From 4e68822245cc858ff0c0f800d22f83273980fd9a Mon Sep 17 00:00:00 2001 From: Jacob Bohanon Date: Wed, 4 Sep 2024 13:11:20 -0400 Subject: [PATCH] [1.16] Warn on missing TLS secret (#9974) --- changelog/v1.16.20/missing-tls-secret.yaml | 18 + devel/tools/changelog.sh | 0 .../validation/gloo_validation.proto.sk.md | 36 + .../projects/gloo/api/v1/settings.proto.sk.md | 2 + docs/content/reference/values.txt | 1 + .../gloo/crds/gloo.solo.io_v1_Settings.yaml | 3 + install/helm/gloo/generate/values.go | 1 + install/helm/gloo/templates/18-settings.yaml | 1 + install/helm/gloo/values-template.yaml | 4 + .../settings/compressed_proxy_spec.yaml | 52 +- .../consul_config_upstream_discovery.yaml | 81 +- .../settings/consul_config_values.yaml | 103 +-- .../disable_kubernetes_destinations.yaml | 67 +- .../disable_proxy_garbage_collection.yaml | 67 +- .../fixtures/settings/disabled_gateway.yaml | 3 +- .../settings/enable_default_credentials.yaml | 3 +- .../fixtures/settings/enable_rest_eds.yaml | 67 +- .../enable_rest_eds_and_gloo_mtls.yaml | 67 +- .../settings/gateway_circuit_breakers.yaml | 77 +- .../fixtures/settings/gateway_settings.yaml | 67 +- .../fixtures/settings/gateway_validation.yaml | 67 +- .../settings/graphql_fds_disabled.yaml | 1 + .../isolate_virtual_hosts_by_ssl_config.yaml | 3 +- .../settings/ratelimit_descriptors.yaml | 81 +- .../fixtures/settings/ratelimit_server.yaml | 81 +- .../read_gateways_from_all_namespaces.yaml | 50 +- .../settings/set_regex_max_program_size.yaml | 3 +- .../set_regex_max_program_size_default.yaml | 3 +- .../set_secretSettings_in_settings.yaml | 3 +- .../test/fixtures/settings/sts_discovery.yaml | 3 +- .../settings/translate_empty_gateway.yaml | 54 +- .../test/fixtures/settings/uds_disabled.yaml | 3 +- .../settings/watched_discovery_labels.yaml | 3 +- install/test/helm_test.go | 2 + .../reporting/add_proxy_validation_result.go | 11 + .../api/grpc/validation/gloo_validation.proto | 15 + projects/gloo/api/v1/settings.proto | 5 + .../validation/gloo_validation.pb.clone.go | 28 + .../validation/gloo_validation.pb.equal.go | 49 + .../api/grpc/validation/gloo_validation.pb.go | 840 ++++++++++-------- .../validation/gloo_validation.pb.hash.go | 49 + projects/gloo/pkg/api/v1/settings.pb.clone.go | 6 + projects/gloo/pkg/api/v1/settings.pb.equal.go | 10 + projects/gloo/pkg/api/v1/settings.pb.go | 331 +++---- projects/gloo/pkg/api/v1/settings.pb.hash.go | 20 + projects/gloo/pkg/translator/clusters.go | 9 +- projects/gloo/pkg/translator/filter_chain.go | 20 +- .../gloo/pkg/translator/listener_subsystem.go | 6 + .../pkg/translator/listener_subsystem_test.go | 68 +- .../pkg/translator/network_filters_test.go | 2 +- projects/gloo/pkg/translator/translator.go | 2 +- .../gloo/pkg/translator/translator_test.go | 35 +- projects/gloo/pkg/utils/ssl.go | 9 +- .../pkg/utils/validation/proxy_validation.go | 46 +- test/kube2e/gateway/gateway_test.go | 126 +++ 55 files changed, 1730 insertions(+), 1034 deletions(-) create mode 100644 changelog/v1.16.20/missing-tls-secret.yaml mode change 100644 => 100755 devel/tools/changelog.sh diff --git a/changelog/v1.16.20/missing-tls-secret.yaml b/changelog/v1.16.20/missing-tls-secret.yaml new file mode 100644 index 00000000000..423929623c8 --- /dev/null +++ b/changelog/v1.16.20/missing-tls-secret.yaml @@ -0,0 +1,18 @@ +changelog: + - type: FIX + issueLink: https://github.com/solo-io/gloo/issues/6957 + resolvesIssue: false + description: >- + Fix for issue where a missing TLS secret was treated by validation as an error, + potentially bringing down the entire HTTPS gateway if the gloo pod restarts while + in this bad state. This is a breaking change in the default behavior of validation. + To enable this behavior, use the helm setting `gateway.validation.warnMissingTlsSecret=true` + or the same field on the Settings CR. This field has no effect if allowWarnings is false or + acceptAllResources is true. + - type: HELM + issueLink: https://github.com/solo-io/gloo/issues/6957 + resolvesIssue: false + description: >- + New field gateway.validation.warnMissingTlsSecret controls whether missing TLS secrets referenced + in SslConfig and UpstreamSslConfig will be treated as a warning instead of an error during validation. + Defaults to false. This field has no effect if allowWarnings is false or acceptAllResources is true. diff --git a/devel/tools/changelog.sh b/devel/tools/changelog.sh old mode 100644 new mode 100755 diff --git a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/grpc/validation/gloo_validation.proto.sk.md b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/grpc/validation/gloo_validation.proto.sk.md index 5fb59862067..0bdb8124de6 100644 --- a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/grpc/validation/gloo_validation.proto.sk.md +++ b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/grpc/validation/gloo_validation.proto.sk.md @@ -23,6 +23,8 @@ weight: 5 - [ListenerReport](#listenerreport) - [Error](#error) - [Type](#type) +- [Warning](#warning) +- [Type](#type) - [HttpListenerReport](#httplistenerreport) - [Error](#error) - [Type](#type) @@ -232,6 +234,7 @@ If the report contains no errors, the (sub-)resource is valid. ```yaml "errors": []gloo.solo.io.ListenerReport.Error +"warnings": []gloo.solo.io.ListenerReport.Warning "httpListenerReport": .gloo.solo.io.HttpListenerReport "tcpListenerReport": .gloo.solo.io.TcpListenerReport "hybridListenerReport": .gloo.solo.io.HybridListenerReport @@ -242,6 +245,7 @@ If the report contains no errors, the (sub-)resource is valid. | Field | Type | Description | | ----- | ---- | ----------- | | `errors` | [[]gloo.solo.io.ListenerReport.Error](../gloo_validation.proto.sk/#error) | errors on top-level config of the listener. | +| `warnings` | [[]gloo.solo.io.ListenerReport.Warning](../gloo_validation.proto.sk/#warning) | warnings on the top-levelconfig of the listener. | | `httpListenerReport` | [.gloo.solo.io.HttpListenerReport](../gloo_validation.proto.sk/#httplistenerreport) | report for the http listener. Only one of `httpListenerReport`, `tcpListenerReport`, `hybridListenerReport`, or `aggregateListenerReport` can be set. | | `tcpListenerReport` | [.gloo.solo.io.TcpListenerReport](../gloo_validation.proto.sk/#tcplistenerreport) | report for the tcp listener. Only one of `tcpListenerReport`, `httpListenerReport`, `hybridListenerReport`, or `aggregateListenerReport` can be set. | | `hybridListenerReport` | [.gloo.solo.io.HybridListenerReport](../gloo_validation.proto.sk/#hybridlistenerreport) | report for the hybrid listener. Only one of `hybridListenerReport`, `httpListenerReport`, `tcpListenerReport`, or `aggregateListenerReport` can be set. | @@ -285,6 +289,38 @@ error types for top-level listener config +--- +### Warning + + +warning types for the given listener config + +```yaml +"type": .gloo.solo.io.ListenerReport.Warning.Type +"reason": string + +``` + +| Field | Type | Description | +| ----- | ---- | ----------- | +| `type` | [.gloo.solo.io.ListenerReport.Warning.Type](../gloo_validation.proto.sk/#type) | the type of the error. | +| `reason` | `string` | any extra info as a string. | + + + + +--- +### Type + + + +| Name | Description | +| ----- | ----------- | +| `SSLConfigWarning` | | + + + + --- ### HttpListenerReport diff --git a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md index 98de89a3158..cafb2cc596b 100644 --- a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md +++ b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md @@ -874,6 +874,7 @@ options for configuring admission control / validation "disableTransformationValidation": .google.protobuf.BoolValue "validationServerGrpcMaxSizeBytes": .google.protobuf.Int32Value "serverEnabled": .google.protobuf.BoolValue +"warnMissingTlsSecret": .google.protobuf.BoolValue ``` @@ -889,6 +890,7 @@ options for configuring admission control / validation | `disableTransformationValidation` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | Deprecated: See `server_enabled` and consider configuring it to `false` instead. By default gloo will attempt to validate transformations by calling out to a local envoy binary in `validate` mode. Calling this local envoy binary can become slow when done many times during a single validation. Setting this to true will stop gloo from calling out to envoy to validate the transformations, which may speed up the validation time considerably, but may also cause the transformation config to fail after being sent to envoy. When disabling this, ensure that your transformations are valid prior to applying them. | | `validationServerGrpcMaxSizeBytes` | [.google.protobuf.Int32Value](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/int-32-value) | By default, gRPC validation messages between gateway and gloo pods have a max message size of 100 MB. Setting this value sets the gRPC max message size in bytes for the gloo validation server. This should only be changed if necessary. If not included, the gRPC max message size will be the default of 100 MB. | | `serverEnabled` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | By providing the validation field (parent of this object) the user is implicitly opting into validation. This field allows the user to opt out of the validation server, while still configuring pre-existing fields such as `warn_route_short_circuiting` and `disable_transformation_validation`. If not included, the validation server will be enabled. | +| `warnMissingTlsSecret` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | Allows configuring validation to report a missing TLS secret referenced by a SslConfig or UpstreamSslConfig as a warning instead of an error. This will allow for eventually consistent workloads, but will also permit the accidental deletion of secrets being referenced, which would cause disruption in traffic. | diff --git a/docs/content/reference/values.txt b/docs/content/reference/values.txt index bc257c58a23..8146aa36340 100644 --- a/docs/content/reference/values.txt +++ b/docs/content/reference/values.txt @@ -363,6 +363,7 @@ |gateway.validation.enabled|bool|true|enable Gloo Edge API Gateway validation hook (default true)| |gateway.validation.alwaysAcceptResources|bool|true|unless this is set this to false in order to ensure validation webhook rejects invalid resources. by default, validation webhook will only log and report metrics for invalid resource admission without rejecting them outright.| |gateway.validation.allowWarnings|bool|true|set this to false in order to ensure validation webhook rejects resources that would have warning status or rejected status, rather than just rejected.| +|gateway.validation.warnMissingTlsSecret|bool|false|set this to true in order to treat missing tls secret references as warnings, causing validation to allow this state. This supports eventually consistent workflows where TLS secrets may not yet be present when VirtualServices that reference them are created. This field has no effect if allowWarnings is false or acceptAllResources is true.| |gateway.validation.serverEnabled|bool|true|By providing the validation field (parent of this object) the user is implicitly opting into validation. This field allows the user to opt out of the validation server, while still configuring pre-existing fields such as warn_route_short_circuiting and disable_transformation_validation.| |gateway.validation.disableTransformationValidation|bool|false|set this to true to disable transformation validation. This may bring signifigant performance benefits if using many transformations, at the cost of possibly incorrect transformations being sent to Envoy. When using this value make sure to pre-validate transformations.| |gateway.validation.warnRouteShortCircuiting|bool|false|Write a warning to route resources if validation produced a route ordering warning (defaults to false). By setting to true, this means that Gloo Edge will start assigning warnings to resources that would result in route short-circuiting within a virtual host.| diff --git a/install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml b/install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml index 9daf882128c..98b79228c03 100644 --- a/install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml +++ b/install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml @@ -544,6 +544,9 @@ spec: type: string validationWebhookTlsKey: type: string + warnMissingTlsSecret: + nullable: true + type: boolean warnRouteShortCircuiting: nullable: true type: boolean diff --git a/install/helm/gloo/generate/values.go b/install/helm/gloo/generate/values.go index f8d06926cb9..c8d24a632d0 100644 --- a/install/helm/gloo/generate/values.go +++ b/install/helm/gloo/generate/values.go @@ -399,6 +399,7 @@ type GatewayValidation struct { Enabled *bool `json:"enabled,omitempty" desc:"enable Gloo Edge API Gateway validation hook (default true)"` AlwaysAcceptResources *bool `json:"alwaysAcceptResources,omitempty" desc:"unless this is set this to false in order to ensure validation webhook rejects invalid resources. by default, validation webhook will only log and report metrics for invalid resource admission without rejecting them outright."` AllowWarnings *bool `json:"allowWarnings,omitempty" desc:"set this to false in order to ensure validation webhook rejects resources that would have warning status or rejected status, rather than just rejected."` + WarnMissingTlsSecret *bool `json:"warnMissingTlsSecret,omitempty" desc:"set this to true in order to treat missing tls secret references as warnings, causing validation to allow this state. This supports eventually consistent workflows where TLS secrets may not yet be present when VirtualServices that reference them are created. This field has no effect if allowWarnings is false or acceptAllResources is true."` ServerEnabled *bool `json:"serverEnabled,omitempty" desc:"By providing the validation field (parent of this object) the user is implicitly opting into validation. This field allows the user to opt out of the validation server, while still configuring pre-existing fields such as warn_route_short_circuiting and disable_transformation_validation."` DisableTransformationValidation *bool `json:"disableTransformationValidation,omitempty" desc:"set this to true to disable transformation validation. This may bring signifigant performance benefits if using many transformations, at the cost of possibly incorrect transformations being sent to Envoy. When using this value make sure to pre-validate transformations."` WarnRouteShortCircuiting *bool `json:"warnRouteShortCircuiting,omitempty" desc:"Write a warning to route resources if validation produced a route ordering warning (defaults to false). By setting to true, this means that Gloo Edge will start assigning warnings to resources that would result in route short-circuiting within a virtual host."` diff --git a/install/helm/gloo/templates/18-settings.yaml b/install/helm/gloo/templates/18-settings.yaml index 7e83f0a6572..de107ed5d5e 100644 --- a/install/helm/gloo/templates/18-settings.yaml +++ b/install/helm/gloo/templates/18-settings.yaml @@ -127,6 +127,7 @@ spec: {{- /* need to do this weird if/else because Helm cannot differentiate between 'false' and 'unset' */}} alwaysAccept: {{ .Values.gateway.validation.alwaysAcceptResources }} allowWarnings: {{ .Values.gateway.validation.allowWarnings }} + warnMissingTlsSecret: {{ .Values.gateway.validation.warnMissingTlsSecret }} serverEnabled: {{ .Values.gateway.validation.serverEnabled }} disableTransformationValidation: {{ .Values.gateway.validation.disableTransformationValidation }} warnRouteShortCircuiting: {{ .Values.gateway.validation.warnRouteShortCircuiting }} diff --git a/install/helm/gloo/values-template.yaml b/install/helm/gloo/values-template.yaml index 5133e1706bf..b01646f84e8 100644 --- a/install/helm/gloo/values-template.yaml +++ b/install/helm/gloo/values-template.yaml @@ -75,6 +75,10 @@ gateway: secretName: gateway-validation-certs alwaysAcceptResources: true allowWarnings: true + # Explicitly defaulting this setting to false in order to emphasize the opt-in + # nature of this behavior in this version. The default value for this field + # is changed to true in 1.18, making the behavior opt-out. + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false diff --git a/install/test/fixtures/settings/compressed_proxy_spec.yaml b/install/test/fixtures/settings/compressed_proxy_spec.yaml index d3b4a3c3cd9..138745a977d 100644 --- a/install/test/fixtures/settings/compressed_proxy_spec.yaml +++ b/install/test/fixtures/settings/compressed_proxy_spec.yaml @@ -7,29 +7,29 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - compressedProxySpec: true - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + compressedProxySpec: true + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/consul_config_upstream_discovery.yaml b/install/test/fixtures/settings/consul_config_upstream_discovery.yaml index fca7b54d6d3..6f2b854f9d6 100644 --- a/install/test/fixtures/settings/consul_config_upstream_discovery.yaml +++ b/install/test/fixtures/settings/consul_config_upstream_discovery.yaml @@ -7,43 +7,44 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - enableGatewayController: true - readGatewaysFromAllNamespaces: false - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - consulDiscovery: - useTlsTagging: true - tlsTagName: tag - splitTlsServices: true - rootCa: - name: testName - namespace: testNamespace - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + enableGatewayController: true + readGatewaysFromAllNamespaces: false + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + consulDiscovery: + useTlsTagging: true + tlsTagName: tag + splitTlsServices: true + rootCa: + name: testName + namespace: testNamespace + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/consul_config_values.yaml b/install/test/fixtures/settings/consul_config_values.yaml index fb90a3815d8..ee663c13f90 100644 --- a/install/test/fixtures/settings/consul_config_values.yaml +++ b/install/test/fixtures/settings/consul_config_values.yaml @@ -7,54 +7,55 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - isolateVirtualHostsBySslConfig: false - enableGatewayController: true - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - consul: - datacenter: datacenter - username: user - password: password - token: aToken - caFile: testCaFile - caPath: testCaPath - certFile: testCertFile - keyFile: testKeyFile - insecureSkipVerify: true - waitTime: 12s - serviceDiscovery: - dataCenters: - - dc1 - - dc2 - httpAddress: 1.2.3.4 - dnsAddress: 5.6.7.8 - dnsPollingInterval: 5s - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + isolateVirtualHostsBySslConfig: false + enableGatewayController: true + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + consul: + datacenter: datacenter + username: user + password: password + token: aToken + caFile: testCaFile + caPath: testCaPath + certFile: testCertFile + keyFile: testKeyFile + insecureSkipVerify: true + waitTime: 12s + serviceDiscovery: + dataCenters: + - dc1 + - dc2 + httpAddress: 1.2.3.4 + dnsAddress: 5.6.7.8 + dnsPollingInterval: 5s + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/disable_kubernetes_destinations.yaml b/install/test/fixtures/settings/disable_kubernetes_destinations.yaml index 905ac0b680b..b506ea47b11 100644 --- a/install/test/fixtures/settings/disable_kubernetes_destinations.yaml +++ b/install/test/fixtures/settings/disable_kubernetes_destinations.yaml @@ -7,36 +7,37 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: true - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: true + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/disable_proxy_garbage_collection.yaml b/install/test/fixtures/settings/disable_proxy_garbage_collection.yaml index de0aeff102e..321af78e08f 100644 --- a/install/test/fixtures/settings/disable_proxy_garbage_collection.yaml +++ b/install/test/fixtures/settings/disable_proxy_garbage_collection.yaml @@ -7,36 +7,37 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: true - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: true + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/disabled_gateway.yaml b/install/test/fixtures/settings/disabled_gateway.yaml index 33a14d17cfe..16b5e6403cb 100644 --- a/install/test/fixtures/settings/disabled_gateway.yaml +++ b/install/test/fixtures/settings/disabled_gateway.yaml @@ -17,6 +17,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -40,4 +41,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/enable_default_credentials.yaml b/install/test/fixtures/settings/enable_default_credentials.yaml index 950a3eeb140..aa9fe0a84f1 100644 --- a/install/test/fixtures/settings/enable_default_credentials.yaml +++ b/install/test/fixtures/settings/enable_default_credentials.yaml @@ -16,6 +16,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -41,4 +42,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/enable_rest_eds.yaml b/install/test/fixtures/settings/enable_rest_eds.yaml index dc63965f0d1..a5da317adcb 100644 --- a/install/test/fixtures/settings/enable_rest_eds.yaml +++ b/install/test/fixtures/settings/enable_rest_eds.yaml @@ -7,36 +7,37 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/enable_rest_eds_and_gloo_mtls.yaml b/install/test/fixtures/settings/enable_rest_eds_and_gloo_mtls.yaml index c896d671ef4..982bb1734c0 100644 --- a/install/test/fixtures/settings/enable_rest_eds_and_gloo_mtls.yaml +++ b/install/test/fixtures/settings/enable_rest_eds_and_gloo_mtls.yaml @@ -7,36 +7,37 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: "127.0.0.1:9999" - restXdsBindAddr: "127.0.0.1:9998" - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: "127.0.0.1:9999" + restXdsBindAddr: "127.0.0.1:9998" + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/gateway_circuit_breakers.yaml b/install/test/fixtures/settings/gateway_circuit_breakers.yaml index db07dba1eec..e7a72c50995 100644 --- a/install/test/fixtures/settings/gateway_circuit_breakers.yaml +++ b/install/test/fixtures/settings/gateway_circuit_breakers.yaml @@ -7,41 +7,42 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - circuitBreakers: - maxConnections: 1024 - maxPendingRequests: 1024 - maxRequests: 1024 - maxRetries: 3 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - replaceInvalidRoutes: false - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + circuitBreakers: + maxConnections: 1024 + maxPendingRequests: 1024 + maxRequests: 1024 + maxRetries: 3 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + replaceInvalidRoutes: false + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/gateway_settings.yaml b/install/test/fixtures/settings/gateway_settings.yaml index b2181d5636c..d0df9e6277b 100644 --- a/install/test/fixtures/settings/gateway_settings.yaml +++ b/install/test/fixtures/settings/gateway_settings.yaml @@ -7,36 +7,37 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - replaceInvalidRoutes: true - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + replaceInvalidRoutes: true + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/gateway_validation.yaml b/install/test/fixtures/settings/gateway_validation.yaml index a42bf792835..5d92835d264 100644 --- a/install/test/fixtures/settings/gateway_validation.yaml +++ b/install/test/fixtures/settings/gateway_validation.yaml @@ -7,36 +7,37 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: true - warnRouteShortCircuiting: true - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - replaceInvalidRoutes: false - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: true + serverEnabled: true + disableTransformationValidation: true + warnRouteShortCircuiting: true + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + replaceInvalidRoutes: false + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/graphql_fds_disabled.yaml b/install/test/fixtures/settings/graphql_fds_disabled.yaml index c109b8e65e3..386f264308d 100644 --- a/install/test/fixtures/settings/graphql_fds_disabled.yaml +++ b/install/test/fixtures/settings/graphql_fds_disabled.yaml @@ -18,6 +18,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false diff --git a/install/test/fixtures/settings/isolate_virtual_hosts_by_ssl_config.yaml b/install/test/fixtures/settings/isolate_virtual_hosts_by_ssl_config.yaml index b98a5ad6969..01bfe651e12 100644 --- a/install/test/fixtures/settings/isolate_virtual_hosts_by_ssl_config.yaml +++ b/install/test/fixtures/settings/isolate_virtual_hosts_by_ssl_config.yaml @@ -16,6 +16,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -39,4 +40,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/ratelimit_descriptors.yaml b/install/test/fixtures/settings/ratelimit_descriptors.yaml index 835889f974f..2e45e8ced3a 100644 --- a/install/test/fixtures/settings/ratelimit_descriptors.yaml +++ b/install/test/fixtures/settings/ratelimit_descriptors.yaml @@ -7,43 +7,44 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} - ratelimit: - descriptors: - - key: generic_key - value: "per-second" - rateLimit: - requestsPerUnit: 2 - unit: SECOND \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} + ratelimit: + descriptors: + - key: generic_key + value: "per-second" + rateLimit: + requestsPerUnit: 2 + unit: SECOND diff --git a/install/test/fixtures/settings/ratelimit_server.yaml b/install/test/fixtures/settings/ratelimit_server.yaml index 16be40fcc21..b171d6fd9e9 100644 --- a/install/test/fixtures/settings/ratelimit_server.yaml +++ b/install/test/fixtures/settings/ratelimit_server.yaml @@ -7,43 +7,44 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} - ratelimitServer: - ratelimitServerRef: - name: ratelimit - namespace: ratelimitns - denyOnFail: true - rateLimitBeforeAuth: true - enableXRatelimitHeaders: true + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} + ratelimitServer: + ratelimitServerRef: + name: ratelimit + namespace: ratelimitns + denyOnFail: true + rateLimitBeforeAuth: true + enableXRatelimitHeaders: true diff --git a/install/test/fixtures/settings/read_gateways_from_all_namespaces.yaml b/install/test/fixtures/settings/read_gateways_from_all_namespaces.yaml index 899cc2ef1c3..6491e47c4ec 100644 --- a/install/test/fixtures/settings/read_gateways_from_all_namespaces.yaml +++ b/install/test/fixtures/settings/read_gateways_from_all_namespaces.yaml @@ -7,28 +7,28 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: true - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: true + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/set_regex_max_program_size.yaml b/install/test/fixtures/settings/set_regex_max_program_size.yaml index a1c12a9d2a8..9a4342d7d54 100644 --- a/install/test/fixtures/settings/set_regex_max_program_size.yaml +++ b/install/test/fixtures/settings/set_regex_max_program_size.yaml @@ -16,6 +16,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -39,4 +40,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/set_regex_max_program_size_default.yaml b/install/test/fixtures/settings/set_regex_max_program_size_default.yaml index a171abe4559..1495b902801 100644 --- a/install/test/fixtures/settings/set_regex_max_program_size_default.yaml +++ b/install/test/fixtures/settings/set_regex_max_program_size_default.yaml @@ -16,6 +16,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -39,4 +40,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/set_secretSettings_in_settings.yaml b/install/test/fixtures/settings/set_secretSettings_in_settings.yaml index 868f923ef58..a00855e26c6 100644 --- a/install/test/fixtures/settings/set_secretSettings_in_settings.yaml +++ b/install/test/fixtures/settings/set_secretSettings_in_settings.yaml @@ -16,6 +16,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -49,4 +50,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/sts_discovery.yaml b/install/test/fixtures/settings/sts_discovery.yaml index 215f708819f..6405585ebf6 100644 --- a/install/test/fixtures/settings/sts_discovery.yaml +++ b/install/test/fixtures/settings/sts_discovery.yaml @@ -16,6 +16,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -45,4 +46,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/translate_empty_gateway.yaml b/install/test/fixtures/settings/translate_empty_gateway.yaml index 2c9cfa6f135..d3807d7e917 100644 --- a/install/test/fixtures/settings/translate_empty_gateway.yaml +++ b/install/test/fixtures/settings/translate_empty_gateway.yaml @@ -7,30 +7,30 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - translateEmptyGateways: true - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - gloo: - regexMaxProgramSize: 1024 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - istioOptions: - appendXForwardedHost: true - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} - + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + translateEmptyGateways: true + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + gloo: + regexMaxProgramSize: 1024 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + istioOptions: + appendXForwardedHost: true + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} + diff --git a/install/test/fixtures/settings/uds_disabled.yaml b/install/test/fixtures/settings/uds_disabled.yaml index aecb28427f2..22dea78a4fa 100644 --- a/install/test/fixtures/settings/uds_disabled.yaml +++ b/install/test/fixtures/settings/uds_disabled.yaml @@ -18,6 +18,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -41,4 +42,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/watched_discovery_labels.yaml b/install/test/fixtures/settings/watched_discovery_labels.yaml index 70a7808b281..ff81209b2b6 100644 --- a/install/test/fixtures/settings/watched_discovery_labels.yaml +++ b/install/test/fixtures/settings/watched_discovery_labels.yaml @@ -19,6 +19,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -42,4 +43,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/helm_test.go b/install/test/helm_test.go index 4b28c1145a8..4fe4f1a53ca 100644 --- a/install/test/helm_test.go +++ b/install/test/helm_test.go @@ -4029,6 +4029,7 @@ spec: valuesArgs: []string{ "gateway.validation.disableTransformationValidation=true", "gateway.validation.warnRouteShortCircuiting=true", + "gateway.validation.warnMissingTlsSecret=true", }, }) testManifest.ExpectUnstructured(settings.GetKind(), settings.GetNamespace(), settings.GetName()).To(BeEquivalentTo(settings)) @@ -4228,6 +4229,7 @@ spec: proxyValidationServerAddr: gloo:9988 alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false diff --git a/projects/gateway/pkg/reporting/add_proxy_validation_result.go b/projects/gateway/pkg/reporting/add_proxy_validation_result.go index da104a8181e..381135e9494 100644 --- a/projects/gateway/pkg/reporting/add_proxy_validation_result.go +++ b/projects/gateway/pkg/reporting/add_proxy_validation_result.go @@ -116,6 +116,7 @@ func AddProxyValidationResult(resourceReports reporter.ResourceReports, proxy *g func addListenerResult(resourceReports reporter.ResourceReports, listener *gloov1.Listener, listenerReport *validation.ListenerReport) error { listenerErrs := getListenerLevelErrors(listenerReport) + listenerWarnings := getListenerLevelWarnings(listenerReport) return translator.ForEachSource(listener, func(src translator.SourceRef) error { srcResource, _ := resourceReports.Find(src.ResourceKind, &core.ResourceRef{Name: src.Name, Namespace: src.Namespace}) @@ -123,6 +124,7 @@ func addListenerResult(resourceReports reporter.ResourceReports, listener *gloov return missingReportForSourceErr } resourceReports.AddErrors(srcResource, listenerErrs...) + resourceReports.AddWarnings(srcResource, listenerWarnings...) return nil }) } @@ -181,6 +183,15 @@ func getListenerLevelErrors(listenerReport *validation.ListenerReport) []error { return listenerErrs } +func getListenerLevelWarnings(listenerReport *validation.ListenerReport) []string { + listenerWarnings := validationutils.GetListenerWarning(listenerReport) + + // TODO(jbohanon) implement warnings on various listener types and account for them here + // similarly to the errors aggregation func above. + + return listenerWarnings +} + // get errors that can be caused by virtual services func getVirtualHostLevelErrorsAndWarnings(vhReport *validation.VirtualHostReport) ([]error, []string) { var ( diff --git a/projects/gloo/api/grpc/validation/gloo_validation.proto b/projects/gloo/api/grpc/validation/gloo_validation.proto index 08ef33cb545..98c0ac84150 100644 --- a/projects/gloo/api/grpc/validation/gloo_validation.proto +++ b/projects/gloo/api/grpc/validation/gloo_validation.proto @@ -121,9 +121,24 @@ message ListenerReport { string reason = 2; } + // warning types for the given listener config + message Warning { + enum Type { + SSLConfigWarning = 0; + } + + // the type of the error + Type type = 1; + // any extra info as a string + string reason = 2; + } + // errors on top-level config of the listener repeated Error errors = 2; + // warnings on the top-levelconfig of the listener + repeated Warning warnings = 7; + oneof listener_type_report { // report for the http listener HttpListenerReport http_listener_report = 3; diff --git a/projects/gloo/api/v1/settings.proto b/projects/gloo/api/v1/settings.proto index 48c98dab61e..bf1519d6b03 100644 --- a/projects/gloo/api/v1/settings.proto +++ b/projects/gloo/api/v1/settings.proto @@ -816,6 +816,11 @@ message GatewayOptions { // // If not included, the validation server will be enabled. google.protobuf.BoolValue server_enabled = 12; + + // Allows configuring validation to report a missing TLS secret referenced by a SslConfig or UpstreamSslConfig + // as a warning instead of an error. This will allow for eventually consistent workloads, but will also permit + // the accidental deletion of secrets being referenced, which would cause disruption in traffic. + google.protobuf.BoolValue warn_missing_tls_secret = 13; } // If provided, the Gateway will perform [Dynamic Admission Control](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) diff --git a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.clone.go b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.clone.go index 29c55069656..72e1257cdd6 100644 --- a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.clone.go +++ b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.clone.go @@ -297,6 +297,19 @@ func (m *ListenerReport) Clone() proto.Message { } } + if m.GetWarnings() != nil { + target.Warnings = make([]*ListenerReport_Warning, len(m.GetWarnings())) + for idx, v := range m.GetWarnings() { + + if h, ok := interface{}(v).(clone.Cloner); ok { + target.Warnings[idx] = h.Clone().(*ListenerReport_Warning) + } else { + target.Warnings[idx] = proto.Clone(v).(*ListenerReport_Warning) + } + + } + } + switch m.ListenerTypeReport.(type) { case *ListenerReport_HttpListenerReport: @@ -652,6 +665,21 @@ func (m *ListenerReport_Error) Clone() proto.Message { return target } +// Clone function +func (m *ListenerReport_Warning) Clone() proto.Message { + var target *ListenerReport_Warning + if m == nil { + return target + } + target = &ListenerReport_Warning{} + + target.Type = m.GetType() + + target.Reason = m.GetReason() + + return target +} + // Clone function func (m *HttpListenerReport_Error) Clone() proto.Message { var target *HttpListenerReport_Error diff --git a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.equal.go b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.equal.go index 69f22a8c306..cab26506e7b 100644 --- a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.equal.go +++ b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.equal.go @@ -482,6 +482,23 @@ func (m *ListenerReport) Equal(that interface{}) bool { } + if len(m.GetWarnings()) != len(target.GetWarnings()) { + return false + } + for idx, v := range m.GetWarnings() { + + if h, ok := interface{}(v).(equality.Equalizer); ok { + if !h.Equal(target.GetWarnings()[idx]) { + return false + } + } else { + if !proto.Equal(v, target.GetWarnings()[idx]) { + return false + } + } + + } + switch m.ListenerTypeReport.(type) { case *ListenerReport_HttpListenerReport: @@ -1038,6 +1055,38 @@ func (m *ListenerReport_Error) Equal(that interface{}) bool { return true } +// Equal function +func (m *ListenerReport_Warning) Equal(that interface{}) bool { + if that == nil { + return m == nil + } + + target, ok := that.(*ListenerReport_Warning) + if !ok { + that2, ok := that.(ListenerReport_Warning) + if ok { + target = &that2 + } else { + return false + } + } + if target == nil { + return m == nil + } else if m == nil { + return false + } + + if m.GetType() != target.GetType() { + return false + } + + if strings.Compare(m.GetReason(), target.GetReason()) != 0 { + return false + } + + return true +} + // Equal function func (m *HttpListenerReport_Error) Equal(that interface{}) bool { if that == nil { diff --git a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.go b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.go index e8310870135..b578c264dc5 100644 --- a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.go +++ b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.go @@ -80,6 +80,49 @@ func (ListenerReport_Error_Type) EnumDescriptor() ([]byte, []int) { return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_rawDescGZIP(), []int{9, 0, 0} } +type ListenerReport_Warning_Type int32 + +const ( + ListenerReport_Warning_SSLConfigWarning ListenerReport_Warning_Type = 0 +) + +// Enum value maps for ListenerReport_Warning_Type. +var ( + ListenerReport_Warning_Type_name = map[int32]string{ + 0: "SSLConfigWarning", + } + ListenerReport_Warning_Type_value = map[string]int32{ + "SSLConfigWarning": 0, + } +) + +func (x ListenerReport_Warning_Type) Enum() *ListenerReport_Warning_Type { + p := new(ListenerReport_Warning_Type) + *p = x + return p +} + +func (x ListenerReport_Warning_Type) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ListenerReport_Warning_Type) Descriptor() protoreflect.EnumDescriptor { + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[1].Descriptor() +} + +func (ListenerReport_Warning_Type) Type() protoreflect.EnumType { + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[1] +} + +func (x ListenerReport_Warning_Type) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ListenerReport_Warning_Type.Descriptor instead. +func (ListenerReport_Warning_Type) EnumDescriptor() ([]byte, []int) { + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_rawDescGZIP(), []int{9, 1, 0} +} + type HttpListenerReport_Error_Type int32 const ( @@ -107,11 +150,11 @@ func (x HttpListenerReport_Error_Type) String() string { } func (HttpListenerReport_Error_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[1].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[2].Descriptor() } func (HttpListenerReport_Error_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[1] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[2] } func (x HttpListenerReport_Error_Type) Number() protoreflect.EnumNumber { @@ -159,11 +202,11 @@ func (x VirtualHostReport_Error_Type) String() string { } func (VirtualHostReport_Error_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[2].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[3].Descriptor() } func (VirtualHostReport_Error_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[2] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[3] } func (x VirtualHostReport_Error_Type) Number() protoreflect.EnumNumber { @@ -205,11 +248,11 @@ func (x RouteReport_Error_Type) String() string { } func (RouteReport_Error_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[3].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[4].Descriptor() } func (RouteReport_Error_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[3] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[4] } func (x RouteReport_Error_Type) Number() protoreflect.EnumNumber { @@ -248,11 +291,11 @@ func (x RouteReport_Warning_Type) String() string { } func (RouteReport_Warning_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[4].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[5].Descriptor() } func (RouteReport_Warning_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[4] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[5] } func (x RouteReport_Warning_Type) Number() protoreflect.EnumNumber { @@ -300,11 +343,11 @@ func (x TcpListenerReport_Error_Type) String() string { } func (TcpListenerReport_Error_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[5].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[6].Descriptor() } func (TcpListenerReport_Error_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[5] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[6] } func (x TcpListenerReport_Error_Type) Number() protoreflect.EnumNumber { @@ -350,11 +393,11 @@ func (x TcpHostReport_Error_Type) String() string { } func (TcpHostReport_Error_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[6].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[7].Descriptor() } func (TcpHostReport_Error_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[6] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[7] } func (x TcpHostReport_Error_Type) Number() protoreflect.EnumNumber { @@ -396,11 +439,11 @@ func (x TcpHostReport_Warning_Type) String() string { } func (TcpHostReport_Warning_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[7].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[8].Descriptor() } func (TcpHostReport_Warning_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[7] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[8] } func (x TcpHostReport_Warning_Type) Number() protoreflect.EnumNumber { @@ -935,6 +978,8 @@ type ListenerReport struct { // errors on top-level config of the listener Errors []*ListenerReport_Error `protobuf:"bytes,2,rep,name=errors,proto3" json:"errors,omitempty"` + // warnings on the top-levelconfig of the listener + Warnings []*ListenerReport_Warning `protobuf:"bytes,7,rep,name=warnings,proto3" json:"warnings,omitempty"` // Types that are assignable to ListenerTypeReport: // // *ListenerReport_HttpListenerReport @@ -983,6 +1028,13 @@ func (x *ListenerReport) GetErrors() []*ListenerReport_Error { return nil } +func (x *ListenerReport) GetWarnings() []*ListenerReport_Warning { + if x != nil { + return x.Warnings + } + return nil +} + func (m *ListenerReport) GetListenerTypeReport() isListenerReport_ListenerTypeReport { if m != nil { return m.ListenerTypeReport @@ -1575,6 +1627,64 @@ func (x *ListenerReport_Error) GetReason() string { return "" } +// warning types for the given listener config +type ListenerReport_Warning struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // the type of the error + Type ListenerReport_Warning_Type `protobuf:"varint,1,opt,name=type,proto3,enum=gloo.solo.io.ListenerReport_Warning_Type" json:"type,omitempty"` + // any extra info as a string + Reason string `protobuf:"bytes,2,opt,name=reason,proto3" json:"reason,omitempty"` +} + +func (x *ListenerReport_Warning) Reset() { + *x = ListenerReport_Warning{} + if protoimpl.UnsafeEnabled { + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListenerReport_Warning) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListenerReport_Warning) ProtoMessage() {} + +func (x *ListenerReport_Warning) ProtoReflect() protoreflect.Message { + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[19] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListenerReport_Warning.ProtoReflect.Descriptor instead. +func (*ListenerReport_Warning) Descriptor() ([]byte, []int) { + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_rawDescGZIP(), []int{9, 1} +} + +func (x *ListenerReport_Warning) GetType() ListenerReport_Warning_Type { + if x != nil { + return x.Type + } + return ListenerReport_Warning_SSLConfigWarning +} + +func (x *ListenerReport_Warning) GetReason() string { + if x != nil { + return x.Reason + } + return "" +} + // error types for top-level http listener config type HttpListenerReport_Error struct { state protoimpl.MessageState @@ -1590,7 +1700,7 @@ type HttpListenerReport_Error struct { func (x *HttpListenerReport_Error) Reset() { *x = HttpListenerReport_Error{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[19] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1603,7 +1713,7 @@ func (x *HttpListenerReport_Error) String() string { func (*HttpListenerReport_Error) ProtoMessage() {} func (x *HttpListenerReport_Error) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[19] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[20] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1648,7 +1758,7 @@ type VirtualHostReport_Error struct { func (x *VirtualHostReport_Error) Reset() { *x = VirtualHostReport_Error{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[20] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[21] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1661,7 +1771,7 @@ func (x *VirtualHostReport_Error) String() string { func (*VirtualHostReport_Error) ProtoMessage() {} func (x *VirtualHostReport_Error) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[20] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[21] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1706,7 +1816,7 @@ type RouteReport_Error struct { func (x *RouteReport_Error) Reset() { *x = RouteReport_Error{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[21] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1719,7 +1829,7 @@ func (x *RouteReport_Error) String() string { func (*RouteReport_Error) ProtoMessage() {} func (x *RouteReport_Error) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[21] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[22] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1764,7 +1874,7 @@ type RouteReport_Warning struct { func (x *RouteReport_Warning) Reset() { *x = RouteReport_Warning{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[22] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[23] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1777,7 +1887,7 @@ func (x *RouteReport_Warning) String() string { func (*RouteReport_Warning) ProtoMessage() {} func (x *RouteReport_Warning) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[22] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[23] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1822,7 +1932,7 @@ type TcpListenerReport_Error struct { func (x *TcpListenerReport_Error) Reset() { *x = TcpListenerReport_Error{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[23] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1835,7 +1945,7 @@ func (x *TcpListenerReport_Error) String() string { func (*TcpListenerReport_Error) ProtoMessage() {} func (x *TcpListenerReport_Error) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[23] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[24] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1880,7 +1990,7 @@ type TcpHostReport_Error struct { func (x *TcpHostReport_Error) Reset() { *x = TcpHostReport_Error{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[24] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[25] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1893,7 +2003,7 @@ func (x *TcpHostReport_Error) String() string { func (*TcpHostReport_Error) ProtoMessage() {} func (x *TcpHostReport_Error) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[24] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[25] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1938,7 +2048,7 @@ type TcpHostReport_Warning struct { func (x *TcpHostReport_Warning) Reset() { *x = TcpHostReport_Warning{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[25] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[26] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1951,7 +2061,7 @@ func (x *TcpHostReport_Warning) String() string { func (*TcpHostReport_Warning) ProtoMessage() {} func (x *TcpHostReport_Warning) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[25] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[26] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2067,127 +2177,41 @@ var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validati 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x0f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x73, 0x22, 0x92, 0x05, 0x0a, 0x0e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x70, 0x6f, 0x72, 0x74, 0x73, 0x22, 0xd4, 0x06, 0x0a, 0x0e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3a, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, - 0x72, 0x6f, 0x72, 0x73, 0x12, 0x54, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, - 0x6f, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x12, 0x68, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, - 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x51, 0x0a, 0x13, 0x74, 0x63, - 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, - 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, - 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x11, 0x74, 0x63, 0x70, 0x4c, - 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x5a, 0x0a, - 0x16, 0x68, 0x79, 0x62, 0x72, 0x69, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, - 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x79, 0x62, - 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x48, 0x00, 0x52, 0x14, 0x68, 0x79, 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, - 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x63, 0x0a, 0x19, 0x61, 0x67, 0x67, - 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, - 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, - 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, 0x67, 0x67, 0x72, - 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x17, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, - 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x1a, 0xc1, - 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x27, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, + 0x72, 0x6f, 0x72, 0x73, 0x12, 0x40, 0x0a, 0x08, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, + 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x63, 0x0a, - 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, 0x6d, 0x65, 0x4e, 0x6f, 0x74, - 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x00, 0x12, 0x1a, 0x0a, - 0x16, 0x42, 0x69, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, - 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x53, 0x53, 0x4c, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x12, 0x13, 0x0a, - 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, - 0x10, 0x03, 0x42, 0x16, 0x0a, 0x14, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x74, - 0x79, 0x70, 0x65, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xa6, 0x02, 0x0a, 0x12, 0x48, - 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x12, 0x3e, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, - 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, - 0x73, 0x12, 0x51, 0x0a, 0x14, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x68, 0x6f, 0x73, - 0x74, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x56, - 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x52, 0x12, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x73, 0x1a, 0x7d, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3f, 0x0a, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6c, - 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, - 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, - 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, - 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x1b, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x13, - 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x10, 0x00, 0x22, 0xda, 0x02, 0x0a, 0x11, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, - 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x06, 0x65, 0x72, 0x72, - 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, - 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, - 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, - 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x3e, 0x0a, 0x0d, 0x72, 0x6f, 0x75, 0x74, - 0x65, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, - 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x0c, 0x72, 0x6f, 0x75, 0x74, - 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0xc5, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, - 0x6f, 0x72, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x2a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x64, 0x0a, 0x04, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, 0x6d, 0x65, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, - 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x6f, - 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, - 0x72, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, - 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x45, 0x6d, - 0x70, 0x74, 0x79, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x03, - 0x22, 0x9e, 0x03, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x12, 0x37, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x3d, 0x0a, 0x08, 0x77, 0x61, 0x72, - 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6c, - 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x08, - 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x1a, 0x8f, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, - 0x6f, 0x72, 0x12, 0x38, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x24, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, - 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, - 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x34, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, - 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x45, 0x72, - 0x72, 0x6f, 0x72, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, - 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x1a, 0x84, 0x01, 0x0a, 0x07, 0x57, - 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x3a, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, - 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, - 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x25, 0x0a, 0x04, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x19, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x44, 0x65, 0x73, - 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x10, - 0x00, 0x22, 0xe0, 0x02, 0x0a, 0x11, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, - 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, - 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, - 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, - 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, 0x68, 0x6f, - 0x73, 0x74, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x0e, 0x74, - 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0xc4, 0x01, - 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, - 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x77, 0x61, + 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x54, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, + 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x12, 0x68, 0x74, 0x74, 0x70, 0x4c, 0x69, + 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x51, 0x0a, 0x13, + 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, + 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, + 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x11, 0x74, 0x63, + 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, + 0x5a, 0x0a, 0x16, 0x68, 0x79, 0x62, 0x72, 0x69, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x22, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, + 0x79, 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x14, 0x68, 0x79, 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, + 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x63, 0x0a, 0x19, 0x61, + 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, + 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, 0x67, + 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x17, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, + 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, + 0x1a, 0xc1, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x27, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, + 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, @@ -2197,115 +2221,213 @@ var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validati 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x53, 0x53, 0x4c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, - 0x6f, 0x72, 0x10, 0x03, 0x22, 0xdc, 0x03, 0x0a, 0x0d, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, - 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x39, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, - 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, - 0x73, 0x12, 0x3f, 0x0a, 0x08, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x03, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, - 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, - 0x67, 0x73, 0x1a, 0xb1, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3a, 0x0a, 0x04, - 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x67, 0x6c, 0x6f, - 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, - 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, - 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, - 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, - 0x22, 0x54, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, 0x6d, 0x65, - 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x00, - 0x12, 0x1f, 0x0a, 0x17, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, - 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x1a, 0x02, 0x08, - 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, - 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x1a, 0x9a, 0x01, 0x0a, 0x07, 0x57, 0x61, 0x72, 0x6e, 0x69, - 0x6e, 0x67, 0x12, 0x3c, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x28, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x57, 0x61, - 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x6f, 0x72, 0x10, 0x03, 0x1a, 0x7e, 0x0a, 0x07, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, + 0x3d, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, + 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4c, 0x69, 0x73, + 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, + 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, + 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x1c, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x14, + 0x0a, 0x10, 0x53, 0x53, 0x4c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x57, 0x61, 0x72, 0x6e, 0x69, + 0x6e, 0x67, 0x10, 0x00, 0x42, 0x16, 0x0a, 0x14, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xa6, 0x02, 0x0a, + 0x12, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x12, 0x3e, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, + 0x69, 0x6f, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x14, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x68, + 0x6f, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, + 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x52, 0x12, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0x7d, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, + 0x3f, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, + 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x74, 0x74, + 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x39, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x12, 0x0a, 0x0e, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x57, 0x61, 0x72, 0x6e, 0x69, - 0x6e, 0x67, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x44, + 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x1b, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, + 0x72, 0x6f, 0x72, 0x10, 0x00, 0x22, 0xda, 0x02, 0x0a, 0x11, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, + 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x06, 0x65, + 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6c, + 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, + 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, + 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x3e, 0x0a, 0x0d, 0x72, 0x6f, + 0x75, 0x74, 0x65, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, + 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x0c, 0x72, 0x6f, + 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0xc5, 0x01, 0x0a, 0x05, 0x45, + 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, + 0x6f, 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x64, 0x0a, 0x04, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, 0x6d, 0x65, 0x4e, 0x6f, 0x74, 0x55, + 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, + 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, + 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, + 0x45, 0x6d, 0x70, 0x74, 0x79, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, + 0x10, 0x03, 0x22, 0x9e, 0x03, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x12, 0x37, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, + 0x6f, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, + 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x3d, 0x0a, 0x08, 0x77, + 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, + 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x6f, 0x75, + 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, + 0x52, 0x08, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x1a, 0x8f, 0x01, 0x0a, 0x05, 0x45, + 0x72, 0x72, 0x6f, 0x72, 0x12, 0x38, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, + 0x6f, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, + 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, + 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x34, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, + 0x0a, 0x13, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, + 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x1a, 0x84, 0x01, 0x0a, + 0x07, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x3a, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, + 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x25, 0x0a, 0x04, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x19, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, - 0x67, 0x10, 0x01, 0x22, 0x80, 0x02, 0x0a, 0x14, 0x48, 0x79, 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, - 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x78, 0x0a, 0x18, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, - 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x79, - 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, - 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x16, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, - 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0x6e, 0x0a, 0x1b, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, - 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x39, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, - 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xd6, 0x01, 0x0a, 0x15, 0x4d, 0x61, 0x74, 0x63, 0x68, - 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x12, 0x54, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, - 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, - 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x74, + 0x67, 0x10, 0x00, 0x22, 0xe0, 0x02, 0x0a, 0x11, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x06, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, + 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, + 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, + 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, + 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, + 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, + 0x0e, 0x74, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, + 0xc4, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, + 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, + 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, + 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, + 0x6e, 0x22, 0x63, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, 0x6d, + 0x65, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, + 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x42, 0x69, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x4e, 0x6f, 0x74, + 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x12, 0x0a, + 0x0e, 0x53, 0x53, 0x4c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, + 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, + 0x72, 0x72, 0x6f, 0x72, 0x10, 0x03, 0x22, 0xdc, 0x03, 0x0a, 0x0d, 0x54, 0x63, 0x70, 0x48, 0x6f, + 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x39, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, + 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, + 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x73, 0x12, 0x3f, 0x0a, 0x08, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x18, + 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, + 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x77, 0x61, 0x72, 0x6e, + 0x69, 0x6e, 0x67, 0x73, 0x1a, 0xb1, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3a, + 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x67, + 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, + 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, + 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, + 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, + 0x6f, 0x6e, 0x22, 0x54, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, + 0x6d, 0x65, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, + 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x17, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x44, 0x65, 0x73, + 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x1a, + 0x02, 0x08, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, + 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x1a, 0x9a, 0x01, 0x0a, 0x07, 0x57, 0x61, 0x72, + 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, + 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x39, 0x0a, 0x04, 0x54, 0x79, + 0x70, 0x65, 0x12, 0x12, 0x0a, 0x0e, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x57, 0x61, 0x72, + 0x6e, 0x69, 0x6e, 0x67, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x57, 0x61, 0x72, 0x6e, + 0x69, 0x6e, 0x67, 0x10, 0x01, 0x22, 0x80, 0x02, 0x0a, 0x14, 0x48, 0x79, 0x62, 0x72, 0x69, 0x64, + 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x78, + 0x0a, 0x18, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x3e, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, + 0x48, 0x79, 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, + 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, + 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x16, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0x6e, 0x0a, 0x1b, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x39, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, + 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xd6, 0x01, 0x0a, 0x15, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x12, 0x54, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x20, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, + 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x48, 0x00, 0x52, 0x12, 0x68, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x51, 0x0a, 0x13, 0x74, 0x63, 0x70, 0x5f, + 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, + 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x11, 0x74, 0x63, 0x70, 0x4c, 0x69, 0x73, + 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x14, 0x0a, 0x12, 0x4c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x79, 0x70, + 0x65, 0x22, 0xd0, 0x03, 0x0a, 0x17, 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x72, 0x0a, + 0x15, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x67, + 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, 0x67, 0x67, 0x72, + 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x13, 0x68, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x48, 0x00, 0x52, 0x12, 0x68, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x51, 0x0a, 0x13, 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x69, - 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, - 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x11, 0x74, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, - 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x14, 0x0a, 0x12, 0x4c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x79, 0x70, 0x65, 0x22, - 0xd0, 0x03, 0x0a, 0x17, 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x72, 0x0a, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x67, 0x6c, 0x6f, - 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, - 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x13, 0x68, 0x74, 0x74, 0x70, - 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, - 0x6f, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, - 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, - 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, 0x67, 0x67, - 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x12, 0x74, 0x63, - 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, - 0x1a, 0x68, 0x0a, 0x18, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x36, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, - 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x74, 0x74, - 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x66, 0x0a, 0x17, 0x54, 0x63, - 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x35, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, - 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, - 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x32, 0xdf, 0x01, 0x0a, 0x15, 0x47, 0x6c, 0x6f, 0x6f, 0x56, 0x61, 0x6c, 0x69, 0x64, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5f, 0x0a, 0x0e, - 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x79, 0x6e, 0x63, 0x12, 0x23, - 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4e, 0x6f, - 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x79, 0x6e, 0x63, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, - 0x69, 0x6f, 0x2e, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x79, 0x6e, - 0x63, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x65, 0x0a, - 0x08, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, - 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x6c, 0x6f, 0x6f, 0x56, 0x61, 0x6c, - 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, - 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x6c, 0x6f, 0x6f, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x22, 0x00, 0x42, 0x4b, 0xb8, 0xf5, 0x04, 0x01, 0xc0, 0xf5, 0x04, 0x01, 0xd0, 0xf5, - 0x04, 0x01, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, - 0x6f, 0x6c, 0x6f, 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x6a, - 0x65, 0x63, 0x74, 0x73, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x12, 0x6f, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x3d, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, + 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x12, + 0x74, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x73, 0x1a, 0x68, 0x0a, 0x18, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x12, 0x36, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x20, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, + 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x66, 0x0a, 0x17, + 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x35, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, + 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x32, 0xdf, 0x01, 0x0a, 0x15, 0x47, 0x6c, 0x6f, 0x6f, 0x56, 0x61, 0x6c, + 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5f, + 0x0a, 0x0e, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x79, 0x6e, 0x63, + 0x12, 0x23, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, + 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x79, 0x6e, 0x63, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, + 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, + 0x79, 0x6e, 0x63, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, + 0x65, 0x0a, 0x08, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x2e, 0x67, 0x6c, + 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x6c, 0x6f, 0x6f, 0x56, + 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, + 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x6c, 0x6f, 0x6f, 0x56, 0x61, 0x6c, 0x69, 0x64, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x4b, 0xb8, 0xf5, 0x04, 0x01, 0xc0, 0xf5, 0x04, 0x01, + 0xd0, 0xf5, 0x04, 0x01, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x73, 0x6f, 0x6c, 0x6f, 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x72, + 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x6b, 0x67, 0x2f, + 0x61, 0x70, 0x69, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -2320,103 +2442,107 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_rawDescData } -var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes = make([]protoimpl.EnumInfo, 8) -var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes = make([]protoimpl.MessageInfo, 29) +var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes = make([]protoimpl.EnumInfo, 9) +var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes = make([]protoimpl.MessageInfo, 30) var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_goTypes = []interface{}{ (ListenerReport_Error_Type)(0), // 0: gloo.solo.io.ListenerReport.Error.Type - (HttpListenerReport_Error_Type)(0), // 1: gloo.solo.io.HttpListenerReport.Error.Type - (VirtualHostReport_Error_Type)(0), // 2: gloo.solo.io.VirtualHostReport.Error.Type - (RouteReport_Error_Type)(0), // 3: gloo.solo.io.RouteReport.Error.Type - (RouteReport_Warning_Type)(0), // 4: gloo.solo.io.RouteReport.Warning.Type - (TcpListenerReport_Error_Type)(0), // 5: gloo.solo.io.TcpListenerReport.Error.Type - (TcpHostReport_Error_Type)(0), // 6: gloo.solo.io.TcpHostReport.Error.Type - (TcpHostReport_Warning_Type)(0), // 7: gloo.solo.io.TcpHostReport.Warning.Type - (*GlooValidationServiceRequest)(nil), // 8: gloo.solo.io.GlooValidationServiceRequest - (*GlooValidationServiceResponse)(nil), // 9: gloo.solo.io.GlooValidationServiceResponse - (*ModifiedResources)(nil), // 10: gloo.solo.io.ModifiedResources - (*DeletedResources)(nil), // 11: gloo.solo.io.DeletedResources - (*ValidationReport)(nil), // 12: gloo.solo.io.ValidationReport - (*ResourceReport)(nil), // 13: gloo.solo.io.ResourceReport - (*NotifyOnResyncRequest)(nil), // 14: gloo.solo.io.NotifyOnResyncRequest - (*NotifyOnResyncResponse)(nil), // 15: gloo.solo.io.NotifyOnResyncResponse - (*ProxyReport)(nil), // 16: gloo.solo.io.ProxyReport - (*ListenerReport)(nil), // 17: gloo.solo.io.ListenerReport - (*HttpListenerReport)(nil), // 18: gloo.solo.io.HttpListenerReport - (*VirtualHostReport)(nil), // 19: gloo.solo.io.VirtualHostReport - (*RouteReport)(nil), // 20: gloo.solo.io.RouteReport - (*TcpListenerReport)(nil), // 21: gloo.solo.io.TcpListenerReport - (*TcpHostReport)(nil), // 22: gloo.solo.io.TcpHostReport - (*HybridListenerReport)(nil), // 23: gloo.solo.io.HybridListenerReport - (*MatchedListenerReport)(nil), // 24: gloo.solo.io.MatchedListenerReport - (*AggregateListenerReport)(nil), // 25: gloo.solo.io.AggregateListenerReport - (*ListenerReport_Error)(nil), // 26: gloo.solo.io.ListenerReport.Error - (*HttpListenerReport_Error)(nil), // 27: gloo.solo.io.HttpListenerReport.Error - (*VirtualHostReport_Error)(nil), // 28: gloo.solo.io.VirtualHostReport.Error - (*RouteReport_Error)(nil), // 29: gloo.solo.io.RouteReport.Error - (*RouteReport_Warning)(nil), // 30: gloo.solo.io.RouteReport.Warning - (*TcpListenerReport_Error)(nil), // 31: gloo.solo.io.TcpListenerReport.Error - (*TcpHostReport_Error)(nil), // 32: gloo.solo.io.TcpHostReport.Error - (*TcpHostReport_Warning)(nil), // 33: gloo.solo.io.TcpHostReport.Warning - nil, // 34: gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry - nil, // 35: gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry - nil, // 36: gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry - (*v1.Proxy)(nil), // 37: gloo.solo.io.Proxy - (*v1.Upstream)(nil), // 38: gloo.solo.io.Upstream - (*core.ResourceRef)(nil), // 39: core.solo.io.ResourceRef + (ListenerReport_Warning_Type)(0), // 1: gloo.solo.io.ListenerReport.Warning.Type + (HttpListenerReport_Error_Type)(0), // 2: gloo.solo.io.HttpListenerReport.Error.Type + (VirtualHostReport_Error_Type)(0), // 3: gloo.solo.io.VirtualHostReport.Error.Type + (RouteReport_Error_Type)(0), // 4: gloo.solo.io.RouteReport.Error.Type + (RouteReport_Warning_Type)(0), // 5: gloo.solo.io.RouteReport.Warning.Type + (TcpListenerReport_Error_Type)(0), // 6: gloo.solo.io.TcpListenerReport.Error.Type + (TcpHostReport_Error_Type)(0), // 7: gloo.solo.io.TcpHostReport.Error.Type + (TcpHostReport_Warning_Type)(0), // 8: gloo.solo.io.TcpHostReport.Warning.Type + (*GlooValidationServiceRequest)(nil), // 9: gloo.solo.io.GlooValidationServiceRequest + (*GlooValidationServiceResponse)(nil), // 10: gloo.solo.io.GlooValidationServiceResponse + (*ModifiedResources)(nil), // 11: gloo.solo.io.ModifiedResources + (*DeletedResources)(nil), // 12: gloo.solo.io.DeletedResources + (*ValidationReport)(nil), // 13: gloo.solo.io.ValidationReport + (*ResourceReport)(nil), // 14: gloo.solo.io.ResourceReport + (*NotifyOnResyncRequest)(nil), // 15: gloo.solo.io.NotifyOnResyncRequest + (*NotifyOnResyncResponse)(nil), // 16: gloo.solo.io.NotifyOnResyncResponse + (*ProxyReport)(nil), // 17: gloo.solo.io.ProxyReport + (*ListenerReport)(nil), // 18: gloo.solo.io.ListenerReport + (*HttpListenerReport)(nil), // 19: gloo.solo.io.HttpListenerReport + (*VirtualHostReport)(nil), // 20: gloo.solo.io.VirtualHostReport + (*RouteReport)(nil), // 21: gloo.solo.io.RouteReport + (*TcpListenerReport)(nil), // 22: gloo.solo.io.TcpListenerReport + (*TcpHostReport)(nil), // 23: gloo.solo.io.TcpHostReport + (*HybridListenerReport)(nil), // 24: gloo.solo.io.HybridListenerReport + (*MatchedListenerReport)(nil), // 25: gloo.solo.io.MatchedListenerReport + (*AggregateListenerReport)(nil), // 26: gloo.solo.io.AggregateListenerReport + (*ListenerReport_Error)(nil), // 27: gloo.solo.io.ListenerReport.Error + (*ListenerReport_Warning)(nil), // 28: gloo.solo.io.ListenerReport.Warning + (*HttpListenerReport_Error)(nil), // 29: gloo.solo.io.HttpListenerReport.Error + (*VirtualHostReport_Error)(nil), // 30: gloo.solo.io.VirtualHostReport.Error + (*RouteReport_Error)(nil), // 31: gloo.solo.io.RouteReport.Error + (*RouteReport_Warning)(nil), // 32: gloo.solo.io.RouteReport.Warning + (*TcpListenerReport_Error)(nil), // 33: gloo.solo.io.TcpListenerReport.Error + (*TcpHostReport_Error)(nil), // 34: gloo.solo.io.TcpHostReport.Error + (*TcpHostReport_Warning)(nil), // 35: gloo.solo.io.TcpHostReport.Warning + nil, // 36: gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry + nil, // 37: gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry + nil, // 38: gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry + (*v1.Proxy)(nil), // 39: gloo.solo.io.Proxy + (*v1.Upstream)(nil), // 40: gloo.solo.io.Upstream + (*core.ResourceRef)(nil), // 41: core.solo.io.ResourceRef } var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_depIdxs = []int32{ - 37, // 0: gloo.solo.io.GlooValidationServiceRequest.proxy:type_name -> gloo.solo.io.Proxy - 10, // 1: gloo.solo.io.GlooValidationServiceRequest.modified_resources:type_name -> gloo.solo.io.ModifiedResources - 11, // 2: gloo.solo.io.GlooValidationServiceRequest.deleted_resources:type_name -> gloo.solo.io.DeletedResources - 12, // 3: gloo.solo.io.GlooValidationServiceResponse.validation_reports:type_name -> gloo.solo.io.ValidationReport - 38, // 4: gloo.solo.io.ModifiedResources.upstreams:type_name -> gloo.solo.io.Upstream - 39, // 5: gloo.solo.io.DeletedResources.upstream_refs:type_name -> core.solo.io.ResourceRef - 39, // 6: gloo.solo.io.DeletedResources.secret_refs:type_name -> core.solo.io.ResourceRef - 16, // 7: gloo.solo.io.ValidationReport.proxy_report:type_name -> gloo.solo.io.ProxyReport - 13, // 8: gloo.solo.io.ValidationReport.upstream_reports:type_name -> gloo.solo.io.ResourceReport - 37, // 9: gloo.solo.io.ValidationReport.proxy:type_name -> gloo.solo.io.Proxy - 39, // 10: gloo.solo.io.ResourceReport.resource_ref:type_name -> core.solo.io.ResourceRef - 17, // 11: gloo.solo.io.ProxyReport.listener_reports:type_name -> gloo.solo.io.ListenerReport - 26, // 12: gloo.solo.io.ListenerReport.errors:type_name -> gloo.solo.io.ListenerReport.Error - 18, // 13: gloo.solo.io.ListenerReport.http_listener_report:type_name -> gloo.solo.io.HttpListenerReport - 21, // 14: gloo.solo.io.ListenerReport.tcp_listener_report:type_name -> gloo.solo.io.TcpListenerReport - 23, // 15: gloo.solo.io.ListenerReport.hybrid_listener_report:type_name -> gloo.solo.io.HybridListenerReport - 25, // 16: gloo.solo.io.ListenerReport.aggregate_listener_report:type_name -> gloo.solo.io.AggregateListenerReport - 27, // 17: gloo.solo.io.HttpListenerReport.errors:type_name -> gloo.solo.io.HttpListenerReport.Error - 19, // 18: gloo.solo.io.HttpListenerReport.virtual_host_reports:type_name -> gloo.solo.io.VirtualHostReport - 28, // 19: gloo.solo.io.VirtualHostReport.errors:type_name -> gloo.solo.io.VirtualHostReport.Error - 20, // 20: gloo.solo.io.VirtualHostReport.route_reports:type_name -> gloo.solo.io.RouteReport - 29, // 21: gloo.solo.io.RouteReport.errors:type_name -> gloo.solo.io.RouteReport.Error - 30, // 22: gloo.solo.io.RouteReport.warnings:type_name -> gloo.solo.io.RouteReport.Warning - 31, // 23: gloo.solo.io.TcpListenerReport.errors:type_name -> gloo.solo.io.TcpListenerReport.Error - 22, // 24: gloo.solo.io.TcpListenerReport.tcp_host_reports:type_name -> gloo.solo.io.TcpHostReport - 32, // 25: gloo.solo.io.TcpHostReport.errors:type_name -> gloo.solo.io.TcpHostReport.Error - 33, // 26: gloo.solo.io.TcpHostReport.warnings:type_name -> gloo.solo.io.TcpHostReport.Warning - 34, // 27: gloo.solo.io.HybridListenerReport.matched_listener_reports:type_name -> gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry - 18, // 28: gloo.solo.io.MatchedListenerReport.http_listener_report:type_name -> gloo.solo.io.HttpListenerReport - 21, // 29: gloo.solo.io.MatchedListenerReport.tcp_listener_report:type_name -> gloo.solo.io.TcpListenerReport - 35, // 30: gloo.solo.io.AggregateListenerReport.http_listener_reports:type_name -> gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry - 36, // 31: gloo.solo.io.AggregateListenerReport.tcp_listener_reports:type_name -> gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry - 0, // 32: gloo.solo.io.ListenerReport.Error.type:type_name -> gloo.solo.io.ListenerReport.Error.Type - 1, // 33: gloo.solo.io.HttpListenerReport.Error.type:type_name -> gloo.solo.io.HttpListenerReport.Error.Type - 2, // 34: gloo.solo.io.VirtualHostReport.Error.type:type_name -> gloo.solo.io.VirtualHostReport.Error.Type - 3, // 35: gloo.solo.io.RouteReport.Error.type:type_name -> gloo.solo.io.RouteReport.Error.Type - 4, // 36: gloo.solo.io.RouteReport.Warning.type:type_name -> gloo.solo.io.RouteReport.Warning.Type - 5, // 37: gloo.solo.io.TcpListenerReport.Error.type:type_name -> gloo.solo.io.TcpListenerReport.Error.Type - 6, // 38: gloo.solo.io.TcpHostReport.Error.type:type_name -> gloo.solo.io.TcpHostReport.Error.Type - 7, // 39: gloo.solo.io.TcpHostReport.Warning.type:type_name -> gloo.solo.io.TcpHostReport.Warning.Type - 24, // 40: gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry.value:type_name -> gloo.solo.io.MatchedListenerReport - 18, // 41: gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry.value:type_name -> gloo.solo.io.HttpListenerReport - 21, // 42: gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry.value:type_name -> gloo.solo.io.TcpListenerReport - 14, // 43: gloo.solo.io.GlooValidationService.NotifyOnResync:input_type -> gloo.solo.io.NotifyOnResyncRequest - 8, // 44: gloo.solo.io.GlooValidationService.Validate:input_type -> gloo.solo.io.GlooValidationServiceRequest - 15, // 45: gloo.solo.io.GlooValidationService.NotifyOnResync:output_type -> gloo.solo.io.NotifyOnResyncResponse - 9, // 46: gloo.solo.io.GlooValidationService.Validate:output_type -> gloo.solo.io.GlooValidationServiceResponse - 45, // [45:47] is the sub-list for method output_type - 43, // [43:45] is the sub-list for method input_type - 43, // [43:43] is the sub-list for extension type_name - 43, // [43:43] is the sub-list for extension extendee - 0, // [0:43] is the sub-list for field type_name + 39, // 0: gloo.solo.io.GlooValidationServiceRequest.proxy:type_name -> gloo.solo.io.Proxy + 11, // 1: gloo.solo.io.GlooValidationServiceRequest.modified_resources:type_name -> gloo.solo.io.ModifiedResources + 12, // 2: gloo.solo.io.GlooValidationServiceRequest.deleted_resources:type_name -> gloo.solo.io.DeletedResources + 13, // 3: gloo.solo.io.GlooValidationServiceResponse.validation_reports:type_name -> gloo.solo.io.ValidationReport + 40, // 4: gloo.solo.io.ModifiedResources.upstreams:type_name -> gloo.solo.io.Upstream + 41, // 5: gloo.solo.io.DeletedResources.upstream_refs:type_name -> core.solo.io.ResourceRef + 41, // 6: gloo.solo.io.DeletedResources.secret_refs:type_name -> core.solo.io.ResourceRef + 17, // 7: gloo.solo.io.ValidationReport.proxy_report:type_name -> gloo.solo.io.ProxyReport + 14, // 8: gloo.solo.io.ValidationReport.upstream_reports:type_name -> gloo.solo.io.ResourceReport + 39, // 9: gloo.solo.io.ValidationReport.proxy:type_name -> gloo.solo.io.Proxy + 41, // 10: gloo.solo.io.ResourceReport.resource_ref:type_name -> core.solo.io.ResourceRef + 18, // 11: gloo.solo.io.ProxyReport.listener_reports:type_name -> gloo.solo.io.ListenerReport + 27, // 12: gloo.solo.io.ListenerReport.errors:type_name -> gloo.solo.io.ListenerReport.Error + 28, // 13: gloo.solo.io.ListenerReport.warnings:type_name -> gloo.solo.io.ListenerReport.Warning + 19, // 14: gloo.solo.io.ListenerReport.http_listener_report:type_name -> gloo.solo.io.HttpListenerReport + 22, // 15: gloo.solo.io.ListenerReport.tcp_listener_report:type_name -> gloo.solo.io.TcpListenerReport + 24, // 16: gloo.solo.io.ListenerReport.hybrid_listener_report:type_name -> gloo.solo.io.HybridListenerReport + 26, // 17: gloo.solo.io.ListenerReport.aggregate_listener_report:type_name -> gloo.solo.io.AggregateListenerReport + 29, // 18: gloo.solo.io.HttpListenerReport.errors:type_name -> gloo.solo.io.HttpListenerReport.Error + 20, // 19: gloo.solo.io.HttpListenerReport.virtual_host_reports:type_name -> gloo.solo.io.VirtualHostReport + 30, // 20: gloo.solo.io.VirtualHostReport.errors:type_name -> gloo.solo.io.VirtualHostReport.Error + 21, // 21: gloo.solo.io.VirtualHostReport.route_reports:type_name -> gloo.solo.io.RouteReport + 31, // 22: gloo.solo.io.RouteReport.errors:type_name -> gloo.solo.io.RouteReport.Error + 32, // 23: gloo.solo.io.RouteReport.warnings:type_name -> gloo.solo.io.RouteReport.Warning + 33, // 24: gloo.solo.io.TcpListenerReport.errors:type_name -> gloo.solo.io.TcpListenerReport.Error + 23, // 25: gloo.solo.io.TcpListenerReport.tcp_host_reports:type_name -> gloo.solo.io.TcpHostReport + 34, // 26: gloo.solo.io.TcpHostReport.errors:type_name -> gloo.solo.io.TcpHostReport.Error + 35, // 27: gloo.solo.io.TcpHostReport.warnings:type_name -> gloo.solo.io.TcpHostReport.Warning + 36, // 28: gloo.solo.io.HybridListenerReport.matched_listener_reports:type_name -> gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry + 19, // 29: gloo.solo.io.MatchedListenerReport.http_listener_report:type_name -> gloo.solo.io.HttpListenerReport + 22, // 30: gloo.solo.io.MatchedListenerReport.tcp_listener_report:type_name -> gloo.solo.io.TcpListenerReport + 37, // 31: gloo.solo.io.AggregateListenerReport.http_listener_reports:type_name -> gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry + 38, // 32: gloo.solo.io.AggregateListenerReport.tcp_listener_reports:type_name -> gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry + 0, // 33: gloo.solo.io.ListenerReport.Error.type:type_name -> gloo.solo.io.ListenerReport.Error.Type + 1, // 34: gloo.solo.io.ListenerReport.Warning.type:type_name -> gloo.solo.io.ListenerReport.Warning.Type + 2, // 35: gloo.solo.io.HttpListenerReport.Error.type:type_name -> gloo.solo.io.HttpListenerReport.Error.Type + 3, // 36: gloo.solo.io.VirtualHostReport.Error.type:type_name -> gloo.solo.io.VirtualHostReport.Error.Type + 4, // 37: gloo.solo.io.RouteReport.Error.type:type_name -> gloo.solo.io.RouteReport.Error.Type + 5, // 38: gloo.solo.io.RouteReport.Warning.type:type_name -> gloo.solo.io.RouteReport.Warning.Type + 6, // 39: gloo.solo.io.TcpListenerReport.Error.type:type_name -> gloo.solo.io.TcpListenerReport.Error.Type + 7, // 40: gloo.solo.io.TcpHostReport.Error.type:type_name -> gloo.solo.io.TcpHostReport.Error.Type + 8, // 41: gloo.solo.io.TcpHostReport.Warning.type:type_name -> gloo.solo.io.TcpHostReport.Warning.Type + 25, // 42: gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry.value:type_name -> gloo.solo.io.MatchedListenerReport + 19, // 43: gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry.value:type_name -> gloo.solo.io.HttpListenerReport + 22, // 44: gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry.value:type_name -> gloo.solo.io.TcpListenerReport + 15, // 45: gloo.solo.io.GlooValidationService.NotifyOnResync:input_type -> gloo.solo.io.NotifyOnResyncRequest + 9, // 46: gloo.solo.io.GlooValidationService.Validate:input_type -> gloo.solo.io.GlooValidationServiceRequest + 16, // 47: gloo.solo.io.GlooValidationService.NotifyOnResync:output_type -> gloo.solo.io.NotifyOnResyncResponse + 10, // 48: gloo.solo.io.GlooValidationService.Validate:output_type -> gloo.solo.io.GlooValidationServiceResponse + 47, // [47:49] is the sub-list for method output_type + 45, // [45:47] is the sub-list for method input_type + 45, // [45:45] is the sub-list for extension type_name + 45, // [45:45] is the sub-list for extension extendee + 0, // [0:45] is the sub-list for field type_name } func init() { @@ -2656,7 +2782,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HttpListenerReport_Error); i { + switch v := v.(*ListenerReport_Warning); i { case 0: return &v.state case 1: @@ -2668,7 +2794,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*VirtualHostReport_Error); i { + switch v := v.(*HttpListenerReport_Error); i { case 0: return &v.state case 1: @@ -2680,7 +2806,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RouteReport_Error); i { + switch v := v.(*VirtualHostReport_Error); i { case 0: return &v.state case 1: @@ -2692,7 +2818,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RouteReport_Warning); i { + switch v := v.(*RouteReport_Error); i { case 0: return &v.state case 1: @@ -2704,7 +2830,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TcpListenerReport_Error); i { + switch v := v.(*RouteReport_Warning); i { case 0: return &v.state case 1: @@ -2716,7 +2842,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TcpHostReport_Error); i { + switch v := v.(*TcpListenerReport_Error); i { case 0: return &v.state case 1: @@ -2728,6 +2854,18 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TcpHostReport_Error); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*TcpHostReport_Warning); i { case 0: return &v.state @@ -2759,8 +2897,8 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_rawDesc, - NumEnums: 8, - NumMessages: 29, + NumEnums: 9, + NumMessages: 30, NumExtensions: 0, NumServices: 1, }, diff --git a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.hash.go b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.hash.go index 541af861f67..d11991319f5 100644 --- a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.hash.go +++ b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.hash.go @@ -494,6 +494,30 @@ func (m *ListenerReport) Hash(hasher hash.Hash64) (uint64, error) { } + for _, v := range m.GetWarnings() { + + if h, ok := interface{}(v).(safe_hasher.SafeHasher); ok { + if _, err = hasher.Write([]byte("")); err != nil { + return 0, err + } + if _, err = h.Hash(hasher); err != nil { + return 0, err + } + } else { + if fieldValue, err := hashstructure.Hash(v, nil); err != nil { + return 0, err + } else { + if _, err = hasher.Write([]byte("")); err != nil { + return 0, err + } + if err := binary.Write(hasher, binary.LittleEndian, fieldValue); err != nil { + return 0, err + } + } + } + + } + switch m.ListenerTypeReport.(type) { case *ListenerReport_HttpListenerReport: @@ -1147,6 +1171,31 @@ func (m *ListenerReport_Error) Hash(hasher hash.Hash64) (uint64, error) { return hasher.Sum64(), nil } +// Hash function +func (m *ListenerReport_Warning) Hash(hasher hash.Hash64) (uint64, error) { + if m == nil { + return 0, nil + } + if hasher == nil { + hasher = fnv.New64() + } + var err error + if _, err = hasher.Write([]byte("gloo.solo.io.github.com/solo-io/gloo/projects/gloo/pkg/api/grpc/validation.ListenerReport_Warning")); err != nil { + return 0, err + } + + err = binary.Write(hasher, binary.LittleEndian, m.GetType()) + if err != nil { + return 0, err + } + + if _, err = hasher.Write([]byte(m.GetReason())); err != nil { + return 0, err + } + + return hasher.Sum64(), nil +} + // Hash function func (m *HttpListenerReport_Error) Hash(hasher hash.Hash64) (uint64, error) { if m == nil { diff --git a/projects/gloo/pkg/api/v1/settings.pb.clone.go b/projects/gloo/pkg/api/v1/settings.pb.clone.go index 655d914b72b..f4a192f64d7 100644 --- a/projects/gloo/pkg/api/v1/settings.pb.clone.go +++ b/projects/gloo/pkg/api/v1/settings.pb.clone.go @@ -1274,6 +1274,12 @@ func (m *GatewayOptions_ValidationOptions) Clone() proto.Message { target.ServerEnabled = proto.Clone(m.GetServerEnabled()).(*github_com_golang_protobuf_ptypes_wrappers.BoolValue) } + if h, ok := interface{}(m.GetWarnMissingTlsSecret()).(clone.Cloner); ok { + target.WarnMissingTlsSecret = h.Clone().(*github_com_golang_protobuf_ptypes_wrappers.BoolValue) + } else { + target.WarnMissingTlsSecret = proto.Clone(m.GetWarnMissingTlsSecret()).(*github_com_golang_protobuf_ptypes_wrappers.BoolValue) + } + return target } diff --git a/projects/gloo/pkg/api/v1/settings.pb.equal.go b/projects/gloo/pkg/api/v1/settings.pb.equal.go index 85d387c6652..a68c0363230 100644 --- a/projects/gloo/pkg/api/v1/settings.pb.equal.go +++ b/projects/gloo/pkg/api/v1/settings.pb.equal.go @@ -2211,6 +2211,16 @@ func (m *GatewayOptions_ValidationOptions) Equal(that interface{}) bool { } } + if h, ok := interface{}(m.GetWarnMissingTlsSecret()).(equality.Equalizer); ok { + if !h.Equal(target.GetWarnMissingTlsSecret()) { + return false + } + } else { + if !proto.Equal(m.GetWarnMissingTlsSecret(), target.GetWarnMissingTlsSecret()) { + return false + } + } + return true } diff --git a/projects/gloo/pkg/api/v1/settings.pb.go b/projects/gloo/pkg/api/v1/settings.pb.go index 8dd989861ae..7559e282167 100644 --- a/projects/gloo/pkg/api/v1/settings.pb.go +++ b/projects/gloo/pkg/api/v1/settings.pb.go @@ -3276,6 +3276,10 @@ type GatewayOptions_ValidationOptions struct { // // If not included, the validation server will be enabled. ServerEnabled *wrappers.BoolValue `protobuf:"bytes,12,opt,name=server_enabled,json=serverEnabled,proto3" json:"server_enabled,omitempty"` + // Allows configuring validation to report a missing TLS secret referenced by a SslConfig or UpstreamSslConfig + // as a warning instead of an error. This will allow for eventually consistent workloads, but will also permit + // the accidental deletion of secrets being referenced, which would cause disruption in traffic. + WarnMissingTlsSecret *wrappers.BoolValue `protobuf:"bytes,13,opt,name=warn_missing_tls_secret,json=warnMissingTlsSecret,proto3" json:"warn_missing_tls_secret,omitempty"` } func (x *GatewayOptions_ValidationOptions) Reset() { @@ -3383,6 +3387,13 @@ func (x *GatewayOptions_ValidationOptions) GetServerEnabled() *wrappers.BoolValu return nil } +func (x *GatewayOptions_ValidationOptions) GetWarnMissingTlsSecret() *wrappers.BoolValue { + if x != nil { + return x.WarnMissingTlsSecret + } + return nil +} + type GraphqlOptions_SchemaChangeValidationOptions struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -4145,7 +4156,7 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_rawDesc = [ 0x0a, 0x0b, 0x6f, 0x6e, 0x65, 0x5f, 0x77, 0x61, 0x79, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x09, 0x6f, 0x6e, 0x65, 0x57, 0x61, 0x79, 0x54, 0x6c, 0x73, 0x22, 0xbc, 0x0c, 0x0a, 0x0e, 0x47, + 0x09, 0x6f, 0x6e, 0x65, 0x57, 0x61, 0x79, 0x54, 0x6c, 0x73, 0x22, 0x8f, 0x0d, 0x0a, 0x0e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x34, 0x0a, 0x16, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x76, @@ -4195,7 +4206,7 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_rawDesc = [ 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x16, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x6c, 0x61, 0x74, 0x65, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x47, - 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x1a, 0x9f, 0x06, 0x0a, 0x11, 0x56, 0x61, 0x6c, 0x69, + 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x1a, 0xf2, 0x06, 0x0a, 0x11, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3f, 0x0a, 0x1c, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, @@ -4245,57 +4256,62 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_rawDesc = [ 0x65, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0d, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x61, 0x62, - 0x6c, 0x65, 0x64, 0x4a, 0x04, 0x08, 0x0a, 0x10, 0x0b, 0x22, 0x97, 0x01, 0x0a, 0x0e, 0x43, 0x6f, - 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x37, 0x0a, 0x09, - 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x72, 0x65, 0x61, - 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x12, 0x4c, 0x0a, 0x14, 0x61, 0x70, 0x69, 0x5f, 0x65, 0x78, 0x70, - 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x12, 0x61, 0x70, 0x69, 0x45, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x45, 0x6e, 0x61, 0x62, - 0x6c, 0x65, 0x64, 0x22, 0xba, 0x04, 0x0a, 0x0e, 0x47, 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, 0x4f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x83, 0x01, 0x0a, 0x20, 0x73, 0x63, 0x68, 0x65, 0x6d, - 0x61, 0x5f, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x3a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, - 0x2e, 0x47, 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, - 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, - 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x1d, 0x73, - 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0xa1, 0x03, 0x0a, - 0x1d, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, - 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x52, - 0x0a, 0x17, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x69, 0x6e, - 0x67, 0x5f, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x72, 0x65, 0x6a, - 0x65, 0x63, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x69, 0x6e, 0x67, 0x43, 0x68, 0x61, 0x6e, 0x67, - 0x65, 0x73, 0x12, 0x74, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, - 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x49, 0x2e, 0x67, - 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x72, 0x61, 0x70, - 0x68, 0x71, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, - 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, - 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, - 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x22, 0xb5, 0x01, 0x0a, 0x0e, 0x50, 0x72, 0x6f, - 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x52, - 0x55, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, - 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x44, 0x41, 0x4e, 0x47, 0x45, 0x52, - 0x4f, 0x55, 0x53, 0x5f, 0x54, 0x4f, 0x5f, 0x42, 0x52, 0x45, 0x41, 0x4b, 0x49, 0x4e, 0x47, 0x10, - 0x01, 0x12, 0x2b, 0x0a, 0x27, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x44, 0x45, 0x50, 0x52, 0x45, 0x43, - 0x41, 0x54, 0x45, 0x44, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x56, - 0x41, 0x4c, 0x5f, 0x44, 0x41, 0x4e, 0x47, 0x45, 0x52, 0x4f, 0x55, 0x53, 0x10, 0x02, 0x12, 0x23, - 0x0a, 0x1f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x5f, 0x44, 0x45, - 0x53, 0x43, 0x52, 0x49, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x48, 0x41, 0x4e, 0x47, 0x45, - 0x53, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x49, 0x47, 0x4e, 0x4f, - 0x52, 0x45, 0x5f, 0x55, 0x4e, 0x52, 0x45, 0x41, 0x43, 0x48, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x04, - 0x42, 0x3e, 0xb8, 0xf5, 0x04, 0x01, 0xc0, 0xf5, 0x04, 0x01, 0xd0, 0xf5, 0x04, 0x01, 0x5a, 0x30, - 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x6f, 0x6c, 0x6f, 0x2d, - 0x69, 0x6f, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, - 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, - 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6c, 0x65, 0x64, 0x12, 0x51, 0x0a, 0x17, 0x77, 0x61, 0x72, 0x6e, 0x5f, 0x6d, 0x69, 0x73, 0x73, + 0x69, 0x6e, 0x67, 0x5f, 0x74, 0x6c, 0x73, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x0d, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x52, 0x14, 0x77, 0x61, 0x72, 0x6e, 0x4d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x54, 0x6c, 0x73, + 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4a, 0x04, 0x08, 0x0a, 0x10, 0x0b, 0x22, 0x97, 0x01, 0x0a, + 0x0e, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, + 0x37, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, + 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x12, 0x4c, 0x0a, 0x14, 0x61, 0x70, 0x69, 0x5f, + 0x65, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x52, 0x12, 0x61, 0x70, 0x69, 0x45, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x45, + 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0xba, 0x04, 0x0a, 0x0e, 0x47, 0x72, 0x61, 0x70, 0x68, + 0x71, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x83, 0x01, 0x0a, 0x20, 0x73, 0x63, + 0x68, 0x65, 0x6d, 0x61, 0x5f, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, + 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, + 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x52, 0x1d, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, + 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, + 0xa1, 0x03, 0x0a, 0x1d, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, + 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x12, 0x52, 0x0a, 0x17, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, + 0x6b, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, + 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, 0x69, 0x6e, 0x67, 0x43, 0x68, + 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, 0x74, 0x0a, 0x10, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, + 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0e, 0x32, + 0x49, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, + 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, 0x63, + 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x63, + 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x63, + 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x22, 0xb5, 0x01, 0x0a, 0x0e, + 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x14, + 0x0a, 0x10, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, + 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x44, 0x41, 0x4e, + 0x47, 0x45, 0x52, 0x4f, 0x55, 0x53, 0x5f, 0x54, 0x4f, 0x5f, 0x42, 0x52, 0x45, 0x41, 0x4b, 0x49, + 0x4e, 0x47, 0x10, 0x01, 0x12, 0x2b, 0x0a, 0x27, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x44, 0x45, 0x50, + 0x52, 0x45, 0x43, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x52, 0x45, + 0x4d, 0x4f, 0x56, 0x41, 0x4c, 0x5f, 0x44, 0x41, 0x4e, 0x47, 0x45, 0x52, 0x4f, 0x55, 0x53, 0x10, + 0x02, 0x12, 0x23, 0x0a, 0x1f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, + 0x5f, 0x44, 0x45, 0x53, 0x43, 0x52, 0x49, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x48, 0x41, + 0x4e, 0x47, 0x45, 0x53, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x49, + 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x5f, 0x55, 0x4e, 0x52, 0x45, 0x41, 0x43, 0x48, 0x41, 0x42, 0x4c, + 0x45, 0x10, 0x04, 0x42, 0x3e, 0xb8, 0xf5, 0x04, 0x01, 0xc0, 0xf5, 0x04, 0x01, 0xd0, 0xf5, 0x04, + 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x6f, + 0x6c, 0x6f, 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x6a, 0x65, + 0x63, 0x74, 0x73, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -4375,110 +4391,111 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_goTypes = [ (*wrappers.Int32Value)(nil), // 59: google.protobuf.Int32Value } var file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_depIdxs = []int32{ - 10, // 0: gloo.solo.io.Settings.kubernetes_config_source:type_name -> gloo.solo.io.Settings.KubernetesCrds - 17, // 1: gloo.solo.io.Settings.directory_config_source:type_name -> gloo.solo.io.Settings.Directory - 15, // 2: gloo.solo.io.Settings.consul_kv_source:type_name -> gloo.solo.io.Settings.ConsulKv - 11, // 3: gloo.solo.io.Settings.kubernetes_secret_source:type_name -> gloo.solo.io.Settings.KubernetesSecrets - 12, // 4: gloo.solo.io.Settings.vault_secret_source:type_name -> gloo.solo.io.Settings.VaultSecrets - 17, // 5: gloo.solo.io.Settings.directory_secret_source:type_name -> gloo.solo.io.Settings.Directory - 9, // 6: gloo.solo.io.Settings.secret_options:type_name -> gloo.solo.io.Settings.SecretOptions - 16, // 7: gloo.solo.io.Settings.kubernetes_artifact_source:type_name -> gloo.solo.io.Settings.KubernetesConfigmaps - 17, // 8: gloo.solo.io.Settings.directory_artifact_source:type_name -> gloo.solo.io.Settings.Directory - 15, // 9: gloo.solo.io.Settings.consul_kv_artifact_source:type_name -> gloo.solo.io.Settings.ConsulKv - 41, // 10: gloo.solo.io.Settings.refresh_rate:type_name -> google.protobuf.Duration - 18, // 11: gloo.solo.io.Settings.knative:type_name -> gloo.solo.io.Settings.KnativeOptions - 19, // 12: gloo.solo.io.Settings.discovery:type_name -> gloo.solo.io.Settings.DiscoveryOptions - 4, // 13: gloo.solo.io.Settings.gloo:type_name -> gloo.solo.io.GlooOptions - 6, // 14: gloo.solo.io.Settings.gateway:type_name -> gloo.solo.io.GatewayOptions - 20, // 15: gloo.solo.io.Settings.consul:type_name -> gloo.solo.io.Settings.ConsulConfiguration - 21, // 16: gloo.solo.io.Settings.consulDiscovery:type_name -> gloo.solo.io.Settings.ConsulUpstreamDiscoveryConfiguration - 22, // 17: gloo.solo.io.Settings.kubernetes:type_name -> gloo.solo.io.Settings.KubernetesConfiguration - 42, // 18: gloo.solo.io.Settings.extensions:type_name -> gloo.solo.io.Extensions - 43, // 19: gloo.solo.io.Settings.ratelimit:type_name -> ratelimit.options.gloo.solo.io.ServiceSettings - 44, // 20: gloo.solo.io.Settings.ratelimit_server:type_name -> ratelimit.options.gloo.solo.io.Settings - 45, // 21: gloo.solo.io.Settings.rbac:type_name -> rbac.options.gloo.solo.io.Settings - 46, // 22: gloo.solo.io.Settings.extauth:type_name -> enterprise.gloo.solo.io.Settings - 23, // 23: gloo.solo.io.Settings.named_extauth:type_name -> gloo.solo.io.Settings.NamedExtauthEntry - 47, // 24: gloo.solo.io.Settings.caching_server:type_name -> caching.options.gloo.solo.io.Settings - 48, // 25: gloo.solo.io.Settings.metadata:type_name -> core.solo.io.Metadata - 49, // 26: gloo.solo.io.Settings.namespaced_statuses:type_name -> core.solo.io.NamespacedStatuses - 24, // 27: gloo.solo.io.Settings.observabilityOptions:type_name -> gloo.solo.io.Settings.ObservabilityOptions - 3, // 28: gloo.solo.io.Settings.upstreamOptions:type_name -> gloo.solo.io.UpstreamOptions - 7, // 29: gloo.solo.io.Settings.console_options:type_name -> gloo.solo.io.ConsoleOptions - 8, // 30: gloo.solo.io.Settings.graphql_options:type_name -> gloo.solo.io.GraphqlOptions - 50, // 31: gloo.solo.io.Settings.ext_proc:type_name -> extproc.options.gloo.solo.io.Settings - 51, // 32: gloo.solo.io.UpstreamOptions.ssl_parameters:type_name -> gloo.solo.io.SslParameters - 35, // 33: gloo.solo.io.UpstreamOptions.global_annotations:type_name -> gloo.solo.io.UpstreamOptions.GlobalAnnotationsEntry - 52, // 34: gloo.solo.io.GlooOptions.circuit_breakers:type_name -> gloo.solo.io.CircuitBreakerConfig - 41, // 35: gloo.solo.io.GlooOptions.endpoints_warming_timeout:type_name -> google.protobuf.Duration - 36, // 36: gloo.solo.io.GlooOptions.aws_options:type_name -> gloo.solo.io.GlooOptions.AWSOptions - 37, // 37: gloo.solo.io.GlooOptions.invalid_config_policy:type_name -> gloo.solo.io.GlooOptions.InvalidConfigPolicy - 53, // 38: gloo.solo.io.GlooOptions.disable_grpc_web:type_name -> google.protobuf.BoolValue - 53, // 39: gloo.solo.io.GlooOptions.disable_proxy_garbage_collection:type_name -> google.protobuf.BoolValue - 54, // 40: gloo.solo.io.GlooOptions.regex_max_program_size:type_name -> google.protobuf.UInt32Value - 53, // 41: gloo.solo.io.GlooOptions.enable_rest_eds:type_name -> google.protobuf.BoolValue - 41, // 42: gloo.solo.io.GlooOptions.failover_upstream_dns_polling_interval:type_name -> google.protobuf.Duration - 53, // 43: gloo.solo.io.GlooOptions.remove_unused_filters:type_name -> google.protobuf.BoolValue - 53, // 44: gloo.solo.io.GlooOptions.log_transformation_request_response_info:type_name -> google.protobuf.BoolValue - 53, // 45: gloo.solo.io.GlooOptions.transformation_escape_characters:type_name -> google.protobuf.BoolValue - 38, // 46: gloo.solo.io.GlooOptions.istio_options:type_name -> gloo.solo.io.GlooOptions.IstioOptions - 53, // 47: gloo.solo.io.VirtualServiceOptions.one_way_tls:type_name -> google.protobuf.BoolValue - 39, // 48: gloo.solo.io.GatewayOptions.validation:type_name -> gloo.solo.io.GatewayOptions.ValidationOptions - 5, // 49: gloo.solo.io.GatewayOptions.virtual_service_options:type_name -> gloo.solo.io.VirtualServiceOptions - 53, // 50: gloo.solo.io.GatewayOptions.persist_proxy_spec:type_name -> google.protobuf.BoolValue - 53, // 51: gloo.solo.io.GatewayOptions.enable_gateway_controller:type_name -> google.protobuf.BoolValue - 53, // 52: gloo.solo.io.GatewayOptions.isolate_virtual_hosts_by_ssl_config:type_name -> google.protobuf.BoolValue - 53, // 53: gloo.solo.io.GatewayOptions.translate_empty_gateways:type_name -> google.protobuf.BoolValue - 53, // 54: gloo.solo.io.ConsoleOptions.read_only:type_name -> google.protobuf.BoolValue - 53, // 55: gloo.solo.io.ConsoleOptions.api_explorer_enabled:type_name -> google.protobuf.BoolValue - 40, // 56: gloo.solo.io.GraphqlOptions.schema_change_validation_options:type_name -> gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions - 25, // 57: gloo.solo.io.Settings.SecretOptions.sources:type_name -> gloo.solo.io.Settings.SecretOptions.Source - 53, // 58: gloo.solo.io.Settings.VaultSecrets.insecure:type_name -> google.protobuf.BoolValue - 14, // 59: gloo.solo.io.Settings.VaultSecrets.tls_config:type_name -> gloo.solo.io.Settings.VaultTlsConfig - 13, // 60: gloo.solo.io.Settings.VaultSecrets.aws:type_name -> gloo.solo.io.Settings.VaultAwsAuth - 53, // 61: gloo.solo.io.Settings.VaultTlsConfig.insecure:type_name -> google.protobuf.BoolValue - 0, // 62: gloo.solo.io.Settings.DiscoveryOptions.fds_mode:type_name -> gloo.solo.io.Settings.DiscoveryOptions.FdsMode - 26, // 63: gloo.solo.io.Settings.DiscoveryOptions.uds_options:type_name -> gloo.solo.io.Settings.DiscoveryOptions.UdsOptions - 27, // 64: gloo.solo.io.Settings.DiscoveryOptions.fds_options:type_name -> gloo.solo.io.Settings.DiscoveryOptions.FdsOptions - 53, // 65: gloo.solo.io.Settings.ConsulConfiguration.insecure_skip_verify:type_name -> google.protobuf.BoolValue - 41, // 66: gloo.solo.io.Settings.ConsulConfiguration.wait_time:type_name -> google.protobuf.Duration - 29, // 67: gloo.solo.io.Settings.ConsulConfiguration.service_discovery:type_name -> gloo.solo.io.Settings.ConsulConfiguration.ServiceDiscoveryOptions - 41, // 68: gloo.solo.io.Settings.ConsulConfiguration.dns_polling_interval:type_name -> google.protobuf.Duration - 55, // 69: gloo.solo.io.Settings.ConsulUpstreamDiscoveryConfiguration.rootCa:type_name -> core.solo.io.ResourceRef - 56, // 70: gloo.solo.io.Settings.ConsulUpstreamDiscoveryConfiguration.consistencyMode:type_name -> consul.options.gloo.solo.io.ConsulConsistencyModes - 57, // 71: gloo.solo.io.Settings.ConsulUpstreamDiscoveryConfiguration.query_options:type_name -> consul.options.gloo.solo.io.QueryOptions - 53, // 72: gloo.solo.io.Settings.ConsulUpstreamDiscoveryConfiguration.eds_blocking_queries:type_name -> google.protobuf.BoolValue - 30, // 73: gloo.solo.io.Settings.KubernetesConfiguration.rate_limits:type_name -> gloo.solo.io.Settings.KubernetesConfiguration.RateLimits - 46, // 74: gloo.solo.io.Settings.NamedExtauthEntry.value:type_name -> enterprise.gloo.solo.io.Settings - 31, // 75: gloo.solo.io.Settings.ObservabilityOptions.grafanaIntegration:type_name -> gloo.solo.io.Settings.ObservabilityOptions.GrafanaIntegration - 33, // 76: gloo.solo.io.Settings.ObservabilityOptions.configStatusMetricLabels:type_name -> gloo.solo.io.Settings.ObservabilityOptions.ConfigStatusMetricLabelsEntry - 11, // 77: gloo.solo.io.Settings.SecretOptions.Source.kubernetes:type_name -> gloo.solo.io.Settings.KubernetesSecrets - 12, // 78: gloo.solo.io.Settings.SecretOptions.Source.vault:type_name -> gloo.solo.io.Settings.VaultSecrets - 17, // 79: gloo.solo.io.Settings.SecretOptions.Source.directory:type_name -> gloo.solo.io.Settings.Directory - 53, // 80: gloo.solo.io.Settings.DiscoveryOptions.UdsOptions.enabled:type_name -> google.protobuf.BoolValue - 28, // 81: gloo.solo.io.Settings.DiscoveryOptions.UdsOptions.watch_labels:type_name -> gloo.solo.io.Settings.DiscoveryOptions.UdsOptions.WatchLabelsEntry - 53, // 82: gloo.solo.io.Settings.DiscoveryOptions.FdsOptions.graphql_enabled:type_name -> google.protobuf.BoolValue - 54, // 83: gloo.solo.io.Settings.ObservabilityOptions.GrafanaIntegration.default_dashboard_folder_id:type_name -> google.protobuf.UInt32Value - 34, // 84: gloo.solo.io.Settings.ObservabilityOptions.MetricLabels.labelToPath:type_name -> gloo.solo.io.Settings.ObservabilityOptions.MetricLabels.LabelToPathEntry - 32, // 85: gloo.solo.io.Settings.ObservabilityOptions.ConfigStatusMetricLabelsEntry.value:type_name -> gloo.solo.io.Settings.ObservabilityOptions.MetricLabels - 58, // 86: gloo.solo.io.GlooOptions.AWSOptions.service_account_credentials:type_name -> envoy.config.filter.http.aws_lambda.v2.AWSLambdaConfig.ServiceAccountCredentials - 53, // 87: gloo.solo.io.GlooOptions.AWSOptions.propagate_original_routing:type_name -> google.protobuf.BoolValue - 41, // 88: gloo.solo.io.GlooOptions.AWSOptions.credential_refresh_delay:type_name -> google.protobuf.Duration - 53, // 89: gloo.solo.io.GlooOptions.AWSOptions.fallback_to_first_function:type_name -> google.protobuf.BoolValue - 53, // 90: gloo.solo.io.GlooOptions.IstioOptions.append_x_forwarded_host:type_name -> google.protobuf.BoolValue - 53, // 91: gloo.solo.io.GatewayOptions.ValidationOptions.always_accept:type_name -> google.protobuf.BoolValue - 53, // 92: gloo.solo.io.GatewayOptions.ValidationOptions.allow_warnings:type_name -> google.protobuf.BoolValue - 53, // 93: gloo.solo.io.GatewayOptions.ValidationOptions.warn_route_short_circuiting:type_name -> google.protobuf.BoolValue - 53, // 94: gloo.solo.io.GatewayOptions.ValidationOptions.disable_transformation_validation:type_name -> google.protobuf.BoolValue - 59, // 95: gloo.solo.io.GatewayOptions.ValidationOptions.validation_server_grpc_max_size_bytes:type_name -> google.protobuf.Int32Value - 53, // 96: gloo.solo.io.GatewayOptions.ValidationOptions.server_enabled:type_name -> google.protobuf.BoolValue - 53, // 97: gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.reject_breaking_changes:type_name -> google.protobuf.BoolValue - 1, // 98: gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.processing_rules:type_name -> gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.ProcessingRule - 99, // [99:99] is the sub-list for method output_type - 99, // [99:99] is the sub-list for method input_type - 99, // [99:99] is the sub-list for extension type_name - 99, // [99:99] is the sub-list for extension extendee - 0, // [0:99] is the sub-list for field type_name + 10, // 0: gloo.solo.io.Settings.kubernetes_config_source:type_name -> gloo.solo.io.Settings.KubernetesCrds + 17, // 1: gloo.solo.io.Settings.directory_config_source:type_name -> gloo.solo.io.Settings.Directory + 15, // 2: gloo.solo.io.Settings.consul_kv_source:type_name -> gloo.solo.io.Settings.ConsulKv + 11, // 3: gloo.solo.io.Settings.kubernetes_secret_source:type_name -> gloo.solo.io.Settings.KubernetesSecrets + 12, // 4: gloo.solo.io.Settings.vault_secret_source:type_name -> gloo.solo.io.Settings.VaultSecrets + 17, // 5: gloo.solo.io.Settings.directory_secret_source:type_name -> gloo.solo.io.Settings.Directory + 9, // 6: gloo.solo.io.Settings.secret_options:type_name -> gloo.solo.io.Settings.SecretOptions + 16, // 7: gloo.solo.io.Settings.kubernetes_artifact_source:type_name -> gloo.solo.io.Settings.KubernetesConfigmaps + 17, // 8: gloo.solo.io.Settings.directory_artifact_source:type_name -> gloo.solo.io.Settings.Directory + 15, // 9: gloo.solo.io.Settings.consul_kv_artifact_source:type_name -> gloo.solo.io.Settings.ConsulKv + 41, // 10: gloo.solo.io.Settings.refresh_rate:type_name -> google.protobuf.Duration + 18, // 11: gloo.solo.io.Settings.knative:type_name -> gloo.solo.io.Settings.KnativeOptions + 19, // 12: gloo.solo.io.Settings.discovery:type_name -> gloo.solo.io.Settings.DiscoveryOptions + 4, // 13: gloo.solo.io.Settings.gloo:type_name -> gloo.solo.io.GlooOptions + 6, // 14: gloo.solo.io.Settings.gateway:type_name -> gloo.solo.io.GatewayOptions + 20, // 15: gloo.solo.io.Settings.consul:type_name -> gloo.solo.io.Settings.ConsulConfiguration + 21, // 16: gloo.solo.io.Settings.consulDiscovery:type_name -> gloo.solo.io.Settings.ConsulUpstreamDiscoveryConfiguration + 22, // 17: gloo.solo.io.Settings.kubernetes:type_name -> gloo.solo.io.Settings.KubernetesConfiguration + 42, // 18: gloo.solo.io.Settings.extensions:type_name -> gloo.solo.io.Extensions + 43, // 19: gloo.solo.io.Settings.ratelimit:type_name -> ratelimit.options.gloo.solo.io.ServiceSettings + 44, // 20: gloo.solo.io.Settings.ratelimit_server:type_name -> ratelimit.options.gloo.solo.io.Settings + 45, // 21: gloo.solo.io.Settings.rbac:type_name -> rbac.options.gloo.solo.io.Settings + 46, // 22: gloo.solo.io.Settings.extauth:type_name -> enterprise.gloo.solo.io.Settings + 23, // 23: gloo.solo.io.Settings.named_extauth:type_name -> gloo.solo.io.Settings.NamedExtauthEntry + 47, // 24: gloo.solo.io.Settings.caching_server:type_name -> caching.options.gloo.solo.io.Settings + 48, // 25: gloo.solo.io.Settings.metadata:type_name -> core.solo.io.Metadata + 49, // 26: gloo.solo.io.Settings.namespaced_statuses:type_name -> core.solo.io.NamespacedStatuses + 24, // 27: gloo.solo.io.Settings.observabilityOptions:type_name -> gloo.solo.io.Settings.ObservabilityOptions + 3, // 28: gloo.solo.io.Settings.upstreamOptions:type_name -> gloo.solo.io.UpstreamOptions + 7, // 29: gloo.solo.io.Settings.console_options:type_name -> gloo.solo.io.ConsoleOptions + 8, // 30: gloo.solo.io.Settings.graphql_options:type_name -> gloo.solo.io.GraphqlOptions + 50, // 31: gloo.solo.io.Settings.ext_proc:type_name -> extproc.options.gloo.solo.io.Settings + 51, // 32: gloo.solo.io.UpstreamOptions.ssl_parameters:type_name -> gloo.solo.io.SslParameters + 35, // 33: gloo.solo.io.UpstreamOptions.global_annotations:type_name -> gloo.solo.io.UpstreamOptions.GlobalAnnotationsEntry + 52, // 34: gloo.solo.io.GlooOptions.circuit_breakers:type_name -> gloo.solo.io.CircuitBreakerConfig + 41, // 35: gloo.solo.io.GlooOptions.endpoints_warming_timeout:type_name -> google.protobuf.Duration + 36, // 36: gloo.solo.io.GlooOptions.aws_options:type_name -> gloo.solo.io.GlooOptions.AWSOptions + 37, // 37: gloo.solo.io.GlooOptions.invalid_config_policy:type_name -> gloo.solo.io.GlooOptions.InvalidConfigPolicy + 53, // 38: gloo.solo.io.GlooOptions.disable_grpc_web:type_name -> google.protobuf.BoolValue + 53, // 39: gloo.solo.io.GlooOptions.disable_proxy_garbage_collection:type_name -> google.protobuf.BoolValue + 54, // 40: gloo.solo.io.GlooOptions.regex_max_program_size:type_name -> google.protobuf.UInt32Value + 53, // 41: gloo.solo.io.GlooOptions.enable_rest_eds:type_name -> google.protobuf.BoolValue + 41, // 42: gloo.solo.io.GlooOptions.failover_upstream_dns_polling_interval:type_name -> google.protobuf.Duration + 53, // 43: gloo.solo.io.GlooOptions.remove_unused_filters:type_name -> google.protobuf.BoolValue + 53, // 44: gloo.solo.io.GlooOptions.log_transformation_request_response_info:type_name -> google.protobuf.BoolValue + 53, // 45: gloo.solo.io.GlooOptions.transformation_escape_characters:type_name -> google.protobuf.BoolValue + 38, // 46: gloo.solo.io.GlooOptions.istio_options:type_name -> gloo.solo.io.GlooOptions.IstioOptions + 53, // 47: gloo.solo.io.VirtualServiceOptions.one_way_tls:type_name -> google.protobuf.BoolValue + 39, // 48: gloo.solo.io.GatewayOptions.validation:type_name -> gloo.solo.io.GatewayOptions.ValidationOptions + 5, // 49: gloo.solo.io.GatewayOptions.virtual_service_options:type_name -> gloo.solo.io.VirtualServiceOptions + 53, // 50: gloo.solo.io.GatewayOptions.persist_proxy_spec:type_name -> google.protobuf.BoolValue + 53, // 51: gloo.solo.io.GatewayOptions.enable_gateway_controller:type_name -> google.protobuf.BoolValue + 53, // 52: gloo.solo.io.GatewayOptions.isolate_virtual_hosts_by_ssl_config:type_name -> google.protobuf.BoolValue + 53, // 53: gloo.solo.io.GatewayOptions.translate_empty_gateways:type_name -> google.protobuf.BoolValue + 53, // 54: gloo.solo.io.ConsoleOptions.read_only:type_name -> google.protobuf.BoolValue + 53, // 55: gloo.solo.io.ConsoleOptions.api_explorer_enabled:type_name -> google.protobuf.BoolValue + 40, // 56: gloo.solo.io.GraphqlOptions.schema_change_validation_options:type_name -> gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions + 25, // 57: gloo.solo.io.Settings.SecretOptions.sources:type_name -> gloo.solo.io.Settings.SecretOptions.Source + 53, // 58: gloo.solo.io.Settings.VaultSecrets.insecure:type_name -> google.protobuf.BoolValue + 14, // 59: gloo.solo.io.Settings.VaultSecrets.tls_config:type_name -> gloo.solo.io.Settings.VaultTlsConfig + 13, // 60: gloo.solo.io.Settings.VaultSecrets.aws:type_name -> gloo.solo.io.Settings.VaultAwsAuth + 53, // 61: gloo.solo.io.Settings.VaultTlsConfig.insecure:type_name -> google.protobuf.BoolValue + 0, // 62: gloo.solo.io.Settings.DiscoveryOptions.fds_mode:type_name -> gloo.solo.io.Settings.DiscoveryOptions.FdsMode + 26, // 63: gloo.solo.io.Settings.DiscoveryOptions.uds_options:type_name -> gloo.solo.io.Settings.DiscoveryOptions.UdsOptions + 27, // 64: gloo.solo.io.Settings.DiscoveryOptions.fds_options:type_name -> gloo.solo.io.Settings.DiscoveryOptions.FdsOptions + 53, // 65: gloo.solo.io.Settings.ConsulConfiguration.insecure_skip_verify:type_name -> google.protobuf.BoolValue + 41, // 66: gloo.solo.io.Settings.ConsulConfiguration.wait_time:type_name -> google.protobuf.Duration + 29, // 67: gloo.solo.io.Settings.ConsulConfiguration.service_discovery:type_name -> gloo.solo.io.Settings.ConsulConfiguration.ServiceDiscoveryOptions + 41, // 68: gloo.solo.io.Settings.ConsulConfiguration.dns_polling_interval:type_name -> google.protobuf.Duration + 55, // 69: gloo.solo.io.Settings.ConsulUpstreamDiscoveryConfiguration.rootCa:type_name -> core.solo.io.ResourceRef + 56, // 70: gloo.solo.io.Settings.ConsulUpstreamDiscoveryConfiguration.consistencyMode:type_name -> consul.options.gloo.solo.io.ConsulConsistencyModes + 57, // 71: gloo.solo.io.Settings.ConsulUpstreamDiscoveryConfiguration.query_options:type_name -> consul.options.gloo.solo.io.QueryOptions + 53, // 72: gloo.solo.io.Settings.ConsulUpstreamDiscoveryConfiguration.eds_blocking_queries:type_name -> google.protobuf.BoolValue + 30, // 73: gloo.solo.io.Settings.KubernetesConfiguration.rate_limits:type_name -> gloo.solo.io.Settings.KubernetesConfiguration.RateLimits + 46, // 74: gloo.solo.io.Settings.NamedExtauthEntry.value:type_name -> enterprise.gloo.solo.io.Settings + 31, // 75: gloo.solo.io.Settings.ObservabilityOptions.grafanaIntegration:type_name -> gloo.solo.io.Settings.ObservabilityOptions.GrafanaIntegration + 33, // 76: gloo.solo.io.Settings.ObservabilityOptions.configStatusMetricLabels:type_name -> gloo.solo.io.Settings.ObservabilityOptions.ConfigStatusMetricLabelsEntry + 11, // 77: gloo.solo.io.Settings.SecretOptions.Source.kubernetes:type_name -> gloo.solo.io.Settings.KubernetesSecrets + 12, // 78: gloo.solo.io.Settings.SecretOptions.Source.vault:type_name -> gloo.solo.io.Settings.VaultSecrets + 17, // 79: gloo.solo.io.Settings.SecretOptions.Source.directory:type_name -> gloo.solo.io.Settings.Directory + 53, // 80: gloo.solo.io.Settings.DiscoveryOptions.UdsOptions.enabled:type_name -> google.protobuf.BoolValue + 28, // 81: gloo.solo.io.Settings.DiscoveryOptions.UdsOptions.watch_labels:type_name -> gloo.solo.io.Settings.DiscoveryOptions.UdsOptions.WatchLabelsEntry + 53, // 82: gloo.solo.io.Settings.DiscoveryOptions.FdsOptions.graphql_enabled:type_name -> google.protobuf.BoolValue + 54, // 83: gloo.solo.io.Settings.ObservabilityOptions.GrafanaIntegration.default_dashboard_folder_id:type_name -> google.protobuf.UInt32Value + 34, // 84: gloo.solo.io.Settings.ObservabilityOptions.MetricLabels.labelToPath:type_name -> gloo.solo.io.Settings.ObservabilityOptions.MetricLabels.LabelToPathEntry + 32, // 85: gloo.solo.io.Settings.ObservabilityOptions.ConfigStatusMetricLabelsEntry.value:type_name -> gloo.solo.io.Settings.ObservabilityOptions.MetricLabels + 58, // 86: gloo.solo.io.GlooOptions.AWSOptions.service_account_credentials:type_name -> envoy.config.filter.http.aws_lambda.v2.AWSLambdaConfig.ServiceAccountCredentials + 53, // 87: gloo.solo.io.GlooOptions.AWSOptions.propagate_original_routing:type_name -> google.protobuf.BoolValue + 41, // 88: gloo.solo.io.GlooOptions.AWSOptions.credential_refresh_delay:type_name -> google.protobuf.Duration + 53, // 89: gloo.solo.io.GlooOptions.AWSOptions.fallback_to_first_function:type_name -> google.protobuf.BoolValue + 53, // 90: gloo.solo.io.GlooOptions.IstioOptions.append_x_forwarded_host:type_name -> google.protobuf.BoolValue + 53, // 91: gloo.solo.io.GatewayOptions.ValidationOptions.always_accept:type_name -> google.protobuf.BoolValue + 53, // 92: gloo.solo.io.GatewayOptions.ValidationOptions.allow_warnings:type_name -> google.protobuf.BoolValue + 53, // 93: gloo.solo.io.GatewayOptions.ValidationOptions.warn_route_short_circuiting:type_name -> google.protobuf.BoolValue + 53, // 94: gloo.solo.io.GatewayOptions.ValidationOptions.disable_transformation_validation:type_name -> google.protobuf.BoolValue + 59, // 95: gloo.solo.io.GatewayOptions.ValidationOptions.validation_server_grpc_max_size_bytes:type_name -> google.protobuf.Int32Value + 53, // 96: gloo.solo.io.GatewayOptions.ValidationOptions.server_enabled:type_name -> google.protobuf.BoolValue + 53, // 97: gloo.solo.io.GatewayOptions.ValidationOptions.warn_missing_tls_secret:type_name -> google.protobuf.BoolValue + 53, // 98: gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.reject_breaking_changes:type_name -> google.protobuf.BoolValue + 1, // 99: gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.processing_rules:type_name -> gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.ProcessingRule + 100, // [100:100] is the sub-list for method output_type + 100, // [100:100] is the sub-list for method input_type + 100, // [100:100] is the sub-list for extension type_name + 100, // [100:100] is the sub-list for extension extendee + 0, // [0:100] is the sub-list for field type_name } func init() { file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_init() } diff --git a/projects/gloo/pkg/api/v1/settings.pb.hash.go b/projects/gloo/pkg/api/v1/settings.pb.hash.go index 9186742b5df..52c18fc4552 100644 --- a/projects/gloo/pkg/api/v1/settings.pb.hash.go +++ b/projects/gloo/pkg/api/v1/settings.pb.hash.go @@ -2814,6 +2814,26 @@ func (m *GatewayOptions_ValidationOptions) Hash(hasher hash.Hash64) (uint64, err } } + if h, ok := interface{}(m.GetWarnMissingTlsSecret()).(safe_hasher.SafeHasher); ok { + if _, err = hasher.Write([]byte("WarnMissingTlsSecret")); err != nil { + return 0, err + } + if _, err = h.Hash(hasher); err != nil { + return 0, err + } + } else { + if fieldValue, err := hashstructure.Hash(m.GetWarnMissingTlsSecret(), nil); err != nil { + return 0, err + } else { + if _, err = hasher.Write([]byte("WarnMissingTlsSecret")); err != nil { + return 0, err + } + if err := binary.Write(hasher, binary.LittleEndian, fieldValue); err != nil { + return 0, err + } + } + } + return hasher.Sum64(), nil } diff --git a/projects/gloo/pkg/translator/clusters.go b/projects/gloo/pkg/translator/clusters.go index b4cec2d83d1..ac303515811 100644 --- a/projects/gloo/pkg/translator/clusters.go +++ b/projects/gloo/pkg/translator/clusters.go @@ -122,7 +122,14 @@ func (t *translatorInstance) initializeCluster( applyDefaultsToUpstreamSslConfig(sslConfig, t.settings.GetUpstreamOptions()) cfg, err := utils.NewSslConfigTranslator().ResolveUpstreamSslConfig(*secrets, sslConfig) if err != nil { - reports.AddError(upstream, err) + // if we are configured to warn on missing tls secret and we match that error, add a + // warning instead of error to the report. + if t.settings.GetGateway().GetValidation().GetWarnMissingTlsSecret().GetValue() && + errors.Is(err, utils.SslSecretNotFoundError) { + reports.AddWarning(upstream, err.Error()) + } else { + reports.AddError(upstream, err) + } } else { typedConfig, err := utils.MessageToAny(cfg) if err != nil { diff --git a/projects/gloo/pkg/translator/filter_chain.go b/projects/gloo/pkg/translator/filter_chain.go index 5315bd2762c..b834cf4c68e 100644 --- a/projects/gloo/pkg/translator/filter_chain.go +++ b/projects/gloo/pkg/translator/filter_chain.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/hashicorp/go-multierror" + errors "github.com/rotisserie/eris" "github.com/solo-io/go-utils/contextutils" "github.com/solo-io/go-utils/log" @@ -183,6 +184,7 @@ func (t *tcpFilterChainTranslator) computeNetworkFilters(params plugins.Params) // An httpFilterChainTranslator configures a single set of NetworkFilters // and then creates duplicate filter chains for each provided SslConfig. type httpFilterChainTranslator struct { + settings *v1.Settings parentReport *validationapi.ListenerReport networkFilterTranslator NetworkFilterTranslator sslConfigurations []*ssl.SslConfig @@ -256,7 +258,19 @@ func (h *httpFilterChainTranslator) createFilterChainsFromSslConfiguration( // get secrets downstreamTlsContext, err := h.sslConfigTranslator.ResolveDownstreamSslConfig(snap.Secrets, sslConfig) if err != nil { - validation.AppendListenerError(h.parentReport, validationapi.ListenerReport_Error_SSLConfigError, err.Error()) + // if we are configured to warn on missing tls secret and we match that error, add a + // warning instead of error to the report. + if h.settings.GetGateway().GetValidation().GetWarnMissingTlsSecret().GetValue() && + errors.Is(err, utils.SslSecretNotFoundError) { + // We add this as a warning to support eventual consistency with TLS Secret resources. In this way, + // the Proxy producing this will not be considered Rejected, and the HTTPS Listener will still operate + // as expected with a VirtualService in error. + validation.AppendListenerWarning(h.parentReport, validationapi.ListenerReport_Warning_SSLConfigWarning, err.Error()) + } else { + // If our error is any other than SslSecretNotFoundError, we assume it is due to a malformed secret or otherwise + // irreconcilable issue. + validation.AppendListenerError(h.parentReport, validationapi.ListenerReport_Error_SSLConfigError, err.Error()) + } continue } @@ -270,7 +284,9 @@ func (h *httpFilterChainTranslator) createFilterChainsFromSslConfiguration( continue } secureFilterChains = append(secureFilterChains, &plugins.ExtendedFilterChain{ - FilterChain: filterChain, TerminatingCipherSuites: sslConfig.GetParameters().GetCipherSuites()}) + FilterChain: filterChain, + TerminatingCipherSuites: sslConfig.GetParameters().GetCipherSuites(), + }) } return secureFilterChains } diff --git a/projects/gloo/pkg/translator/listener_subsystem.go b/projects/gloo/pkg/translator/listener_subsystem.go index f4fcbf2f757..291d743a40e 100644 --- a/projects/gloo/pkg/translator/listener_subsystem.go +++ b/projects/gloo/pkg/translator/listener_subsystem.go @@ -23,15 +23,18 @@ import ( type ListenerSubsystemTranslatorFactory struct { pluginRegistry plugins.PluginRegistry sslConfigTranslator utils.SslConfigTranslator + settings *v1.Settings } func NewListenerSubsystemTranslatorFactory( pluginRegistry plugins.PluginRegistry, sslConfigTranslator utils.SslConfigTranslator, + settings *v1.Settings, ) *ListenerSubsystemTranslatorFactory { return &ListenerSubsystemTranslatorFactory{ pluginRegistry: pluginRegistry, sslConfigTranslator: sslConfigTranslator, + settings: settings, } } @@ -93,6 +96,7 @@ func (l *ListenerSubsystemTranslatorFactory) GetHttpListenerTranslators(ctx cont sslConfigurations: listener.GetSslConfigurations(), defaultSslConfig: nil, // not available for HttpGateway, HybridGateway only feature sourcePrefixRanges: nil, // not available for HttpGateway, HybridGateway only feature + settings: l.settings, } // This translator produces a single Listener @@ -213,6 +217,7 @@ func (l *ListenerSubsystemTranslatorFactory) GetHybridListenerTranslators(ctx co sslConfigurations: matchedListener.GetSslConfigurations(), defaultSslConfig: matcher.GetSslConfig(), // HybridGateway only feature sourcePrefixRanges: matcher.GetSourcePrefixRanges(), // HybridGateway only feature + settings: l.settings, } // This translator produces a single RouteConfiguration @@ -338,6 +343,7 @@ func (l *ListenerSubsystemTranslatorFactory) GetAggregateListenerTranslators(ctx sslConfigurations: []*ssl.SslConfig{httpFilterChain.GetMatcher().GetSslConfig()}, defaultSslConfig: nil, sourcePrefixRanges: httpFilterChain.GetMatcher().GetSourcePrefixRanges(), + settings: l.settings, } // This translator produces a single RouteConfiguration diff --git a/projects/gloo/pkg/translator/listener_subsystem_test.go b/projects/gloo/pkg/translator/listener_subsystem_test.go index 3128b9bb1d6..eccc4eb9341 100644 --- a/projects/gloo/pkg/translator/listener_subsystem_test.go +++ b/projects/gloo/pkg/translator/listener_subsystem_test.go @@ -7,6 +7,7 @@ import ( envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" envoy_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" "github.com/golang/protobuf/ptypes/wrappers" + "google.golang.org/protobuf/types/known/wrapperspb" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -52,11 +53,22 @@ var _ = Describe("Listener Subsystem", func() { cancel context.CancelFunc translatorFactory *translator.ListenerSubsystemTranslatorFactory + + settings *v1.Settings ) BeforeEach(func() { ctx, cancel = context.WithCancel(context.Background()) + settings = &v1.Settings{ + Gateway: &v1.GatewayOptions{ + Validation: &v1.GatewayOptions_ValidationOptions{ + // set this as it is the default setting initialized by helm + WarnMissingTlsSecret: &wrapperspb.BoolValue{Value: true}, + }, + }, + } + // Create a pluginRegistry with a minimal number of plugins // This test is not concerned with the functionality of individual plugins pluginRegistry := registry.NewPluginRegistry([]plugins.Plugin{ @@ -69,11 +81,11 @@ var _ = Describe("Listener Subsystem", func() { for _, p := range pluginRegistry.GetPlugins() { p.Init(plugins.InitParams{ Ctx: ctx, - Settings: &v1.Settings{}, + Settings: settings, }) } - translatorFactory = translator.NewListenerSubsystemTranslatorFactory(pluginRegistry, sslutils.NewSslConfigTranslator()) + translatorFactory = translator.NewListenerSubsystemTranslatorFactory(pluginRegistry, sslutils.NewSslConfigTranslator(), settings) }) AfterEach(func() { @@ -337,8 +349,19 @@ var _ = Describe("Listener Subsystem", func() { listenerReport) params := plugins.Params{ - Ctx: ctx, - Snapshot: &gloov1snap.ApiSnapshot{}, + Ctx: ctx, + Snapshot: &gloov1snap.ApiSnapshot{ + Secrets: []*v1.Secret{{ + Kind: &v1.Secret_Tls{ + // This is an invalid secret that will generate a listener error when referenced. + Tls: &v1.TlsSecret{}, + }, + Metadata: &core.Metadata{ + Name: "exists-but-invalid", + Namespace: defaults.GlooSystem, + }, + }}, + }, } _ = listenerTranslator.ComputeListener(params) _ = routeConfigurationTranslator.ComputeRouteConfiguration(params) @@ -366,7 +389,7 @@ var _ = Describe("Listener Subsystem", func() { SslConfig: &ssl.SslConfig{ SslSecrets: &ssl.SslConfig_SecretRef{ SecretRef: &core.ResourceRef{ - Name: "secret-that-is-not-in-snapshot", + Name: "exists-but-invalid", Namespace: defaults.GlooSystem, }, }, @@ -382,6 +405,41 @@ var _ = Describe("Listener Subsystem", func() { Expect(proxyErr.Error()).To(ContainSubstring(validation.ListenerReport_Error_SSLConfigError.String())) }, ), + Entry( + "ListenerWarning", + &v1.AggregateListener{ + HttpResources: &v1.AggregateListener_HttpResources{ + HttpOptions: map[string]*v1.HttpListenerOptions{ + "http-options-ref": { + HttpConnectionManagerSettings: &hcm.HttpConnectionManagerSettings{}, + }, + }, + VirtualHosts: map[string]*v1.VirtualHost{ + "vhost-ref": { + Name: "virtual-host", + }, + }, + }, + HttpFilterChains: []*v1.AggregateListener_HttpFilterChain{{ + Matcher: &v1.Matcher{ + SslConfig: &ssl.SslConfig{ + SslSecrets: &ssl.SslConfig_SecretRef{ + SecretRef: &core.ResourceRef{ + Name: "secret-that-is-not-in-snapshot", + Namespace: defaults.GlooSystem, + }, + }, + }, + }, + HttpOptionsRef: "http-options-ref", + VirtualHostRefs: []string{"vhost-ref"}, + }}, + }, + func(proxyReport *validation.ProxyReport) { + proxyErr := gloovalidation.GetProxyWarning(proxyReport) + Expect(proxyErr).To(ContainElement(ContainSubstring(validation.ListenerReport_Warning_SSLConfigWarning.String()))) + }, + ), Entry( "HttpListenerError", &v1.AggregateListener{ diff --git a/projects/gloo/pkg/translator/network_filters_test.go b/projects/gloo/pkg/translator/network_filters_test.go index bf355fbdc46..4558a8e506d 100644 --- a/projects/gloo/pkg/translator/network_filters_test.go +++ b/projects/gloo/pkg/translator/network_filters_test.go @@ -55,7 +55,7 @@ var _ = Describe("Router filter test", func() { }) } - translatorFactory = translator.NewListenerSubsystemTranslatorFactory(pluginRegistry, sslutils.NewSslConfigTranslator()) + translatorFactory = translator.NewListenerSubsystemTranslatorFactory(pluginRegistry, sslutils.NewSslConfigTranslator(), &v1.Settings{}) }) AfterEach(func() { diff --git a/projects/gloo/pkg/translator/translator.go b/projects/gloo/pkg/translator/translator.go index 96b76c5540a..65ac9f61100 100644 --- a/projects/gloo/pkg/translator/translator.go +++ b/projects/gloo/pkg/translator/translator.go @@ -71,7 +71,7 @@ func NewTranslatorWithHasher( pluginRegistry: pluginRegistry, settings: settings, hasher: hasher, - listenerTranslatorFactory: NewListenerSubsystemTranslatorFactory(pluginRegistry, sslConfigTranslator), + listenerTranslatorFactory: NewListenerSubsystemTranslatorFactory(pluginRegistry, sslConfigTranslator, settings), } } diff --git a/projects/gloo/pkg/translator/translator_test.go b/projects/gloo/pkg/translator/translator_test.go index 94ca4678392..cbde521f948 100644 --- a/projects/gloo/pkg/translator/translator_test.go +++ b/projects/gloo/pkg/translator/translator_test.go @@ -111,7 +111,15 @@ var _ = Describe("Translator", func() { ctrl = gomock.NewController(T) cluster = nil - settings = &v1.Settings{} + settings = &v1.Settings{ + Gateway: &v1.GatewayOptions{ + Validation: &v1.GatewayOptions_ValidationOptions{ + // This is the default value, specifying false explicitly here as it + // is not default-on until 1.18 + WarnMissingTlsSecret: &wrapperspb.BoolValue{Value: false}, + }, + }, + } memoryClientFactory := &factory.MemoryResourceClientFactory{ Cache: memory.NewInMemoryResourceCache(), } @@ -2863,7 +2871,7 @@ var _ = Describe("Translator", func() { Expect(hcmTypedCfg.GetHttpFilters()).To(HaveLen(1)) // only the router filter should be configured }) - It("skips listeners with invalid downstream ssl config", func() { + It("skips listeners with missing downstream ssl config with error", func() { invalidSslSecretRef := &ssl.SslConfig_SecretRef{ SecretRef: &core.ResourceRef{ Name: "invalid", @@ -2881,6 +2889,29 @@ var _ = Describe("Translator", func() { Expect(errs.Validate().Error()).To(ContainSubstring("Listener Error: SSLConfigError. Reason: SSL secret not found: list did not find secret")) }) + When("WarnMissingTlsSecret=true", func() { + BeforeEach(func() { + settings.GetGateway().GetValidation().WarnMissingTlsSecret = &wrapperspb.BoolValue{Value: true} + }) + It("skips listeners with missing downstream ssl config with warning", func() { + invalidSslSecretRef := &ssl.SslConfig_SecretRef{ + SecretRef: &core.ResourceRef{ + Name: "invalid", + Namespace: "invalid", + }, + } + + proxyClone := proto.Clone(proxy).(*v1.Proxy) + proxyClone.GetListeners()[2].GetHybridListener().GetMatchedListeners()[1].SslConfigurations = []*ssl.SslConfig{{ + SslSecrets: invalidSslSecretRef, + }} + + _, errs, _ := translator.Translate(params, proxyClone) + Expect(errs.ValidateStrict()).To(HaveOccurred()) + Expect(errs.ValidateStrict().Error()).To(ContainSubstring("Listener Warning: SSLConfigWarning. Reason: SSL secret not found: list did not find secret")) + }) + }) + }) Context("Ssl - cluster", func() { diff --git a/projects/gloo/pkg/utils/ssl.go b/projects/gloo/pkg/utils/ssl.go index 361337c9016..a7c6b90e5fe 100644 --- a/projects/gloo/pkg/utils/ssl.go +++ b/projects/gloo/pkg/utils/ssl.go @@ -32,8 +32,11 @@ var ( return eris.Errorf("ocsp staple policy %v not a valid policy", p) } - SslSecretNotFoundError = func(err error) error { - return eris.Wrapf(err, "SSL secret not found") + // SslSecretNotFoundError is an exported error that wraps errors produced in validation + // indicating a missing secret reference. This can be compared against using errors.Is. + SslSecretNotFoundError = eris.New("SSL secret not found") + sslSecretNotFoundError = func(err error) error { + return eris.Wrapf(err, SslSecretNotFoundError.Error()) } NotTlsSecretError = func(ref *core.ResourceRef) error { @@ -404,7 +407,7 @@ func (s *sslConfigTranslator) ResolveCommonSslConfig(cs CertSource, secrets v1.S func getSslSecrets(ref core.ResourceRef, secrets v1.SecretList) (string, string, string, []byte, error) { secret, err := secrets.Find(ref.Strings()) if err != nil { - return "", "", "", nil, SslSecretNotFoundError(err) + return "", "", "", nil, sslSecretNotFoundError(err) } sslSecret, ok := secret.GetKind().(*v1.Secret_Tls) diff --git a/projects/gloo/pkg/utils/validation/proxy_validation.go b/projects/gloo/pkg/utils/validation/proxy_validation.go index 902f73e68d2..a31413cc349 100644 --- a/projects/gloo/pkg/utils/validation/proxy_validation.go +++ b/projects/gloo/pkg/utils/validation/proxy_validation.go @@ -185,22 +185,34 @@ func makeTcpHostReports(tcpHosts []*v1.TcpHost) []*validation.TcpHostReport { return tcpHostReports } -func mkErr(level, errType, reason string) error { +func formattedError(level, errType, reason string) error { return errors.Errorf("%v Error: %v. Reason: %v", level, errType, reason) } +func formattedWarning(level, errType, reason string) string { + return fmt.Sprintf("%v Warning: %v. Reason: %v", level, errType, reason) +} + func GetListenerErr(listener *validation.ListenerReport) []error { var errs []error for _, errReport := range listener.GetErrors() { - errs = append(errs, mkErr("Listener", errReport.GetType().String(), errReport.GetReason())) + errs = append(errs, formattedError("Listener", errReport.GetType().String(), errReport.GetReason())) } return errs } +func GetListenerWarning(listener *validation.ListenerReport) []string { + var warnings []string + for _, warning := range listener.GetWarnings() { + warnings = append(warnings, formattedWarning("Listener", warning.GetType().String(), warning.GetReason())) + } + return warnings +} + func GetHttpListenerErr(httpListener *validation.HttpListenerReport) []error { var errs []error for _, errReport := range httpListener.GetErrors() { - errs = append(errs, mkErr("HttpListener", errReport.GetType().String(), errReport.GetReason())) + errs = append(errs, formattedError("HttpListener", errReport.GetType().String(), errReport.GetReason())) } return errs } @@ -208,7 +220,7 @@ func GetHttpListenerErr(httpListener *validation.HttpListenerReport) []error { func GetVirtualHostErr(virtualHost *validation.VirtualHostReport) []error { var errs []error for _, errReport := range virtualHost.GetErrors() { - errs = append(errs, mkErr("VirtualHost", errReport.GetType().String(), errReport.GetReason())) + errs = append(errs, formattedError("VirtualHost", errReport.GetType().String(), errReport.GetReason())) } return errs } @@ -224,12 +236,9 @@ func GetRouteErr(route *validation.RouteReport) []error { func GetRouteWarning(route *validation.RouteReport) []string { var warnings []string - appendWarning := func(level, errType, reason string) { - warnings = append(warnings, fmt.Sprintf("%v Warning: %v. Reason: %v", level, errType, reason)) - } for _, warning := range route.GetWarnings() { - appendWarning("Route", warning.GetType().String(), warning.GetReason()) + warnings = append(warnings, formattedWarning("Route", warning.GetType().String(), warning.GetReason())) } return warnings @@ -238,7 +247,7 @@ func GetRouteWarning(route *validation.RouteReport) []string { func GetTcpListenerErr(tcpListener *validation.TcpListenerReport) []error { var errs []error for _, errReport := range tcpListener.GetErrors() { - errs = append(errs, mkErr("TcpListener", errReport.GetType().String(), errReport.GetReason())) + errs = append(errs, formattedError("TcpListener", errReport.GetType().String(), errReport.GetReason())) } return errs } @@ -246,7 +255,7 @@ func GetTcpListenerErr(tcpListener *validation.TcpListenerReport) []error { func GetTcpHostErr(tcpHost *validation.TcpHostReport) []error { var errs []error for _, errReport := range tcpHost.GetErrors() { - errs = append(errs, mkErr("TcpHost", errReport.GetType().String(), errReport.GetReason())) + errs = append(errs, formattedError("TcpHost", errReport.GetType().String(), errReport.GetReason())) } return errs } @@ -255,12 +264,9 @@ func GetTcpHostErr(tcpHost *validation.TcpHostReport) []error { // of strings func GetTcpHostWarning(tcpHost *validation.TcpHostReport) []string { var warnings []string - appendWarning := func(level, errType, reason string) { - warnings = append(warnings, fmt.Sprintf("%v Warning: %v. Reason: %v", level, errType, reason)) - } for _, warning := range tcpHost.GetWarnings() { - appendWarning("TcpHost", warning.GetType().String(), warning.GetReason()) + warnings = append(warnings, formattedWarning("TcpHost", warning.GetType().String(), warning.GetReason())) } return warnings @@ -358,12 +364,11 @@ func GetProxyWarning(proxyRpt *validation.ProxyReport) []string { var warnings []string for _, listenerReport := range proxyRpt.GetListenerReports() { + warnings = append(warnings, GetListenerWarning(listenerReport)...) vhostReports := utils.GetVhostReportsFromListenerReport(listenerReport) for _, vhReport := range vhostReports { for _, routeReport := range vhReport.GetRouteReports() { - if warns := GetRouteWarning(routeReport); len(warns) > 0 { - warnings = append(warnings, warns...) - } + warnings = append(warnings, GetRouteWarning(routeReport)...) } } for _, tcpHostReport := range utils.GetTcpHostReportsFromListenerReport(listenerReport) { @@ -382,6 +387,13 @@ func AppendListenerError(listenerReport *validation.ListenerReport, errType vali }) } +func AppendListenerWarning(listenerReport *validation.ListenerReport, errType validation.ListenerReport_Warning_Type, reason string) { + listenerReport.Warnings = append(listenerReport.GetWarnings(), &validation.ListenerReport_Warning{ + Type: errType, + Reason: reason, + }) +} + func AppendVirtualHostError(virtualHostReport *validation.VirtualHostReport, errType validation.VirtualHostReport_Error_Type, reason string) { virtualHostReport.Errors = append(virtualHostReport.GetErrors(), &validation.VirtualHostReport_Error{ Type: errType, diff --git a/test/kube2e/gateway/gateway_test.go b/test/kube2e/gateway/gateway_test.go index d3d5c38a257..70d509d44b0 100644 --- a/test/kube2e/gateway/gateway_test.go +++ b/test/kube2e/gateway/gateway_test.go @@ -1919,6 +1919,9 @@ var _ = Describe("Kube2e: gateway", func() { // Therefore, before the tests start, we must attempt updates that should be rejected // They will only be rejected once a Proxy exists in the ApiSnapshot + // NOTE: The error used to check this behavior is a warning, meaning + // this function is ineffective when testing with allowWarnings=false + placeholderUs := &gloov1.Upstream{ Metadata: &core.Metadata{ Name: "", @@ -2215,6 +2218,129 @@ spec: } }) + Context("secret validation", func() { + const secretName = "tls-secret" + BeforeEach(func() { + tlsSecret := helpers.GetTlsSecret(secretName, testHelper.InstallNamespace) + glooResources.Secrets = gloov1.SecretList{tlsSecret} + + // Modify the VirtualService to include the created SslConfig + testRunnerVs.SslConfig = &ssl.SslConfig{ + SslSecrets: &ssl.SslConfig_SecretRef{ + SecretRef: &core.ResourceRef{ + Name: tlsSecret.GetMetadata().GetName(), + Namespace: tlsSecret.GetMetadata().GetNamespace(), + }, + }, + } + }) + When("warnMissingTlsSecret=true", Ordered, func() { + BeforeAll(func() { + kube2e.UpdateSettings(ctx, func(settings *gloov1.Settings) { + settings.GetGateway().GetValidation().WarnMissingTlsSecret = &wrappers.BoolValue{Value: true} + }, testHelper.InstallNamespace) + }) + + AfterAll(func() { + kube2e.UpdateSettings(ctx, func(settings *gloov1.Settings) { + settings.GetGateway().GetValidation().WarnMissingTlsSecret = &wrappers.BoolValue{Value: false} + }, testHelper.InstallNamespace) + }) + + It("should act as expected with secret validation", func() { + By("waiting for the modified VS to be accepted") + helpers.EventuallyResourceAccepted(func() (resources.InputResource, error) { + return resourceClientset.VirtualServiceClient().Read(testHelper.InstallNamespace, testRunnerVs.GetMetadata().GetName(), clients.ReadOpts{Ctx: ctx}) + }) + + // verifyGlooValidationWorks() + // The method ^ that uses to check the validation server doesn't work with + // allowWarnings=true + time.Sleep(time.Second * 10) + + By("successfully deleting a secret that is in use") + err := resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Delete(ctx, secretName, metav1.DeleteOptions{}) + + Expect(err).NotTo(HaveOccurred()) + }) + + It("can delete a secret that is not in use", func() { + tlsSecret := helpers.GetKubeSecret("tls-secret-2", testHelper.InstallNamespace) + tlsSecret, err := resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Create(ctx, tlsSecret, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + + err = resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Delete(ctx, tlsSecret.GetName(), metav1.DeleteOptions{}) + Expect(err).NotTo(HaveOccurred()) + }) + }) + + // this is the default mode for this version + When("warnMissingTlsSecret=false", Ordered, func() { + BeforeAll(func() { + kube2e.UpdateSettings(ctx, func(settings *gloov1.Settings) { + settings.GetGateway().GetValidation().WarnMissingTlsSecret = &wrappers.BoolValue{Value: false} + }, testHelper.InstallNamespace) + }) + + AfterAll(func() { + // Our tests default to using warnMissingTlsSecret=false, so we just need to ensure we leave it that way + }) + + // There are times when the VirtualService + Proxy do not update Status with the error when deleting the referenced Secret, therefore the validation error doesn't occur. + // It isn't until later - either a few minutes and/or after forcing an update by updating the VS - that the error status appears. + // The reason is still unknown, so we retry on flakes in the meantime. + It("should act as expected with secret validation", func() { + By("waiting for the modified VS to be accepted") + helpers.EventuallyResourceAccepted(func() (resources.InputResource, error) { + return resourceClientset.VirtualServiceClient().Read(testHelper.InstallNamespace, testRunnerVs.GetMetadata().GetName(), clients.ReadOpts{Ctx: ctx}) + }) + + // verifyGlooValidationWorks() + // The method ^ that uses to check the validation server doesn't work with + // allowWarnings=true + time.Sleep(time.Second * 10) + + By("failing to delete a secret that is in use") + err := resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Delete(ctx, secretName, metav1.DeleteOptions{}) + + Expect(err).To(HaveOccurred()) + Expect(err).To(MatchError(ContainSubstring(utils.SslSecretNotFoundError.Error()))) + + By("successfully deleting a secret that is no longer in use") + // We patch the VirtualService to remove the ssl reference, allowing the Secret to be removed + err = helpers.PatchResource( + ctx, + &core.ResourceRef{ + Namespace: testHelper.InstallNamespace, + Name: testRunnerVs.GetMetadata().Name, + }, + func(resource resources.Resource) resources.Resource { + vs := resource.(*gatewayv1.VirtualService) + vs.SslConfig = nil + return vs + }, + resourceClientset.VirtualServiceClient().BaseClient()) + Expect(err).NotTo(HaveOccurred()) + helpers.EventuallyResourceAccepted(func() (resources.InputResource, error) { + return resourceClientset.VirtualServiceClient().Read(testHelper.InstallNamespace, testRunnerVs.GetMetadata().GetName(), clients.ReadOpts{Ctx: ctx}) + }) + + // Although these tests delete the secret handled by our SnapshotWriter, because we set `IgnoreNotFound` when deleting snapshot resources, this won't cause an issue. + Eventually(func() error { + return resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Delete(ctx, secretName, metav1.DeleteOptions{}) + }).WithPolling(500 * time.Millisecond).WithTimeout(30 * time.Second).ShouldNot(HaveOccurred()) + }) + + It("can delete a secret that is not in use", func() { + tlsSecret := helpers.GetKubeSecret("tls-secret-2", testHelper.InstallNamespace) + tlsSecret, err := resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Create(ctx, tlsSecret, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + + err = resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Delete(ctx, tlsSecret.GetName(), metav1.DeleteOptions{}) + Expect(err).NotTo(HaveOccurred()) + }) + }) + }) }) // These are the conditions to check secret deletion functionality/validation against current errors with allowWarnings=false and there are warnings