gatewayapi_v1.Gateway: return "Gateway" - case *gatewayapi_v1beta1.GatewayClass: + case *gatewayapi_v1.GatewayClass: return "GatewayClass" case *gatewayapi_v1beta1.ReferenceGrant: return "ReferenceGrant" + case *gatewayapi_v1alpha2.BackendTLSPolicy: + return "BackendTLSPolicy" case *contour_v1.TLSCertificateDelegation: return "TLSCertificateDelegation" case *contour_v1alpha1.ExtensionService: diff --git a/internal/k8s/kind_test.go b/internal/k8s/kind_test.go index f97d1200e92..659b45269b5 100644 --- a/internal/k8s/kind_test.go +++ b/internal/k8s/kind_test.go @@ -20,6 +20,7 @@ import ( core_v1 "k8s.io/api/core/v1" networking_v1 "k8s.io/api/networking/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -44,12 +45,13 @@ func TestKindOf(t *testing.T) { {"ContourConfiguration", &contour_v1alpha1.ContourConfiguration{}}, {"ContourDeployment", &contour_v1alpha1.ContourDeployment{}}, {"GRPCRoute", &gatewayapi_v1alpha2.GRPCRoute{}}, - {"HTTPRoute", &gatewayapi_v1beta1.HTTPRoute{}}, + {"HTTPRoute", &gatewayapi_v1.HTTPRoute{}}, {"TLSRoute", &gatewayapi_v1alpha2.TLSRoute{}}, {"TCPRoute", &gatewayapi_v1alpha2.TCPRoute{}}, - {"Gateway", &gatewayapi_v1beta1.Gateway{}}, - {"GatewayClass", &gatewayapi_v1beta1.GatewayClass{}}, + {"Gateway", &gatewayapi_v1.Gateway{}}, + {"GatewayClass", &gatewayapi_v1.GatewayClass{}}, {"ReferenceGrant", &gatewayapi_v1beta1.ReferenceGrant{}}, + {"BackendTLSPolicy", &gatewayapi_v1alpha2.BackendTLSPolicy{}}, { "Foo", &unstructured.Unstructured{ Object: map[string]any{ diff --git a/internal/k8s/scheme.go b/internal/k8s/scheme.go index 1035ed26d0c..6f7aa9c2d29 100644 --- a/internal/k8s/scheme.go +++ b/internal/k8s/scheme.go @@ -16,6 +16,7 @@ package k8s import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/kubernetes/scheme" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -34,6 +35,7 @@ func NewContourScheme() (*runtime.Scheme, error) { scheme.AddToScheme, gatewayapi_v1alpha2.AddToScheme, gatewayapi_v1beta1.AddToScheme, + gatewayapi_v1.AddToScheme, } if err := b.AddToScheme(s); err != nil { diff --git a/internal/k8s/statusaddress.go b/internal/k8s/statusaddress.go index 24f17ab34e1..a3521463068 100644 --- a/internal/k8s/statusaddress.go +++ b/internal/k8s/statusaddress.go @@ -26,7 +26,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/annotation" @@ -133,7 +132,7 @@ func (s *StatusAddressUpdater) OnAdd(obj any, _ bool) { }), )) - case *gatewayapi_v1beta1.Gateway: + case *gatewayapi_v1.Gateway: switch { // Specific Gateway configured: check if the added Gateway // matches. @@ -148,7 +147,7 @@ func (s *StatusAddressUpdater) OnAdd(obj any, _ bool) { // Otherwise, check if the added Gateway's class is controlled // by us. default: - gc := &gatewayapi_v1beta1.GatewayClass{} + gc := &gatewayapi_v1.GatewayClass{} if err := s.Cache.Get(context.Background(), client.ObjectKey{Name: string(o.Spec.GatewayClassName)}, gc); err != nil { s.Logger. WithField("name", o.Name). @@ -172,9 +171,9 @@ func (s *StatusAddressUpdater) OnAdd(obj any, _ bool) { s.StatusUpdater.Send(NewStatusUpdate( o.Name, o.Namespace, - &gatewayapi_v1beta1.Gateway{}, + &gatewayapi_v1.Gateway{}, StatusMutatorFunc(func(obj client.Object) client.Object { - gateway, ok := obj.(*gatewayapi_v1beta1.Gateway) + gateway, ok := obj.(*gatewayapi_v1.Gateway) if !ok { panic(fmt.Sprintf("Unsupported object %s/%s in status Address mutator", obj.GetName(), obj.GetNamespace(), @@ -292,13 +291,13 @@ func lbStatusToGatewayAddresses(lbs core_v1.LoadBalancerStatus) []gatewayapi_v1. for _, lbi := range lbs.Ingress { if len(lbi.IP) > 0 { addrs = append(addrs, gatewayapi_v1.GatewayStatusAddress{ - Type: ref.To(gatewayapi_v1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1.IPAddressType), Value: lbi.IP, }) } if len(lbi.Hostname) > 0 { addrs = append(addrs, gatewayapi_v1.GatewayStatusAddress{ - Type: ref.To(gatewayapi_v1beta1.HostnameAddressType), + Type: ref.To(gatewayapi_v1.HostnameAddressType), Value: lbi.Hostname, }) } diff --git a/internal/k8s/statusaddress_test.go b/internal/k8s/statusaddress_test.go index 6564a2d727f..3b59e643384 100644 --- a/internal/k8s/statusaddress_test.go +++ b/internal/k8s/statusaddress_test.go @@ -25,7 +25,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/fixture" @@ -378,21 +377,21 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { status core_v1.LoadBalancerStatus gatewayClassControllerName string gatewayRef *types.NamespacedName - preop *gatewayapi_v1beta1.Gateway - postop *gatewayapi_v1beta1.Gateway + preop *gatewayapi_v1.Gateway + postop *gatewayapi_v1.Gateway }{ "happy path (IP)": { status: ipLBStatus, gatewayClassControllerName: "projectcontour.io/contour", - preop: &gatewayapi_v1beta1.Gateway{ + preop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), }, - Status: gatewayapi_v1beta1.GatewayStatus{ + Status: gatewayapi_v1.GatewayStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), @@ -401,15 +400,15 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, }, }, - postop: &gatewayapi_v1beta1.Gateway{ + postop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), }, - Status: gatewayapi_v1beta1.GatewayStatus{ + Status: gatewayapi_v1.GatewayStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), @@ -418,11 +417,11 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, Addresses: []gatewayapi_v1.GatewayStatusAddress{ { - Type: ref.To(gatewayapi_v1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1.IPAddressType), Value: ipLBStatus.Ingress[0].IP, }, { - Type: ref.To(gatewayapi_v1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1.IPAddressType), Value: ipLBStatus.Ingress[1].IP, }, }, @@ -432,15 +431,15 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { "happy path (hostname)": { status: hostnameLBStatus, gatewayClassControllerName: "projectcontour.io/contour", - preop: &gatewayapi_v1beta1.Gateway{ + preop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), }, - Status: gatewayapi_v1beta1.GatewayStatus{ + Status: gatewayapi_v1.GatewayStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), @@ -449,15 +448,15 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, }, }, - postop: &gatewayapi_v1beta1.Gateway{ + postop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), }, - Status: gatewayapi_v1beta1.GatewayStatus{ + Status: gatewayapi_v1.GatewayStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), @@ -466,7 +465,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, Addresses: []gatewayapi_v1.GatewayStatusAddress{ { - Type: ref.To(gatewayapi_v1beta1.HostnameAddressType), + Type: ref.To(gatewayapi_v1.HostnameAddressType), Value: hostnameLBStatus.Ingress[0].Hostname, }, }, @@ -476,15 +475,15 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { "Gateway not controlled by this Contour": { status: ipLBStatus, gatewayClassControllerName: "projectcontour.io/some-other-controller", - preop: &gatewayapi_v1beta1.Gateway{ + preop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), }, - Status: gatewayapi_v1beta1.GatewayStatus{ + Status: gatewayapi_v1.GatewayStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), @@ -493,15 +492,15 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, }, }, - postop: &gatewayapi_v1beta1.Gateway{ + postop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), }, - Status: gatewayapi_v1beta1.GatewayStatus{ + Status: gatewayapi_v1.GatewayStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), @@ -514,15 +513,15 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { "Specific gateway configured, gateway does not match": { status: ipLBStatus, gatewayRef: &types.NamespacedName{Namespace: "projectcontour", Name: "contour-gateway"}, - preop: &gatewayapi_v1beta1.Gateway{ + preop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "some-other-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), }, - Status: gatewayapi_v1beta1.GatewayStatus{ + Status: gatewayapi_v1.GatewayStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), @@ -531,15 +530,15 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, }, }, - postop: &gatewayapi_v1beta1.Gateway{ + postop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "some-other-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), }, - Status: gatewayapi_v1beta1.GatewayStatus{ + Status: gatewayapi_v1.GatewayStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), @@ -552,15 +551,15 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { "Specific gateway configured, gateway matches": { status: ipLBStatus, gatewayRef: &types.NamespacedName{Namespace: "projectcontour", Name: "contour-gateway"}, - preop: &gatewayapi_v1beta1.Gateway{ + preop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), }, - Status: gatewayapi_v1beta1.GatewayStatus{ + Status: gatewayapi_v1.GatewayStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), @@ -569,15 +568,15 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, }, }, - postop: &gatewayapi_v1beta1.Gateway{ + postop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", Name: "contour-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-gatewayclass"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), }, - Status: gatewayapi_v1beta1.GatewayStatus{ + Status: gatewayapi_v1.GatewayStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayConditionProgrammed), @@ -586,11 +585,11 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, Addresses: []gatewayapi_v1.GatewayStatusAddress{ { - Type: ref.To(gatewayapi_v1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1.IPAddressType), Value: ipLBStatus.Ingress[0].IP, }, { - Type: ref.To(gatewayapi_v1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1.IPAddressType), Value: ipLBStatus.Ingress[1].IP, }, }, @@ -612,7 +611,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { // with the data from the API server; this simulates that behavior by // updating the struct pointed to by the third argument with the fields // we care about. See Run's godoc for more info. - args[2].(*gatewayapi_v1beta1.GatewayClass).Spec.ControllerName = gatewayapi_v1beta1.GatewayController(tc.gatewayClassControllerName) + args[2].(*gatewayapi_v1.GatewayClass).Spec.ControllerName = gatewayapi_v1.GatewayController(tc.gatewayClassControllerName) }). Return(nil) @@ -643,7 +642,7 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { // with the data from the API server; this simulates that behavior by // updating the struct pointed to by the third argument with the fields // we care about. See Run's godoc for more info. - args[2].(*gatewayapi_v1beta1.GatewayClass).Spec.ControllerName = gatewayapi_v1beta1.GatewayController(tc.gatewayClassControllerName) + args[2].(*gatewayapi_v1.GatewayClass).Spec.ControllerName = gatewayapi_v1.GatewayController(tc.gatewayClassControllerName) }). Return(nil) diff --git a/internal/provisioner/controller/gateway.go b/internal/provisioner/controller/gateway.go index 14fa1f4a2d6..4de51141b6c 100644 --- a/internal/provisioner/controller/gateway.go +++ b/internal/provisioner/controller/gateway.go @@ -31,7 +31,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/gatewayapi" @@ -47,7 +46,7 @@ import ( // gatewayReconciler reconciles Gateway objects. type gatewayReconciler struct { - gatewayController gatewayapi_v1beta1.GatewayController + gatewayController gatewayapi_v1.GatewayController contourImage string envoyImage string client client.Client @@ -56,7 +55,7 @@ type gatewayReconciler struct { func NewGatewayController(mgr manager.Manager, gatewayController, contourImage, envoyImage string) (controller.Controller, error) { r := &gatewayReconciler{ - gatewayController: gatewayapi_v1beta1.GatewayController(gatewayController), + gatewayController: gatewayapi_v1.GatewayController(gatewayController), contourImage: contourImage, envoyImage: envoyImage, client: mgr.GetClient(), @@ -69,7 +68,7 @@ func NewGatewayController(mgr manager.Manager, gatewayController, contourImage, } if err := c.Watch( - source.Kind(mgr.GetCache(), &gatewayapi_v1beta1.Gateway{}), + source.Kind(mgr.GetCache(), &gatewayapi_v1.Gateway{}), &handler.EnqueueRequestForObject{}, predicate.NewPredicateFuncs(r.forReconcilableGatewayClass), ); err != nil { @@ -80,7 +79,7 @@ func NewGatewayController(mgr manager.Manager, gatewayController, contourImage, // Gateways when a provisioner-controlled GatewayClass becomes // "Accepted: true". if err := c.Watch( - source.Kind(mgr.GetCache(), &gatewayapi_v1beta1.GatewayClass{}), + source.Kind(mgr.GetCache(), &gatewayapi_v1.GatewayClass{}), handler.EnqueueRequestsFromMapFunc(r.getGatewayClassGateways), predicate.NewPredicateFuncs(r.isGatewayClassReconcilable), ); err != nil { @@ -94,12 +93,12 @@ func NewGatewayController(mgr manager.Manager, gatewayController, contourImage, // controlled by the provisioner, and that GatewayClass has a condition of // "Accepted: true". func (r *gatewayReconciler) forReconcilableGatewayClass(obj client.Object) bool { - gw, ok := obj.(*gatewayapi_v1beta1.Gateway) + gw, ok := obj.(*gatewayapi_v1.Gateway) if !ok { return false } - gatewayClass := &gatewayapi_v1beta1.GatewayClass{} + gatewayClass := &gatewayapi_v1.GatewayClass{} if err := r.client.Get(context.Background(), client.ObjectKey{Name: string(gw.Spec.GatewayClassName)}, gatewayClass); err != nil { return false } @@ -111,7 +110,7 @@ func (r *gatewayReconciler) forReconcilableGatewayClass(obj client.Object) bool // GatewayClass controlled by the provisioner that has an "Accepted: true" // condition. func (r *gatewayReconciler) isGatewayClassReconcilable(obj client.Object) bool { - gatewayClass, ok := obj.(*gatewayapi_v1beta1.GatewayClass) + gatewayClass, ok := obj.(*gatewayapi_v1.GatewayClass) if !ok { return false } @@ -134,7 +133,7 @@ func (r *gatewayReconciler) isGatewayClassReconcilable(obj client.Object) bool { } func (r *gatewayReconciler) getGatewayClassGateways(ctx context.Context, gatewayClass client.Object) []reconcile.Request { - var gateways gatewayapi_v1beta1.GatewayList + var gateways gatewayapi_v1.GatewayList if err := r.client.List(ctx, &gateways); err != nil { r.log.Error(err, "error listing gateways") return nil @@ -142,7 +141,7 @@ func (r *gatewayReconciler) getGatewayClassGateways(ctx context.Context, gateway var reconciles []reconcile.Request for _, gw := range gateways.Items { - if gw.Spec.GatewayClassName == gatewayapi_v1beta1.ObjectName(gatewayClass.GetName()) { + if gw.Spec.GatewayClassName == gatewayapi_v1.ObjectName(gatewayClass.GetName()) { reconciles = append(reconciles, reconcile.Request{ NamespacedName: types.NamespacedName{ Namespace: gw.Namespace, @@ -158,7 +157,7 @@ func (r *gatewayReconciler) getGatewayClassGateways(ctx context.Context, gateway func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { log := r.log.WithValues("gateway-namespace", req.Namespace, "gateway-name", req.Name) - gateway := &gatewayapi_v1beta1.Gateway{} + gateway := &gatewayapi_v1.Gateway{} if err := r.client.Get(ctx, req.NamespacedName, gateway); err != nil { if errors.IsNotFound(err) { log.Info("deleting gateway resources") @@ -183,7 +182,7 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct // Theoretically all event sources should be filtered already, but doesn't hurt // to double-check this here to ensure we only reconcile gateways for accepted // gateway classes the provisioner controls. - gatewayClass := &gatewayapi_v1beta1.GatewayClass{} + gatewayClass := &gatewayapi_v1.GatewayClass{} if err := r.client.Get(ctx, client.ObjectKey{Name: string(gateway.Spec.GatewayClassName)}, gatewayClass); err != nil { return ctrl.Result{}, fmt.Errorf("error getting gateway's gateway class: %w", err) } @@ -201,8 +200,8 @@ func (r *gatewayReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct address := gateway.Spec.Addresses[0] if address.Type == nil || - *address.Type == gatewayapi_v1beta1.IPAddressType || - *address.Type == gatewayapi_v1beta1.HostnameAddressType { + *address.Type == gatewayapi_v1.IPAddressType || + *address.Type == gatewayapi_v1.HostnameAddressType { contourModel.Spec.NetworkPublishing.Envoy.LoadBalancer.LoadBalancerIP = address.Value } } @@ -473,7 +472,7 @@ func (r *gatewayReconciler) ensureContourDeleted(ctx context.Context, contour *m return errs } -func (r *gatewayReconciler) getGatewayClassParams(ctx context.Context, gatewayClass *gatewayapi_v1beta1.GatewayClass) (*contour_v1alpha1.ContourDeployment, error) { +func (r *gatewayReconciler) getGatewayClassParams(ctx context.Context, gatewayClass *gatewayapi_v1.GatewayClass) (*contour_v1alpha1.ContourDeployment, error) { // Check if there is a parametersRef to ContourDeployment with // a namespace specified. Theoretically, we should only be reconciling // Gateways for GatewayClasses that have valid parameter refs (or no refs), diff --git a/internal/provisioner/controller/gateway_test.go b/internal/provisioner/controller/gateway_test.go index b099064e147..baf160da86c 100644 --- a/internal/provisioner/controller/gateway_test.go +++ b/internal/provisioner/controller/gateway_test.go @@ -30,7 +30,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client/fake" "sigs.k8s.io/controller-runtime/pkg/reconcile" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/provisioner" @@ -41,16 +40,16 @@ import ( func TestGatewayReconcile(t *testing.T) { const controller = "projectcontour.io/gateway-controller" - reconcilableGatewayClass := func(name, controller string) *gatewayapi_v1beta1.GatewayClass { - return &gatewayapi_v1beta1.GatewayClass{ + reconcilableGatewayClass := func(name, controller string) *gatewayapi_v1.GatewayClass { + return &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: name, }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController(controller), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController(controller), }, // the fake client lets us create resources with a status set - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -62,63 +61,63 @@ func TestGatewayReconcile(t *testing.T) { } } - reconcilableGatewayClassWithParams := func(name, controller string) *gatewayapi_v1beta1.GatewayClass { + reconcilableGatewayClassWithParams := func(name, controller string) *gatewayapi_v1.GatewayClass { gc := reconcilableGatewayClass(name, controller) - gc.Spec.ParametersRef = &gatewayapi_v1beta1.ParametersReference{ - Group: gatewayapi_v1beta1.Group(contour_v1alpha1.GroupVersion.Group), + gc.Spec.ParametersRef = &gatewayapi_v1.ParametersReference{ + Group: gatewayapi_v1.Group(contour_v1alpha1.GroupVersion.Group), Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), Name: name + "-params", } return gc } - reconcilableGatewayClassWithInvalidParams := func(name, controller string) *gatewayapi_v1beta1.GatewayClass { + reconcilableGatewayClassWithInvalidParams := func(name, controller string) *gatewayapi_v1.GatewayClass { gc := reconcilableGatewayClass(name, controller) - gc.Spec.ParametersRef = &gatewayapi_v1beta1.ParametersReference{ - Group: gatewayapi_v1beta1.Group(contour_v1alpha1.GroupVersion.Group), + gc.Spec.ParametersRef = &gatewayapi_v1.ParametersReference{ + Group: gatewayapi_v1.Group(contour_v1alpha1.GroupVersion.Group), Kind: "InvalidKind", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), Name: name + "-params", } return gc } - makeGateway := func() *gatewayapi_v1beta1.Gateway { - return &gatewayapi_v1beta1.Gateway{ + makeGateway := func() *gatewayapi_v1.Gateway { + return &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "gateway-1", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("gatewayclass-1"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("gatewayclass-1"), }, } } - makeGatewayWithAddrs := func(addrs []gatewayapi_v1beta1.GatewayAddress) *gatewayapi_v1beta1.Gateway { + makeGatewayWithAddrs := func(addrs []gatewayapi_v1.GatewayAddress) *gatewayapi_v1.Gateway { gtw := makeGateway() gtw.Spec.Addresses = addrs return gtw } - makeGatewayWithListeners := func(listeners []gatewayapi_v1beta1.Listener) *gatewayapi_v1beta1.Gateway { + makeGatewayWithListeners := func(listeners []gatewayapi_v1.Listener) *gatewayapi_v1.Gateway { gtw := makeGateway() gtw.Spec.Listeners = listeners return gtw } tests := map[string]struct { - gatewayClass *gatewayapi_v1beta1.GatewayClass + gatewayClass *gatewayapi_v1.GatewayClass gatewayClassParams *contour_v1alpha1.ContourDeployment - gateway *gatewayapi_v1beta1.Gateway + gateway *gatewayapi_v1.Gateway req *reconcile.Request - assertions func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) + assertions func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) }{ "A gateway for a reconcilable gatewayclass is reconciled": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -138,14 +137,14 @@ func TestGatewayReconcile(t *testing.T) { }, }, "A gateway for a non-reconcilable gatewayclass (not accepted) is not reconciled": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController(controller), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController(controller), }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -156,7 +155,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify that the Gateway has not had a "Accepted: true" condition set @@ -175,14 +174,14 @@ func TestGatewayReconcile(t *testing.T) { }, }, "A gateway for a non-reconcilable gatewayclass (non-matching controller) is not reconciled": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "someothercontroller.io/controller", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -193,7 +192,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify that the Gateway has not had a "Accepted: true" condition set @@ -214,81 +213,81 @@ func TestGatewayReconcile(t *testing.T) { "A gateway with no addresses results in an Envoy service with no loadBalancerIP": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "") }, }, "A gateway with one IP address results in an Envoy service with loadBalancerIP set to that IP address": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithAddrs([]gatewayapi_v1beta1.GatewayAddress{ + gateway: makeGatewayWithAddrs([]gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1.IPAddressType), Value: "172.18.255.207", }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "172.18.255.207") }, }, "A gateway with two IP addresses results in an Envoy service with loadBalancerIP set to the first IP address": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithAddrs([]gatewayapi_v1beta1.GatewayAddress{ + gateway: makeGatewayWithAddrs([]gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1.IPAddressType), Value: "172.18.255.207", }, { - Type: ref.To(gatewayapi_v1beta1.IPAddressType), + Type: ref.To(gatewayapi_v1.IPAddressType), Value: "172.18.255.999", }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "172.18.255.207") }, }, "A gateway with one Hostname address results in an Envoy service with loadBalancerIP set to that hostname": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithAddrs([]gatewayapi_v1beta1.GatewayAddress{ + gateway: makeGatewayWithAddrs([]gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1beta1.HostnameAddressType), + Type: ref.To(gatewayapi_v1.HostnameAddressType), Value: "projectcontour.io", }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "projectcontour.io") }, }, "A gateway with two Hostname addresses results in an Envoy service with loadBalancerIP set to the first hostname": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithAddrs([]gatewayapi_v1beta1.GatewayAddress{ + gateway: makeGatewayWithAddrs([]gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1beta1.HostnameAddressType), + Type: ref.To(gatewayapi_v1.HostnameAddressType), Value: "projectcontour.io", }, { - Type: ref.To(gatewayapi_v1beta1.HostnameAddressType), + Type: ref.To(gatewayapi_v1.HostnameAddressType), Value: "anotherhost.io", }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "projectcontour.io") }, }, "A gateway with one custom address type results in an Envoy service with no loadBalancerIP": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithAddrs([]gatewayapi_v1beta1.GatewayAddress{ + gateway: makeGatewayWithAddrs([]gatewayapi_v1.GatewayAddress{ { - Type: ref.To(gatewayapi_v1beta1.AddressType("acme.io/CustomAddressType")), + Type: ref.To(gatewayapi_v1.AddressType("acme.io/CustomAddressType")), Value: "custom-address-types-are-not-supported", }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) assertEnvoyServiceLoadBalancerIP(t, gw, r.client, "") }, @@ -315,7 +314,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -384,7 +383,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -439,7 +438,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -477,7 +476,7 @@ func TestGatewayReconcile(t *testing.T) { }, "The Envoy service's ports are derived from the Gateway's listeners (http & https)": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithListeners([]gatewayapi_v1beta1.Listener{ + gateway: makeGatewayWithListeners([]gatewayapi_v1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -487,7 +486,7 @@ func TestGatewayReconcile(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("foo.bar")), + Hostname: ref.To(gatewayapi_v1.Hostname("foo.bar")), }, { Name: "listener-3", @@ -509,17 +508,17 @@ func TestGatewayReconcile(t *testing.T) { Name: "listener-6", Protocol: gatewayapi_v1.TLSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("foo.bar")), + Hostname: ref.To(gatewayapi_v1.Hostname("foo.bar")), }, { Name: "listener-7", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 8443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("foo.baz")), + Hostname: ref.To(gatewayapi_v1.Hostname("foo.baz")), }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Get the expected Envoy service from the client. envoyService := &core_v1.Service{ @@ -559,7 +558,7 @@ func TestGatewayReconcile(t *testing.T) { }, "The Envoy service's ports are derived from the Gateway's listeners (http only)": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: makeGatewayWithListeners([]gatewayapi_v1beta1.Listener{ + gateway: makeGatewayWithListeners([]gatewayapi_v1.Listener{ { Name: "listener-1", Protocol: gatewayapi_v1.HTTPProtocolType, @@ -569,7 +568,7 @@ func TestGatewayReconcile(t *testing.T) { Name: "listener-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("foo.bar")), + Hostname: ref.To(gatewayapi_v1.Hostname("foo.bar")), }, { Name: "listener-3", @@ -583,7 +582,7 @@ func TestGatewayReconcile(t *testing.T) { Port: 82, }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Get the expected Envoy service from the client. envoyService := &core_v1.Service{ @@ -619,7 +618,7 @@ func TestGatewayReconcile(t *testing.T) { Spec: contour_v1alpha1.ContourDeploymentSpec{}, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -661,7 +660,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -697,7 +696,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -742,7 +741,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -782,7 +781,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -827,7 +826,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -865,7 +864,7 @@ func TestGatewayReconcile(t *testing.T) { Spec: contour_v1alpha1.ContourDeploymentSpec{}, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -908,32 +907,32 @@ func TestGatewayReconcile(t *testing.T) { }, }, }, - gateway: makeGatewayWithListeners([]gatewayapi_v1beta1.Listener{ + gateway: makeGatewayWithListeners([]gatewayapi_v1.Listener{ { Protocol: gatewayapi_v1.HTTPProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - Name: gatewayapi_v1beta1.SectionName("http"), - Port: gatewayapi_v1beta1.PortNumber(30000), + Name: gatewayapi_v1.SectionName("http"), + Port: gatewayapi_v1.PortNumber(30000), }, { - Name: gatewayapi_v1beta1.SectionName("https"), - Port: gatewayapi_v1beta1.PortNumber(30001), + Name: gatewayapi_v1.SectionName("https"), + Port: gatewayapi_v1.PortNumber(30001), Protocol: gatewayapi_v1.HTTPSProtocolType, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromAll), }, }, - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), }, }, }), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -979,7 +978,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -1031,7 +1030,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has an "Accepted: true" condition @@ -1083,7 +1082,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -1118,7 +1117,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { ds := &apps_v1.DaemonSet{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", @@ -1144,7 +1143,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { ds := &apps_v1.DaemonSet{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", @@ -1168,7 +1167,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { ds := &apps_v1.DaemonSet{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", @@ -1196,7 +1195,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has a "Accepted: true" condition @@ -1238,7 +1237,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) // Verify the Gateway has an "Accepted: true" condition @@ -1270,13 +1269,13 @@ func TestGatewayReconcile(t *testing.T) { }, "The Gateway's infrastructure labels and annotations are set on all resources": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), - gateway: &gatewayapi_v1beta1.Gateway{ + gateway: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "gateway-1", Name: "gateway-1", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("gatewayclass-1"), + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("gatewayclass-1"), Infrastructure: &gatewayapi_v1.GatewayInfrastructure{ Labels: map[gatewayapi_v1.AnnotationKey]gatewayapi_v1.AnnotationValue{ gatewayapi_v1.AnnotationKey("projectcontour.io/label-1"): gatewayapi_v1.AnnotationValue("label-value-1"), @@ -1289,7 +1288,7 @@ func TestGatewayReconcile(t *testing.T) { }, }, }, - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) for _, obj := range []client.Object{ @@ -1347,7 +1346,7 @@ func TestGatewayReconcile(t *testing.T) { "Gateway owner labels are set on all resources": { gatewayClass: reconcilableGatewayClass("gatewayclass-1", controller), gateway: makeGateway(), - assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1beta1.Gateway, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayReconciler, gw *gatewayapi_v1.Gateway, reconcileErr error) { require.NoError(t, reconcileErr) for _, obj := range []client.Object{ @@ -1440,7 +1439,7 @@ func TestGatewayReconcile(t *testing.T) { } } -func assertEnvoyServiceLoadBalancerIP(t *testing.T, gateway *gatewayapi_v1beta1.Gateway, client client.Client, want string) { +func assertEnvoyServiceLoadBalancerIP(t *testing.T, gateway *gatewayapi_v1.Gateway, client client.Client, want string) { // Get the expected Envoy service from the client. envoyService := &core_v1.Service{ ObjectMeta: meta_v1.ObjectMeta{ diff --git a/internal/provisioner/controller/gatewayclass.go b/internal/provisioner/controller/gatewayclass.go index 019b226fc9b..030fb2c821d 100644 --- a/internal/provisioner/controller/gatewayclass.go +++ b/internal/provisioner/controller/gatewayclass.go @@ -33,7 +33,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/reconcile" "sigs.k8s.io/controller-runtime/pkg/source" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" ) @@ -45,14 +44,14 @@ const ( // gatewayClassReconciler reconciles GatewayClass objects. type gatewayClassReconciler struct { - gatewayController gatewayapi_v1beta1.GatewayController + gatewayController gatewayapi_v1.GatewayController client client.Client log logr.Logger } func NewGatewayClassController(mgr manager.Manager, gatewayController string) (controller.Controller, error) { r := &gatewayClassReconciler{ - gatewayController: gatewayapi_v1beta1.GatewayController(gatewayController), + gatewayController: gatewayapi_v1.GatewayController(gatewayController), client: mgr.GetClient(), log: ctrl.Log.WithName("gatewayclass-controller"), } @@ -63,7 +62,7 @@ func NewGatewayClassController(mgr manager.Manager, gatewayController string) (c } if err := c.Watch( - source.Kind(mgr.GetCache(), &gatewayapi_v1beta1.GatewayClass{}), + source.Kind(mgr.GetCache(), &gatewayapi_v1.GatewayClass{}), &handler.EnqueueRequestForObject{}, predicate.NewPredicateFuncs(r.hasMatchingController), ); err != nil { @@ -83,7 +82,7 @@ func NewGatewayClassController(mgr manager.Manager, gatewayController string) (c } func (r *gatewayClassReconciler) hasMatchingController(obj client.Object) bool { - gatewayClass, ok := obj.(*gatewayapi_v1beta1.GatewayClass) + gatewayClass, ok := obj.(*gatewayapi_v1.GatewayClass) if !ok { return false } @@ -95,7 +94,7 @@ func (r *gatewayClassReconciler) hasMatchingController(obj client.Object) bool { // for all provisioner-controlled GatewayClasses that have a ParametersRef to // the specified ContourDeployment object. func (r *gatewayClassReconciler) mapContourDeploymentToGatewayClasses(ctx context.Context, contourDeployment client.Object) []reconcile.Request { - var gatewayClasses gatewayapi_v1beta1.GatewayClassList + var gatewayClasses gatewayapi_v1.GatewayClassList if err := r.client.List(ctx, &gatewayClasses); err != nil { r.log.Error(err, "error listing gateway classes") return nil @@ -129,7 +128,7 @@ func (r *gatewayClassReconciler) mapContourDeploymentToGatewayClasses(ctx contex } func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { - gatewayClass := &gatewayapi_v1beta1.GatewayClass{} + gatewayClass := &gatewayapi_v1.GatewayClass{} if err := r.client.Get(ctx, req.NamespacedName, gatewayClass); err != nil { // GatewayClass no longer exists, nothing to do. if errors.IsNotFound(err) { @@ -266,7 +265,7 @@ func (r *gatewayClassReconciler) Reconcile(ctx context.Context, req ctrl.Request return ctrl.Result{}, nil } -func (r *gatewayClassReconciler) setConditions(ctx context.Context, gatewayClass *gatewayapi_v1beta1.GatewayClass, newConds map[string]meta_v1.Condition) error { +func (r *gatewayClassReconciler) setConditions(ctx context.Context, gatewayClass *gatewayapi_v1.GatewayClass, newConds map[string]meta_v1.Condition) error { var unchangedConds, updatedConds []meta_v1.Condition for _, existing := range gatewayClass.Status.Conditions { if cond, ok := newConds[existing.Type]; ok { @@ -338,7 +337,7 @@ func (r *gatewayClassReconciler) getSupportedVersionCondition(ctx context.Contex // isValidParametersRef returns true if the provided ParametersReference is // to a ContourDeployment resource that exists. -func (r *gatewayClassReconciler) isValidParametersRef(ctx context.Context, ref *gatewayapi_v1beta1.ParametersReference) (bool, *contour_v1alpha1.ContourDeployment, error) { +func (r *gatewayClassReconciler) isValidParametersRef(ctx context.Context, ref *gatewayapi_v1.ParametersReference) (bool, *contour_v1alpha1.ContourDeployment, error) { if ref == nil { return true, nil, nil } @@ -363,7 +362,7 @@ func (r *gatewayClassReconciler) isValidParametersRef(ctx context.Context, ref * return true, params, nil } -func isContourDeploymentRef(ref *gatewayapi_v1beta1.ParametersReference) bool { +func isContourDeploymentRef(ref *gatewayapi_v1.ParametersReference) bool { if ref == nil { return false } diff --git a/internal/provisioner/controller/gatewayclass_test.go b/internal/provisioner/controller/gatewayclass_test.go index eefa0e5c671..419fe06cb43 100644 --- a/internal/provisioner/controller/gatewayclass_test.go +++ b/internal/provisioner/controller/gatewayclass_test.go @@ -31,7 +31,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/reconcile" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/fixture" @@ -41,49 +40,49 @@ import ( func TestGatewayClassReconcile(t *testing.T) { tests := map[string]struct { - gatewayClass *gatewayapi_v1beta1.GatewayClass + gatewayClass *gatewayapi_v1.GatewayClass gatewayClassCRD *apiextensions_v1.CustomResourceDefinition params *contour_v1alpha1.ContourDeployment req *reconcile.Request wantConditions []*meta_v1.Condition - assertions func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) + assertions func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1.GatewayClass, reconcileErr error) }{ "reconcile request for non-existent gatewayclass results in no error": { req: &reconcile.Request{ NamespacedName: types.NamespacedName{Name: "nonexistent"}, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) - gatewayClasses := &gatewayapi_v1beta1.GatewayClassList{} + gatewayClasses := &gatewayapi_v1.GatewayClassList{} require.NoError(t, r.client.List(context.Background(), gatewayClasses)) assert.Empty(t, gatewayClasses.Items) }, }, "gatewayclass not controlled by us does not get conditions set": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController("someothercontroller.io/controller"), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController("someothercontroller.io/controller"), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) - res := &gatewayapi_v1beta1.GatewayClass{} + res := &gatewayapi_v1.GatewayClass{} require.NoError(t, r.client.Get(context.Background(), keyFor(gc), res)) assert.Empty(t, res.Status.Conditions) }, }, "gatewayclass controlled by us with no parameters gets Accepted: true condition and SupportedVersion: true": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, }, @@ -101,17 +100,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with an invalid parametersRef (target does not exist) gets Accepted: false condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -129,17 +128,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with an invalid parametersRef (invalid group) gets Accepted: false condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "invalidgroup.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -163,17 +162,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with an invalid parametersRef (invalid kind) gets Accepted: false condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "InvalidKind", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -197,17 +196,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with an invalid parametersRef (invalid name) gets Accepted: false condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "invalid-name", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -231,17 +230,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with an invalid parametersRef (invalid namespace) gets Accepted: false condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("invalid-namespace")), + Namespace: ref.To(gatewayapi_v1.Namespace("invalid-namespace")), }, }, }, @@ -265,17 +264,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with a valid parametersRef gets Accepted: true condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -299,17 +298,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with a valid parametersRef but invalid parameter values for NetworkPublishing gets Accepted: false condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -341,17 +340,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with a valid parametersRef but invalid parameter values for ExtraVolumeMounts gets Accepted: false condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -389,17 +388,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with a valid parametersRef but invalid parameter values for LogLevel gets Accepted: false condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -428,17 +427,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with a valid parametersRef but invalid parameter values for ExternalTrafficPolicy gets Accepted: false condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -469,17 +468,17 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with a valid parametersRef but invalid parameter values for IPFamilyPolicy gets Accepted: false condition": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", Name: "gatewayclass-params", - Namespace: ref.To(gatewayapi_v1beta1.Namespace("projectcontour")), + Namespace: ref.To(gatewayapi_v1.Namespace("projectcontour")), }, }, }, @@ -510,11 +509,11 @@ func TestGatewayClassReconcile(t *testing.T) { }, }, "gatewayclass controlled by us with gatewayclass CRD with unsupported version sets Accepted: true, SupportedVersion: False": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, }, @@ -538,16 +537,16 @@ func TestGatewayClassReconcile(t *testing.T) { Reason: string(gatewayapi_v1.GatewayClassReasonUnsupportedVersion), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) }, }, "gatewayclass controlled by us with gatewayclass CRD fetch failed sets SupportedVersion: false": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, }, @@ -573,16 +572,16 @@ func TestGatewayClassReconcile(t *testing.T) { Reason: string(gatewayapi_v1.GatewayClassReasonUnsupportedVersion), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) }, }, "gatewayclass controlled by us with gatewayclass CRD without version annotation sets SupportedVersion: false": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, }, @@ -606,20 +605,20 @@ func TestGatewayClassReconcile(t *testing.T) { Reason: string(gatewayapi_v1.GatewayClassReasonUnsupportedVersion), }, }, - assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1beta1.GatewayClass, reconcileErr error) { + assertions: func(t *testing.T, r *gatewayClassReconciler, gc *gatewayapi_v1.GatewayClass, reconcileErr error) { require.NoError(t, reconcileErr) }, }, "gatewayclass with status from previous generation is updated, only conditions we own are changed": { - gatewayClass: &gatewayapi_v1beta1.GatewayClass{ + gatewayClass: &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "gatewayclass-1", Generation: 2, }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ + Spec: gatewayapi_v1.GatewayClassSpec{ ControllerName: "projectcontour.io/gateway-controller", }, - Status: gatewayapi_v1beta1.GatewayClassStatus{ + Status: gatewayapi_v1.GatewayClassStatus{ Conditions: []meta_v1.Condition{ { Type: string(gatewayapi_v1.GatewayClassConditionStatusAccepted), @@ -706,7 +705,7 @@ func TestGatewayClassReconcile(t *testing.T) { _, err = r.Reconcile(context.Background(), req) if len(tc.wantConditions) > 0 { - res := &gatewayapi_v1beta1.GatewayClass{} + res := &gatewayapi_v1.GatewayClass{} require.NoError(t, r.client.Get(context.Background(), keyFor(tc.gatewayClass), res)) require.Len(t, res.Status.Conditions, len(tc.wantConditions)) diff --git a/internal/provisioner/scheme.go b/internal/provisioner/scheme.go index 998e23ff4c8..342140ce87f 100644 --- a/internal/provisioner/scheme.go +++ b/internal/provisioner/scheme.go @@ -17,6 +17,7 @@ import ( apiextensions_v1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" @@ -33,6 +34,7 @@ func CreateScheme() (*runtime.Scheme, error) { apiextensions_v1.AddToScheme, gatewayapi_v1alpha2.AddToScheme, gatewayapi_v1beta1.AddToScheme, + gatewayapi_v1.AddToScheme, contour_v1alpha1.AddToScheme, } diff --git a/internal/status/backendtlspolicyconditions.go b/internal/status/backendtlspolicyconditions.go index 8c53554fe0a..7b765c49992 100644 --- a/internal/status/backendtlspolicyconditions.go +++ b/internal/status/backendtlspolicyconditions.go @@ -20,8 +20,8 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" ) @@ -32,7 +32,7 @@ type BackendTLSPolicyStatusUpdate struct { FullName types.NamespacedName PolicyAncestorStatuses []*gatewayapi_v1alpha2.PolicyAncestorStatus GatewayRef types.NamespacedName - GatewayController gatewayapi_v1beta1.GatewayController + GatewayController gatewayapi_v1.GatewayController Generation int64 TransitionTime meta_v1.Time } @@ -41,12 +41,12 @@ type BackendTLSPolicyStatusUpdate struct { // PolicyAncestorStatus. type BackendTLSPolicyAncestorStatusUpdate struct { *BackendTLSPolicyStatusUpdate - ancestorRef gatewayapi_v1beta1.ParentReference + ancestorRef gatewayapi_v1.ParentReference } // StatusUpdateFor returns a BackendTLSPolicyAncestorStatusUpdate for the given // ancestor ref. -func (b *BackendTLSPolicyStatusUpdate) StatusUpdateFor(ancestorRef gatewayapi_v1beta1.ParentReference) *BackendTLSPolicyAncestorStatusUpdate { +func (b *BackendTLSPolicyStatusUpdate) StatusUpdateFor(ancestorRef gatewayapi_v1.ParentReference) *BackendTLSPolicyAncestorStatusUpdate { return &BackendTLSPolicyAncestorStatusUpdate{ BackendTLSPolicyStatusUpdate: b, ancestorRef: ancestorRef, @@ -106,7 +106,7 @@ func (b *BackendTLSPolicyAncestorStatusUpdate) AddCondition(conditionType gatewa // ConditionsForAncestorRef returns the list of conditions for a given ancestor // if it exists. -func (b *BackendTLSPolicyStatusUpdate) ConditionsForAncestorRef(ancestorRef gatewayapi_v1beta1.ParentReference) []meta_v1.Condition { +func (b *BackendTLSPolicyStatusUpdate) ConditionsForAncestorRef(ancestorRef gatewayapi_v1.ParentReference) []meta_v1.Condition { for _, pas := range b.PolicyAncestorStatuses { if pas.AncestorRef == ancestorRef { return pas.Conditions diff --git a/internal/status/cache.go b/internal/status/cache.go index 7ea7c0cacbe..b197d12c2cc 100644 --- a/internal/status/cache.go +++ b/internal/status/cache.go @@ -21,8 +21,8 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/k8s" @@ -37,7 +37,7 @@ type ConditionType string const ValidCondition ConditionType = "Valid" // NewCache creates a new Cache for holding status updates. -func NewCache(gateway types.NamespacedName, gatewayController gatewayapi_v1beta1.GatewayController) Cache { +func NewCache(gateway types.NamespacedName, gatewayController gatewayapi_v1.GatewayController) Cache { return Cache{ gatewayRef: gateway, gatewayController: gatewayController, @@ -59,7 +59,7 @@ type CacheEntry interface { // KindAccessor. type Cache struct { gatewayRef types.NamespacedName - gatewayController gatewayapi_v1beta1.GatewayController + gatewayController gatewayapi_v1.GatewayController proxyUpdates map[types.NamespacedName]*ProxyUpdate gatewayUpdates map[types.NamespacedName]*GatewayStatusUpdate @@ -133,7 +133,7 @@ func (c *Cache) GetStatusUpdates() []k8s.StatusUpdate { for fullname, gwUpdate := range c.gatewayUpdates { update := k8s.StatusUpdate{ NamespacedName: fullname, - Resource: &gatewayapi_v1beta1.Gateway{}, + Resource: &gatewayapi_v1.Gateway{}, Mutator: gwUpdate, } @@ -192,10 +192,10 @@ func (c *Cache) GetBackendTLSPolicyUpdates() []*BackendTLSPolicyStatusUpdate { // status changes as well as a function to commit the change back to the cache when everything // is done. The commit function pattern is used so that the GatewayStatusUpdate does not need // to know anything the cache internals. -func (c *Cache) GatewayStatusAccessor(nsName types.NamespacedName, generation int64, gs *gatewayapi_v1beta1.GatewayStatus) (*GatewayStatusUpdate, func()) { +func (c *Cache) GatewayStatusAccessor(nsName types.NamespacedName, generation int64, gs *gatewayapi_v1.GatewayStatus) (*GatewayStatusUpdate, func()) { gu := &GatewayStatusUpdate{ FullName: nsName, - Conditions: make(map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition), + Conditions: make(map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition), ExistingConditions: getGatewayConditions(gs), Generation: generation, TransitionTime: meta_v1.NewTime(time.Now()), diff --git a/internal/status/cache_test.go b/internal/status/cache_test.go index 1d49ccd1d8b..5fa73fd403d 100644 --- a/internal/status/cache_test.go +++ b/internal/status/cache_test.go @@ -19,7 +19,7 @@ import ( "github.com/stretchr/testify/assert" core_v1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -51,7 +51,7 @@ func TestCacheAcquisition(t *testing.T) { proxy := &contour_v1.HTTPProxy{ ObjectMeta: fixture.ObjectMeta("test/proxy"), } - httpRoute := &gatewayapi_v1beta1.HTTPRoute{ + httpRoute := &gatewayapi_v1.HTTPRoute{ ObjectMeta: fixture.ObjectMeta("test/httproute"), } cache := NewCache(types.NamespacedName{Name: "contour", Namespace: "projectcontour"}, "") diff --git a/internal/status/gatewayclass.go b/internal/status/gatewayclass.go index 44c84f8c857..82ff05f9287 100644 --- a/internal/status/gatewayclass.go +++ b/internal/status/gatewayclass.go @@ -14,12 +14,12 @@ package status import ( - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" ) // SetGatewayClassAccepted inserts or updates the Accepted condition // for the provided GatewayClass. -func SetGatewayClassAccepted(gc *gatewayapi_v1beta1.GatewayClass, accepted bool) *gatewayapi_v1beta1.GatewayClass { +func SetGatewayClassAccepted(gc *gatewayapi_v1.GatewayClass, accepted bool) *gatewayapi_v1.GatewayClass { gc.Status.Conditions = mergeConditions(gc.Status.Conditions, computeGatewayClassAcceptedCondition(gc, accepted)) return gc } diff --git a/internal/status/gatewayclassconditions.go b/internal/status/gatewayclassconditions.go index 9b529ca29a7..6ad42fe414e 100644 --- a/internal/status/gatewayclassconditions.go +++ b/internal/status/gatewayclassconditions.go @@ -19,13 +19,12 @@ import ( apiequality "k8s.io/apimachinery/pkg/api/equality" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) -const ReasonOlderGatewayClassExists gatewayapi_v1beta1.GatewayClassConditionReason = "OlderGatewayClassExists" +const ReasonOlderGatewayClassExists gatewayapi_v1.GatewayClassConditionReason = "OlderGatewayClassExists" // computeGatewayClassAcceptedCondition computes the GatewayClass Accepted status condition. -func computeGatewayClassAcceptedCondition(gatewayClass *gatewayapi_v1beta1.GatewayClass, accepted bool) meta_v1.Condition { +func computeGatewayClassAcceptedCondition(gatewayClass *gatewayapi_v1.GatewayClass, accepted bool) meta_v1.Condition { switch accepted { case true: return meta_v1.Condition{ diff --git a/internal/status/gatewayclassconditions_test.go b/internal/status/gatewayclassconditions_test.go index 49ae85b9d23..2012b6ee853 100644 --- a/internal/status/gatewayclassconditions_test.go +++ b/internal/status/gatewayclassconditions_test.go @@ -20,7 +20,6 @@ import ( "github.com/stretchr/testify/assert" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) func TestComputeGatewayClassAcceptedCondition(t *testing.T) { @@ -50,7 +49,7 @@ func TestComputeGatewayClassAcceptedCondition(t *testing.T) { } for _, tc := range testCases { - gc := &gatewayapi_v1beta1.GatewayClass{ + gc := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Generation: 7, }, diff --git a/internal/status/gatewaystatus.go b/internal/status/gatewaystatus.go index cd879bb7d25..a97bda782eb 100644 --- a/internal/status/gatewaystatus.go +++ b/internal/status/gatewaystatus.go @@ -20,7 +20,7 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/ref" ) @@ -31,18 +31,18 @@ const MessageValidGateway = "Valid Gateway" // Gateway's status. type GatewayStatusUpdate struct { FullName types.NamespacedName - Conditions map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition - ExistingConditions map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition - ListenerStatus map[string]*gatewayapi_v1beta1.ListenerStatus + Conditions map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition + ExistingConditions map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition + ListenerStatus map[string]*gatewayapi_v1.ListenerStatus Generation int64 TransitionTime meta_v1.Time } // AddCondition returns a meta_v1.Condition for a given GatewayConditionType. func (gatewayUpdate *GatewayStatusUpdate) AddCondition( - cond gatewayapi_v1beta1.GatewayConditionType, + cond gatewayapi_v1.GatewayConditionType, status meta_v1.ConditionStatus, - reason gatewayapi_v1beta1.GatewayConditionReason, + reason gatewayapi_v1.GatewayConditionReason, message string, ) meta_v1.Condition { if c, ok := gatewayUpdate.Conditions[cond]; ok { @@ -61,19 +61,19 @@ func (gatewayUpdate *GatewayStatusUpdate) AddCondition( return newCond } -func (gatewayUpdate *GatewayStatusUpdate) SetListenerSupportedKinds(listenerName string, kinds []gatewayapi_v1beta1.Kind) { +func (gatewayUpdate *GatewayStatusUpdate) SetListenerSupportedKinds(listenerName string, kinds []gatewayapi_v1.Kind) { if gatewayUpdate.ListenerStatus == nil { - gatewayUpdate.ListenerStatus = map[string]*gatewayapi_v1beta1.ListenerStatus{} + gatewayUpdate.ListenerStatus = map[string]*gatewayapi_v1.ListenerStatus{} } if gatewayUpdate.ListenerStatus[listenerName] == nil { - gatewayUpdate.ListenerStatus[listenerName] = &gatewayapi_v1beta1.ListenerStatus{ - Name: gatewayapi_v1beta1.SectionName(listenerName), + gatewayUpdate.ListenerStatus[listenerName] = &gatewayapi_v1.ListenerStatus{ + Name: gatewayapi_v1.SectionName(listenerName), } } for _, kind := range kinds { - groupKind := gatewayapi_v1beta1.RouteGroupKind{ - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), + groupKind := gatewayapi_v1.RouteGroupKind{ + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: kind, } @@ -83,11 +83,11 @@ func (gatewayUpdate *GatewayStatusUpdate) SetListenerSupportedKinds(listenerName func (gatewayUpdate *GatewayStatusUpdate) SetListenerAttachedRoutes(listenerName string, numRoutes int) { if gatewayUpdate.ListenerStatus == nil { - gatewayUpdate.ListenerStatus = map[string]*gatewayapi_v1beta1.ListenerStatus{} + gatewayUpdate.ListenerStatus = map[string]*gatewayapi_v1.ListenerStatus{} } if gatewayUpdate.ListenerStatus[listenerName] == nil { - gatewayUpdate.ListenerStatus[listenerName] = &gatewayapi_v1beta1.ListenerStatus{ - Name: gatewayapi_v1beta1.SectionName(listenerName), + gatewayUpdate.ListenerStatus[listenerName] = &gatewayapi_v1.ListenerStatus{ + Name: gatewayapi_v1.SectionName(listenerName), } } @@ -97,17 +97,17 @@ func (gatewayUpdate *GatewayStatusUpdate) SetListenerAttachedRoutes(listenerName // AddListenerCondition adds a Condition for the specified listener. func (gatewayUpdate *GatewayStatusUpdate) AddListenerCondition( listenerName string, - cond gatewayapi_v1beta1.ListenerConditionType, + cond gatewayapi_v1.ListenerConditionType, status meta_v1.ConditionStatus, - reason gatewayapi_v1beta1.ListenerConditionReason, + reason gatewayapi_v1.ListenerConditionReason, message string, ) meta_v1.Condition { if gatewayUpdate.ListenerStatus == nil { - gatewayUpdate.ListenerStatus = map[string]*gatewayapi_v1beta1.ListenerStatus{} + gatewayUpdate.ListenerStatus = map[string]*gatewayapi_v1.ListenerStatus{} } if gatewayUpdate.ListenerStatus[listenerName] == nil { - gatewayUpdate.ListenerStatus[listenerName] = &gatewayapi_v1beta1.ListenerStatus{ - Name: gatewayapi_v1beta1.SectionName(listenerName), + gatewayUpdate.ListenerStatus[listenerName] = &gatewayapi_v1.ListenerStatus{ + Name: gatewayapi_v1.SectionName(listenerName), } } @@ -140,18 +140,18 @@ func (gatewayUpdate *GatewayStatusUpdate) AddListenerCondition( return newCond } -func getGatewayConditions(gs *gatewayapi_v1beta1.GatewayStatus) map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition { - conditions := make(map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition) +func getGatewayConditions(gs *gatewayapi_v1.GatewayStatus) map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition { + conditions := make(map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition) for _, cond := range gs.Conditions { - if _, ok := conditions[gatewayapi_v1beta1.GatewayConditionType(cond.Type)]; !ok { - conditions[gatewayapi_v1beta1.GatewayConditionType(cond.Type)] = cond + if _, ok := conditions[gatewayapi_v1.GatewayConditionType(cond.Type)]; !ok { + conditions[gatewayapi_v1.GatewayConditionType(cond.Type)] = cond } } return conditions } func (gatewayUpdate *GatewayStatusUpdate) Mutate(obj client.Object) client.Object { - o, ok := obj.(*gatewayapi_v1beta1.Gateway) + o, ok := obj.(*gatewayapi_v1.Gateway) if !ok { panic(fmt.Sprintf("Unsupported %T object %s/%s in GatewayStatusUpdate status mutator", obj, gatewayUpdate.FullName.Namespace, gatewayUpdate.FullName.Name, @@ -196,7 +196,7 @@ func (gatewayUpdate *GatewayStatusUpdate) Mutate(obj client.Object) client.Objec // Overwrite all listener statuses since we re-compute all of them // for each Gateway status update. - var listenerStatusToWrite []gatewayapi_v1beta1.ListenerStatus + var listenerStatusToWrite []gatewayapi_v1.ListenerStatus for _, status := range gatewayUpdate.ListenerStatus { if status.Conditions == nil { // Conditions is a required field so we have to specify an empty slice here @@ -204,7 +204,7 @@ func (gatewayUpdate *GatewayStatusUpdate) Mutate(obj client.Object) client.Objec } if status.SupportedKinds == nil { // SupportedKinds is a required field so we have to specify an empty slice here - status.SupportedKinds = []gatewayapi_v1beta1.RouteGroupKind{} + status.SupportedKinds = []gatewayapi_v1.RouteGroupKind{} } listenerStatusToWrite = append(listenerStatusToWrite, *status) } diff --git a/internal/status/gatewaystatus_test.go b/internal/status/gatewaystatus_test.go index 44328b59614..70e6196d17c 100644 --- a/internal/status/gatewaystatus_test.go +++ b/internal/status/gatewaystatus_test.go @@ -20,7 +20,6 @@ import ( "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/k8s" "github.com/projectcontour/contour/internal/ref" @@ -39,7 +38,7 @@ func TestGatewayAddCondition(t *testing.T) { gatewayUpdate := GatewayStatusUpdate{ FullName: k8s.NamespacedNameFrom("test/test"), - Conditions: make(map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition), + Conditions: make(map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition), ExistingConditions: nil, Generation: testGeneration, TransitionTime: meta_v1.Time{}, @@ -62,8 +61,8 @@ func TestGatewayAddCondition(t *testing.T) { func TestGatewaySetListenerSupportedKinds(t *testing.T) { var gsu GatewayStatusUpdate - gsu.SetListenerSupportedKinds("http", []gatewayapi_v1beta1.Kind{"HTTPRoute"}) - gsu.SetListenerSupportedKinds("https", []gatewayapi_v1beta1.Kind{"HTTPRoute", "TLSRoute"}) + gsu.SetListenerSupportedKinds("http", []gatewayapi_v1.Kind{"HTTPRoute"}) + gsu.SetListenerSupportedKinds("https", []gatewayapi_v1.Kind{"HTTPRoute", "TLSRoute"}) assert.Len(t, gsu.ListenerStatus, 2) @@ -71,16 +70,16 @@ func TestGatewaySetListenerSupportedKinds(t *testing.T) { require.NotNil(t, gsu.ListenerStatus["https"]) assert.ElementsMatch(t, - []gatewayapi_v1beta1.RouteGroupKind{ - {Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), Kind: "HTTPRoute"}, + []gatewayapi_v1.RouteGroupKind{ + {Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute"}, }, gsu.ListenerStatus["http"].SupportedKinds, ) assert.ElementsMatch(t, - []gatewayapi_v1beta1.RouteGroupKind{ - {Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), Kind: "HTTPRoute"}, - {Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), Kind: "TLSRoute"}, + []gatewayapi_v1.RouteGroupKind{ + {Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "HTTPRoute"}, + {Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), Kind: "TLSRoute"}, }, gsu.ListenerStatus["https"].SupportedKinds, ) @@ -104,18 +103,18 @@ func TestGatewaySetListenerAttachedRoutes(t *testing.T) { func TestGatewayMutate(t *testing.T) { var gsu GatewayStatusUpdate - gsu.ListenerStatus = map[string]*gatewayapi_v1beta1.ListenerStatus{ + gsu.ListenerStatus = map[string]*gatewayapi_v1.ListenerStatus{ "http": { Name: "http", AttachedRoutes: 7, - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), - Kind: gatewayapi_v1beta1.Kind("FooRoute"), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Kind: gatewayapi_v1.Kind("FooRoute"), }, { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), - Kind: gatewayapi_v1beta1.Kind("BarRoute"), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Kind: gatewayapi_v1.Kind("BarRoute"), }, }, Conditions: []meta_v1.Condition{}, @@ -123,26 +122,26 @@ func TestGatewayMutate(t *testing.T) { "https": { Name: "https", AttachedRoutes: 77, - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), - Kind: gatewayapi_v1beta1.Kind("TLSRoute"), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Kind: gatewayapi_v1.Kind("TLSRoute"), }, }, Conditions: []meta_v1.Condition{}, }, } - gw := &gatewayapi_v1beta1.Gateway{ - Status: gatewayapi_v1beta1.GatewayStatus{ - Listeners: []gatewayapi_v1beta1.ListenerStatus{ + gw := &gatewayapi_v1.Gateway{ + Status: gatewayapi_v1.GatewayStatus{ + Listeners: []gatewayapi_v1.ListenerStatus{ { Name: "http", AttachedRoutes: 3, - SupportedKinds: []gatewayapi_v1beta1.RouteGroupKind{ + SupportedKinds: []gatewayapi_v1.RouteGroupKind{ { - Group: ref.To(gatewayapi_v1beta1.Group(gatewayapi_v1beta1.GroupName)), - Kind: gatewayapi_v1beta1.Kind("HTTPRoute"), + Group: ref.To(gatewayapi_v1.Group(gatewayapi_v1.GroupName)), + Kind: gatewayapi_v1.Kind("HTTPRoute"), }, }, Conditions: []meta_v1.Condition{}, @@ -151,12 +150,12 @@ func TestGatewayMutate(t *testing.T) { }, } - got, ok := gsu.Mutate(gw).(*gatewayapi_v1beta1.Gateway) + got, ok := gsu.Mutate(gw).(*gatewayapi_v1.Gateway) require.True(t, ok) assert.Len(t, got.Status.Listeners, 2) - var want []gatewayapi_v1beta1.ListenerStatus + var want []gatewayapi_v1.ListenerStatus for _, v := range gsu.ListenerStatus { want = append(want, *v) } @@ -203,17 +202,17 @@ func TestGatewayAddListenerCondition(t *testing.T) { func TestGetGatewayConditions(t *testing.T) { tests := map[string]struct { conditions []meta_v1.Condition - want map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition + want map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition }{ "no gateway conditions": { conditions: nil, - want: map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition{}, + want: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{}, }, "one gateway condition": { conditions: []meta_v1.Condition{ {Type: string(gatewayapi_v1.GatewayConditionProgrammed)}, }, - want: map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition{ + want: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionProgrammed: {Type: string(gatewayapi_v1.GatewayConditionProgrammed)}, }, }, @@ -222,7 +221,7 @@ func TestGetGatewayConditions(t *testing.T) { {Type: string(gatewayapi_v1.GatewayConditionProgrammed)}, {Type: string(gatewayapi_v1.GatewayConditionAccepted)}, }, - want: map[gatewayapi_v1beta1.GatewayConditionType]meta_v1.Condition{ + want: map[gatewayapi_v1.GatewayConditionType]meta_v1.Condition{ gatewayapi_v1.GatewayConditionProgrammed: {Type: string(gatewayapi_v1.GatewayConditionProgrammed)}, gatewayapi_v1.GatewayConditionAccepted: {Type: string(gatewayapi_v1.GatewayConditionAccepted)}, }, @@ -231,7 +230,7 @@ func TestGetGatewayConditions(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - got := getGatewayConditions(&gatewayapi_v1beta1.GatewayStatus{Conditions: tc.conditions}) + got := getGatewayConditions(&gatewayapi_v1.GatewayStatus{Conditions: tc.conditions}) assert.Equal(t, tc.want, got) }) } diff --git a/internal/status/routeconditions.go b/internal/status/routeconditions.go index aaddcb40af8..b90d212d9fb 100644 --- a/internal/status/routeconditions.go +++ b/internal/status/routeconditions.go @@ -20,32 +20,32 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" ) const ( - ConditionValidBackendRefs gatewayapi_v1beta1.RouteConditionType = "ValidBackendRefs" - ConditionValidMatches gatewayapi_v1beta1.RouteConditionType = "ValidMatches" + ConditionValidBackendRefs gatewayapi_v1.RouteConditionType = "ValidBackendRefs" + ConditionValidMatches gatewayapi_v1.RouteConditionType = "ValidMatches" ) const ( - ReasonDegraded gatewayapi_v1beta1.RouteConditionReason = "Degraded" - ReasonAllBackendRefsHaveZeroWeights gatewayapi_v1beta1.RouteConditionReason = "AllBackendRefsHaveZeroWeights" - ReasonInvalidPathMatch gatewayapi_v1beta1.RouteConditionReason = "InvalidPathMatch" - ReasonInvalidMethodMatch gatewayapi_v1beta1.RouteConditionReason = "InvalidMethodMatch" - ReasonInvalidGateway gatewayapi_v1beta1.RouteConditionReason = "InvalidGateway" + ReasonDegraded gatewayapi_v1.RouteConditionReason = "Degraded" + ReasonAllBackendRefsHaveZeroWeights gatewayapi_v1.RouteConditionReason = "AllBackendRefsHaveZeroWeights" + ReasonInvalidPathMatch gatewayapi_v1.RouteConditionReason = "InvalidPathMatch" + ReasonInvalidMethodMatch gatewayapi_v1.RouteConditionReason = "InvalidMethodMatch" + ReasonInvalidGateway gatewayapi_v1.RouteConditionReason = "InvalidGateway" ) // RouteStatusUpdate represents an atomic update to a // Route's status. type RouteStatusUpdate struct { FullName types.NamespacedName - RouteParentStatuses []*gatewayapi_v1beta1.RouteParentStatus + RouteParentStatuses []*gatewayapi_v1.RouteParentStatus GatewayRef types.NamespacedName - GatewayController gatewayapi_v1beta1.GatewayController + GatewayController gatewayapi_v1.GatewayController Resource client.Object Generation int64 TransitionTime meta_v1.Time @@ -55,11 +55,11 @@ type RouteStatusUpdate struct { // parent ref's RouteParentStatus. type RouteParentStatusUpdate struct { *RouteStatusUpdate - parentRef gatewayapi_v1beta1.ParentReference + parentRef gatewayapi_v1.ParentReference } // StatusUpdateFor returns a RouteParentStatusUpdate for the given parent ref. -func (r *RouteStatusUpdate) StatusUpdateFor(parentRef gatewayapi_v1beta1.ParentReference) *RouteParentStatusUpdate { +func (r *RouteStatusUpdate) StatusUpdateFor(parentRef gatewayapi_v1.ParentReference) *RouteParentStatusUpdate { return &RouteParentStatusUpdate{ RouteStatusUpdate: r, parentRef: parentRef, @@ -68,8 +68,8 @@ func (r *RouteStatusUpdate) StatusUpdateFor(parentRef gatewayapi_v1beta1.ParentR // AddCondition adds a condition with the given properties // to the RouteParentStatus. -func (r *RouteParentStatusUpdate) AddCondition(conditionType gatewayapi_v1beta1.RouteConditionType, status meta_v1.ConditionStatus, reason gatewayapi_v1beta1.RouteConditionReason, message string) meta_v1.Condition { - var rps *gatewayapi_v1beta1.RouteParentStatus +func (r *RouteParentStatusUpdate) AddCondition(conditionType gatewayapi_v1.RouteConditionType, status meta_v1.ConditionStatus, reason gatewayapi_v1.RouteConditionReason, message string) meta_v1.Condition { + var rps *gatewayapi_v1.RouteParentStatus for _, v := range r.RouteParentStatuses { if v.ParentRef == r.parentRef { @@ -79,7 +79,7 @@ func (r *RouteParentStatusUpdate) AddCondition(conditionType gatewayapi_v1beta1. } if rps == nil { - rps = &gatewayapi_v1beta1.RouteParentStatus{ + rps = &gatewayapi_v1.RouteParentStatus{ ParentRef: r.parentRef, ControllerName: r.GatewayController, } @@ -118,7 +118,7 @@ func (r *RouteParentStatusUpdate) AddCondition(conditionType gatewayapi_v1beta1. } // ConditionExists returns whether or not a condition with the given type exists. -func (r *RouteParentStatusUpdate) ConditionExists(conditionType gatewayapi_v1beta1.RouteConditionType) bool { +func (r *RouteParentStatusUpdate) ConditionExists(conditionType gatewayapi_v1.RouteConditionType) bool { for _, c := range r.ConditionsForParentRef(r.parentRef) { if c.Type == string(conditionType) { return true @@ -127,7 +127,7 @@ func (r *RouteParentStatusUpdate) ConditionExists(conditionType gatewayapi_v1bet return false } -func (r *RouteStatusUpdate) ConditionsForParentRef(parentRef gatewayapi_v1beta1.ParentReference) []meta_v1.Condition { +func (r *RouteStatusUpdate) ConditionsForParentRef(parentRef gatewayapi_v1.ParentReference) []meta_v1.Condition { for _, rps := range r.RouteParentStatuses { if rps.ParentRef == parentRef { return rps.Conditions @@ -138,7 +138,7 @@ func (r *RouteStatusUpdate) ConditionsForParentRef(parentRef gatewayapi_v1beta1. } func (r *RouteStatusUpdate) Mutate(obj client.Object) client.Object { - var newRouteParentStatuses []gatewayapi_v1beta1.RouteParentStatus + var newRouteParentStatuses []gatewayapi_v1.RouteParentStatus for _, rps := range r.RouteParentStatuses { for i := range rps.Conditions { @@ -152,7 +152,7 @@ func (r *RouteStatusUpdate) Mutate(obj client.Object) client.Object { } switch o := obj.(type) { - case *gatewayapi_v1beta1.HTTPRoute: + case *gatewayapi_v1.HTTPRoute: route := o.DeepCopy() // Get all the RouteParentStatuses that are for other Gateways. diff --git a/internal/status/routeconditions_test.go b/internal/status/routeconditions_test.go index f8c8584e429..65784d0393f 100644 --- a/internal/status/routeconditions_test.go +++ b/internal/status/routeconditions_test.go @@ -20,7 +20,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/k8s" @@ -36,12 +36,12 @@ func TestHTTPRouteAddCondition(t *testing.T) { rpsUpdate := httpRouteUpdate.StatusUpdateFor(parentRef) - rpsUpdate.AddCondition(gatewayapi_v1beta1.RouteConditionAccepted, meta_v1.ConditionTrue, "Valid", "Valid HTTPRoute") + rpsUpdate.AddCondition(gatewayapi_v1.RouteConditionAccepted, meta_v1.ConditionTrue, "Valid", "Valid HTTPRoute") require.Len(t, httpRouteUpdate.ConditionsForParentRef(parentRef), 1) got := httpRouteUpdate.ConditionsForParentRef(parentRef)[0] - assert.EqualValues(t, gatewayapi_v1beta1.RouteConditionAccepted, got.Type) + assert.EqualValues(t, gatewayapi_v1.RouteConditionAccepted, got.Type) assert.EqualValues(t, meta_v1.ConditionTrue, got.Status) assert.EqualValues(t, "Valid", got.Reason) assert.EqualValues(t, "Valid HTTPRoute", got.Message) diff --git a/test/e2e/framework.go b/test/e2e/framework.go index 26f1e56c2ed..8a7298c3e2b 100644 --- a/test/e2e/framework.go +++ b/test/e2e/framework.go @@ -46,8 +46,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/client/config" "sigs.k8s.io/controller-runtime/pkg/log" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -105,7 +105,7 @@ func NewFramework(inClusterTestSuite bool) *Framework { require.NoError(t, contour_v1.AddToScheme(scheme)) require.NoError(t, contour_v1alpha1.AddToScheme(scheme)) require.NoError(t, gatewayapi_v1alpha2.AddToScheme(scheme)) - require.NoError(t, gatewayapi_v1beta1.AddToScheme(scheme)) + require.NoError(t, gatewayapi_v1.AddToScheme(scheme)) require.NoError(t, certmanagerv1.AddToScheme(scheme)) require.NoError(t, apiextensions_v1.AddToScheme(scheme)) @@ -372,7 +372,7 @@ func (f *Framework) CreateHTTPProxyAndWaitFor(proxy *contour_v1.HTTPProxy, condi // CreateHTTPRouteAndWaitFor creates the provided HTTPRoute in the Kubernetes API // and then waits for the specified condition to be true. -func (f *Framework) CreateHTTPRouteAndWaitFor(route *gatewayapi_v1beta1.HTTPRoute, condition func(*gatewayapi_v1beta1.HTTPRoute) bool) (*gatewayapi_v1beta1.HTTPRoute, bool) { +func (f *Framework) CreateHTTPRouteAndWaitFor(route *gatewayapi_v1.HTTPRoute, condition func(*gatewayapi_v1.HTTPRoute) bool) (*gatewayapi_v1.HTTPRoute, bool) { return createAndWaitFor(f.t, f.Client, route, condition, f.RetryInterval, f.RetryTimeout) } @@ -438,19 +438,19 @@ func (f *Framework) DeleteNamespace(name string, waitForDeletion bool) { // CreateGatewayAndWaitFor creates a gateway in the // Kubernetes API or fails the test if it encounters an error. -func (f *Framework) CreateGatewayAndWaitFor(gateway *gatewayapi_v1beta1.Gateway, condition func(*gatewayapi_v1beta1.Gateway) bool) (*gatewayapi_v1beta1.Gateway, bool) { +func (f *Framework) CreateGatewayAndWaitFor(gateway *gatewayapi_v1.Gateway, condition func(*gatewayapi_v1.Gateway) bool) (*gatewayapi_v1.Gateway, bool) { return createAndWaitFor(f.t, f.Client, gateway, condition, f.RetryInterval, f.RetryTimeout) } // CreateGatewayClassAndWaitFor creates a GatewayClass in the // Kubernetes API or fails the test if it encounters an error. -func (f *Framework) CreateGatewayClassAndWaitFor(gatewayClass *gatewayapi_v1beta1.GatewayClass, condition func(*gatewayapi_v1beta1.GatewayClass) bool) (*gatewayapi_v1beta1.GatewayClass, bool) { +func (f *Framework) CreateGatewayClassAndWaitFor(gatewayClass *gatewayapi_v1.GatewayClass, condition func(*gatewayapi_v1.GatewayClass) bool) (*gatewayapi_v1.GatewayClass, bool) { return createAndWaitFor(f.t, f.Client, gatewayClass, condition, f.RetryInterval, f.RetryTimeout) } // DeleteGateway deletes the provided gateway in the Kubernetes API // or fails the test if it encounters an error. -func (f *Framework) DeleteGateway(gw *gatewayapi_v1beta1.Gateway, waitForDeletion bool) error { +func (f *Framework) DeleteGateway(gw *gatewayapi_v1.Gateway, waitForDeletion bool) error { require.NoError(f.t, f.Client.Delete(context.TODO(), gw)) if waitForDeletion { @@ -464,7 +464,7 @@ func (f *Framework) DeleteGateway(gw *gatewayapi_v1beta1.Gateway, waitForDeletio // DeleteGatewayClass deletes the provided gatewayclass in the // Kubernetes API or fails the test if it encounters an error. -func (f *Framework) DeleteGatewayClass(gwc *gatewayapi_v1beta1.GatewayClass, waitForDeletion bool) error { +func (f *Framework) DeleteGatewayClass(gwc *gatewayapi_v1.GatewayClass, waitForDeletion bool) error { require.NoError(f.t, f.Client.Delete(context.TODO(), gwc)) if waitForDeletion { diff --git a/test/e2e/gateway/backend_tls_policy_test.go b/test/e2e/gateway/backend_tls_policy_test.go index 23a59a0f56d..6193aca3653 100644 --- a/test/e2e/gateway/backend_tls_policy_test.go +++ b/test/e2e/gateway/backend_tls_policy_test.go @@ -30,7 +30,6 @@ import ( "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/test/e2e" @@ -116,19 +115,19 @@ func testBackendTLSPolicy(namespace string, gateway types.NamespacedName) { delete(service.Annotations, "projectcontour.io/upstream-protocol.tls") }) - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-route-1", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"backend-tls-policy.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"backend-tls-policy.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef(gateway.Namespace, gateway.Name), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("echo-secure", 443, 1), diff --git a/test/e2e/gateway/gateway_test.go b/test/e2e/gateway/gateway_test.go index 40cf9d7f32b..722062dba24 100644 --- a/test/e2e/gateway/gateway_test.go +++ b/test/e2e/gateway/gateway_test.go @@ -29,7 +29,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/gatewayapi" @@ -82,13 +81,13 @@ var _ = Describe("Gateway API", func() { contourConfigFile string additionalContourArgs []string - contourGatewayClass *gatewayapi_v1beta1.GatewayClass - contourGateway *gatewayapi_v1beta1.Gateway + contourGatewayClass *gatewayapi_v1.GatewayClass + contourGateway *gatewayapi_v1.Gateway ) // Creates specified gateway in namespace and runs namespaced test // body. Modifies contour config to point to gateway. - testWithGateway := func(gateway *gatewayapi_v1beta1.Gateway, gatewayClass *gatewayapi_v1beta1.GatewayClass, body e2e.NamespacedGatewayTestBody) e2e.NamespacedTestBody { + testWithGateway := func(gateway *gatewayapi_v1.Gateway, gatewayClass *gatewayapi_v1.GatewayClass, body e2e.NamespacedGatewayTestBody) e2e.NamespacedTestBody { return func(namespace string) { Context(fmt.Sprintf("with gateway %s/%s, controllerName: %s", namespace, gateway.Name, gatewayClass.Spec.ControllerName), func() { BeforeEach(func() { @@ -161,7 +160,7 @@ var _ = Describe("Gateway API", func() { // we don't expect GatewayClasses to be reconciled // or become valid. if reconcileMode == ReconcileModeGateway { - gatewayClassCond = func(*gatewayapi_v1beta1.GatewayClass) bool { return true } + gatewayClassCond = func(*gatewayapi_v1.GatewayClass) bool { return true } } f.CreateGatewayClassAndWaitFor(contourGatewayClass, gatewayClassCond) @@ -176,19 +175,19 @@ var _ = Describe("Gateway API", func() { Describe("Gateway with one HTTP listener", func() { testWithHTTPGateway := func(body e2e.NamespacedGatewayTestBody) e2e.NamespacedTestBody { gatewayClass := getGatewayClass() - gw := &gatewayapi_v1beta1.Gateway{ + gw := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "http", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(gatewayClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(gatewayClass.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -217,22 +216,22 @@ var _ = Describe("Gateway API", func() { testWithHTTPSGateway := func(hostname string, body e2e.NamespacedGatewayTestBody) e2e.NamespacedTestBody { gatewayClass := getGatewayClass() - gw := &gatewayapi_v1beta1.Gateway{ + gw := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "https", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(gatewayClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(gatewayClass.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "insecure", Protocol: gatewayapi_v1.HTTPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Kinds: []gatewayapi_v1.RouteGroupKind{ {Kind: "HTTPRoute"}, }, - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -240,17 +239,17 @@ var _ = Describe("Gateway API", func() { { Name: "secure", Protocol: gatewayapi_v1.HTTPSProtocolType, - Port: gatewayapi_v1beta1.PortNumber(443), - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + Port: gatewayapi_v1.PortNumber(443), + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert", ""), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Kinds: []gatewayapi_v1.RouteGroupKind{ {Kind: "HTTPRoute"}, }, - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -277,28 +276,28 @@ var _ = Describe("Gateway API", func() { Describe("Gateway with multiple HTTPS listeners, each with a different hostname and TLS cert", func() { testWithMultipleHTTPSListenersGateway := func(body e2e.NamespacedTestBody) e2e.NamespacedTestBody { gatewayClass := getGatewayClass() - gateway := &gatewayapi_v1beta1.Gateway{ + gateway := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "multiple-https-listeners", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(gatewayClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(gatewayClass.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, - Port: gatewayapi_v1beta1.PortNumber(443), - Hostname: ref.To(gatewayapi_v1beta1.Hostname("https-1.gateway.projectcontour.io")), - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + Port: gatewayapi_v1.PortNumber(443), + Hostname: ref.To(gatewayapi_v1.Hostname("https-1.gateway.projectcontour.io")), + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert-1", ""), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Kinds: []gatewayapi_v1.RouteGroupKind{ {Kind: "HTTPRoute"}, }, - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -306,18 +305,18 @@ var _ = Describe("Gateway API", func() { { Name: "https-2", Protocol: gatewayapi_v1.HTTPSProtocolType, - Port: gatewayapi_v1beta1.PortNumber(443), - Hostname: ref.To(gatewayapi_v1beta1.Hostname("https-2.gateway.projectcontour.io")), - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + Port: gatewayapi_v1.PortNumber(443), + Hostname: ref.To(gatewayapi_v1.Hostname("https-2.gateway.projectcontour.io")), + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert-2", ""), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Kinds: []gatewayapi_v1.RouteGroupKind{ {Kind: "HTTPRoute"}, }, - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -325,18 +324,18 @@ var _ = Describe("Gateway API", func() { { Name: "https-3", Protocol: gatewayapi_v1.HTTPSProtocolType, - Port: gatewayapi_v1beta1.PortNumber(443), - Hostname: ref.To(gatewayapi_v1beta1.Hostname("https-3.gateway.projectcontour.io")), - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + Port: gatewayapi_v1.PortNumber(443), + Hostname: ref.To(gatewayapi_v1.Hostname("https-3.gateway.projectcontour.io")), + TLS: &gatewayapi_v1.GatewayTLSConfig{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ gatewayapi.CertificateRef("tlscert-3", ""), }, }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Kinds: []gatewayapi_v1beta1.RouteGroupKind{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Kinds: []gatewayapi_v1.RouteGroupKind{ {Kind: "HTTPRoute"}, }, - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -362,19 +361,19 @@ var _ = Describe("Gateway API", func() { Describe("Gateway with TCP listener", func() { testWithTCPGateway := func(body e2e.NamespacedGatewayTestBody) e2e.NamespacedTestBody { gatewayClass := getGatewayClass() - gw := &gatewayapi_v1beta1.Gateway{ + gw := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "tcp", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(gatewayClass.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(gatewayClass.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "tcp", Protocol: gatewayapi_v1.TCPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -398,15 +397,15 @@ func getRandomNumber() int64 { return nBig.Int64() } -func getGatewayClass() *gatewayapi_v1beta1.GatewayClass { +func getGatewayClass() *gatewayapi_v1.GatewayClass { randNumber := getRandomNumber() - return &gatewayapi_v1beta1.GatewayClass{ + return &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: fmt.Sprintf("contour-class-%d", randNumber), }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController(fmt.Sprintf("projectcontour.io/ingress-controller-%d", randNumber)), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController(fmt.Sprintf("projectcontour.io/ingress-controller-%d", randNumber)), }, } } diff --git a/test/e2e/gateway/host_rewrite_test.go b/test/e2e/gateway/host_rewrite_test.go index 8631562a446..721b381403d 100644 --- a/test/e2e/gateway/host_rewrite_test.go +++ b/test/e2e/gateway/host_rewrite_test.go @@ -22,7 +22,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/ref" @@ -35,33 +34,33 @@ func testHostRewrite(namespace string, gateway types.NamespacedName) { f.Fixtures.Echo.Deploy(namespace, "echo") - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "host-rewrite", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"hostrewrite.gateway.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"hostrewrite.gateway.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef(gateway.Namespace, gateway.Name), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{ + Matches: []gatewayapi_v1.HTTPRouteMatch{ { - Path: &gatewayapi_v1beta1.HTTPPathMatch{ + Path: &gatewayapi_v1.HTTPPathMatch{ Type: ref.To(gatewayapi_v1.PathMatchPathPrefix), Value: ref.To("/"), }, }, }, - Filters: []gatewayapi_v1beta1.HTTPRouteFilter{ + Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Add: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("Host"), Value: "rewritten.com"}, }, }, diff --git a/test/e2e/gateway/multiple_gateways_and_classes_test.go b/test/e2e/gateway/multiple_gateways_and_classes_test.go index 6628df9a25e..f4af4b3015c 100644 --- a/test/e2e/gateway/multiple_gateways_and_classes_test.go +++ b/test/e2e/gateway/multiple_gateways_and_classes_test.go @@ -25,7 +25,6 @@ import ( "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" "github.com/projectcontour/contour/internal/k8s" @@ -81,19 +80,19 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { }) AfterEach(func() { - require.NoError(f.T(), f.Client.DeleteAllOf(context.Background(), &gatewayapi_v1beta1.GatewayClass{})) + require.NoError(f.T(), f.Client.DeleteAllOf(context.Background(), &gatewayapi_v1.GatewayClass{})) require.NoError(f.T(), f.Deployment.StopLocalContour(contourCmd, contourConfigFile)) }) f.NamespacedTest("gateway-multiple-gatewayclasses", func(namespace string) { Specify("only the oldest matching gatewayclass should be accepted", func() { - newGatewayClass := func(name, controller string) *gatewayapi_v1beta1.GatewayClass { - return &gatewayapi_v1beta1.GatewayClass{ + newGatewayClass := func(name, controller string) *gatewayapi_v1.GatewayClass { + return &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: name, }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController(controller), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController(controller), }, } } @@ -116,7 +115,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { // create another matching GC: should not be accepted since it's not oldest secondOldest := newGatewayClass("second-oldest-matching-gatewayclass", controllerName) - _, notOldest := f.CreateGatewayClassAndWaitFor(secondOldest, func(gc *gatewayapi_v1beta1.GatewayClass) bool { + _, notOldest := f.CreateGatewayClassAndWaitFor(secondOldest, func(gc *gatewayapi_v1.GatewayClass) bool { for _, cond := range gc.Status.Conditions { if cond.Type == string(gatewayapi_v1.GatewayClassConditionStatusAccepted) && cond.Status == meta_v1.ConditionFalse && @@ -147,32 +146,32 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { f.NamespacedTest("gateway-multiple-gateways", func(namespace string) { Specify("only the oldest gateway for the accepted gatewayclass should be accepted", func() { // Create a matching gateway class. - gc := &gatewayapi_v1beta1.GatewayClass{ + gc := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour-gatewayclass", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController(controllerName), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController(controllerName), }, } _, valid := f.CreateGatewayClassAndWaitFor(gc, e2e.GatewayClassAccepted) require.True(f.T(), valid) // Create a matching gateway and verify it's accepted. - oldest := &gatewayapi_v1beta1.Gateway{ + oldest := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "oldest", Namespace: namespace, }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(gc.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(gc.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -184,20 +183,20 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { require.True(f.T(), valid) // Create another matching gateway and verify it's not accepted. - secondOldest := &gatewayapi_v1beta1.Gateway{ + secondOldest := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "second-oldest", Namespace: namespace, }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(gc.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(gc.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -205,7 +204,7 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { }, }, } - _, notAccepted := f.CreateGatewayAndWaitFor(secondOldest, func(gw *gatewayapi_v1beta1.Gateway) bool { + _, notAccepted := f.CreateGatewayAndWaitFor(secondOldest, func(gw *gatewayapi_v1.Gateway) bool { for _, cond := range gw.Status.Conditions { if cond.Type == string(gatewayapi_v1.GatewayConditionAccepted) && cond.Status == meta_v1.ConditionFalse && @@ -236,32 +235,32 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { f.NamespacedTest("gateway-multiple-classes-and-gateways", func(namespace string) { Specify("gatewayclass and gateway admission transitions properly when older gatewayclasses are deleted", func() { // Create a matching gateway class. - olderGC := &gatewayapi_v1beta1.GatewayClass{ + olderGC := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "older-gc", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController(controllerName), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController(controllerName), }, } _, valid := f.CreateGatewayClassAndWaitFor(olderGC, e2e.GatewayClassAccepted) require.True(f.T(), valid) // Create a matching gateway and verify it's accepted. - olderGCGateway1 := &gatewayapi_v1beta1.Gateway{ + olderGCGateway1 := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "older-gc-gw-1", Namespace: namespace, }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(olderGC.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(olderGC.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -274,12 +273,12 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { // Create a second matching gatewayclass & 2 associated gateways // and verify none of them are accepted. - newerGC := &gatewayapi_v1beta1.GatewayClass{ + newerGC := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "newer-gc", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController(controllerName), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController(controllerName), }, } require.NoError(f.T(), f.Client.Create(context.Background(), newerGC)) @@ -290,20 +289,20 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { return e2e.GatewayClassAccepted(newerGC) }, 5*time.Second, time.Second) - newerGCGateway1 := &gatewayapi_v1beta1.Gateway{ + newerGCGateway1 := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "newer-gc-gw-1", Namespace: namespace, }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(newerGC.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(newerGC.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -319,20 +318,20 @@ var _ = Describe("GatewayClass/Gateway admission tests", func() { return e2e.GatewayProgrammed(newerGCGateway1) }, 5*time.Second, time.Second) - newerGCGateway2 := &gatewayapi_v1beta1.Gateway{ + newerGCGateway2 := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "newer-gc-gw-2", Namespace: namespace, }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(newerGC.Name), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(newerGC.Name), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, diff --git a/test/e2e/gateway/multiple_https_listeners_test.go b/test/e2e/gateway/multiple_https_listeners_test.go index f6438bebd32..39bbd786adb 100644 --- a/test/e2e/gateway/multiple_https_listeners_test.go +++ b/test/e2e/gateway/multiple_https_listeners_test.go @@ -26,7 +26,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/test/e2e" @@ -40,18 +39,18 @@ func testMultipleHTTPSListeners(namespace string) { for _, tc := range []string{"1", "2", "3"} { f.Fixtures.Echo.Deploy(namespace, "echo-"+tc) - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "httproute-" + tc, }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayListenerParentRef("", "multiple-https-listeners", "https-"+tc, 0), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("echo-"+tc, 80, 1), diff --git a/test/e2e/gateway/query_param_match_test.go b/test/e2e/gateway/query_param_match_test.go index ef9faa284b9..3109a2d0e33 100644 --- a/test/e2e/gateway/query_param_match_test.go +++ b/test/e2e/gateway/query_param_match_test.go @@ -21,7 +21,7 @@ import ( "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/test/e2e" @@ -36,27 +36,27 @@ func testGatewayMultipleQueryParamMatch(namespace string, gateway types.Namespac f.Fixtures.Echo.Deploy(namespace, "echo-3") f.Fixtures.Echo.Deploy(namespace, "echo-4") - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "httproute-1", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"queryparams.gateway.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"queryparams.gateway.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef(gateway.Namespace, gateway.Name), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{ + Matches: []gatewayapi_v1.HTTPRouteMatch{ {QueryParams: gatewayapi.HTTPQueryParamMatches(map[string]string{"animal": "whale"})}, }, BackendRefs: gatewayapi.HTTPBackendRef("echo-1", 80, 1), }, { - Matches: []gatewayapi_v1beta1.HTTPRouteMatch{ + Matches: []gatewayapi_v1.HTTPRouteMatch{ {QueryParams: gatewayapi.HTTPQueryParamMatches(map[string]string{"animal": "dolphin"})}, }, BackendRefs: gatewayapi.HTTPBackendRef("echo-2", 80, 1), diff --git a/test/e2e/gateway/request_header_modifier_test.go b/test/e2e/gateway/request_header_modifier_test.go index fd3d40128ae..8d8814ac552 100644 --- a/test/e2e/gateway/request_header_modifier_test.go +++ b/test/e2e/gateway/request_header_modifier_test.go @@ -24,7 +24,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/test/e2e" @@ -37,34 +36,34 @@ func testRequestHeaderModifierBackendRef(namespace string, gateway types.Namespa f.Fixtures.Echo.Deploy(namespace, "echo-header-filter") f.Fixtures.Echo.Deploy(namespace, "echo-header-nofilter") - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-filter-1", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"requestheadermodifierbackendref.gateway.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"requestheadermodifierbackendref.gateway.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef(gateway.Namespace, gateway.Name), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/filter"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("echo-header-filter", 80), }, - Filters: []gatewayapi_v1beta1.HTTPRouteFilter{ + Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterRequestHeaderModifier, - RequestHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Add: []gatewayapi_v1beta1.HTTPHeader{ + RequestHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("My-Header"), Value: "Foo"}, }, - Set: []gatewayapi_v1beta1.HTTPHeader{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("Replace-Header"), Value: "Bar"}, }, Remove: []string{"Other-Header"}, diff --git a/test/e2e/gateway/request_redirect_test.go b/test/e2e/gateway/request_redirect_test.go index 91faade8e53..1e111251eae 100644 --- a/test/e2e/gateway/request_redirect_test.go +++ b/test/e2e/gateway/request_redirect_test.go @@ -24,7 +24,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/ref" @@ -37,29 +36,29 @@ func testRequestRedirectRule(namespace string, gateway types.NamespacedName) { f.Fixtures.Echo.Deploy(namespace, "echo") - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "httproute-redirect", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"requestredirectrule.gateway.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"requestredirectrule.gateway.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef(gateway.Namespace, gateway.Name), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/complex-redirect"), - Filters: []gatewayapi_v1beta1.HTTPRouteFilter{ + Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterRequestRedirect, - RequestRedirect: &gatewayapi_v1beta1.HTTPRequestRedirectFilter{ - Hostname: ref.To(gatewayapi_v1beta1.PreciseHostname("envoyproxy.io")), + RequestRedirect: &gatewayapi_v1.HTTPRequestRedirectFilter{ + Hostname: ref.To(gatewayapi_v1.PreciseHostname("envoyproxy.io")), StatusCode: ref.To(301), Scheme: ref.To("https"), - Port: ref.To(gatewayapi_v1beta1.PortNumber(8080)), + Port: ref.To(gatewayapi_v1.PortNumber(8080)), }, }, }, diff --git a/test/e2e/gateway/response_header_modifier_test.go b/test/e2e/gateway/response_header_modifier_test.go index 5bbee8124c1..0dbb7e1a9ad 100644 --- a/test/e2e/gateway/response_header_modifier_test.go +++ b/test/e2e/gateway/response_header_modifier_test.go @@ -24,7 +24,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/test/e2e" @@ -37,34 +36,34 @@ func testResponseHeaderModifierBackendRef(namespace string, gateway types.Namesp f.Fixtures.Echo.Deploy(namespace, "echo-header-filter") f.Fixtures.Echo.Deploy(namespace, "echo-header-nofilter") - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-filter-1", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"responseheadermodifierbackendref.gateway.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"responseheadermodifierbackendref.gateway.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef(gateway.Namespace, gateway.Name), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/filter"), - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("echo-header-filter", 80), }, - Filters: []gatewayapi_v1beta1.HTTPRouteFilter{ + Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Add: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Add: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("My-Header"), Value: "Foo"}, }, - Set: []gatewayapi_v1beta1.HTTPHeader{ + Set: []gatewayapi_v1.HTTPHeader{ {Name: gatewayapi_v1.HTTPHeaderName("Replace-Header"), Value: "Bar"}, }, Remove: []string{"Other-Header"}, @@ -73,7 +72,7 @@ func testResponseHeaderModifierBackendRef(namespace string, gateway types.Namesp }, }, { - BackendRef: gatewayapi_v1beta1.BackendRef{ + BackendRef: gatewayapi_v1.BackendRef{ BackendObjectReference: gatewayapi.ServiceBackendObjectRef("echo-header-nofilter", 80), }, }, diff --git a/test/e2e/gateway/tcproute_test.go b/test/e2e/gateway/tcproute_test.go index 6d954352722..7eb8429bc17 100644 --- a/test/e2e/gateway/tcproute_test.go +++ b/test/e2e/gateway/tcproute_test.go @@ -21,8 +21,8 @@ import ( "github.com/stretchr/testify/require" meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/ref" @@ -41,11 +41,11 @@ func testTCPRoute(namespace string, gateway types.NamespacedName) { Name: "tcproute-1", }, Spec: gatewayapi_v1alpha2.TCPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{ { - Namespace: ref.To(gatewayapi_v1beta1.Namespace(gateway.Namespace)), - Name: gatewayapi_v1beta1.ObjectName(gateway.Name), + Namespace: ref.To(gatewayapi_v1.Namespace(gateway.Namespace)), + Name: gatewayapi_v1.ObjectName(gateway.Name), }, }, }, diff --git a/test/e2e/gateway/tls_gateway_test.go b/test/e2e/gateway/tls_gateway_test.go index a4a98f15d2b..f2d2aff9f91 100644 --- a/test/e2e/gateway/tls_gateway_test.go +++ b/test/e2e/gateway/tls_gateway_test.go @@ -22,7 +22,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/ref" @@ -36,23 +35,23 @@ func testTLSGateway(namespace string, gateway types.NamespacedName) { f.Fixtures.Echo.Deploy(namespace, "echo-insecure") f.Fixtures.Echo.Deploy(namespace, "echo-secure") - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-route-1", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"tls-gateway.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"tls-gateway.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ { - Namespace: ref.To(gatewayapi_v1beta1.Namespace(gateway.Namespace)), - Name: gatewayapi_v1beta1.ObjectName(gateway.Name), - SectionName: ref.To(gatewayapi_v1beta1.SectionName("insecure")), + Namespace: ref.To(gatewayapi_v1.Namespace(gateway.Namespace)), + Name: gatewayapi_v1.ObjectName(gateway.Name), + SectionName: ref.To(gatewayapi_v1.SectionName("insecure")), }, }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("echo-insecure", 80, 1), @@ -62,23 +61,23 @@ func testTLSGateway(namespace string, gateway types.NamespacedName) { } f.CreateHTTPRouteAndWaitFor(route, e2e.HTTPRouteAccepted) - route = &gatewayapi_v1beta1.HTTPRoute{ + route = &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-route-2", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"tls-gateway.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"tls-gateway.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ { - Namespace: ref.To(gatewayapi_v1beta1.Namespace(gateway.Namespace)), - Name: gatewayapi_v1beta1.ObjectName(gateway.Name), - SectionName: ref.To(gatewayapi_v1beta1.SectionName("secure")), + Namespace: ref.To(gatewayapi_v1.Namespace(gateway.Namespace)), + Name: gatewayapi_v1.ObjectName(gateway.Name), + SectionName: ref.To(gatewayapi_v1.SectionName("secure")), }, }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("echo-secure", 80, 1), diff --git a/test/e2e/gateway/tls_wildcard_host_test.go b/test/e2e/gateway/tls_wildcard_host_test.go index ebb01334934..ccb765a4913 100644 --- a/test/e2e/gateway/tls_wildcard_host_test.go +++ b/test/e2e/gateway/tls_wildcard_host_test.go @@ -23,7 +23,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" "github.com/projectcontour/contour/internal/gatewayapi" "github.com/projectcontour/contour/internal/ref" @@ -37,23 +36,23 @@ func testTLSWildcardHost(namespace string, gateway types.NamespacedName) { f.Fixtures.Echo.Deploy(namespace, "echo") - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "http-route-1", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"*.wildcardhost.gateway.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"*.wildcardhost.gateway.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ { - Namespace: ref.To(gatewayapi_v1beta1.Namespace(gateway.Namespace)), - Name: gatewayapi_v1beta1.ObjectName(gateway.Name), - SectionName: ref.To(gatewayapi_v1beta1.SectionName("secure")), + Namespace: ref.To(gatewayapi_v1.Namespace(gateway.Namespace)), + Name: gatewayapi_v1.ObjectName(gateway.Name), + SectionName: ref.To(gatewayapi_v1.SectionName("secure")), }, }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("echo", 80, 1), diff --git a/test/e2e/gatewayapi_predicates.go b/test/e2e/gatewayapi_predicates.go index 4ae3b5a69f8..a9ac70d2ee6 100644 --- a/test/e2e/gatewayapi_predicates.go +++ b/test/e2e/gatewayapi_predicates.go @@ -19,12 +19,11 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) // GatewayClassAccepted returns true if the gateway has a .status.conditions // entry of Accepted: true". -func GatewayClassAccepted(gatewayClass *gatewayapi_v1beta1.GatewayClass) bool { +func GatewayClassAccepted(gatewayClass *gatewayapi_v1.GatewayClass) bool { if gatewayClass == nil { return false } @@ -38,7 +37,7 @@ func GatewayClassAccepted(gatewayClass *gatewayapi_v1beta1.GatewayClass) bool { // GatewayClassNotAccepted returns true if the gateway has a .status.conditions // entry of Accepted: false". -func GatewayClassNotAccepted(gatewayClass *gatewayapi_v1beta1.GatewayClass) bool { +func GatewayClassNotAccepted(gatewayClass *gatewayapi_v1.GatewayClass) bool { if gatewayClass == nil { return false } @@ -52,7 +51,7 @@ func GatewayClassNotAccepted(gatewayClass *gatewayapi_v1beta1.GatewayClass) bool // GatewayAccepted returns true if the gateway has a .status.conditions // entry of "Accepted: true". -func GatewayAccepted(gateway *gatewayapi_v1beta1.Gateway) bool { +func GatewayAccepted(gateway *gatewayapi_v1.Gateway) bool { if gateway == nil { return false } @@ -66,7 +65,7 @@ func GatewayAccepted(gateway *gatewayapi_v1beta1.Gateway) bool { // GatewayProgrammed returns true if the gateway has a .status.conditions // entry of "Programmed: true". -func GatewayProgrammed(gateway *gatewayapi_v1beta1.Gateway) bool { +func GatewayProgrammed(gateway *gatewayapi_v1.Gateway) bool { if gateway == nil { return false } @@ -80,7 +79,7 @@ func GatewayProgrammed(gateway *gatewayapi_v1beta1.Gateway) bool { // ListenerAccepted returns true if the gateway has status for the named // listener with a condition of "Accepted: true". -func ListenerAccepted(gateway *gatewayapi_v1beta1.Gateway, listener gatewayapi_v1beta1.SectionName) bool { +func ListenerAccepted(gateway *gatewayapi_v1.Gateway, listener gatewayapi_v1.SectionName) bool { for _, listenerStatus := range gateway.Status.Listeners { if listenerStatus.Name == listener { return conditionExists( @@ -96,7 +95,7 @@ func ListenerAccepted(gateway *gatewayapi_v1beta1.Gateway, listener gatewayapi_v // GatewayHasAddress returns true if the gateway has a non-empty // .status.addresses entry. -func GatewayHasAddress(gateway *gatewayapi_v1beta1.Gateway) bool { +func GatewayHasAddress(gateway *gatewayapi_v1.Gateway) bool { if gateway == nil { return false } @@ -106,13 +105,13 @@ func GatewayHasAddress(gateway *gatewayapi_v1beta1.Gateway) bool { // HTTPRouteAccepted returns true if the route has a .status.conditions // entry of "Accepted: true". -func HTTPRouteAccepted(route *gatewayapi_v1beta1.HTTPRoute) bool { +func HTTPRouteAccepted(route *gatewayapi_v1.HTTPRoute) bool { if route == nil { return false } for _, gw := range route.Status.Parents { - if conditionExists(gw.Conditions, string(gatewayapi_v1beta1.RouteConditionAccepted), meta_v1.ConditionTrue) { + if conditionExists(gw.Conditions, string(gatewayapi_v1.RouteConditionAccepted), meta_v1.ConditionTrue) { return true } } @@ -121,7 +120,7 @@ func HTTPRouteAccepted(route *gatewayapi_v1beta1.HTTPRoute) bool { } // HTTPRouteIgnoredByContour returns true if the route has an empty .status.parents.conditions list -func HTTPRouteIgnoredByContour(route *gatewayapi_v1beta1.HTTPRoute) bool { +func HTTPRouteIgnoredByContour(route *gatewayapi_v1.HTTPRoute) bool { if route == nil { return false } @@ -137,7 +136,7 @@ func TCPRouteAccepted(route *gatewayapi_v1alpha2.TCPRoute) bool { } for _, gw := range route.Status.Parents { - if conditionExists(gw.Conditions, string(gatewayapi_v1beta1.RouteConditionAccepted), meta_v1.ConditionTrue) { + if conditionExists(gw.Conditions, string(gatewayapi_v1.RouteConditionAccepted), meta_v1.ConditionTrue) { return true } } diff --git a/test/e2e/provisioner/provisioner_test.go b/test/e2e/provisioner/provisioner_test.go index 775972bb7da..c553b0745b1 100644 --- a/test/e2e/provisioner/provisioner_test.go +++ b/test/e2e/provisioner/provisioner_test.go @@ -32,7 +32,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" contour_v1alpha1 "github.com/projectcontour/contour/apis/projectcontour/v1alpha1" @@ -52,12 +51,12 @@ func TestProvisioner(t *testing.T) { var _ = BeforeSuite(func() { require.NoError(f.T(), f.Provisioner.EnsureResourcesForInclusterProvisioner()) - gc := &gatewayapi_v1beta1.GatewayClass{ + gc := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController("projectcontour.io/gateway-controller"), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController("projectcontour.io/gateway-controller"), }, } @@ -79,10 +78,10 @@ var _ = BeforeSuite(func() { } require.NoError(f.T(), f.Client.Create(context.Background(), params)) - gc.Spec.ParametersRef = &gatewayapi_v1beta1.ParametersReference{ + gc.Spec.ParametersRef = &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1beta1.Namespace(params.Namespace)), + Namespace: ref.To(gatewayapi_v1.Namespace(params.Namespace)), Name: params.Name, } } @@ -104,16 +103,16 @@ var _ = BeforeSuite(func() { } require.NoError(f.T(), f.Client.Create(context.Background(), paramsEnvoyDeployment)) - gcWithEnvoyDeployment := &gatewayapi_v1beta1.GatewayClass{ + gcWithEnvoyDeployment := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour-with-envoy-deployment", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController("projectcontour.io/gateway-controller"), - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController("projectcontour.io/gateway-controller"), + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1beta1.Namespace(paramsEnvoyDeployment.Namespace)), + Namespace: ref.To(gatewayapi_v1.Namespace(paramsEnvoyDeployment.Namespace)), Name: paramsEnvoyDeployment.Name, }, }, @@ -129,7 +128,7 @@ var _ = AfterSuite(func() { require.NoError(f.T(), f.Provisioner.DeleteResourcesForInclusterProvisioner()) for _, name := range []string{"contour", "contour-with-envoy-deployment"} { - gc := &gatewayapi_v1beta1.GatewayClass{ + gc := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: name, }, @@ -146,7 +145,7 @@ var _ = Describe("Gateway provisioner", func() { // This test will fail if we bump the Gateway API module and CRDs but // forget to update the supported version we check for. require.Eventually(f.T(), func() bool { - gc := &gatewayapi_v1beta1.GatewayClass{ + gc := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour", }, @@ -168,16 +167,16 @@ var _ = Describe("Gateway provisioner", func() { Specify("GatewayClass parameters are handled correctly", func() { // Create GatewayClass with a reference to a nonexistent ContourDeployment, // it should be set to "Accepted: false" since the ref is invalid. - gatewayClass := &gatewayapi_v1beta1.GatewayClass{ + gatewayClass := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: "contour-with-params", }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController("projectcontour.io/gateway-controller"), - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController("projectcontour.io/gateway-controller"), + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1beta1.Namespace(namespace)), + Namespace: ref.To(gatewayapi_v1.Namespace(namespace)), Name: "contour-params", }, }, @@ -187,20 +186,20 @@ var _ = Describe("Gateway provisioner", func() { // Create a Gateway using that GatewayClass, it should not be accepted // since the GatewayClass is not accepted. - gateway := &gatewayapi_v1beta1.Gateway{ + gateway := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "http", Namespace: namespace, }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-with-params"), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-with-params"), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -211,7 +210,7 @@ var _ = Describe("Gateway provisioner", func() { require.NoError(f.T(), f.Client.Create(context.Background(), gateway)) require.Never(f.T(), func() bool { - gw := &gatewayapi_v1beta1.Gateway{} + gw := &gatewayapi_v1.Gateway{} if err := f.Client.Get(context.Background(), k8s.NamespacedNameOf(gateway), gw); err != nil { return false } @@ -233,7 +232,7 @@ var _ = Describe("Gateway provisioner", func() { // Now the GatewayClass should be accepted. require.Eventually(f.T(), func() bool { - gc := &gatewayapi_v1beta1.GatewayClass{} + gc := &gatewayapi_v1.GatewayClass{} if err := f.Client.Get(context.Background(), k8s.NamespacedNameOf(gatewayClass), gc); err != nil { return false } @@ -243,7 +242,7 @@ var _ = Describe("Gateway provisioner", func() { // And now the Gateway should be accepted. require.Eventually(f.T(), func() bool { - gw := &gatewayapi_v1beta1.Gateway{} + gw := &gatewayapi_v1.Gateway{} if err := f.Client.Get(context.Background(), k8s.NamespacedNameOf(gateway), gw); err != nil { return false } @@ -257,20 +256,20 @@ var _ = Describe("Gateway provisioner", func() { f.NamespacedTest("gateway-with-envoy-deployment", func(namespace string) { Specify("A gateway with Envoy as a deployment can be provisioned and routes traffic correctly", func() { - gateway := &gatewayapi_v1beta1.Gateway{ + gateway := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "http", Namespace: namespace, }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName("contour-with-envoy-deployment"), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName("contour-with-envoy-deployment"), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -279,26 +278,26 @@ var _ = Describe("Gateway provisioner", func() { }, } - gateway, ok := f.CreateGatewayAndWaitFor(gateway, func(gw *gatewayapi_v1beta1.Gateway) bool { + gateway, ok := f.CreateGatewayAndWaitFor(gateway, func(gw *gatewayapi_v1.Gateway) bool { return e2e.GatewayProgrammed(gw) && e2e.GatewayHasAddress(gw) }) require.True(f.T(), ok) f.Fixtures.Echo.Deploy(namespace, "echo") - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "httproute-1", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"provisioner.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"provisioner.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("", gateway.Name), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/prefix"), BackendRefs: gatewayapi.HTTPBackendRef("echo", 80, 1), @@ -329,34 +328,34 @@ var _ = Describe("Gateway provisioner", func() { f.Certs.CreateSelfSignedCert(namespace, "https-1-cert", "https-1-cert", "https-1.provisioner.projectcontour.io") f.Certs.CreateSelfSignedCert(namespace, "https-2-cert", "https-2-cert", "https-2.provisioner.projectcontour.io") - gateway := &gatewayapi_v1beta1.Gateway{ + gateway := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "many-listeners", Namespace: namespace, }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: "contour", - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http-1", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 80, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("http-1.provisioner.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("http-1.provisioner.projectcontour.io")), }, { Name: "http-2", Protocol: gatewayapi_v1.HTTPProtocolType, Port: 81, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("http-2.provisioner.projectcontour.io")), + Hostname: ref.To(gatewayapi_v1.Hostname("http-2.provisioner.projectcontour.io")), }, { Name: "https-1", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 443, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("https-1.provisioner.projectcontour.io")), - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + Hostname: ref.To(gatewayapi_v1.Hostname("https-1.provisioner.projectcontour.io")), + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ {Name: "https-1-cert"}, }, }, @@ -365,10 +364,10 @@ var _ = Describe("Gateway provisioner", func() { Name: "https-2", Protocol: gatewayapi_v1.HTTPSProtocolType, Port: 444, - Hostname: ref.To(gatewayapi_v1beta1.Hostname("https-2.provisioner.projectcontour.io")), - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + Hostname: ref.To(gatewayapi_v1.Hostname("https-2.provisioner.projectcontour.io")), + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ref.To(gatewayapi_v1.TLSModeTerminate), - CertificateRefs: []gatewayapi_v1beta1.SecretObjectReference{ + CertificateRefs: []gatewayapi_v1.SecretObjectReference{ {Name: "https-2-cert"}, }, }, @@ -387,7 +386,7 @@ var _ = Describe("Gateway provisioner", func() { }, } - gateway, ok := f.CreateGatewayAndWaitFor(gateway, func(gw *gatewayapi_v1beta1.Gateway) bool { + gateway, ok := f.CreateGatewayAndWaitFor(gateway, func(gw *gatewayapi_v1.Gateway) bool { if !(e2e.GatewayProgrammed(gw) && e2e.GatewayHasAddress(gw)) { return false } @@ -405,18 +404,18 @@ var _ = Describe("Gateway provisioner", func() { f.Fixtures.Echo.Deploy(namespace, "echo") // This HTTPRoute will attach to all of the HTTP and HTTPS Listeners. - httpRoute := &gatewayapi_v1beta1.HTTPRoute{ + httpRoute := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "httproute-1", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("", gateway.Name), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/"), BackendRefs: gatewayapi.HTTPBackendRef("echo", 80, 1), @@ -472,11 +471,11 @@ var _ = Describe("Gateway provisioner", func() { Name: "tcproute-1", }, Spec: gatewayapi_v1alpha2.TCPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{ { - Namespace: ref.To(gatewayapi_v1beta1.Namespace(gateway.Namespace)), - Name: gatewayapi_v1beta1.ObjectName(gateway.Name), + Namespace: ref.To(gatewayapi_v1.Namespace(gateway.Namespace)), + Name: gatewayapi_v1.ObjectName(gateway.Name), }, }, }, @@ -521,16 +520,16 @@ var _ = Describe("Gateway provisioner", func() { objectTestName := "contour-params-with-watch-namespaces" BeforeEach(func() { By("create gatewayclass that reference contourDeployment with watchNamespace value") - gatewayClass := &gatewayapi_v1beta1.GatewayClass{ + gatewayClass := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: objectTestName, }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController("projectcontour.io/gateway-controller"), - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController("projectcontour.io/gateway-controller"), + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1beta1.Namespace(namespace)), + Namespace: ref.To(gatewayapi_v1.Namespace(namespace)), Name: objectTestName, }, }, @@ -555,7 +554,7 @@ var _ = Describe("Gateway provisioner", func() { // Now the GatewayClass should be accepted. require.Eventually(f.T(), func() bool { - gc := &gatewayapi_v1beta1.GatewayClass{} + gc := &gatewayapi_v1.GatewayClass{} if err := f.Client.Get(context.Background(), k8s.NamespacedNameOf(gatewayClass), gc); err != nil { return false } @@ -564,7 +563,7 @@ var _ = Describe("Gateway provisioner", func() { }, time.Minute, time.Second) }) AfterEach(func() { - require.NoError(f.T(), f.DeleteGatewayClass(&gatewayapi_v1beta1.GatewayClass{ + require.NoError(f.T(), f.DeleteGatewayClass(&gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: objectTestName, }, @@ -573,20 +572,20 @@ var _ = Describe("Gateway provisioner", func() { Specify("A gateway can be provisioned that only reconciles routes in a subset of namespaces", func() { By("This tests deploy 3 dev namespaces testns-1, testns-2, testns-3") By("Deploy gateway that referencing above gatewayclass") - gateway := &gatewayapi_v1beta1.Gateway{ + gateway := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "http-for-watchnamespaces", Namespace: namespace, }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(objectTestName), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(objectTestName), + Listeners: []gatewayapi_v1.Listener{ { Name: "http", Protocol: gatewayapi_v1.HTTPProtocolType, - Port: gatewayapi_v1beta1.PortNumber(80), - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + Port: gatewayapi_v1.PortNumber(80), + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ // TODO: set to from all for now // The correct way would be label the testns-1, testns-2, testns-3, then select by label From: ref.To(gatewayapi_v1.NamespacesFromAll), @@ -597,7 +596,7 @@ var _ = Describe("Gateway provisioner", func() { }, } - gateway, ok := f.CreateGatewayAndWaitFor(gateway, func(gw *gatewayapi_v1beta1.Gateway) bool { + gateway, ok := f.CreateGatewayAndWaitFor(gateway, func(gw *gatewayapi_v1.Gateway) bool { return e2e.GatewayProgrammed(gw) && e2e.GatewayHasAddress(gw) }) require.True(f.T(), ok, fmt.Sprintf("gateway is %v", gateway)) @@ -624,19 +623,19 @@ var _ = Describe("Gateway provisioner", func() { for _, t := range testcases { f.Fixtures.Echo.Deploy(t.namespace, "echo") - route := &gatewayapi_v1beta1.HTTPRoute{ + route := &gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: t.namespace, Name: "httproute-1", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - Hostnames: []gatewayapi_v1beta1.Hostname{"provisioner.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ + Spec: gatewayapi_v1.HTTPRouteSpec{ + Hostnames: []gatewayapi_v1.Hostname{"provisioner.projectcontour.io"}, + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ gatewayapi.GatewayParentRef("", gateway.Name), }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { Matches: gatewayapi.HTTPRouteMatch(gatewayapi_v1.PathMatchPathPrefix, "/prefix"), BackendRefs: gatewayapi.HTTPBackendRef("echo", 80, 1), @@ -649,7 +648,7 @@ var _ = Describe("Gateway provisioner", func() { // set route's parentRef's namespace to the gateway's namespace route.Spec.CommonRouteSpec.ParentRefs[0].Namespace = (*gatewayapi_v1.Namespace)(&namespace) // set the route's hostnames to custom name with namespace inside - route.Spec.Hostnames = []gatewayapi_v1beta1.Hostname{gatewayapi_v1beta1.Hostname("provisioner.projectcontour.io." + t.namespace)} + route.Spec.Hostnames = []gatewayapi_v1.Hostname{gatewayapi_v1.Hostname("provisioner.projectcontour.io." + t.namespace)} By(fmt.Sprintf("Expect namespace %s to be watched by contour", t.namespace)) hr, ok := f.CreateHTTPRouteAndWaitFor(route, e2e.HTTPRouteAccepted) @@ -675,7 +674,7 @@ var _ = Describe("Gateway provisioner", func() { By(fmt.Sprintf("Expect httproute under namespace %s is not accepted for a period of time", t.namespace)) require.Never(f.T(), func() bool { - hr = &gatewayapi_v1beta1.HTTPRoute{} + hr = &gatewayapi_v1.HTTPRoute{} if err := f.Client.Get(context.Background(), k8s.NamespacedNameOf(hr), hr); err != nil { return false } @@ -689,16 +688,16 @@ var _ = Describe("Gateway provisioner", func() { objectTestName := "contour-params-with-disabled-features" BeforeEach(func() { By("create gatewayclass that reference contourDeployment with disabled-features value") - gatewayClass := &gatewayapi_v1beta1.GatewayClass{ + gatewayClass := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: objectTestName, }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController("projectcontour.io/gateway-controller"), - ParametersRef: &gatewayapi_v1beta1.ParametersReference{ + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController("projectcontour.io/gateway-controller"), + ParametersRef: &gatewayapi_v1.ParametersReference{ Group: "projectcontour.io", Kind: "ContourDeployment", - Namespace: ref.To(gatewayapi_v1beta1.Namespace(namespace)), + Namespace: ref.To(gatewayapi_v1.Namespace(namespace)), Name: objectTestName, }, }, @@ -723,7 +722,7 @@ var _ = Describe("Gateway provisioner", func() { // Now the GatewayClass should be accepted. require.Eventually(f.T(), func() bool { - gc := &gatewayapi_v1beta1.GatewayClass{} + gc := &gatewayapi_v1.GatewayClass{} if err := f.Client.Get(context.Background(), k8s.NamespacedNameOf(gatewayClass), gc); err != nil { return false } @@ -732,7 +731,7 @@ var _ = Describe("Gateway provisioner", func() { }, time.Minute, time.Second) }) AfterEach(func() { - require.NoError(f.T(), f.DeleteGatewayClass(&gatewayapi_v1beta1.GatewayClass{ + require.NoError(f.T(), f.DeleteGatewayClass(&gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: objectTestName, }, @@ -740,23 +739,23 @@ var _ = Describe("Gateway provisioner", func() { }) Specify("A gateway can be provisioned that ignore CRDs in disabledFeatures", func() { By("Deploy gateway that referencing above gatewayclass") - gateway := &gatewayapi_v1beta1.Gateway{ + gateway := &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Name: "tlsroute", Namespace: namespace, }, - Spec: gatewayapi_v1beta1.GatewaySpec{ - GatewayClassName: gatewayapi_v1beta1.ObjectName(objectTestName), - Listeners: []gatewayapi_v1beta1.Listener{ + Spec: gatewayapi_v1.GatewaySpec{ + GatewayClassName: gatewayapi_v1.ObjectName(objectTestName), + Listeners: []gatewayapi_v1.Listener{ { Name: "https", Protocol: gatewayapi_v1.TLSProtocolType, - Port: gatewayapi_v1beta1.PortNumber(443), - TLS: &gatewayapi_v1beta1.GatewayTLSConfig{ + Port: gatewayapi_v1.PortNumber(443), + TLS: &gatewayapi_v1.GatewayTLSConfig{ Mode: ptr.To(gatewayapi_v1.TLSModePassthrough), }, - AllowedRoutes: &gatewayapi_v1beta1.AllowedRoutes{ - Namespaces: &gatewayapi_v1beta1.RouteNamespaces{ + AllowedRoutes: &gatewayapi_v1.AllowedRoutes{ + Namespaces: &gatewayapi_v1.RouteNamespaces{ From: ref.To(gatewayapi_v1.NamespacesFromSame), }, }, @@ -765,7 +764,7 @@ var _ = Describe("Gateway provisioner", func() { }, } - gateway, ok := f.CreateGatewayAndWaitFor(gateway, func(gw *gatewayapi_v1beta1.Gateway) bool { + gateway, ok := f.CreateGatewayAndWaitFor(gateway, func(gw *gatewayapi_v1.Gateway) bool { return e2e.GatewayProgrammed(gw) && e2e.GatewayHasAddress(gw) }) require.True(f.T(), ok, fmt.Sprintf("gateway is %v", gateway)) @@ -779,7 +778,7 @@ var _ = Describe("Gateway provisioner", func() { }, Spec: gatewayapi_v1alpha2.TLSRouteSpec{ Hostnames: []gatewayapi_v1alpha2.Hostname{"provisioner.projectcontour.io"}, - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ ParentRefs: []gatewayapi_v1alpha2.ParentReference{ { Namespace: ref.To(gatewayapi_v1alpha2.Namespace(gateway.Namespace)), diff --git a/test/e2e/upgrade/upgrade_test.go b/test/e2e/upgrade/upgrade_test.go index ab444444407..7088743c5df 100644 --- a/test/e2e/upgrade/upgrade_test.go +++ b/test/e2e/upgrade/upgrade_test.go @@ -31,7 +31,6 @@ import ( meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" "sigs.k8s.io/controller-runtime/pkg/client" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" "github.com/projectcontour/contour/internal/k8s" @@ -148,12 +147,12 @@ var _ = Describe("When upgrading", func() { Eventually(sess, f.RetryTimeout, f.RetryInterval).Should(gexec.Exit(0)) - gc, ok := f.CreateGatewayClassAndWaitFor(&gatewayapi_v1beta1.GatewayClass{ + gc, ok := f.CreateGatewayClassAndWaitFor(&gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: gatewayClassName, }, - Spec: gatewayapi_v1beta1.GatewayClassSpec{ - ControllerName: gatewayapi_v1beta1.GatewayController("projectcontour.io/gateway-controller"), + Spec: gatewayapi_v1.GatewayClassSpec{ + ControllerName: gatewayapi_v1.GatewayController("projectcontour.io/gateway-controller"), }, }, e2e.GatewayClassAccepted) @@ -164,7 +163,7 @@ var _ = Describe("When upgrading", func() { AfterEach(func() { require.NoError(f.T(), f.Provisioner.DeleteResourcesForInclusterProvisioner()) - gc := &gatewayapi_v1beta1.GatewayClass{ + gc := &gatewayapi_v1.GatewayClass{ ObjectMeta: meta_v1.ObjectMeta{ Name: gatewayClassName, }, @@ -179,23 +178,23 @@ var _ = Describe("When upgrading", func() { appHost := "upgrade.provisioner.projectcontour.io" - gateway, ok := f.CreateGatewayAndWaitFor(&gatewayapi_v1beta1.Gateway{ + gateway, ok := f.CreateGatewayAndWaitFor(&gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "upgrade-gateway", }, - Spec: gatewayapi_v1beta1.GatewaySpec{ + Spec: gatewayapi_v1.GatewaySpec{ GatewayClassName: gatewayClassName, - Listeners: []gatewayapi_v1beta1.Listener{ + Listeners: []gatewayapi_v1.Listener{ { Name: "http", - Port: gatewayapi_v1beta1.PortNumber(80), + Port: gatewayapi_v1.PortNumber(80), Protocol: gatewayapi_v1.HTTPProtocolType, - Hostname: ref.To(gatewayapi_v1beta1.Hostname(appHost)), + Hostname: ref.To(gatewayapi_v1.Hostname(appHost)), }, }, }, - }, func(gw *gatewayapi_v1beta1.Gateway) bool { + }, func(gw *gatewayapi_v1.Gateway) bool { return e2e.GatewayProgrammed(gw) && e2e.GatewayHasAddress(gw) }) require.True(t, ok) @@ -205,34 +204,34 @@ var _ = Describe("When upgrading", func() { f.Fixtures.Echo.DeployN(namespace, "echo", 2) - f.CreateHTTPRouteAndWaitFor(&gatewayapi_v1beta1.HTTPRoute{ + f.CreateHTTPRouteAndWaitFor(&gatewayapi_v1.HTTPRoute{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: namespace, Name: "echo", }, - Spec: gatewayapi_v1beta1.HTTPRouteSpec{ - CommonRouteSpec: gatewayapi_v1beta1.CommonRouteSpec{ - ParentRefs: []gatewayapi_v1beta1.ParentReference{ - {Name: gatewayapi_v1beta1.ObjectName(gateway.Name)}, + Spec: gatewayapi_v1.HTTPRouteSpec{ + CommonRouteSpec: gatewayapi_v1.CommonRouteSpec{ + ParentRefs: []gatewayapi_v1.ParentReference{ + {Name: gatewayapi_v1.ObjectName(gateway.Name)}, }, }, - Rules: []gatewayapi_v1beta1.HTTPRouteRule{ + Rules: []gatewayapi_v1.HTTPRouteRule{ { - BackendRefs: []gatewayapi_v1beta1.HTTPBackendRef{ + BackendRefs: []gatewayapi_v1.HTTPBackendRef{ { - BackendRef: gatewayapi_v1beta1.BackendRef{ - BackendObjectReference: gatewayapi_v1beta1.BackendObjectReference{ - Name: gatewayapi_v1beta1.ObjectName("echo"), - Port: ref.To(gatewayapi_v1beta1.PortNumber(80)), + BackendRef: gatewayapi_v1.BackendRef{ + BackendObjectReference: gatewayapi_v1.BackendObjectReference{ + Name: gatewayapi_v1.ObjectName("echo"), + Port: ref.To(gatewayapi_v1.PortNumber(80)), }, }, }, }, - Filters: []gatewayapi_v1beta1.HTTPRouteFilter{ + Filters: []gatewayapi_v1.HTTPRouteFilter{ { Type: gatewayapi_v1.HTTPRouteFilterResponseHeaderModifier, - ResponseHeaderModifier: &gatewayapi_v1beta1.HTTPHeaderFilter{ - Set: []gatewayapi_v1beta1.HTTPHeader{ + ResponseHeaderModifier: &gatewayapi_v1.HTTPHeaderFilter{ + Set: []gatewayapi_v1.HTTPHeader{ { Name: gatewayapi_v1.HTTPHeaderName("X-Envoy-Response-Flags"), Value: "%RESPONSE_FLAGS%", From 50cb83371c07564d298af53b11bfa3c84e5e6f43 Mon Sep 17 00:00:00 2001 From: Sunjay Bhatia <5337253+sunjayBhatia@users.noreply.github.com> Date: Tue, 13 Feb 2024 12:00:25 -0500 Subject: [PATCH 27/83] Patch release 1.28.1 changelog/site updates (#6190) * changelog * compat matrix * versions Signed-off-by: Sunjay Bhatia --- changelogs/CHANGELOG-v1.28.1.md | 24 +++++++++++++++++++ .../unreleased/6185-sunjayBhatia-small.md | 2 +- .../content/resources/compatibility-matrix.md | 1 + versions.yaml | 12 +++++++++- 4 files changed, 37 insertions(+), 2 deletions(-) create mode 100644 changelogs/CHANGELOG-v1.28.1.md diff --git a/changelogs/CHANGELOG-v1.28.1.md b/changelogs/CHANGELOG-v1.28.1.md new file mode 100644 index 00000000000..b0127057d48 --- /dev/null +++ b/changelogs/CHANGELOG-v1.28.1.md @@ -0,0 +1,24 @@ +We are delighted to present version v1.28.1 of Contour, our layer 7 HTTP reverse proxy for Kubernetes clusters. + +- [All Changes](#all-changes) +- [Installing/Upgrading](#installing-and-upgrading) +- [Compatible Kubernetes Versions](#compatible-kubernetes-versions) + +# All Changes + +- Fix data race in BackendTLSPolicy status update logic. + +# Installing and Upgrading + +For a fresh install of Contour, consult the [getting started documentation](https://projectcontour.io/getting-started/). + +To upgrade an existing Contour installation, please consult the [upgrade documentation](https://projectcontour.io/resources/upgrading/). + + +# Compatible Kubernetes Versions + +Contour v1.28.1 is tested against Kubernetes 1.27 through 1.29. + + +# Are you a Contour user? We would love to know! +If you're using Contour and want to add your organization to our adopters list, please visit this [page](https://projectcontour.io/resources/adopters/). If you prefer to keep your organization name anonymous but still give us feedback into your usage and scenarios for Contour, please post on this [GitHub thread](https://github.com/projectcontour/contour/issues/1269). diff --git a/changelogs/unreleased/6185-sunjayBhatia-small.md b/changelogs/unreleased/6185-sunjayBhatia-small.md index 5a566ce3562..ef1bb0a8169 100644 --- a/changelogs/unreleased/6185-sunjayBhatia-small.md +++ b/changelogs/unreleased/6185-sunjayBhatia-small.md @@ -1 +1 @@ -Fix data race in BackendTlSPolicy status update logic. +Fix data race in BackendTLSPolicy status update logic. diff --git a/site/content/resources/compatibility-matrix.md b/site/content/resources/compatibility-matrix.md index b3a8c43f71c..c00f4f0b41f 100644 --- a/site/content/resources/compatibility-matrix.md +++ b/site/content/resources/compatibility-matrix.md @@ -11,6 +11,7 @@ These combinations of versions are specifically tested in CI and supported by th | Contour Version | Envoy Version | Kubernetes Versions | Gateway API Version | | --------------- | :------------------- | ------------------- | --------------------| | main | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | +| 1.28.1 | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.28.0 | [1.29.1][46] | 1.29, 1.28, 1.27 | [1.0.0][110] | | 1.27.1 | [1.28.1][47] | 1.28, 1.27, 1.26 | [0.8.1][109] | | 1.27.0 | [1.28.0][45] | 1.28, 1.27, 1.26 | [0.8.1][109] | diff --git a/versions.yaml b/versions.yaml index 396e5497028..8c6b3f58e95 100644 --- a/versions.yaml +++ b/versions.yaml @@ -14,7 +14,7 @@ versions: - "1.27" gateway-api: - "1.0.0" - - version: v1.28.0 + - version: v1.28.1 supported: "true" dependencies: envoy: "1.29.1" @@ -24,6 +24,16 @@ versions: - "1.27" gateway-api: - "1.0.0" + - version: v1.28.0 + supported: "false" + dependencies: + envoy: "1.29.1" + kubernetes: + - "1.29" + - "1.28" + - "1.27" + gateway-api: + - "1.0.0" - version: v1.27.1 supported: "true" dependencies: From 5763f7f53c8b9157bb0a70aa005256fbf6a34c82 Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Tue, 13 Feb 2024 11:17:10 -0700 Subject: [PATCH 28/83] add locally-built contour to .gitignore (#6191) Signed-off-by: Steve Kriss --- .gitignore | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 67eadd05f1c..34f97c46c30 100644 --- a/.gitignore +++ b/.gitignore @@ -3,10 +3,8 @@ vendor/ .vs/ .idea/ -# TODO(youngnick): Move these out of the repo root. -localenvoyconfig.yaml -securelocalenvoyconfig.yaml ./certs/ +/contour # Netlify stuff .vagrant From 1cc89d0bfb9df39814434a7f2035e147202a918b Mon Sep 17 00:00:00 2001 From: Steve Kriss Date: Tue, 13 Feb 2024 12:02:18 -0700 Subject: [PATCH 29/83] Gateway API: remove gateway controller name config option (#6145) Closes #5923. Signed-off-by: Steve Kriss --- .github/workflows/build_daily.yaml | 37 -- .mockery.yaml | 5 - apis/projectcontour/v1alpha1/contourconfig.go | 20 +- .../v1alpha1/contourconfig_helpers.go | 14 +- .../v1alpha1/contourconfig_helpers_test.go | 12 +- .../v1alpha1/zz_generated.deepcopy.go | 6 +- .../unreleased/6145-skriss-deprecation.md | 4 + cmd/contour/ingressstatus.go | 30 +- cmd/contour/serve.go | 170 ++------ cmd/contour/serve_test.go | 2 +- cmd/contour/servecontext.go | 9 +- cmd/contour/servecontext_test.go | 20 +- examples/contour/01-contour-config.yaml | 3 +- examples/contour/01-crds.yaml | 36 +- ...gatewayclass.yaml => 01-gatewayclass.yaml} | 0 .../{04-gateway.yaml => 02-gateway.yaml} | 0 examples/gateway/03-contour-config.yaml | 12 + examples/render/contour-deployment.yaml | 39 +- .../render/contour-gateway-provisioner.yaml | 36 +- examples/render/contour-gateway.yaml | 241 ++--------- examples/render/contour.yaml | 39 +- hack/generate-gateway-deployment.sh | 11 +- .../contourconfiguration_test.go | 3 +- internal/controller/backendtlspolicy.go | 75 ---- internal/controller/controller.go | 30 -- internal/controller/controller_test.go | 77 ---- internal/controller/gateway.go | 343 ---------------- internal/controller/gatewayclass.go | 250 ------------ internal/controller/grpcroute.go | 75 ---- internal/controller/httproute.go | 75 ---- internal/controller/mocks/manager.go | 379 ------------------ internal/controller/tcproute.go | 75 ---- internal/controller/tlsroute.go | 75 ---- internal/k8s/statusaddress.go | 43 +- internal/k8s/statusaddress_test.go | 139 +------ .../provisioner/controller/gateway_test.go | 9 +- .../objects/contourconfig/contourconfig.go | 2 +- .../contourconfig/contourconfig_test.go | 14 +- pkg/config/parameters.go | 32 +- pkg/config/parameters_test.go | 12 +- .../docs/main/config/api-reference.html | 26 +- site/content/docs/main/config/gateway-api.md | 4 +- site/content/docs/main/configuration.md | 6 +- site/content/docs/main/guides/gateway-api.md | 6 +- site/content/guides/gateway-api.md | 10 +- test/e2e/gateway/gateway_test.go | 47 +-- .../multiple_gateways_and_classes_test.go | 370 ----------------- 47 files changed, 234 insertions(+), 2689 deletions(-) create mode 100644 changelogs/unreleased/6145-skriss-deprecation.md rename examples/gateway/{03-gatewayclass.yaml => 01-gatewayclass.yaml} (100%) rename examples/gateway/{04-gateway.yaml => 02-gateway.yaml} (100%) create mode 100644 examples/gateway/03-contour-config.yaml delete mode 100644 internal/controller/backendtlspolicy.go delete mode 100644 internal/controller/controller.go delete mode 100644 internal/controller/controller_test.go delete mode 100644 internal/controller/gateway.go delete mode 100644 internal/controller/gatewayclass.go delete mode 100644 internal/controller/grpcroute.go delete mode 100644 internal/controller/httproute.go delete mode 100644 internal/controller/mocks/manager.go delete mode 100644 internal/controller/tcproute.go delete mode 100644 internal/controller/tlsroute.go delete mode 100644 test/e2e/gateway/multiple_gateways_and_classes_test.go diff --git a/.github/workflows/build_daily.yaml b/.github/workflows/build_daily.yaml index 51e0243a0d6..630ca6df47b 100644 --- a/.github/workflows/build_daily.yaml +++ b/.github/workflows/build_daily.yaml @@ -88,43 +88,6 @@ jobs: steps: ${{ toJson(steps) }} channel: '#contour-ci-notifications' if: ${{ failure() && github.ref == 'refs/heads/main' }} - e2e-gateway-reconcile-controller: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - with: - persist-credentials: false - - uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 # v4.0.0 - with: - # * Module download cache - # * Build cache (Linux) - path: | - ~/go/pkg/mod - ~/.cache/go-build - key: ${{ runner.os }}-${{ github.job }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-${{ github.job }}-go- - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: ${{ env.GO_VERSION }} - cache: false - - name: add deps to path - run: | - ./hack/actions/install-kubernetes-toolchain.sh $GITHUB_WORKSPACE/bin - echo "$GITHUB_WORKSPACE/bin" >> $GITHUB_PATH - - name: e2e tests - env: - CONTOUR_E2E_IMAGE: ghcr.io/projectcontour/contour:main - CONTOUR_E2E_PACKAGE_FOCUS: ./test/e2e/gateway - CONTOUR_E2E_GATEWAY_RECONCILE_MODE: controller - run: | - make setup-kind-cluster run-e2e cleanup-kind - - uses: act10ns/slack@ed1309ab9862e57e9e583e51c7889486b9a00b0f # v2.0.0 - with: - status: ${{ job.status }} - steps: ${{ toJson(steps) }} - channel: '#contour-ci-notifications' - if: ${{ failure() && github.ref == 'refs/heads/main' }} e2e-ipv6: runs-on: ubuntu-latest steps: diff --git a/.mockery.yaml b/.mockery.yaml index 982d25ec923..6aaf094048d 100644 --- a/.mockery.yaml +++ b/.mockery.yaml @@ -5,11 +5,6 @@ outpkg: "mocks" dir: '{{trimPrefix .PackagePath "github.com/projectcontour/contour/" }}/mocks' disable-version-string: True packages: - sigs.k8s.io/controller-runtime/pkg/manager: - config: - dir: "internal/controller/mocks" - interfaces: - Manager: github.com/projectcontour/contour/internal/debug: interfaces: DagBuilder: diff --git a/apis/projectcontour/v1alpha1/contourconfig.go b/apis/projectcontour/v1alpha1/contourconfig.go index ff2d73c4590..f7b896bc693 100644 --- a/apis/projectcontour/v1alpha1/contourconfig.go +++ b/apis/projectcontour/v1alpha1/contourconfig.go @@ -154,23 +154,9 @@ type XDSServerConfig struct { // GatewayConfig holds the config for Gateway API controllers. type GatewayConfig struct { - // ControllerName is used to determine whether Contour should reconcile a - // GatewayClass. The string takes the form of "projectcontour.io//contour". - // If unset, the gatewayclass controller will not be started. - // Exactly one of ControllerName or GatewayRef must be set. - // - // Deprecated: users should use GatewayRef, or the Gateway provisioner, - // in place of this field. This field will be removed in a future release. - // +optional - ControllerName string `json:"controllerName,omitempty"` - - // GatewayRef defines a specific Gateway that this Contour - // instance corresponds to. If set, Contour will reconcile - // only this gateway, and will not reconcile any gateway - // classes. - // Exactly one of ControllerName or GatewayRef must be set. - // +optional - GatewayRef *NamespacedName `json:"gatewayRef,omitempty"` + // GatewayRef defines the specific Gateway that this Contour + // instance corresponds to. + GatewayRef NamespacedName `json:"gatewayRef"` } // TLS holds TLS file config details. diff --git a/apis/projectcontour/v1alpha1/contourconfig_helpers.go b/apis/projectcontour/v1alpha1/contourconfig_helpers.go index 0af381adfbc..babadc5bc09 100644 --- a/apis/projectcontour/v1alpha1/contourconfig_helpers.go +++ b/apis/projectcontour/v1alpha1/contourconfig_helpers.go @@ -238,18 +238,10 @@ func (f FeatureFlags) IsEndpointSliceEnabled() bool { return slices.Contains(f, featureFlagUseEndpointSlices) } -// Validate ensures that exactly one of ControllerName or GatewayRef are specified. +// Validate ensures that GatewayRef namespace/name is specified. func (g *GatewayConfig) Validate() error { - if g == nil { - return nil - } - - if len(g.ControllerName) > 0 && g.GatewayRef != nil { - return fmt.Errorf("invalid gateway configuration: exactly one of controller name or gateway ref must be specified") - } - - if len(g.ControllerName) == 0 && g.GatewayRef == nil { - return fmt.Errorf("invalid gateway configuration: exactly one of controller name or gateway ref must be specified") + if g != nil && (g.GatewayRef.Namespace == "" || g.GatewayRef.Name == "") { + return fmt.Errorf("invalid gateway configuration: gateway ref namespace and name must be specified") } return nil diff --git a/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go b/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go index d0ea033aea3..c9b7279c2f6 100644 --- a/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go +++ b/apis/projectcontour/v1alpha1/contourconfig_helpers_test.go @@ -168,15 +168,15 @@ func TestContourConfigurationSpecValidate(t *testing.T) { Gateway: &contour_v1alpha1.GatewayConfig{}, } - c.Gateway.ControllerName = "foo" + c.Gateway.GatewayRef = contour_v1alpha1.NamespacedName{Namespace: "ns", Name: "name"} require.NoError(t, c.Validate()) - c.Gateway.ControllerName = "" - c.Gateway.GatewayRef = &contour_v1alpha1.NamespacedName{Namespace: "ns", Name: "name"} - require.NoError(t, c.Validate()) + // empty namespace is not allowed + c.Gateway.GatewayRef = contour_v1alpha1.NamespacedName{Name: "name"} + require.Error(t, c.Validate()) - c.Gateway.ControllerName = "foo" - c.Gateway.GatewayRef = &contour_v1alpha1.NamespacedName{Namespace: "ns", Name: "name"} + // empty name is not allowed + c.Gateway.GatewayRef = contour_v1alpha1.NamespacedName{Namespace: "ns"} require.Error(t, c.Validate()) }) diff --git a/apis/projectcontour/v1alpha1/zz_generated.deepcopy.go b/apis/projectcontour/v1alpha1/zz_generated.deepcopy.go index 9e64b85c778..eaa1576bfce 100644 --- a/apis/projectcontour/v1alpha1/zz_generated.deepcopy.go +++ b/apis/projectcontour/v1alpha1/zz_generated.deepcopy.go @@ -884,11 +884,7 @@ func (in FeatureFlags) DeepCopy() FeatureFlags { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GatewayConfig) DeepCopyInto(out *GatewayConfig) { *out = *in - if in.GatewayRef != nil { - in, out := &in.GatewayRef, &out.GatewayRef - *out = new(NamespacedName) - **out = **in - } + out.GatewayRef = in.GatewayRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GatewayConfig. diff --git a/changelogs/unreleased/6145-skriss-deprecation.md b/changelogs/unreleased/6145-skriss-deprecation.md new file mode 100644 index 00000000000..168e7666284 --- /dev/null +++ b/changelogs/unreleased/6145-skriss-deprecation.md @@ -0,0 +1,4 @@ +## Configuring Contour with a GatewayClass controller name is no longer supported + +Contour can no longer be configured with a GatewayClass controller name (gateway.controllerName in the config file or ContourConfiguration CRD), as the config field has been removed. +Instead, either use a specific Gateway reference (gateway.gatewayRef), or use the Gateway provisioner. diff --git a/cmd/contour/ingressstatus.go b/cmd/contour/ingressstatus.go index 2204f4c2a22..975fc047181 100644 --- a/cmd/contour/ingressstatus.go +++ b/cmd/contour/ingressstatus.go @@ -49,13 +49,12 @@ import ( // 5. If the worker is stopped, the informer continues but no further // status updates are made. type loadBalancerStatusWriter struct { - log logrus.FieldLogger - cache cache.Cache - lbStatus chan core_v1.LoadBalancerStatus - statusUpdater k8s.StatusUpdater - ingressClassNames []string - gatewayControllerName string - gatewayRef *types.NamespacedName + log logrus.FieldLogger + cache cache.Cache + lbStatus chan core_v1.LoadBalancerStatus + statusUpdater k8s.StatusUpdater + ingressClassNames []string + gatewayRef *types.NamespacedName } func (isw *loadBalancerStatusWriter) NeedLeaderElection() bool { @@ -73,11 +72,10 @@ func (isw *loadBalancerStatusWriter) Start(ctx context.Context) error { return log }(), - Cache: isw.cache, - IngressClassNames: isw.ingressClassNames, - GatewayControllerName: isw.gatewayControllerName, - GatewayRef: isw.gatewayRef, - StatusUpdater: isw.statusUpdater, + Cache: isw.cache, + IngressClassNames: isw.ingressClassNames, + GatewayRef: isw.gatewayRef, + StatusUpdater: isw.statusUpdater, } // Create informers for the types that need load balancer @@ -88,9 +86,9 @@ func (isw *loadBalancerStatusWriter) Start(ctx context.Context) error { &networking_v1.Ingress{}, } - // Only create Gateway informer if a controller or specific gateway was provided, + // Only create Gateway informer if a gateway was provided, // otherwise the API may not exist in the cluster. - if len(isw.gatewayControllerName) > 0 || isw.gatewayRef != nil { + if isw.gatewayRef != nil { resources = append(resources, &gatewayapi_v1.Gateway{}) } @@ -139,9 +137,9 @@ func (isw *loadBalancerStatusWriter) Start(ctx context.Context) error { } } - // Only list Gateways if a controller or specific gateway was configured, + // Only list Gateways if a gateway was configured, // otherwise the API may not exist in the cluster. - if len(isw.gatewayControllerName) > 0 || isw.gatewayRef != nil { + if isw.gatewayRef != nil { var gatewayList gatewayapi_v1.GatewayList if err := isw.cache.List(context.Background(), &gatewayList); err != nil { isw.log.WithError(err).WithField("kind", "Gateway").Error("failed to list objects") diff --git a/cmd/contour/serve.go b/cmd/contour/serve.go index 1b6142f32f5..4d5bb85ea66 100644 --- a/cmd/contour/serve.go +++ b/cmd/contour/serve.go @@ -43,6 +43,7 @@ import ( controller_runtime_metrics "sigs.k8s.io/controller-runtime/pkg/metrics" controller_runtime_metrics_server "sigs.k8s.io/controller-runtime/pkg/metrics/server" gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" + gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gatewayapi_v1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" contour_v1 "github.com/projectcontour/contour/apis/projectcontour/v1" @@ -50,7 +51,6 @@ import ( "github.com/projectcontour/contour/internal/annotation" "github.com/projectcontour/contour/internal/contour" "github.com/projectcontour/contour/internal/contourconfig" - "github.com/projectcontour/contour/internal/controller" "github.com/projectcontour/contour/internal/dag" "github.com/projectcontour/contour/internal/debug" envoy_v3 "github.com/projectcontour/contour/internal/envoy/v3" @@ -547,29 +547,18 @@ func (s *Server) doServe() error { return err } - var gatewayControllerName string var gatewayRef *types.NamespacedName if contourConfiguration.Gateway != nil { - // nolint:staticcheck - gatewayControllerName = contourConfiguration.Gateway.ControllerName - - if len(gatewayControllerName) > 0 { - s.log.Warnf("DEPRECATED: gateway.controllerName is deprecated and will be removed in a future release. Use gateway.gatewayRef or the Gateway provisioner instead.") - } - - if contourConfiguration.Gateway.GatewayRef != nil { - gatewayRef = &types.NamespacedName{ - Namespace: contourConfiguration.Gateway.GatewayRef.Namespace, - Name: contourConfiguration.Gateway.GatewayRef.Name, - } + gatewayRef = &types.NamespacedName{ + Namespace: contourConfiguration.Gateway.GatewayRef.Namespace, + Name: contourConfiguration.Gateway.GatewayRef.Name, } } builder := s.getDAGBuilder(dagBuilderConfig{ ingressClassNames: ingressClassNames, rootNamespaces: contourConfiguration.HTTPProxy.RootNamespaces, - gatewayControllerName: gatewayControllerName, gatewayRef: gatewayRef, disablePermitInsecure: *contourConfiguration.HTTPProxy.DisablePermitInsecure, enableExternalNameService: *contourConfiguration.EnableExternalNameService, @@ -653,7 +642,7 @@ func (s *Server) doServe() error { } // Inform on Gateway API resources. - needsNotification := s.setupGatewayAPI(contourConfiguration, s.mgr, eventHandler, sh) + s.setupGatewayAPI(contourConfiguration, eventHandler) // Inform on secrets, filtering by root namespaces. var handler cache.ResourceEventHandler = eventHandler @@ -706,13 +695,12 @@ func (s *Server) doServe() error { // Set up ingress load balancer status writer. lbsw := &loadBalancerStatusWriter{ - log: s.log.WithField("context", "loadBalancerStatusWriter"), - cache: s.mgr.GetCache(), - lbStatus: make(chan core_v1.LoadBalancerStatus, 1), - ingressClassNames: ingressClassNames, - gatewayControllerName: gatewayControllerName, - gatewayRef: gatewayRef, - statusUpdater: sh.Writer(), + log: s.log.WithField("context", "loadBalancerStatusWriter"), + cache: s.mgr.GetCache(), + lbStatus: make(chan core_v1.LoadBalancerStatus, 1), + ingressClassNames: ingressClassNames, + gatewayRef: gatewayRef, + statusUpdater: sh.Writer(), } if err := s.mgr.Add(lbsw); err != nil { return err @@ -756,10 +744,7 @@ func (s *Server) doServe() error { } notifier := &leadership.Notifier{ - ToNotify: append([]leadership.NeedLeaderElectionNotification{ - contourHandler, - observer, - }, needsNotification...), + ToNotify: []leadership.NeedLeaderElectionNotification{contourHandler, observer}, } if err := s.mgr.Add(notifier); err != nil { return err @@ -1027,126 +1012,43 @@ func (s *Server) setupHealth(healthConfig contour_v1alpha1.HealthConfig, return nil } -func (s *Server) setupGatewayAPI(contourConfiguration contour_v1alpha1.ContourConfigurationSpec, - mgr manager.Manager, eventHandler *contour.EventRecorder, sh *k8s.StatusUpdateHandler, -) []leadership.NeedLeaderElectionNotification { - needLeadershipNotification := []leadership.NeedLeaderElectionNotification{} - - // Check if GatewayAPI is configured. - // nolint:staticcheck - if contourConfiguration.Gateway != nil && (contourConfiguration.Gateway.GatewayRef != nil || len(contourConfiguration.Gateway.ControllerName) > 0) { - switch { - // If a specific gateway was specified, we don't need to run the - // GatewayClass and Gateway controllers to determine which gateway - // to process, we just need informers to get events. - case contourConfiguration.Gateway.GatewayRef != nil: - // Inform on GatewayClasses. - if err := s.informOnResource(&gatewayapi_v1.GatewayClass{}, eventHandler); err != nil { - s.log.WithError(err).WithField("resource", "gatewayclasses").Fatal("failed to create informer") - } - - // Inform on Gateways. - if err := s.informOnResource(&gatewayapi_v1.Gateway{}, eventHandler); err != nil { - s.log.WithError(err).WithField("resource", "gateways").Fatal("failed to create informer") - } - // Otherwise, run the GatewayClass and Gateway controllers to determine - // the appropriate gateway class and gateway to process. - default: - // Create and register the gatewayclass controller with the manager. - // nolint:staticcheck - gatewayClassControllerName := contourConfiguration.Gateway.ControllerName - gwClass, err := controller.RegisterGatewayClassController( - s.log.WithField("context", "gatewayclass-controller"), - mgr, - eventHandler, - sh.Writer(), - gatewayClassControllerName, - ) - if err != nil { - s.log.WithError(err).Fatal("failed to create gatewayclass-controller") - } - needLeadershipNotification = append(needLeadershipNotification, gwClass) - - // Create and register the NewGatewayController controller with the manager. - gw, err := controller.RegisterGatewayController( - s.log.WithField("context", "gateway-controller"), - mgr, - eventHandler, - sh.Writer(), - gatewayClassControllerName, - ) - if err != nil { - s.log.WithError(err).Fatal("failed to create gateway-controller") - } - needLeadershipNotification = append(needLeadershipNotification, gw) - } - - // Some features may be disabled. - features := map[string]struct{}{ - "tlsroutes": {}, - "grpcroutes": {}, - "tcproutes": {}, - "backendtlspolicies": {}, - } - for _, f := range s.ctx.disabledFeatures { - delete(features, f) - } - - // Create and register the HTTPRoute controller with the manager. - if err := controller.RegisterHTTPRouteController(s.log.WithField("context", "httproute-controller"), mgr, eventHandler); err != nil { - s.log.WithError(err).Fatal("failed to create httproute-controller") - } - - // Create and register the TLSRoute controller with the manager, if enabled. - if _, enabled := features["tlsroutes"]; enabled { - if err := controller.RegisterTLSRouteController(s.log.WithField("context", "tlsroute-controller"), mgr, eventHandler); err != nil { - s.log.WithError(err).Fatal("failed to create tlsroute-controller") - } +func (s *Server) setupGatewayAPI(contourConfiguration contour_v1alpha1.ContourConfigurationSpec, eventHandler *contour.EventRecorder) { + // Watch resources for Gateway API if enabled. + if contourConfiguration.Gateway != nil { + resources := map[string]client.Object{ + "gatewayclasses": &gatewayapi_v1.GatewayClass{}, + "gateways": &gatewayapi_v1.Gateway{}, + "httproutes": &gatewayapi_v1.HTTPRoute{}, + "referencegrants": &gatewayapi_v1beta1.ReferenceGrant{}, + "namespaces": &core_v1.Namespace{}, + "tlsroutes": &gatewayapi_v1alpha2.TLSRoute{}, + "grpcroutes": &gatewayapi_v1alpha2.GRPCRoute{}, + "tcproutes": &gatewayapi_v1alpha2.TCPRoute{}, + "backendtlspolicies": &gatewayapi_v1alpha2.BackendTLSPolicy{}, + "configmaps": &core_v1.ConfigMap{}, } - // Create and register the GRPCRoute controller with the manager, if enabled. - if _, enabled := features["grpcroutes"]; enabled { - if err := controller.RegisterGRPCRouteController(s.log.WithField("context", "grpcroute-controller"), mgr, eventHandler); err != nil { - s.log.WithError(err).Fatal("failed to create grpcroute-controller") - } - } + for _, disabled := range s.ctx.disabledFeatures { + delete(resources, disabled) - // Create and register the TCPRoute controller with the manager. - if _, enabled := features["tcproutes"]; enabled { - if err := controller.RegisterTCPRouteController(s.log.WithField("context", "tcproute-controller"), mgr, eventHandler); err != nil { - s.log.WithError(err).Fatal("failed to create tcproute-controller") + if disabled == "backendtlspolicies" { + // ConfigMaps are only watched because they're + // used by BackendTLSPolicies. + delete(resources, "configmaps") } } - // Create and register the BackendTLSPolicy controller with the manager. - if _, enabled := features["backendtlspolicies"]; enabled { - // Inform on ConfigMap if BackendTLSPolicy is enabled - if err := s.informOnResource(&core_v1.ConfigMap{}, eventHandler); err != nil { - s.log.WithError(err).WithField("resource", "configmaps").Fatal("failed to create informer") + for name, obj := range resources { + if err := s.informOnResource(obj, eventHandler); err != nil { + s.log.WithError(err).WithField("resource", name).Fatal("failed to create informer") } - - if err := controller.RegisterBackendTLSPolicyController(s.log.WithField("context", "backendtlspolicy-controller"), mgr, eventHandler); err != nil { - s.log.WithError(err).Fatal("failed to create backendtlspolicy-controller") - } - } - - // Inform on ReferenceGrants. - if err := s.informOnResource(&gatewayapi_v1beta1.ReferenceGrant{}, eventHandler); err != nil { - s.log.WithError(err).WithField("resource", "referencegrants").Fatal("failed to create informer") - } - - // Inform on Namespaces. - if err := s.informOnResource(&core_v1.Namespace{}, eventHandler); err != nil { - s.log.WithError(err).WithField("resource", "namespaces").Fatal("failed to create informer") } } - return needLeadershipNotification } type dagBuilderConfig struct { ingressClassNames []string rootNamespaces []string - gatewayControllerName string gatewayRef *types.NamespacedName disablePermitInsecure bool enableExternalNameService bool @@ -1266,7 +1168,7 @@ func (s *Server) getDAGBuilder(dbc dagBuilderConfig) *dag.Builder { }, } - if len(dbc.gatewayControllerName) > 0 || dbc.gatewayRef != nil { + if dbc.gatewayRef != nil { dagProcessors = append(dagProcessors, &dag.GatewayAPIProcessor{ EnableExternalNameService: dbc.enableExternalNameService, FieldLogger: s.log.WithField("context", "GatewayAPIProcessor"), diff --git a/cmd/contour/serve_test.go b/cmd/contour/serve_test.go index 13e6bd4d7b3..53113608ece 100644 --- a/cmd/contour/serve_test.go +++ b/cmd/contour/serve_test.go @@ -133,7 +133,7 @@ func TestGetDAGBuilder(t *testing.T) { log: logrus.StandardLogger(), } got := serve.getDAGBuilder(dagBuilderConfig{ - gatewayControllerName: "projectcontour.io/gateway-controller", + gatewayRef: &types.NamespacedName{Namespace: "projectcontour", Name: "contour"}, rootNamespaces: []string{}, dnsLookupFamily: contour_v1alpha1.AutoClusterDNSFamily, globalCircuitBreakerDefaults: &g, diff --git a/cmd/contour/servecontext.go b/cmd/contour/servecontext.go index d0c11af843b..3fccce59512 100644 --- a/cmd/contour/servecontext.go +++ b/cmd/contour/servecontext.go @@ -296,15 +296,10 @@ func (ctx *serveContext) convertToContourConfigurationSpec() contour_v1alpha1.Co var gatewayConfig *contour_v1alpha1.GatewayConfig if ctx.Config.GatewayConfig != nil { gatewayConfig = &contour_v1alpha1.GatewayConfig{ - // nolint:staticcheck - ControllerName: ctx.Config.GatewayConfig.ControllerName, - } - - if ctx.Config.GatewayConfig.GatewayRef != nil { - gatewayConfig.GatewayRef = &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: ctx.Config.GatewayConfig.GatewayRef.Namespace, Name: ctx.Config.GatewayConfig.GatewayRef.Name, - } + }, } } diff --git a/cmd/contour/servecontext_test.go b/cmd/contour/servecontext_test.go index af4c03f3ff3..67c1da51d94 100644 --- a/cmd/contour/servecontext_test.go +++ b/cmd/contour/servecontext_test.go @@ -563,24 +563,10 @@ func TestConvertServeContext(t *testing.T) { return cfg }, }, - "gatewayapi - controller": { + "gatewayapi": { getServeContext: func(ctx *serveContext) *serveContext { ctx.Config.GatewayConfig = &config.GatewayParameters{ - ControllerName: "projectcontour.io/gateway-controller", - } - return ctx - }, - getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { - cfg.Gateway = &contour_v1alpha1.GatewayConfig{ - ControllerName: "projectcontour.io/gateway-controller", - } - return cfg - }, - }, - "gatewayapi - specific gateway": { - getServeContext: func(ctx *serveContext) *serveContext { - ctx.Config.GatewayConfig = &config.GatewayParameters{ - GatewayRef: &config.NamespacedName{ + GatewayRef: config.NamespacedName{ Namespace: "gateway-namespace", Name: "gateway-name", }, @@ -589,7 +575,7 @@ func TestConvertServeContext(t *testing.T) { }, getContourConfiguration: func(cfg contour_v1alpha1.ContourConfigurationSpec) contour_v1alpha1.ContourConfigurationSpec { cfg.Gateway = &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: "gateway-namespace", Name: "gateway-name", }, diff --git a/examples/contour/01-contour-config.yaml b/examples/contour/01-contour-config.yaml index 59b89005e15..a2273e9f33a 100644 --- a/examples/contour/01-contour-config.yaml +++ b/examples/contour/01-contour-config.yaml @@ -13,7 +13,8 @@ data: # # Specify the Gateway API configuration. # gateway: - # controllerName: projectcontour.io/gateway-controller + # namespace: projectcontour + # name: contour # # should contour expect to be running inside a k8s cluster # incluster: true diff --git a/examples/contour/01-crds.yaml b/examples/contour/01-crds.yaml index 6695ac9b884..e722f3952f5 100644 --- a/examples/contour/01-crds.yaml +++ b/examples/contour/01-crds.yaml @@ -611,22 +611,10 @@ spec: Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic. properties: - controllerName: - description: |- - ControllerName is used to determine whether Contour should reconcile a - GatewayClass. The string takes the form of "projectcontour.io//contour". - If unset, the gatewayclass controller will not be started. - Exactly one of ControllerName or GatewayRef must be set. - Deprecated: users should use GatewayRef, or the Gateway provisioner, - in place of this field. This field will be removed in a future release. - type: string gatewayRef: description: |- - GatewayRef defines a specific Gateway that this Contour - instance corresponds to. If set, Contour will reconcile - only this gateway, and will not reconcile any gateway - classes. - Exactly one of ControllerName or GatewayRef must be set. + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. properties: name: type: string @@ -636,6 +624,8 @@ spec: - name - namespace type: object + required: + - gatewayRef type: object globalExtAuth: description: |- @@ -4306,22 +4296,10 @@ spec: Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic. properties: - controllerName: - description: |- - ControllerName is used to determine whether Contour should reconcile a - GatewayClass. The string takes the form of "projectcontour.io//contour". - If unset, the gatewayclass controller will not be started. - Exactly one of ControllerName or GatewayRef must be set. - Deprecated: users should use GatewayRef, or the Gateway provisioner, - in place of this field. This field will be removed in a future release. - type: string gatewayRef: description: |- - GatewayRef defines a specific Gateway that this Contour - instance corresponds to. If set, Contour will reconcile - only this gateway, and will not reconcile any gateway - classes. - Exactly one of ControllerName or GatewayRef must be set. + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. properties: name: type: string @@ -4331,6 +4309,8 @@ spec: - name - namespace type: object + required: + - gatewayRef type: object globalExtAuth: description: |- diff --git a/examples/gateway/03-gatewayclass.yaml b/examples/gateway/01-gatewayclass.yaml similarity index 100% rename from examples/gateway/03-gatewayclass.yaml rename to examples/gateway/01-gatewayclass.yaml diff --git a/examples/gateway/04-gateway.yaml b/examples/gateway/02-gateway.yaml similarity index 100% rename from examples/gateway/04-gateway.yaml rename to examples/gateway/02-gateway.yaml diff --git a/examples/gateway/03-contour-config.yaml b/examples/gateway/03-contour-config.yaml new file mode 100644 index 00000000000..996af388836 --- /dev/null +++ b/examples/gateway/03-contour-config.yaml @@ -0,0 +1,12 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: contour + namespace: projectcontour +data: + contour.yaml: | + gateway: + gatewayRef: + name: contour + namespace: projectcontour diff --git a/examples/render/contour-deployment.yaml b/examples/render/contour-deployment.yaml index 790f7744634..8e55222cf8b 100644 --- a/examples/render/contour-deployment.yaml +++ b/examples/render/contour-deployment.yaml @@ -46,7 +46,8 @@ data: # # Specify the Gateway API configuration. # gateway: - # controllerName: projectcontour.io/gateway-controller + # namespace: projectcontour + # name: contour # # should contour expect to be running inside a k8s cluster # incluster: true @@ -830,22 +831,10 @@ spec: Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic. properties: - controllerName: - description: |- - ControllerName is used to determine whether Contour should reconcile a - GatewayClass. The string takes the form of "projectcontour.io//contour". - If unset, the gatewayclass controller will not be started. - Exactly one of ControllerName or GatewayRef must be set. - Deprecated: users should use GatewayRef, or the Gateway provisioner, - in place of this field. This field will be removed in a future release. - type: string gatewayRef: description: |- - GatewayRef defines a specific Gateway that this Contour - instance corresponds to. If set, Contour will reconcile - only this gateway, and will not reconcile any gateway - classes. - Exactly one of ControllerName or GatewayRef must be set. + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. properties: name: type: string @@ -855,6 +844,8 @@ spec: - name - namespace type: object + required: + - gatewayRef type: object globalExtAuth: description: |- @@ -4525,22 +4516,10 @@ spec: Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic. properties: - controllerName: - description: |- - ControllerName is used to determine whether Contour should reconcile a - GatewayClass. The string takes the form of "projectcontour.io//contour". - If unset, the gatewayclass controller will not be started. - Exactly one of ControllerName or GatewayRef must be set. - Deprecated: users should use GatewayRef, or the Gateway provisioner, - in place of this field. This field will be removed in a future release. - type: string gatewayRef: description: |- - GatewayRef defines a specific Gateway that this Contour - instance corresponds to. If set, Contour will reconcile - only this gateway, and will not reconcile any gateway - classes. - Exactly one of ControllerName or GatewayRef must be set. + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. properties: name: type: string @@ -4550,6 +4529,8 @@ spec: - name - namespace type: object + required: + - gatewayRef type: object globalExtAuth: description: |- diff --git a/examples/render/contour-gateway-provisioner.yaml b/examples/render/contour-gateway-provisioner.yaml index 79a2d1a5830..46a3eea4987 100644 --- a/examples/render/contour-gateway-provisioner.yaml +++ b/examples/render/contour-gateway-provisioner.yaml @@ -622,22 +622,10 @@ spec: Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic. properties: - controllerName: - description: |- - ControllerName is used to determine whether Contour should reconcile a - GatewayClass. The string takes the form of "projectcontour.io//contour". - If unset, the gatewayclass controller will not be started. - Exactly one of ControllerName or GatewayRef must be set. - Deprecated: users should use GatewayRef, or the Gateway provisioner, - in place of this field. This field will be removed in a future release. - type: string gatewayRef: description: |- - GatewayRef defines a specific Gateway that this Contour - instance corresponds to. If set, Contour will reconcile - only this gateway, and will not reconcile any gateway - classes. - Exactly one of ControllerName or GatewayRef must be set. + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. properties: name: type: string @@ -647,6 +635,8 @@ spec: - name - namespace type: object + required: + - gatewayRef type: object globalExtAuth: description: |- @@ -4317,22 +4307,10 @@ spec: Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic. properties: - controllerName: - description: |- - ControllerName is used to determine whether Contour should reconcile a - GatewayClass. The string takes the form of "projectcontour.io//contour". - If unset, the gatewayclass controller will not be started. - Exactly one of ControllerName or GatewayRef must be set. - Deprecated: users should use GatewayRef, or the Gateway provisioner, - in place of this field. This field will be removed in a future release. - type: string gatewayRef: description: |- - GatewayRef defines a specific Gateway that this Contour - instance corresponds to. If set, Contour will reconcile - only this gateway, and will not reconcile any gateway - classes. - Exactly one of ControllerName or GatewayRef must be set. + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. properties: name: type: string @@ -4342,6 +4320,8 @@ spec: - name - namespace type: object + required: + - gatewayRef type: object globalExtAuth: description: |- diff --git a/examples/render/contour-gateway.yaml b/examples/render/contour-gateway.yaml index 48672da8e17..2489a481d34 100644 --- a/examples/render/contour-gateway.yaml +++ b/examples/render/contour-gateway.yaml @@ -3,7 +3,6 @@ # # Generated from: # examples/contour/00-common.yaml -# examples/contour/01-contour-config.yaml # examples/contour/01-crds.yaml # examples/contour/02-job-certgen.yaml # examples/contour/02-rbac.yaml @@ -13,8 +12,9 @@ # examples/contour/03-contour.yaml # examples/contour/03-envoy.yaml # examples/gateway/00-crds.yaml -# examples/gateway/03-gatewayclass.yaml -# examples/gateway/04-gateway.yaml +# examples/gateway/01-gatewayclass.yaml +# examples/gateway/02-gateway.yaml +# examples/gateway/03-contour-config.yaml --- apiVersion: v1 @@ -34,192 +34,6 @@ metadata: name: envoy namespace: projectcontour ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: contour - namespace: projectcontour -data: - contour.yaml: | - # - # server: - # determine which XDS Server implementation to utilize in Contour. - # xds-server-type: contour - # - # Specify the Gateway API configuration. - gateway: - controllerName: projectcontour.io/gateway-controller - # - # should contour expect to be running inside a k8s cluster - # incluster: true - # - # path to kubeconfig (if not running inside a k8s cluster) - # kubeconfig: /path/to/.kube/config - # - # Disable RFC-compliant behavior to strip "Content-Length" header if - # "Tranfer-Encoding: chunked" is also set. - # disableAllowChunkedLength: false - # - # Disable Envoy's non-standard merge_slashes path transformation option - # that strips duplicate slashes from request URLs. - # disableMergeSlashes: false - # - # Disable HTTPProxy permitInsecure field - disablePermitInsecure: false - tls: - # minimum TLS version that Contour will negotiate - # minimum-protocol-version: "1.2" - # TLS ciphers to be supported by Envoy TLS listeners when negotiating - # TLS 1.2. - # cipher-suites: - # - '[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]' - # - '[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]' - # - 'ECDHE-ECDSA-AES256-GCM-SHA384' - # - 'ECDHE-RSA-AES256-GCM-SHA384' - # Defines the Kubernetes name/namespace matching a secret to use - # as the fallback certificate when requests which don't match the - # SNI defined for a vhost. - fallback-certificate: - # name: fallback-secret-name - # namespace: projectcontour - envoy-client-certificate: - # name: envoy-client-cert-secret-name - # namespace: projectcontour - #### - # ExternalName Services are disabled by default due to CVE-2021-XXXXX - # You can re-enable them by setting this setting to `true`. - # This is not recommended without understanding the security implications. - # Please see the advisory at https://github.com/projectcontour/contour/security/advisories/GHSA-5ph6-qq5x-7jwc for the details. - # enableExternalNameService: false - ## - # Address to be placed in status.loadbalancer field of Ingress objects. - # May be either a literal IP address or a host name. - # The value will be placed directly into the relevant field inside the status.loadBalancer struct. - # ingress-status-address: local.projectcontour.io - ### Logging options - # Default setting - accesslog-format: envoy - # The default access log format is defined by Envoy but it can be customized by setting following variable. - # accesslog-format-string: "...\n" - # To enable JSON logging in Envoy - # accesslog-format: json - # accesslog-level: info - # The default fields that will be logged are specified below. - # To customise this list, just add or remove entries. - # The canonical list is available at - # https://godoc.org/github.com/projectcontour/contour/internal/envoy#JSONFields - # json-fields: - # - "@timestamp" - # - "authority" - # - "bytes_received" - # - "bytes_sent" - # - "downstream_local_address" - # - "downstream_remote_address" - # - "duration" - # - "method" - # - "path" - # - "protocol" - # - "request_id" - # - "requested_server_name" - # - "response_code" - # - "response_flags" - # - "uber_trace_id" - # - "upstream_cluster" - # - "upstream_host" - # - "upstream_local_address" - # - "upstream_service_time" - # - "user_agent" - # - "x_forwarded_for" - # - "grpc_status" - # - "grpc_status_number" - # - # default-http-versions: - # - "HTTP/2" - # - "HTTP/1.1" - # - # The following shows the default proxy timeout settings. - # timeouts: - # request-timeout: infinity - # connection-idle-timeout: 60s - # stream-idle-timeout: 5m - # max-connection-duration: infinity - # delayed-close-timeout: 1s - # connection-shutdown-grace-period: 5s - # connect-timeout: 2s - # - # Envoy cluster settings. - # cluster: - # configure the cluster dns lookup family - # valid options are: auto (default), v4, v6 - # dns-lookup-family: auto - # - # Envoy network settings. - # network: - # Configure the number of additional ingress proxy hops from the - # right side of the x-forwarded-for HTTP header to trust. - # num-trusted-hops: 0 - # Configure the port used to access the Envoy Admin interface. - # admin-port: 9001 - # - # Configure an optional global rate limit service. - # rateLimitService: - # Identifies the extension service defining the rate limit service, - # formatted as /. - # extensionService: projectcontour/ratelimit - # Defines the rate limit domain to pass to the rate limit service. - # Acts as a container for a set of rate limit definitions within - # the RLS. - # domain: contour - # Defines whether to allow requests to proceed when the rate limit - # service fails to respond with a valid rate limit decision within - # the timeout defined on the extension service. - # failOpen: false - # Defines whether to include the X-RateLimit headers X-RateLimit-Limit, - # X-RateLimit-Remaining, and X-RateLimit-Reset (as defined by the IETF - # Internet-Draft linked below), on responses to clients when the Rate - # Limit Service is consulted for a request. - # ref. https://tools.ietf.org/id/draft-polli-ratelimit-headers-03.html - # enableXRateLimitHeaders: false - # Defines whether to translate status code 429 to grpc code RESOURCE_EXHAUSTED - # instead of the default UNAVAILABLE - # enableResourceExhaustedCode: false - # - # Global Policy settings. - # policy: - # # Default headers to set on all requests (unless set/removed on the HTTPProxy object itself) - # request-headers: - # set: - # # example: the hostname of the Envoy instance that proxied the request - # X-Envoy-Hostname: %HOSTNAME% - # # example: add a l5d-dst-override header to instruct Linkerd what service the request is destined for - # l5d-dst-override: %CONTOUR_SERVICE_NAME%.%CONTOUR_NAMESPACE%.svc.cluster.local:%CONTOUR_SERVICE_PORT% - # # default headers to set on all responses (unless set/removed on the HTTPProxy object itself) - # response-headers: - # set: - # # example: Envoy flags that provide additional details about the response or connection - # X-Envoy-Response-Flags: %RESPONSE_FLAGS% - # - # metrics: - # contour: - # address: 0.0.0.0 - # port: 8000 - # server-certificate-path: /path/to/server-cert.pem - # server-key-path: /path/to/server-private-key.pem - # ca-certificate-path: /path/to/root-ca-for-client-validation.pem - # envoy: - # address: 0.0.0.0 - # port: 8002 - # server-certificate-path: /path/to/server-cert.pem - # server-key-path: /path/to/server-private-key.pem - # ca-certificate-path: /path/to/root-ca-for-client-validation.pem - # - # listener: - # connection-balancer: exact - # socket-options: - # tos: 64 - # traffic-class: 64 - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -833,22 +647,10 @@ spec: Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic. properties: - controllerName: - description: |- - ControllerName is used to determine whether Contour should reconcile a - GatewayClass. The string takes the form of "projectcontour.io//contour". - If unset, the gatewayclass controller will not be started. - Exactly one of ControllerName or GatewayRef must be set. - Deprecated: users should use GatewayRef, or the Gateway provisioner, - in place of this field. This field will be removed in a future release. - type: string gatewayRef: description: |- - GatewayRef defines a specific Gateway that this Contour - instance corresponds to. If set, Contour will reconcile - only this gateway, and will not reconcile any gateway - classes. - Exactly one of ControllerName or GatewayRef must be set. + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. properties: name: type: string @@ -858,6 +660,8 @@ spec: - name - namespace type: object + required: + - gatewayRef type: object globalExtAuth: description: |- @@ -4528,22 +4332,10 @@ spec: Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic. properties: - controllerName: - description: |- - ControllerName is used to determine whether Contour should reconcile a - GatewayClass. The string takes the form of "projectcontour.io//contour". - If unset, the gatewayclass controller will not be started. - Exactly one of ControllerName or GatewayRef must be set. - Deprecated: users should use GatewayRef, or the Gateway provisioner, - in place of this field. This field will be removed in a future release. - type: string gatewayRef: description: |- - GatewayRef defines a specific Gateway that this Contour - instance corresponds to. If set, Contour will reconcile - only this gateway, and will not reconcile any gateway - classes. - Exactly one of ControllerName or GatewayRef must be set. + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. properties: name: type: string @@ -4553,6 +4345,8 @@ spec: - name - namespace type: object + required: + - gatewayRef type: object globalExtAuth: description: |- @@ -21064,3 +20858,16 @@ spec: allowedRoutes: namespaces: from: All + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: contour + namespace: projectcontour +data: + contour.yaml: | + gateway: + gatewayRef: + name: contour + namespace: projectcontour diff --git a/examples/render/contour.yaml b/examples/render/contour.yaml index e2ab3f43ff3..aa7c4c33bbe 100644 --- a/examples/render/contour.yaml +++ b/examples/render/contour.yaml @@ -46,7 +46,8 @@ data: # # Specify the Gateway API configuration. # gateway: - # controllerName: projectcontour.io/gateway-controller + # namespace: projectcontour + # name: contour # # should contour expect to be running inside a k8s cluster # incluster: true @@ -830,22 +831,10 @@ spec: Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic. properties: - controllerName: - description: |- - ControllerName is used to determine whether Contour should reconcile a - GatewayClass. The string takes the form of "projectcontour.io//contour". - If unset, the gatewayclass controller will not be started. - Exactly one of ControllerName or GatewayRef must be set. - Deprecated: users should use GatewayRef, or the Gateway provisioner, - in place of this field. This field will be removed in a future release. - type: string gatewayRef: description: |- - GatewayRef defines a specific Gateway that this Contour - instance corresponds to. If set, Contour will reconcile - only this gateway, and will not reconcile any gateway - classes. - Exactly one of ControllerName or GatewayRef must be set. + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. properties: name: type: string @@ -855,6 +844,8 @@ spec: - name - namespace type: object + required: + - gatewayRef type: object globalExtAuth: description: |- @@ -4525,22 +4516,10 @@ spec: Gateway contains parameters for the gateway-api Gateway that Contour is configured to serve traffic. properties: - controllerName: - description: |- - ControllerName is used to determine whether Contour should reconcile a - GatewayClass. The string takes the form of "projectcontour.io//contour". - If unset, the gatewayclass controller will not be started. - Exactly one of ControllerName or GatewayRef must be set. - Deprecated: users should use GatewayRef, or the Gateway provisioner, - in place of this field. This field will be removed in a future release. - type: string gatewayRef: description: |- - GatewayRef defines a specific Gateway that this Contour - instance corresponds to. If set, Contour will reconcile - only this gateway, and will not reconcile any gateway - classes. - Exactly one of ControllerName or GatewayRef must be set. + GatewayRef defines the specific Gateway that this Contour + instance corresponds to. properties: name: type: string @@ -4550,6 +4529,8 @@ spec: - name - namespace type: object + required: + - gatewayRef type: object globalExtAuth: description: |- diff --git a/hack/generate-gateway-deployment.sh b/hack/generate-gateway-deployment.sh index 75314dea05c..227c2941999 100755 --- a/hack/generate-gateway-deployment.sh +++ b/hack/generate-gateway-deployment.sh @@ -20,6 +20,9 @@ EOF for f in "examples/contour/"*.yaml "examples/gateway/"*.yaml ; do case $f in + examples/contour/01-contour-config.yaml) + # skip + ;; */03-envoy-deployment.yaml) # skip ;; @@ -38,7 +41,7 @@ for y in "${REPO}/examples/contour/"*.yaml ; do # skip ;; */01-contour-config.yaml) - sed 's|# gateway:|gateway:|g ; s|# controllerName: projectcontour.io/gateway-controller| controllerName: projectcontour.io/gateway-controller|g' < "$y" + # skip ;; *) cat $y @@ -48,14 +51,14 @@ done for y in "${REPO}/examples/gateway/"*.yaml ; do echo # Ensure we have at least one newline between joined fragments. - + # Since the Gateway YAMLs are pulled from the Gateway API repo, the manifests do not start with "---". case $y in - */00-crds.yaml) + */00-crds.yaml) echo "---" ;; esac - + cat "$y" done diff --git a/internal/contourconfig/contourconfiguration_test.go b/internal/contourconfig/contourconfiguration_test.go index a93bd3d8941..f78e21ab0a7 100644 --- a/internal/contourconfig/contourconfiguration_test.go +++ b/internal/contourconfig/contourconfiguration_test.go @@ -136,8 +136,7 @@ func TestOverlayOnDefaults(t *testing.T) { }, }, Gateway: &contour_v1alpha1.GatewayConfig{ - ControllerName: "gatewaycontroller", - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: "gatewaynamespace", Name: "gatewayname", }, diff --git a/internal/controller/backendtlspolicy.go b/internal/controller/backendtlspolicy.go deleted file mode 100644 index 68365934189..00000000000 --- a/internal/controller/backendtlspolicy.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import ( - "context" - - "github.com/sirupsen/logrus" - "k8s.io/apimachinery/pkg/api/errors" - meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/cache" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" - gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" -) - -type backendTLSPolicyReconciler struct { - client client.Client - eventHandler cache.ResourceEventHandler - logrus.FieldLogger -} - -// RegisterBackendTLSPolicyController creates the backendtlspolicy controller from mgr. The controller will be pre-configured -// to watch for BackendTLSPolicy objects across all namespaces. -func RegisterBackendTLSPolicyController(log logrus.FieldLogger, mgr manager.Manager, eventHandler cache.ResourceEventHandler) error { - r := &backendTLSPolicyReconciler{ - client: mgr.GetClient(), - eventHandler: eventHandler, - FieldLogger: log, - } - c, err := controller.NewUnmanaged("backendtlspolicy-controller", mgr, controller.Options{Reconciler: r}) - if err != nil { - return err - } - if err := mgr.Add(&noLeaderElectionController{c}); err != nil { - return err - } - - return c.Watch(source.Kind(mgr.GetCache(), &gatewayapi_v1alpha2.BackendTLSPolicy{}), &handler.EnqueueRequestForObject{}) -} - -func (r *backendTLSPolicyReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { - // Fetch the BackendTLSPolicy from the cache. - backendTLSPolicy := &gatewayapi_v1alpha2.BackendTLSPolicy{} - err := r.client.Get(ctx, request.NamespacedName, backendTLSPolicy) - if errors.IsNotFound(err) { - r.eventHandler.OnDelete(&gatewayapi_v1alpha2.BackendTLSPolicy{ - ObjectMeta: meta_v1.ObjectMeta{ - Name: request.Name, - Namespace: request.Namespace, - }, - }) - return reconcile.Result{}, nil - } - - // Pass the new changed object off to the eventHandler. - r.eventHandler.OnAdd(backendTLSPolicy, false) - - return reconcile.Result{}, nil -} diff --git a/internal/controller/controller.go b/internal/controller/controller.go deleted file mode 100644 index a9d572c8e69..00000000000 --- a/internal/controller/controller.go +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import "sigs.k8s.io/controller-runtime/pkg/controller" - -// Wrapper for that ensures controller-runtime Controllers -// are run by controller-runtime Manager, regardless of -// leader-election status. Controllers can be created as -// unmanaged and manually registered with a Manager using -// this wrapper, otherwise they will only be run when their -// Manager is elected leader. -type noLeaderElectionController struct { - controller.Controller -} - -func (*noLeaderElectionController) NeedLeaderElection() bool { - return false -} diff --git a/internal/controller/controller_test.go b/internal/controller/controller_test.go deleted file mode 100644 index c8f21117505..00000000000 --- a/internal/controller/controller_test.go +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller_test - -import ( - "testing" - - logr_testing "github.com/go-logr/logr/testing" - "github.com/stretchr/testify/mock" - "github.com/stretchr/testify/require" - "sigs.k8s.io/controller-runtime/pkg/config" - "sigs.k8s.io/controller-runtime/pkg/manager" - - "github.com/projectcontour/contour/internal/controller" - "github.com/projectcontour/contour/internal/controller/mocks" - "github.com/projectcontour/contour/internal/fixture" -) - -func TestRegisterControllers(t *testing.T) { - tests := map[string]func(*mocks.Manager) error{ - "gateway controller": func(mockManager *mocks.Manager) error { - _, err := controller.RegisterGatewayController(fixture.NewTestLogger(t), mockManager, nil, nil, "some-controller") - return err - }, - "gatewayclass controller": func(mockManager *mocks.Manager) error { - _, err := controller.RegisterGatewayClassController(fixture.NewTestLogger(t), mockManager, nil, nil, "some-gateway") - return err - }, - "httproute controller": func(mockManager *mocks.Manager) error { - return controller.RegisterHTTPRouteController(fixture.NewTestLogger(t), mockManager, nil) - }, - "tlsroute controller": func(mockManager *mocks.Manager) error { - return controller.RegisterTLSRouteController(fixture.NewTestLogger(t), mockManager, nil) - }, - "grpcroute controller": func(mockManager *mocks.Manager) error { - return controller.RegisterGRPCRouteController(fixture.NewTestLogger(t), mockManager, nil) - }, - "backendtlspolicy controller": func(mockManager *mocks.Manager) error { - return controller.RegisterBackendTLSPolicyController(fixture.NewTestLogger(t), mockManager, nil) - }, - } - - for name, test := range tests { - t.Run(name, func(t *testing.T) { - mockManager := &mocks.Manager{} - - // TODO: see if there is a way we can automatically ignore these. - mockManager.On("GetClient").Return(nil).Maybe() - mockManager.On("GetLogger").Return(logr_testing.NewTestLogger(t)).Maybe() - mockManager.On("SetFields", mock.Anything).Return(nil).Maybe() - mockManager.On("Elected").Return(nil).Maybe() - // This type is deprecated and will be removed in future versions of - // controller-runtime. - mockManager.On("GetControllerOptions").Return(config.Controller{}).Maybe() - mockManager.On("GetCache").Return(nil).Maybe() - - mockManager.On("Add", mock.MatchedBy(func(r manager.LeaderElectionRunnable) bool { - return r.NeedLeaderElection() == false - })).Return(nil).Once() - - require.NoError(t, test(mockManager)) - - require.True(t, mockManager.AssertExpectations(t)) - }) - } -} diff --git a/internal/controller/gateway.go b/internal/controller/gateway.go deleted file mode 100644 index 7200dd5b64c..00000000000 --- a/internal/controller/gateway.go +++ /dev/null @@ -1,343 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import ( - "context" - "fmt" - "time" - - "github.com/sirupsen/logrus" - meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/client-go/tools/cache" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/event" - "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" - gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/leadership" -) - -type gatewayReconciler struct { - client client.Client - eventHandler cache.ResourceEventHandler - statusUpdater k8s.StatusUpdater - log logrus.FieldLogger - // gatewayClassControllerName is the configured controller of managed gatewayclasses. - gatewayClassControllerName gatewayapi_v1.GatewayController - eventSource chan event.GenericEvent -} - -// RegisterGatewayController creates the gateway controller from mgr. The controller will be pre-configured -// to watch for Gateway objects across all namespaces and reconcile those that match class. -func RegisterGatewayController( - log logrus.FieldLogger, - mgr manager.Manager, - eventHandler cache.ResourceEventHandler, - statusUpdater k8s.StatusUpdater, - gatewayClassControllerName string, -) (leadership.NeedLeaderElectionNotification, error) { - r := &gatewayReconciler{ - log: log, - client: mgr.GetClient(), - eventHandler: eventHandler, - statusUpdater: statusUpdater, - gatewayClassControllerName: gatewayapi_v1.GatewayController(gatewayClassControllerName), - // Set up a source.Channel that will trigger reconciles - // for all GatewayClasses when this Contour process is - // elected leader, to ensure that their statuses are up - // to date. - eventSource: make(chan event.GenericEvent), - } - c, err := controller.NewUnmanaged("gateway-controller", mgr, controller.Options{Reconciler: r}) - if err != nil { - return nil, err - } - if err := mgr.Add(&noLeaderElectionController{c}); err != nil { - return nil, err - } - - if err := c.Watch( - source.Kind(mgr.GetCache(), &gatewayapi_v1.Gateway{}), - &handler.EnqueueRequestForObject{}, - predicate.NewPredicateFuncs(r.hasMatchingController), - ); err != nil { - return nil, err - } - - // Watch GatewayClasses and reconcile their associated Gateways - // to handle changes in the GatewayClasses' "Accepted" conditions. - if err := c.Watch( - source.Kind(mgr.GetCache(), &gatewayapi_v1.GatewayClass{}), - handler.EnqueueRequestsFromMapFunc(r.mapGatewayClassToGateways), - predicate.NewPredicateFuncs(r.gatewayClassHasMatchingController), - ); err != nil { - return nil, err - } - - // Set up a source.Channel that will trigger reconciles - // for all Gateways when this Contour process is - // elected leader, to ensure that their statuses are up - // to date. - if err := c.Watch( - &source.Channel{Source: r.eventSource}, - &handler.EnqueueRequestForObject{}, - predicate.NewPredicateFuncs(r.hasMatchingController), - ); err != nil { - return nil, err - } - - return r, nil -} - -func (r *gatewayReconciler) OnElectedLeader() { - r.log.Info("elected leader, triggering reconciles for all gateways") - - var gateways gatewayapi_v1.GatewayList - if err := r.client.List(context.Background(), &gateways); err != nil { - r.log.WithError(err).Error("error listing gateways") - return - } - - for i := range gateways.Items { - r.eventSource <- event.GenericEvent{Object: &gateways.Items[i]} - } -} - -func (r *gatewayReconciler) mapGatewayClassToGateways(ctx context.Context, gatewayClass client.Object) []reconcile.Request { - var gateways gatewayapi_v1.GatewayList - if err := r.client.List(ctx, &gateways); err != nil { - r.log.WithError(err).Error("error listing gateways") - return nil - } - - var reconciles []reconcile.Request - for _, gw := range gateways.Items { - if string(gw.Spec.GatewayClassName) == gatewayClass.GetName() { - reconciles = append(reconciles, reconcile.Request{ - NamespacedName: types.NamespacedName{ - Namespace: gw.Namespace, - Name: gw.Name, - }, - }) - } - } - - return reconciles -} - -// hasMatchingController returns true if the provided object is a Gateway -// using a GatewayClass with a Spec.Controller string matching this Contour's -// controller string, or false otherwise. -func (r *gatewayReconciler) hasMatchingController(obj client.Object) bool { - log := r.log.WithFields(logrus.Fields{ - "namespace": obj.GetNamespace(), - "name": obj.GetName(), - }) - - gw, ok := obj.(*gatewayapi_v1.Gateway) - if !ok { - log.Debugf("unexpected object type %T, bypassing reconciliation.", obj) - return false - } - - gc := &gatewayapi_v1.GatewayClass{} - if err := r.client.Get(context.Background(), types.NamespacedName{Name: string(gw.Spec.GatewayClassName)}, gc); err != nil { - log.WithError(err).Errorf("failed to get gatewayclass %s", gw.Spec.GatewayClassName) - return false - } - if gc.Spec.ControllerName != r.gatewayClassControllerName { - log.Debugf("gateway's class controller is not %s; bypassing reconciliation", r.gatewayClassControllerName) - return false - } - - return true -} - -func (r *gatewayReconciler) gatewayClassHasMatchingController(obj client.Object) bool { - gc, ok := obj.(*gatewayapi_v1.GatewayClass) - if !ok { - r.log.Infof("expected GatewayClass, got %T", obj) - return false - } - - return gc.Spec.ControllerName == r.gatewayClassControllerName -} - -// Reconcile finds all the Gateways for the GatewayClass with an "Accepted: true" condition. -// It passes the oldest such Gateway to the DAG for processing, and sets an "Accepted: false" -// condition on all other Gateways for the accepted GatewayClass. -func (r *gatewayReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { - r.log.WithField("namespace", request.Namespace).WithField("name", request.Name).Info("reconciling gateway") - - var gatewayClasses gatewayapi_v1.GatewayClassList - if err := r.client.List(ctx, &gatewayClasses); err != nil { - return reconcile.Result{}, fmt.Errorf("error listing gateway classes") - } - - // Find the GatewayClass for this controller with Accepted=true. - var acceptedGatewayClass *gatewayapi_v1.GatewayClass - for i := range gatewayClasses.Items { - gatewayClass := &gatewayClasses.Items[i] - - if gatewayClass.Spec.ControllerName != r.gatewayClassControllerName { - continue - } - if !isAccepted(gatewayClass) { - continue - } - - acceptedGatewayClass = gatewayClass - break - } - - if acceptedGatewayClass == nil { - r.log.Info("No accepted gateway class found") - r.eventHandler.OnDelete(&gatewayapi_v1.Gateway{ - ObjectMeta: meta_v1.ObjectMeta{ - Namespace: request.Namespace, - Name: request.Name, - }, - }) - return reconcile.Result{}, nil - } - - var allGateways gatewayapi_v1.GatewayList - if err := r.client.List(ctx, &allGateways); err != nil { - return reconcile.Result{}, fmt.Errorf("error listing gateways") - } - - // Get all the Gateways for the Accepted=true GatewayClass. - var gatewaysForClass []*gatewayapi_v1.Gateway - for i := range allGateways.Items { - if string(allGateways.Items[i].Spec.GatewayClassName) == acceptedGatewayClass.Name { - gatewaysForClass = append(gatewaysForClass, &allGateways.Items[i]) - } - } - - if len(gatewaysForClass) == 0 { - r.log.Info("No gateways found for accepted gateway class") - r.eventHandler.OnDelete(&gatewayapi_v1.Gateway{ - ObjectMeta: meta_v1.ObjectMeta{ - Namespace: request.Namespace, - Name: request.Name, - }, - }) - return reconcile.Result{}, nil - } - - // Find the oldest Gateway, using alphabetical order - // as a tiebreaker. - var oldest *gatewayapi_v1.Gateway - for _, gw := range gatewaysForClass { - switch { - case oldest == nil: - oldest = gw - case gw.CreationTimestamp.Before(&oldest.CreationTimestamp): - oldest = gw - case gw.CreationTimestamp.Equal(&oldest.CreationTimestamp): - if fmt.Sprintf("%s/%s", gw.Namespace, gw.Name) < fmt.Sprintf("%s/%s", oldest.Namespace, oldest.Name) { - oldest = gw - } - } - } - - // Set the "Accepted" condition to false for all gateways - // except the oldest. The oldest will have its status set - // by the DAG processor, so don't set it here. - for _, gw := range gatewaysForClass { - if gw == oldest { - continue - } - - if r.statusUpdater != nil { - r.statusUpdater.Send(k8s.StatusUpdate{ - NamespacedName: k8s.NamespacedNameOf(gw), - Resource: &gatewayapi_v1.Gateway{}, - Mutator: k8s.StatusMutatorFunc(func(obj client.Object) client.Object { - gw, ok := obj.(*gatewayapi_v1.Gateway) - if !ok { - panic(fmt.Sprintf("unsupported object type %T", obj)) - } - - return setGatewayNotAccepted(gw.DeepCopy()) - }), - }) - } else { - // this branch makes testing easier by not going through the StatusUpdater. - gwCopy := setGatewayNotAccepted(gw.DeepCopy()) - if err := r.client.Status().Update(ctx, gwCopy); err != nil { - r.log.WithError(err).Error("error updating gateway status") - return reconcile.Result{}, fmt.Errorf("error updating status of gateway %s/%s: %v", gw.Namespace, gw.Name, err) - } - } - } - - // TODO: Ensure the gateway by creating manage infrastructure, i.e. the Envoy service. - // xref: https://github.com/projectcontour/contour/issues/3545 - - r.log.WithField("namespace", oldest.Namespace).WithField("name", oldest.Name).Info("assigning gateway to DAG") - r.eventHandler.OnAdd(oldest, false) - return reconcile.Result{}, nil -} - -func isAccepted(gatewayClass *gatewayapi_v1.GatewayClass) bool { - for _, cond := range gatewayClass.Status.Conditions { - if cond.Type == string(gatewayapi_v1.GatewayClassConditionStatusAccepted) && cond.Status == meta_v1.ConditionTrue { - return true - } - } - - return false -} - -func setGatewayNotAccepted(gateway *gatewayapi_v1.Gateway) *gatewayapi_v1.Gateway { - newCond := meta_v1.Condition{ - Type: string(gatewayapi_v1.GatewayConditionAccepted), - Status: meta_v1.ConditionFalse, - Reason: "OlderGatewayExists", - Message: "An older Gateway exists for the accepted GatewayClass", - LastTransitionTime: meta_v1.NewTime(time.Now()), - ObservedGeneration: gateway.Generation, - } - - for i := range gateway.Status.Conditions { - cond := &gateway.Status.Conditions[i] - - if cond.Type != string(gatewayapi_v1.GatewayConditionAccepted) { - continue - } - - // Update only if something has changed. - if cond.Status != newCond.Status || cond.Reason != newCond.Reason || cond.Message != newCond.Message { - cond.Status = newCond.Status - cond.Reason = newCond.Reason - cond.Message = newCond.Message - cond.LastTransitionTime = newCond.LastTransitionTime - cond.ObservedGeneration = newCond.ObservedGeneration - } - - return gateway - } - - gateway.Status.Conditions = append(gateway.Status.Conditions, newCond) - return gateway -} diff --git a/internal/controller/gatewayclass.go b/internal/controller/gatewayclass.go deleted file mode 100644 index 460b043671b..00000000000 --- a/internal/controller/gatewayclass.go +++ /dev/null @@ -1,250 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import ( - "context" - "fmt" - - "github.com/sirupsen/logrus" - meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "k8s.io/client-go/tools/cache" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/event" - "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/predicate" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" - gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" - - "github.com/projectcontour/contour/internal/k8s" - "github.com/projectcontour/contour/internal/leadership" - "github.com/projectcontour/contour/internal/status" -) - -type gatewayClassReconciler struct { - client client.Client - eventHandler cache.ResourceEventHandler - statusUpdater k8s.StatusUpdater - log logrus.FieldLogger - controller gatewayapi_v1.GatewayController - eventSource chan event.GenericEvent -} - -// RegisterGatewayClassController creates the gatewayclass controller. The controller -// will be pre-configured to watch for cluster-scoped GatewayClass objects with -// a controller field that matches name. -func RegisterGatewayClassController( - log logrus.FieldLogger, - mgr manager.Manager, - eventHandler cache.ResourceEventHandler, - statusUpdater k8s.StatusUpdater, - name string, -) (leadership.NeedLeaderElectionNotification, error) { - r := &gatewayClassReconciler{ - client: mgr.GetClient(), - eventHandler: eventHandler, - statusUpdater: statusUpdater, - log: log, - controller: gatewayapi_v1.GatewayController(name), - // Set up a source.Channel that will trigger reconciles - // for all GatewayClasses when this Contour process is - // elected leader, to ensure that their statuses are up - // to date. - eventSource: make(chan event.GenericEvent), - } - - c, err := controller.NewUnmanaged("gatewayclass-controller", mgr, controller.Options{Reconciler: r}) - if err != nil { - return nil, err - } - if err := mgr.Add(&noLeaderElectionController{c}); err != nil { - return nil, err - } - - // Only enqueue GatewayClass objects that match name. - if err := c.Watch( - source.Kind(mgr.GetCache(), &gatewayapi_v1.GatewayClass{}), - &handler.EnqueueRequestForObject{}, - predicate.NewPredicateFuncs(r.hasMatchingController), - ); err != nil { - return nil, err - } - - if err := c.Watch( - &source.Channel{Source: r.eventSource}, - &handler.EnqueueRequestForObject{}, - predicate.NewPredicateFuncs(r.hasMatchingController), - ); err != nil { - return nil, err - } - - return r, nil -} - -func (r *gatewayClassReconciler) OnElectedLeader() { - r.log.Info("elected leader, triggering reconciles for all gatewayclasses") - - var gatewayClasses gatewayapi_v1.GatewayClassList - if err := r.client.List(context.Background(), &gatewayClasses); err != nil { - r.log.WithError(err).Error("error listing gatewayclasses") - return - } - - for i := range gatewayClasses.Items { - r.eventSource <- event.GenericEvent{Object: &gatewayClasses.Items[i]} - } -} - -// hasMatchingController returns true if the provided object is a GatewayClass -// with a Spec.Controller string matching this Contour's controller string, -// or false otherwise. -func (r *gatewayClassReconciler) hasMatchingController(obj client.Object) bool { - log := r.log.WithFields(logrus.Fields{ - "name": obj.GetName(), - }) - - gc, ok := obj.(*gatewayapi_v1.GatewayClass) - if !ok { - log.Debugf("unexpected object type %T, bypassing reconciliation.", obj) - return false - } - - if gc.Spec.ControllerName == r.controller { - log.Debug("enqueueing gatewayclass") - return true - } - - log.Debugf("controller is not %s; bypassing reconciliation", r.controller) - return false -} - -func (r *gatewayClassReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { - r.log.WithField("name", request.Name).Info("reconciling gatewayclass") - - var gatewayClasses gatewayapi_v1.GatewayClassList - if err := r.client.List(ctx, &gatewayClasses); err != nil { - return reconcile.Result{}, fmt.Errorf("error listing gatewayclasses: %w", err) - } - - var controlledClasses controlledClasses - - for i := range gatewayClasses.Items { - // avoid loop pointer issues - gc := gatewayClasses.Items[i] - - if gc.Spec.ControllerName != r.controller { - // different controller, ignore. - continue - } - - controlledClasses.add(&gc) - } - - // no controlled gatewayclasses, trigger a delete - if controlledClasses.len() == 0 { - r.log.WithField("name", request.Name).Info("failed to find gatewayclass") - - r.eventHandler.OnDelete(&gatewayapi_v1.GatewayClass{ - ObjectMeta: meta_v1.ObjectMeta{ - Namespace: request.Namespace, - Name: request.Name, - }, - }) - return reconcile.Result{}, nil - } - - updater := func(gc *gatewayapi_v1.GatewayClass, accepted bool) error { - if r.statusUpdater != nil { - r.statusUpdater.Send(k8s.StatusUpdate{ - NamespacedName: types.NamespacedName{Name: gc.Name}, - Resource: &gatewayapi_v1.GatewayClass{}, - Mutator: k8s.StatusMutatorFunc(func(obj client.Object) client.Object { - gwc, ok := obj.(*gatewayapi_v1.GatewayClass) - if !ok { - panic(fmt.Sprintf("unsupported object type %T", obj)) - } - - return status.SetGatewayClassAccepted(gwc.DeepCopy(), accepted) - }), - }) - } else { - // this branch makes testing easier by not going through the StatusUpdater. - gcCopy := status.SetGatewayClassAccepted(gc.DeepCopy(), accepted) - - if err := r.client.Status().Update(ctx, gcCopy); err != nil { - return fmt.Errorf("error updating status of gateway class %s: %v", gcCopy.Name, err) - } - } - return nil - } - - for _, gc := range controlledClasses.notAcceptedClasses() { - if err := updater(gc, false); err != nil { - return reconcile.Result{}, err - } - } - - if err := updater(controlledClasses.acceptedClass(), true); err != nil { - return reconcile.Result{}, err - } - - r.eventHandler.OnAdd(controlledClasses.acceptedClass(), false) - - return reconcile.Result{}, nil -} - -// controlledClasses helps organize a list of GatewayClasses -// with the same controller string. -type controlledClasses struct { - allClasses []*gatewayapi_v1.GatewayClass - oldestClass *gatewayapi_v1.GatewayClass -} - -func (cc *controlledClasses) len() int { - return len(cc.allClasses) -} - -func (cc *controlledClasses) add(class *gatewayapi_v1.GatewayClass) { - cc.allClasses = append(cc.allClasses, class) - - switch { - case cc.oldestClass == nil: - cc.oldestClass = class - case class.CreationTimestamp.Time.Before(cc.oldestClass.CreationTimestamp.Time): - cc.oldestClass = class - case class.CreationTimestamp.Time.Equal(cc.oldestClass.CreationTimestamp.Time) && class.Name < cc.oldestClass.Name: - // tie-breaker: first one in alphabetical order is considered oldest/accepted - cc.oldestClass = class - } -} - -func (cc *controlledClasses) acceptedClass() *gatewayapi_v1.GatewayClass { - return cc.oldestClass -} - -func (cc *controlledClasses) notAcceptedClasses() []*gatewayapi_v1.GatewayClass { - var res []*gatewayapi_v1.GatewayClass - for _, gc := range cc.allClasses { - // skip the oldest one since it will be accepted. - if gc.Name != cc.oldestClass.Name { - res = append(res, gc) - } - } - - return res -} diff --git a/internal/controller/grpcroute.go b/internal/controller/grpcroute.go deleted file mode 100644 index 1f48924771c..00000000000 --- a/internal/controller/grpcroute.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import ( - "context" - - "github.com/sirupsen/logrus" - "k8s.io/apimachinery/pkg/api/errors" - meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/cache" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" - gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" -) - -type grpcRouteReconciler struct { - client client.Client - eventHandler cache.ResourceEventHandler - logrus.FieldLogger -} - -// RegisterGRPCRouteController creates the grpcroute controller from mgr. The controller will be pre-configured -// to watch for GRPCRoute objects across all namespaces. -func RegisterGRPCRouteController(log logrus.FieldLogger, mgr manager.Manager, eventHandler cache.ResourceEventHandler) error { - r := &grpcRouteReconciler{ - client: mgr.GetClient(), - eventHandler: eventHandler, - FieldLogger: log, - } - c, err := controller.NewUnmanaged("grpcroute-controller", mgr, controller.Options{Reconciler: r}) - if err != nil { - return err - } - if err := mgr.Add(&noLeaderElectionController{c}); err != nil { - return err - } - - return c.Watch(source.Kind(mgr.GetCache(), &gatewayapi_v1alpha2.GRPCRoute{}), &handler.EnqueueRequestForObject{}) -} - -func (r *grpcRouteReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { - // Fetch the GRPCRoute from the cache. - grpcRoute := &gatewayapi_v1alpha2.GRPCRoute{} - err := r.client.Get(ctx, request.NamespacedName, grpcRoute) - if errors.IsNotFound(err) { - r.eventHandler.OnDelete(&gatewayapi_v1alpha2.GRPCRoute{ - ObjectMeta: meta_v1.ObjectMeta{ - Name: request.Name, - Namespace: request.Namespace, - }, - }) - return reconcile.Result{}, nil - } - - // Pass the new changed object off to the eventHandler. - r.eventHandler.OnAdd(grpcRoute, false) - - return reconcile.Result{}, nil -} diff --git a/internal/controller/httproute.go b/internal/controller/httproute.go deleted file mode 100644 index b5fa12afb05..00000000000 --- a/internal/controller/httproute.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import ( - "context" - - "github.com/sirupsen/logrus" - "k8s.io/apimachinery/pkg/api/errors" - meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/cache" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" - gatewayapi_v1 "sigs.k8s.io/gateway-api/apis/v1" -) - -type httpRouteReconciler struct { - client client.Client - eventHandler cache.ResourceEventHandler - logrus.FieldLogger -} - -// RegisterHTTPRouteController creates the httproute controller from mgr. The controller will be pre-configured -// to watch for HTTPRoute objects across all namespaces. -func RegisterHTTPRouteController(log logrus.FieldLogger, mgr manager.Manager, eventHandler cache.ResourceEventHandler) error { - r := &httpRouteReconciler{ - client: mgr.GetClient(), - eventHandler: eventHandler, - FieldLogger: log, - } - c, err := controller.NewUnmanaged("httproute-controller", mgr, controller.Options{Reconciler: r}) - if err != nil { - return err - } - if err := mgr.Add(&noLeaderElectionController{c}); err != nil { - return err - } - - return c.Watch(source.Kind(mgr.GetCache(), &gatewayapi_v1.HTTPRoute{}), &handler.EnqueueRequestForObject{}) -} - -func (r *httpRouteReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { - // Fetch the HTTPRoute from the cache. - httpRoute := &gatewayapi_v1.HTTPRoute{} - err := r.client.Get(ctx, request.NamespacedName, httpRoute) - if errors.IsNotFound(err) { - r.eventHandler.OnDelete(&gatewayapi_v1.HTTPRoute{ - ObjectMeta: meta_v1.ObjectMeta{ - Name: request.Name, - Namespace: request.Namespace, - }, - }) - return reconcile.Result{}, nil - } - - // Pass the new changed object off to the eventHandler. - r.eventHandler.OnAdd(httpRoute, false) - - return reconcile.Result{}, nil -} diff --git a/internal/controller/mocks/manager.go b/internal/controller/mocks/manager.go deleted file mode 100644 index ac7467283c1..00000000000 --- a/internal/controller/mocks/manager.go +++ /dev/null @@ -1,379 +0,0 @@ -// Code generated by mockery. DO NOT EDIT. - -package mocks - -import ( - cache "sigs.k8s.io/controller-runtime/pkg/cache" - client "sigs.k8s.io/controller-runtime/pkg/client" - - config "sigs.k8s.io/controller-runtime/pkg/config" - - context "context" - - healthz "sigs.k8s.io/controller-runtime/pkg/healthz" - - http "net/http" - - logr "github.com/go-logr/logr" - - manager "sigs.k8s.io/controller-runtime/pkg/manager" - - meta "k8s.io/apimachinery/pkg/api/meta" - - mock "github.com/stretchr/testify/mock" - - record "k8s.io/client-go/tools/record" - - rest "k8s.io/client-go/rest" - - runtime "k8s.io/apimachinery/pkg/runtime" - - webhook "sigs.k8s.io/controller-runtime/pkg/webhook" -) - -// Manager is an autogenerated mock type for the Manager type -type Manager struct { - mock.Mock -} - -// Add provides a mock function with given fields: _a0 -func (_m *Manager) Add(_a0 manager.Runnable) error { - ret := _m.Called(_a0) - - if len(ret) == 0 { - panic("no return value specified for Add") - } - - var r0 error - if rf, ok := ret.Get(0).(func(manager.Runnable) error); ok { - r0 = rf(_a0) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// AddHealthzCheck provides a mock function with given fields: name, check -func (_m *Manager) AddHealthzCheck(name string, check healthz.Checker) error { - ret := _m.Called(name, check) - - if len(ret) == 0 { - panic("no return value specified for AddHealthzCheck") - } - - var r0 error - if rf, ok := ret.Get(0).(func(string, healthz.Checker) error); ok { - r0 = rf(name, check) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// AddReadyzCheck provides a mock function with given fields: name, check -func (_m *Manager) AddReadyzCheck(name string, check healthz.Checker) error { - ret := _m.Called(name, check) - - if len(ret) == 0 { - panic("no return value specified for AddReadyzCheck") - } - - var r0 error - if rf, ok := ret.Get(0).(func(string, healthz.Checker) error); ok { - r0 = rf(name, check) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// Elected provides a mock function with given fields: -func (_m *Manager) Elected() <-chan struct{} { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for Elected") - } - - var r0 <-chan struct{} - if rf, ok := ret.Get(0).(func() <-chan struct{}); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(<-chan struct{}) - } - } - - return r0 -} - -// GetAPIReader provides a mock function with given fields: -func (_m *Manager) GetAPIReader() client.Reader { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetAPIReader") - } - - var r0 client.Reader - if rf, ok := ret.Get(0).(func() client.Reader); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(client.Reader) - } - } - - return r0 -} - -// GetCache provides a mock function with given fields: -func (_m *Manager) GetCache() cache.Cache { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetCache") - } - - var r0 cache.Cache - if rf, ok := ret.Get(0).(func() cache.Cache); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(cache.Cache) - } - } - - return r0 -} - -// GetClient provides a mock function with given fields: -func (_m *Manager) GetClient() client.Client { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetClient") - } - - var r0 client.Client - if rf, ok := ret.Get(0).(func() client.Client); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(client.Client) - } - } - - return r0 -} - -// GetConfig provides a mock function with given fields: -func (_m *Manager) GetConfig() *rest.Config { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetConfig") - } - - var r0 *rest.Config - if rf, ok := ret.Get(0).(func() *rest.Config); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*rest.Config) - } - } - - return r0 -} - -// GetControllerOptions provides a mock function with given fields: -func (_m *Manager) GetControllerOptions() config.Controller { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetControllerOptions") - } - - var r0 config.Controller - if rf, ok := ret.Get(0).(func() config.Controller); ok { - r0 = rf() - } else { - r0 = ret.Get(0).(config.Controller) - } - - return r0 -} - -// GetEventRecorderFor provides a mock function with given fields: name -func (_m *Manager) GetEventRecorderFor(name string) record.EventRecorder { - ret := _m.Called(name) - - if len(ret) == 0 { - panic("no return value specified for GetEventRecorderFor") - } - - var r0 record.EventRecorder - if rf, ok := ret.Get(0).(func(string) record.EventRecorder); ok { - r0 = rf(name) - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(record.EventRecorder) - } - } - - return r0 -} - -// GetFieldIndexer provides a mock function with given fields: -func (_m *Manager) GetFieldIndexer() client.FieldIndexer { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetFieldIndexer") - } - - var r0 client.FieldIndexer - if rf, ok := ret.Get(0).(func() client.FieldIndexer); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(client.FieldIndexer) - } - } - - return r0 -} - -// GetHTTPClient provides a mock function with given fields: -func (_m *Manager) GetHTTPClient() *http.Client { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetHTTPClient") - } - - var r0 *http.Client - if rf, ok := ret.Get(0).(func() *http.Client); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*http.Client) - } - } - - return r0 -} - -// GetLogger provides a mock function with given fields: -func (_m *Manager) GetLogger() logr.Logger { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetLogger") - } - - var r0 logr.Logger - if rf, ok := ret.Get(0).(func() logr.Logger); ok { - r0 = rf() - } else { - r0 = ret.Get(0).(logr.Logger) - } - - return r0 -} - -// GetRESTMapper provides a mock function with given fields: -func (_m *Manager) GetRESTMapper() meta.RESTMapper { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetRESTMapper") - } - - var r0 meta.RESTMapper - if rf, ok := ret.Get(0).(func() meta.RESTMapper); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(meta.RESTMapper) - } - } - - return r0 -} - -// GetScheme provides a mock function with given fields: -func (_m *Manager) GetScheme() *runtime.Scheme { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetScheme") - } - - var r0 *runtime.Scheme - if rf, ok := ret.Get(0).(func() *runtime.Scheme); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(*runtime.Scheme) - } - } - - return r0 -} - -// GetWebhookServer provides a mock function with given fields: -func (_m *Manager) GetWebhookServer() webhook.Server { - ret := _m.Called() - - if len(ret) == 0 { - panic("no return value specified for GetWebhookServer") - } - - var r0 webhook.Server - if rf, ok := ret.Get(0).(func() webhook.Server); ok { - r0 = rf() - } else { - if ret.Get(0) != nil { - r0 = ret.Get(0).(webhook.Server) - } - } - - return r0 -} - -// Start provides a mock function with given fields: ctx -func (_m *Manager) Start(ctx context.Context) error { - ret := _m.Called(ctx) - - if len(ret) == 0 { - panic("no return value specified for Start") - } - - var r0 error - if rf, ok := ret.Get(0).(func(context.Context) error); ok { - r0 = rf(ctx) - } else { - r0 = ret.Error(0) - } - - return r0 -} - -// NewManager creates a new instance of Manager. It also registers a testing interface on the mock and a cleanup function to assert the mocks expectations. -// The first argument is typically a *testing.T value. -func NewManager(t interface { - mock.TestingT - Cleanup(func()) -}) *Manager { - mock := &Manager{} - mock.Mock.Test(t) - - t.Cleanup(func() { mock.AssertExpectations(t) }) - - return mock -} diff --git a/internal/controller/tcproute.go b/internal/controller/tcproute.go deleted file mode 100644 index 42a05a6d7d7..00000000000 --- a/internal/controller/tcproute.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import ( - "context" - - "github.com/sirupsen/logrus" - "k8s.io/apimachinery/pkg/api/errors" - meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/cache" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" - gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" -) - -type tcpRouteReconciler struct { - client client.Client - eventHandler cache.ResourceEventHandler - logrus.FieldLogger -} - -// RegisterTCPRouteController creates the tcproute controller from mgr. The controller will be pre-configured -// to watch for TCPRoute objects across all namespaces. -func RegisterTCPRouteController(log logrus.FieldLogger, mgr manager.Manager, eventHandler cache.ResourceEventHandler) error { - r := &tcpRouteReconciler{ - client: mgr.GetClient(), - eventHandler: eventHandler, - FieldLogger: log, - } - c, err := controller.NewUnmanaged("tcproute-controller", mgr, controller.Options{Reconciler: r}) - if err != nil { - return err - } - if err := mgr.Add(&noLeaderElectionController{c}); err != nil { - return err - } - - return c.Watch(source.Kind(mgr.GetCache(), &gatewayapi_v1alpha2.TCPRoute{}), &handler.EnqueueRequestForObject{}) -} - -func (r *tcpRouteReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { - // Fetch the TCPRoute from the cache. - tcpRoute := &gatewayapi_v1alpha2.TCPRoute{} - err := r.client.Get(ctx, request.NamespacedName, tcpRoute) - if errors.IsNotFound(err) { - r.eventHandler.OnDelete(&gatewayapi_v1alpha2.TCPRoute{ - ObjectMeta: meta_v1.ObjectMeta{ - Name: request.Name, - Namespace: request.Namespace, - }, - }) - return reconcile.Result{}, nil - } - - // Pass the new changed object off to the eventHandler. - r.eventHandler.OnAdd(tcpRoute, false) - - return reconcile.Result{}, nil -} diff --git a/internal/controller/tlsroute.go b/internal/controller/tlsroute.go deleted file mode 100644 index 7793d1191d2..00000000000 --- a/internal/controller/tlsroute.go +++ /dev/null @@ -1,75 +0,0 @@ -// Copyright Project Contour Authors -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package controller - -import ( - "context" - - "github.com/sirupsen/logrus" - "k8s.io/apimachinery/pkg/api/errors" - meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/tools/cache" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/controller" - "sigs.k8s.io/controller-runtime/pkg/handler" - "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/reconcile" - "sigs.k8s.io/controller-runtime/pkg/source" - gatewayapi_v1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" -) - -type tlsRouteReconciler struct { - client client.Client - eventHandler cache.ResourceEventHandler - logrus.FieldLogger -} - -// RegisterTLSRouteController creates the tlsroute controller from mgr. The controller will be pre-configured -// to watch for TLSRoute objects across all namespaces. -func RegisterTLSRouteController(log logrus.FieldLogger, mgr manager.Manager, eventHandler cache.ResourceEventHandler) error { - r := &tlsRouteReconciler{ - client: mgr.GetClient(), - eventHandler: eventHandler, - FieldLogger: log, - } - c, err := controller.NewUnmanaged("tlsroute-controller", mgr, controller.Options{Reconciler: r}) - if err != nil { - return err - } - if err := mgr.Add(&noLeaderElectionController{c}); err != nil { - return err - } - - return c.Watch(source.Kind(mgr.GetCache(), &gatewayapi_v1alpha2.TLSRoute{}), &handler.EnqueueRequestForObject{}) -} - -func (r *tlsRouteReconciler) Reconcile(ctx context.Context, request reconcile.Request) (reconcile.Result, error) { - // Fetch the TLSRoute from the cache. - tlsroute := &gatewayapi_v1alpha2.TLSRoute{} - err := r.client.Get(ctx, request.NamespacedName, tlsroute) - if errors.IsNotFound(err) { - r.eventHandler.OnDelete(&gatewayapi_v1alpha2.TLSRoute{ - ObjectMeta: meta_v1.ObjectMeta{ - Name: request.Name, - Namespace: request.Namespace, - }, - }) - return reconcile.Result{}, nil - } - - // Pass the new changed object off to the eventHandler. - r.eventHandler.OnAdd(tlsroute, false) - - return reconcile.Result{}, nil -} diff --git a/internal/k8s/statusaddress.go b/internal/k8s/statusaddress.go index a3521463068..7c30d1913d3 100644 --- a/internal/k8s/statusaddress.go +++ b/internal/k8s/statusaddress.go @@ -14,7 +14,6 @@ package k8s import ( - "context" "fmt" "sync" @@ -39,13 +38,12 @@ import ( // Note that this is intended to handle updating the status.loadBalancer struct only, // not more general status updates. That's a job for the StatusUpdater. type StatusAddressUpdater struct { - Logger logrus.FieldLogger - Cache cache.Cache - LBStatus core_v1.LoadBalancerStatus - IngressClassNames []string - GatewayControllerName string - GatewayRef *types.NamespacedName - StatusUpdater StatusUpdater + Logger logrus.FieldLogger + Cache cache.Cache + LBStatus core_v1.LoadBalancerStatus + IngressClassNames []string + GatewayRef *types.NamespacedName + StatusUpdater StatusUpdater // mu guards the LBStatus field, which can be updated dynamically. mu sync.Mutex @@ -133,10 +131,9 @@ func (s *StatusAddressUpdater) OnAdd(obj any, _ bool) { )) case *gatewayapi_v1.Gateway: - switch { - // Specific Gateway configured: check if the added Gateway - // matches. - case s.GatewayRef != nil: + if s.GatewayRef != nil { + // Specific Gateway configured: check if the added Gateway + // matches. if NamespacedNameOf(o) != *s.GatewayRef { s.Logger. WithField("name", o.Name). @@ -144,28 +141,6 @@ func (s *StatusAddressUpdater) OnAdd(obj any, _ bool) { Debug("Gateway is not for this Contour, not setting address") return } - // Otherwise, check if the added Gateway's class is controlled - // by us. - default: - gc := &gatewayapi_v1.GatewayClass{} - if err := s.Cache.Get(context.Background(), client.ObjectKey{Name: string(o.Spec.GatewayClassName)}, gc); err != nil { - s.Logger. - WithField("name", o.Name). - WithField("namespace", o.Namespace). - WithField("gatewayclass-name", o.Spec.GatewayClassName). - WithError(err). - Error("error getting gateway class for gateway") - return - } - if string(gc.Spec.ControllerName) != s.GatewayControllerName { - s.Logger. - WithField("name", o.Name). - WithField("namespace", o.Namespace). - WithField("gatewayclass-name", o.Spec.GatewayClassName). - WithField("gatewayclass-controller-name", gc.Spec.ControllerName). - Debug("Gateway's class is not controlled by this Contour, not setting address") - return - } } s.StatusUpdater.Send(NewStatusUpdate( diff --git a/internal/k8s/statusaddress_test.go b/internal/k8s/statusaddress_test.go index 3b59e643384..7988c20b4cb 100644 --- a/internal/k8s/statusaddress_test.go +++ b/internal/k8s/statusaddress_test.go @@ -374,15 +374,14 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { } testCases := map[string]struct { - status core_v1.LoadBalancerStatus - gatewayClassControllerName string - gatewayRef *types.NamespacedName - preop *gatewayapi_v1.Gateway - postop *gatewayapi_v1.Gateway + status core_v1.LoadBalancerStatus + gatewayRef *types.NamespacedName + preop *gatewayapi_v1.Gateway + postop *gatewayapi_v1.Gateway }{ "happy path (IP)": { - status: ipLBStatus, - gatewayClassControllerName: "projectcontour.io/contour", + status: ipLBStatus, + gatewayRef: &types.NamespacedName{Namespace: "projectcontour", Name: "contour-gateway"}, preop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", @@ -429,8 +428,8 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, }, "happy path (hostname)": { - status: hostnameLBStatus, - gatewayClassControllerName: "projectcontour.io/contour", + status: hostnameLBStatus, + gatewayRef: &types.NamespacedName{Namespace: "projectcontour", Name: "contour-gateway"}, preop: &gatewayapi_v1.Gateway{ ObjectMeta: meta_v1.ObjectMeta{ Namespace: "projectcontour", @@ -472,44 +471,6 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, }, }, - "Gateway not controlled by this Contour": { - status: ipLBStatus, - gatewayClassControllerName: "projectcontour.io/some-other-controller", - preop: &gatewayapi_v1.Gateway{ - ObjectMeta: meta_v1.ObjectMeta{ - Namespace: "projectcontour", - Name: "contour-gateway", - }, - Spec: gatewayapi_v1.GatewaySpec{ - GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), - }, - Status: gatewayapi_v1.GatewayStatus{ - Conditions: []meta_v1.Condition{ - { - Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: meta_v1.ConditionTrue, - }, - }, - }, - }, - postop: &gatewayapi_v1.Gateway{ - ObjectMeta: meta_v1.ObjectMeta{ - Namespace: "projectcontour", - Name: "contour-gateway", - }, - Spec: gatewayapi_v1.GatewaySpec{ - GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), - }, - Status: gatewayapi_v1.GatewayStatus{ - Conditions: []meta_v1.Condition{ - { - Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: meta_v1.ConditionTrue, - }, - }, - }, - }, - }, "Specific gateway configured, gateway does not match": { status: ipLBStatus, gatewayRef: &types.NamespacedName{Namespace: "projectcontour", Name: "contour-gateway"}, @@ -548,54 +509,6 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { }, }, }, - "Specific gateway configured, gateway matches": { - status: ipLBStatus, - gatewayRef: &types.NamespacedName{Namespace: "projectcontour", Name: "contour-gateway"}, - preop: &gatewayapi_v1.Gateway{ - ObjectMeta: meta_v1.ObjectMeta{ - Namespace: "projectcontour", - Name: "contour-gateway", - }, - Spec: gatewayapi_v1.GatewaySpec{ - GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), - }, - Status: gatewayapi_v1.GatewayStatus{ - Conditions: []meta_v1.Condition{ - { - Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: meta_v1.ConditionTrue, - }, - }, - }, - }, - postop: &gatewayapi_v1.Gateway{ - ObjectMeta: meta_v1.ObjectMeta{ - Namespace: "projectcontour", - Name: "contour-gateway", - }, - Spec: gatewayapi_v1.GatewaySpec{ - GatewayClassName: gatewayapi_v1.ObjectName("contour-gatewayclass"), - }, - Status: gatewayapi_v1.GatewayStatus{ - Conditions: []meta_v1.Condition{ - { - Type: string(gatewayapi_v1.GatewayConditionProgrammed), - Status: meta_v1.ConditionTrue, - }, - }, - Addresses: []gatewayapi_v1.GatewayStatusAddress{ - { - Type: ref.To(gatewayapi_v1.IPAddressType), - Value: ipLBStatus.Ingress[0].IP, - }, - { - Type: ref.To(gatewayapi_v1.IPAddressType), - Value: ipLBStatus.Ingress[1].IP, - }, - }, - }, - }, - }, } for name, tc := range testCases { @@ -606,22 +519,14 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { mockCache := &mocks.Cache{} mockCache. On("Get", mock.Anything, client.ObjectKey{Name: string(tc.preop.Spec.GatewayClassName)}, mock.Anything). - Run(func(args mock.Arguments) { - // The cache's Get function takes a pointer to a struct and updates it - // with the data from the API server; this simulates that behavior by - // updating the struct pointed to by the third argument with the fields - // we care about. See Run's godoc for more info. - args[2].(*gatewayapi_v1.GatewayClass).Spec.ControllerName = gatewayapi_v1.GatewayController(tc.gatewayClassControllerName) - }). Return(nil) isu := StatusAddressUpdater{ - Logger: log, - GatewayControllerName: "projectcontour.io/contour", - GatewayRef: tc.gatewayRef, - Cache: mockCache, - LBStatus: tc.status, - StatusUpdater: &suc, + Logger: log, + GatewayRef: tc.gatewayRef, + Cache: mockCache, + LBStatus: tc.status, + StatusUpdater: &suc, } isu.OnAdd(tc.preop, false) @@ -637,22 +542,14 @@ func TestStatusAddressUpdater_Gateway(t *testing.T) { mockCache := &mocks.Cache{} mockCache. On("Get", mock.Anything, client.ObjectKey{Name: string(tc.preop.Spec.GatewayClassName)}, mock.Anything). - Run(func(args mock.Arguments) { - // The cache's Get function takes a pointer to a struct and updates it - // with the data from the API server; this simulates that behavior by - // updating the struct pointed to by the third argument with the fields - // we care about. See Run's godoc for more info. - args[2].(*gatewayapi_v1.GatewayClass).Spec.ControllerName = gatewayapi_v1.GatewayController(tc.gatewayClassControllerName) - }). Return(nil) isu := StatusAddressUpdater{ - Logger: log, - GatewayControllerName: "projectcontour.io/contour", - GatewayRef: tc.gatewayRef, - Cache: mockCache, - LBStatus: tc.status, - StatusUpdater: &suc, + Logger: log, + GatewayRef: tc.gatewayRef, + Cache: mockCache, + LBStatus: tc.status, + StatusUpdater: &suc, } isu.OnUpdate(tc.preop, tc.preop) diff --git a/internal/provisioner/controller/gateway_test.go b/internal/provisioner/controller/gateway_test.go index baf160da86c..c95f9a59238 100644 --- a/internal/provisioner/controller/gateway_test.go +++ b/internal/provisioner/controller/gateway_test.go @@ -335,7 +335,7 @@ func TestGatewayReconcile(t *testing.T) { want := contour_v1alpha1.ContourConfigurationSpec{ EnableExternalNameService: ref.To(true), Gateway: &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: gw.Name, Name: gw.Name, }, @@ -367,8 +367,7 @@ func TestGatewayReconcile(t *testing.T) { Spec: contour_v1alpha1.ContourDeploymentSpec{ RuntimeSettings: &contour_v1alpha1.ContourConfigurationSpec{ Gateway: &contour_v1alpha1.GatewayConfig{ - ControllerName: "some-controller", - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: "some-other-namespace", Name: "some-other-gateway", }, @@ -403,7 +402,7 @@ func TestGatewayReconcile(t *testing.T) { want := contour_v1alpha1.ContourConfigurationSpec{ Gateway: &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: gw.Name, Name: gw.Name, }, @@ -458,7 +457,7 @@ func TestGatewayReconcile(t *testing.T) { want := contour_v1alpha1.ContourConfigurationSpec{ Gateway: &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: gw.Name, Name: gw.Name, }, diff --git a/internal/provisioner/objects/contourconfig/contourconfig.go b/internal/provisioner/objects/contourconfig/contourconfig.go index 3da243a5266..b2f7b99a97c 100644 --- a/internal/provisioner/objects/contourconfig/contourconfig.go +++ b/internal/provisioner/objects/contourconfig/contourconfig.go @@ -60,7 +60,7 @@ func EnsureContourConfig(ctx context.Context, cli client.Client, contour *model. func setGatewayConfig(config *contour_v1alpha1.ContourConfiguration, contour *model.Contour) { config.Spec.Gateway = &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: contour.Namespace, Name: contour.Name, }, diff --git a/internal/provisioner/objects/contourconfig/contourconfig_test.go b/internal/provisioner/objects/contourconfig/contourconfig_test.go index 30946fe540a..b6e41f581ab 100644 --- a/internal/provisioner/objects/contourconfig/contourconfig_test.go +++ b/internal/provisioner/objects/contourconfig/contourconfig_test.go @@ -44,7 +44,7 @@ func TestEnsureContourConfig(t *testing.T) { }, want: contour_v1alpha1.ContourConfigurationSpec{ Gateway: &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, @@ -71,7 +71,7 @@ func TestEnsureContourConfig(t *testing.T) { }, Spec: contour_v1alpha1.ContourConfigurationSpec{ Gateway: &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, @@ -86,7 +86,7 @@ func TestEnsureContourConfig(t *testing.T) { }, want: contour_v1alpha1.ContourConfigurationSpec{ Gateway: &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, @@ -113,7 +113,7 @@ func TestEnsureContourConfig(t *testing.T) { }, Spec: contour_v1alpha1.ContourConfigurationSpec{ Gateway: &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: "some-other-namespace", Name: "some-other-contour", }, @@ -128,7 +128,7 @@ func TestEnsureContourConfig(t *testing.T) { }, want: contour_v1alpha1.ContourConfigurationSpec{ Gateway: &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, @@ -155,7 +155,7 @@ func TestEnsureContourConfig(t *testing.T) { }, Spec: contour_v1alpha1.ContourConfigurationSpec{ Gateway: &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, @@ -177,7 +177,7 @@ func TestEnsureContourConfig(t *testing.T) { }, want: contour_v1alpha1.ContourConfigurationSpec{ Gateway: &contour_v1alpha1.GatewayConfig{ - GatewayRef: &contour_v1alpha1.NamespacedName{ + GatewayRef: contour_v1alpha1.NamespacedName{ Namespace: "contour-namespace-1", Name: "contour-1", }, diff --git a/pkg/config/parameters.go b/pkg/config/parameters.go index 539970a591c..a79158549eb 100644 --- a/pkg/config/parameters.go +++ b/pkg/config/parameters.go @@ -47,18 +47,10 @@ func (s ServerType) Validate() error { } } -// Validate the GatewayConfig. +// Validate ensures that GatewayRef namespace/name is specified. func (g *GatewayParameters) Validate() error { - if g == nil { - return nil - } - - if len(g.ControllerName) == 0 && g.GatewayRef == nil { - return fmt.Errorf("invalid Gateway parameters specified: exactly one of controller name or gateway ref must be provided") - } - - if len(g.ControllerName) > 0 && g.GatewayRef != nil { - return fmt.Errorf("invalid Gateway parameters specified: exactly one of controller name or gateway ref must be provided") + if g != nil && (g.GatewayRef.Namespace == "" || g.GatewayRef.Name == "") { + return fmt.Errorf("invalid Gateway parameters specified: gateway ref namespace and name must be provided") } return nil @@ -255,21 +247,9 @@ type ServerParameters struct { // GatewayParameters holds the configuration for Gateway API controllers. type GatewayParameters struct { - // ControllerName is used to determine whether Contour should reconcile a - // GatewayClass. The string takes the form of "projectcontour.io//contour". - // If unset, the gatewayclass controller will not be started. - // Exactly one of ControllerName or GatewayRef must be set. - // - // Deprecated: users should use GatewayRef, or the Gateway provisioner, - // in place of this field. This field will be removed in a future release. - ControllerName string `yaml:"controllerName,omitempty"` - - // GatewayRef defines a specific Gateway that this Contour - // instance corresponds to. If set, Contour will reconcile - // only this gateway, and will not reconcile any gateway - // classes. - // Exactly one of ControllerName or GatewayRef must be set. - GatewayRef *NamespacedName `yaml:"gatewayRef,omitempty"` + // GatewayRef defines the specific Gateway that this Contour + // instance corresponds to. + GatewayRef NamespacedName `yaml:"gatewayRef"` } // TimeoutParameters holds various configurable proxy timeout values. diff --git a/pkg/config/parameters_test.go b/pkg/config/parameters_test.go index 3e275286a8f..8341906daff 100644 --- a/pkg/config/parameters_test.go +++ b/pkg/config/parameters_test.go @@ -193,9 +193,17 @@ func TestValidateGatewayParameters(t *testing.T) { var gw *GatewayParameters require.NoError(t, gw.Validate()) - // ControllerName is required. - gw = &GatewayParameters{ControllerName: "controller"} + // Namespace and name are required + gw = &GatewayParameters{GatewayRef: NamespacedName{Namespace: "foo", Name: "bar"}} require.NoError(t, gw.Validate()) + + // Namespace is required + gw = &GatewayParameters{GatewayRef: NamespacedName{Name: "bar"}} + require.Error(t, gw.Validate()) + + // Name is required + gw = &GatewayParameters{GatewayRef: NamespacedName{Namespace: "foo"}} + require.Error(t, gw.Validate()) } func TestValidateHTTPVersionType(t *testing.T) { diff --git a/site/content/docs/main/config/api-reference.html b/site/content/docs/main/config/api-reference.html index 522e89d16a8..82e03f685da 100644 --- a/site/content/docs/main/config/api-reference.html +++ b/site/content/docs/main/config/api-reference.html @@ -7656,24 +7656,6 @@